RCS Professional Services Blog

RCS Professional Services has been serving the New York area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to RCS Professional Services today at 212.532.9111.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 23 March 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Upcoming Events

No events

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Best Practices Technology microsoft Privacy Internet Tip of the Week Software Business Management workplace tips Small Business gadgets Email Backup Mobile Office Tip of the Week Managed Service Provider Hackers Cloud Productivity hardware Saving Money Quick Tips Malware Data Google Business COmputing Social Media Smartphones Business Microsoft Office Users Hosted Solutions User Tips Mobile Devices Innovation Computer IT Services Android Efficiency Miscellaneous Passwords Business Continuity Virtualization Upgrade Windows WiFi IT Support Smartphone Operating System Holiday VoIP Communication Disaster Recovery Mobile Computing Server The Internet of Things Ransomware Alert Mobile Device Management Apple Unified Threat Management Marketing Network Security Antivirus Remote Computing Windows 8 Apps Windows 10 Network Analytics IT Consultant Outlook History Gmail Facebook Excel Artificial Intelligence Big data Content Filtering Virus Going Green Data Management Hacking Search Maintenance Phishing Office Collaboration Browser Cybersecurity Health Money Firewall Vendor Management Current Events communications IT Support Humor Lithium-ion Battery Remote Monitoring Printer Cybercrime Tutorials Proactive IT Internet of Things Hard Drives Productivity iPhone Website Best Practice BDR Mobile Device Networking Downtime Cost Management Laptop BYOD Data Recovery Windows 10 Comparison Office 365 Wireless Technology Update Data Security Social Networking VPN Automation Tech Support App Augmented Reality Bandwidth Employer-Employee Relationship PowerPoint Lifestyle Project Management Information Technology Cortana IT Management Unified Communications IBM Law Enforcement Presentation Running Cable Net Neutrality Cryptocurrency Encryption Touchscreen Business Technology Company Culture Vulnerabilities Websites Save Money Data storage Retail Avoiding Downtime Scam Experience eWaste Bring Your Own Device Education Administration Google Docs Computer Repair Managed IT Services Saving Time Document Management Digital Payment Phone System User Error Hiring/Firing Pain Points Two-factor Authentication Disaster Inbound Marketing User Robot Bluetooth Chrome Computer Accessories Tech Term Access Control Social Tablet Save Time Data Backup Specifications Social Engineering Gaming Console Mouse Safety Customer Relationship Management SaaS Patch Management DDoS Bitcoin Government Help Desk Sports Spam Blockchain Word Business Intelligence Display Text Messaging Mobile Technology Hacker End of Support Password Distributed Denial of Service Trending Printer Server Downloads Virtual Assistant Entrepreneur USB Drones Ebay Desktop Customer Service Emergency HIPAA Writing Mobility Electronic Payment GPS Statistics Processors Compliance Hard Drive Disposal Router Time Management Analytic Point of Sale Managed IT Services Computers Harddrive Pirating Information Get More Done Data Breach IP Address Vulnerability Wireless Google Calendar Computer Care 3D Webinar email scam Unified Threat Management Teamwork Network Congestion Media Streaming Storage Memory Applications Television Google Maps Cleaning Manages Service Provider Keyboard Debate Mobile Security Domains SharePoint LinkedIn Society YouTube Shortcut Software as a Service Fax Server Troubleshooting Legal Trojan Multi-factor Authentication Knowledge Staffing Freedom of Information Environment Programming Streaming Media Competition Co-Managed IT Office Tips File Sharing External Harddrive Identity Theft Device security Tech Terms News Read Music Leadership Windows XP Computing Infrastructure Application Managed IT Smart Phones Business Owner Virtual Reality Upselling Recovery Fake News Start Menu Black Market Twitter Virtual Desktop Business Cards Hackeres Deep Learning LiFi HTML Documents Microsoft Excel intranet Data Protection Skype Hiring/Firing Business Growth Phone Systems Piracy Public Speaking Monitors Wearable Technology Entertainment Budget Online Currency Visible Light Communication Data loss Audit Securty Travel Google Wallet Software License Heating/Cooling Redundancy Displays Hard Drive Advertising Devices Printing Digital Product Reviews Hosted Solution