KT Connections Blog

KT Connections has been serving the Rapid City area since 1997, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to KT Connections today at 605-341-3873.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 23 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Privacy hackers Technology Email malware Cloud Internet Business Computing Network Security Google software User Tips Business Efficiency Ransomware Backup Data Small Business Mobile Device Management IT Support Microsoft IT Support Computer Android Smartphone Mobile Devices Windows Hosted Solutions Managed IT Services Gmail Productivity cybersecurity Network VoIP Money Facebook Hardware Phishing communications Windows 10 Data Management Internet of Things Microsoft Office Cloud Computing Operating System Alert Artificial Intelligence Data Security IT Management Business Continuity security cameras Bandwidth Disaster Recovery Outsourced IT Business Management data breach Unified Communications End of Support Apple Social Media vulnerability Managed IT Services Robot Smartphones Passwords Nextiva BDR Office 365 Outlook Communication Cost Management Antivirus Encryption Data storage IT Services Update Hard Drive Upgrade Networking The Internet of Things Social Engineering Project Management Analytics Firewall Apps Drones Gadgets Productivity BYOD Collaboration History IoT WiFi Server Remote Monitoring YouTube Innovation Best Practice Law Enforcement Customer Service Politics Search IBM App Google Maps Spam Scam Windows 10 Information Security Lunch and Learn Bitcoin Data Recovery Automation Start Menu botnet vulnerabilities Browser News Save Money SaaS Saving Money Data Backup Digital Events Document Management Information Technology Access Control Data Protection Google Wallet Word Cryptocurrency Google Docs Patch Management Event Marketing Local Buzz Legal Holiday Hacking security solutions South Dakota Big Data Hosted Solution Rapid City Virus File Sharing IT Consultation How To Mouse Settings Mobile Device Community Involvement Web Servers Applications Local Technology Social face Displays Maintenance Virtual Machines Telephony IoT Devices Law IT Workers IT Assessment Physical Security password manager LastPass SharePoint Education Hard Drive Disposal Download Workplace Tips Managed Service Provider Internet 101 Cache Tips and Tricks Sales Tax Fast food surveillance cameras Experience Fortinet Proactive IT Risk Creep VoIP Quick Tips Lawyers Samsung IT Strategy Content Filtering user confidence Bluetooth IT Security Cortana email scam healthcare Office Tips Emergency Internet Connected Devices Trend Micro Sports Business Security Music IT for Oil Companies Laptop IT Solutions Tablets Administration Managed IT Wireless Technology AtomBombing Safety Freedom of Information LiFi eWaste tool Business Technology Communications Distributed Denial of Service Mobility Government Google Play Store Writing Printing Risk Management Time Management Tablet Attorneys LastPass Society Streaming Media Fake News appointment communication device Visible Light Communication Computing Infrastructure Disaster Phone System Virtual Reality Downloads Black Market Kaseya Unified Threat Management SOX Managed Services Windows 8 Windows XP Microsoft Excel business owner Website Hardware as a Service Webcam botnet attack camera Retail Compliance Google Calendar Kaseya Connect Microsoft Bookings Sarbanes-Oxley Act Computer Care Tech Support Memory Budget communication solutions Advertising Remote Computing Knowledge HaaS Business Comunications Email Security macbook Business Communications Business Growth Conference Blockchain booking process Network Congestion End User Testing VPN Running Cable Press Release Hack Chamber of Commerce Virtualization Printer identity theft Virtual Desktop Deep Learning Tech Terms Uninterrupted Power Supply Vendor Mangement Touchscreen DDoS attacks Dell ’s Sonicwall Global Management System Microsoft Office 365 Comparison media experience Excel Event Business Cards Cabling Solid State Drive Office Business Mangement Websites Penetration Testing Password DDoS Microsoft Office 365 features Specifications information Tip of the week Mixer Access security precautions Vendor Management Corporate Profile Programming Software as a Service Phishing Scams Cleaning Television Flash Virtual Assistant Vendors Cybercrime Redundancy Worker Spyware Rebrand Unified Threat Management enterprise productivity software Monitors Audit Cloud Backup Google Drive Paperless Office Documents Business Metrics Downtime end-of-support date holiday season Text Messaging Rental Service PDF Chromebook Computing Piracy UTM Flexibility holidays Users CCTV Language Software License Phone Systen Threat management Reliable Computing IT service scammers Web Server Twitter Miscellaneous Meetings Scalability scams Ordinary Computers CrashOverride G Suite Emails Processors Computer Malfunction Travel Tracking Employer-Employee Relationship quantum computers Sync Telephone Systems Messenger Private Cloud Microchip Supercomputer Health Marketing In Internet of Things Banking Books Motion Sickness IT Consultant network security professionals 3D Printing Reading Machine Learning Hiring/Firing Training Playbook Bring Your Own Device Administrator Relocation Employer Employee Relationship Work/Life Balance Hacker Digital Payment breach methods Protection base infrastructure Hacks Public Cloud Automobile Taxes Wi-Fi collaboration capabilities security solution Notifications