Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Haber Group today at 866.625.3560.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 19 January 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Hackers Privacy Email Malware Business Internet Hosted Solutions Microsoft Windows 10 Computer Business Computing Backup IT Services Android Smartphone Small Business Ransomware Software Google Hardware Network Security Windows User Tips Productivity Mobile Devices Data Browser Data Management Business Continuity Facebook Office 365 Internet of Things Upgrade Saving Money Smartphones App Gmail Phishing Tip of the week Artificial Intelligence Managed Service Provider Workplace Tips Remote Monitoring Managed IT Services Encryption Cloud Computing Microsoft Office Big Data Data Recovery Efficiency Word Outsourced IT Office Tips IT Support Two-factor Authentication Money Server Disaster Recovery IT Support Employer-Employee Relationship Apple Settings Productivity WiFi Content Filtering Cybersecurity Spam Robot Miscellaneous Risk Management Government Social Media Innovation Firewall Customer Service Windows 10 Data storage Tablet Bandwidth Office Wireless Technology Vulnerability Outlook Recovery Search Holiday Business Management Administration VoIP Virtual Private Network Password Mouse Managed IT Services End of Support IT Management Telephone Systems Network Maintenance Save Money Safety Hosted Solution The Internet of Things Data Backup YouTube Antivirus SaaS communications Printing Unified Threat Management IBM Monitors Computing Wireless Apps Google Drive Automation Customer Relationship Management Wi-Fi Hacking LiFi Passwords Chrome Mobile Device Presentation Analytics Hacker Avoiding Downtime Scam Automobile Marketing Drones Google Calendar Net Neutrality Mobile Security Solid State Drive Retail Social IP Address Sports Networking How To Legislation Heating/Cooling IT service Education Website FCC Hotspot VPN Humor Hard Disk Drive Deep Learning Firefox Social Engineering Hacks Mobile Office Data Security Comparison Servers Budget BDR Hard Drives Title II Language sip Bring Your Own Device Mobile Device Management Buisness Techology Politics Specifications Collaboration Server Management Google Maps IT solutions Refrigeration Public Speaking Online Computing Infrastructure Mail Merge telephony Best Practice How To Lithium-ion battery Unified Threat Management Black Friday File Sharing Statistics Augmented Reality Cortana Business Growth Microsoft Excel Alerts Address Samsung Storage Network Congestion Quick Tips Current Events Downtime User Error Websites Cyber Monday Bluetooth Virtual Reality Legal Fun Undo Alt Codes Cybercrime Blockchain Dark Data Corporate Profile Computers VoIP Going Green Application Printer Gadgets Knowledge Smart Technology Virtualization Typing Permissions WannaCry Display Time Management Access Control Users Experience Distributed Denial of Service Operating System Cabling Unified Communications Cryptocurrency Running Cable Business Technology Data loss Network Management Virtual Desktop Digital Payment SharePoint Managed IT Service Managed IT Infrastructure Bitcoin Laptop User Lenovo BYOD Digital Touchscreen Information Technology Downloads Competition Break Fix Shortcut Google Docs Disaster Communication Windows 8 Halloween Computer Care Superfish Spyware Vendor Management Google Wallet 5G Multi-Factor Security Dark Web Fraud Patch Management Uninterrupted Power Supply Writing Scary Stories Training Physical Security Paperless Office Twitter Staffing Gadget Administrator Personal Information Web Server Remote Computing GPS Computer Repair Domains Cameras Processors Tracking Health CCTV Alert Mobile Computing Document Management Tech Support Electronic Medical Records Identity Theft Travel G Suite Licensing Notifications Upgrades Supercomputer Botnet Motion Sickness Taxes Emergency Crowdsourcing 3D Printing IT Budget Machine Learning Update IT Consultant Relocation Unsupported Software Meetings Chromebook Cleaning Private Cloud Mobile Data Webcam Emoji Work/Life Balance Error Point of Sale Black Market Law Enforcement CrashOverride