Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Haber Group today at 866.625.3560.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 April 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Technology Privacy Email Hackers Malware Business Business Computing Internet Hosted Solutions Computer Microsoft Software Backup Windows 10 Ransomware IT Services Network Security Android Mobile Devices Smartphone Google User Tips Data Management Hardware Small Business Browser Productivity Windows Business Continuity Cloud Computing Server Gmail Data Artificial Intelligence Internet of Things Managed Service Provider Phishing App Encryption Facebook Office 365 Upgrade Smartphones Saving Money Efficiency Data Recovery Microsoft Office Big Data Spam Tip of the week Disaster Recovery Social Media Word Business Management Managed IT Services Remote Monitoring Data Backup Workplace Tips Innovation Government Office Tips Infrastructure Outsourced IT IT Support Windows 10 Money Miscellaneous Firewall IT Support Customer Service Tech Term Apple Settings Passwords IT Management Content Filtering Productivity Two-factor Authentication Robot Risk Management Antivirus Cybersecurity Employer-Employee Relationship Chrome Communication WiFi Data storage The Internet of Things Bandwidth Outlook Search Scam Tablet Vulnerability Administration IBM Wireless VoIP Holiday VPN Password Apps Customer Relationship Management Data Security Mouse Wi-Fi Hacking Virtual Private Network Network End of Support Storage Server Management Managed IT Services Presentation Hosted Solution Hacker Avoiding Downtime Save Money Telephone Systems Office Virtual Reality Maintenance YouTube Wireless Technology communications Recovery SaaS Printing Website Unified Threat Management Computing Monitors Google Drive Business Technology HIPAA Data loss Automation LiFi BYOD Augmented Reality Analytics Safety Mobile Security Mobile Device Superfish IT Technicians Drones Spyware Writing Application Training Gadgets Multi-Factor Security Cookies Automobile Dark Web Patch Management Hotspot Social Uninterrupted Power Supply Sports Virtualization Paperless Office Mirgation Education Humor Retail Deep Learning Users Google Calendar Nanotechnology Net Neutrality Language Hacks Solid State Drive Remote Computing Networking Chatbots Budget How To sip Social Engineering Heating/Cooling Bring Your Own Device IT service Legislation FCC Computing Infrastructure Hard Disk Drive Buisness IT solutions User Identity Firefox telephony Servers Best Practice BDR Politics Comparison Collaboration Title II Alerts Competition Cortana Techology Specifications How To Business Growth 5G Google Maps Document Management Tech Support File Sharing Online Mail Merge Licensing Current Events Downtime Samsung Unified Threat Management Compliance Legal Network Congestion Black Friday Dark Data Statistics Alt Codes Cybercrime Identity Theft Marketing Websites Microsoft Excel Address Cooperation Going Green Quick Tips IP Address Knowledge User Error Regulations Computers Cyber Monday Bluetooth Typing Blockchain Staff Corporate Profile Display VoIP Unified Communications Mobile Office Experience Printer Social Networking Operating System Smart Technology Cryptocurrency Running Cable Hard Drives Permissions Wearable Technology WannaCry Virtual Desktop Time Management Mobile Device Management Access Control Motherboard Distributed Denial of Service Bitcoin Cabling Laptop Refrigeration Digital Payment Information Technology Public Speaking Network Management Lithium-ion battery SharePoint Router Google Docs Managed IT Service Managed IT Fraud Windows 8 Halloween Lenovo Applications Google Wallet Digital Touchscreen Computer Care Downloads Modem Break Fix Vendor Management Shortcut Fun Disaster Scary Stories Undo Point of Sale Black Market Law Enforcement Physical Security Twitter CrashOverride Staffing Gadget Administrator Personal Information Web Server Screen Reader GPS Computer Repair Cameras Processors Smart Tech Tracking Health Mobile Computing CCTV Alert Connectivity Electronic Medical Records Travel G Suite Notifications Botnet Upgrades Supercomputer Motion Sickness Taxes Crowdsourcing Machine Learning 3D Printing IT Budget Update Emergency Domains IT Consultant Relocation Unsupported Software Meetings Chromebook Cleaning Private Cloud Mobile Data Webcam Emoji Work/Life Balance Error