LiveChat Live Help
Contact us today!
(248) 218-5018
facebooktwittergooglelinkedinyoutubeExpetec Technology Services RSS Feed

Expetec Technology Services Blog

Expetec Technology Services has been serving the Troy area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

20-Year-Old Exploit Finds New Life as ROBOT

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Expetec Technology Services today at (248) 218-5018.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, 23 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Sign Up for Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!


      Tag Cloud

      Security Tip of the Week Privacy Technology Best Practices Cloud Internet hackers Business Computing Productivity malware Business IT Support Backup Microsoft Email Software Data Network Security IT Services Hardware Efficiency Hosted Solutions Managed Service Provider User Tips Mobile devices Disaster Recovery Mobile Device Management Computer Microsoft Office Workplace Tips Google Business Management Smartphone Android Ransomware Holiday Remote Monitoring Miscellaneous The Internet of Things Smartphones Network Business Continuity analytics Virtualization Windows Collaboration Social Media Operating System Small Business BYOD Remote Computing Server Alert Unified Threat Management IT Support Phishing Managed IT Services Cybersecurity Mobile Computing WiFi Passwords VoIP Windows 10 Save Money Outsourced IT Big Data Upgrade BDR communications Firewall Vendor Management Saving Money Office Innovation Managed IT Data Management Gmail apple Managed IT services Employer-Employee Relationship Browser Artificial Intelligence History Facebook Budget Lithium-ion battery Communication Outlook Quick Tips Productivity Search Internet of Things Hacking IT Management App Marketing Bandwidth Encryption Recovery Automation Running Cable Hard Drives Wireless Technology Windows 10 Customer Service Saving Time Save Time Information Technology Cost Management Hiring/Firing Content Filtering Proactive IT Money Best Practice Help Desk Update Document Management SaaS Office 365 Project Management Gadgets Hosted Solution Networking Robot Disaster Antivirus Cybercrime Spam Health Intranet Mobility Bring Your Own Device IBM Hard Drive Tech Support Apps Two-factor Authentication Word Data Backup Law Enforcement Data Recovery Data storage tablet User IT Consultant Virus Specifications Comparison Bitcoin Compliance Excel iphone VPN Education Experience Presentation Digital Telephony Safety Virtual Desktop Social Maintenance Network Congestion Training DDoS Heating/Cooling Programming Unified Threat Management Business Intelligence YouTube IT service Social Networking Start Menu Password Travel Current Events avoiding downtime Uninterrupted Power Supply Unified Communications Cortana Computers Net Neutrality Business Growth Monitors Retail Scam Going Green Software as a Service Google Maps Government Laptop PowerPoint Chrome Solid State Drive Documents Cloud Computing Mobile Device Flexibility Legal Downtime Cryptocurrency Computing Infrastructure Website Risk Management Access Control Company Culture End of Support Phone System Telephone Systems Administration Data Security eWaste Wireless Patch Management Google Docs Electricity Television Archive Data Loss Digital Signature Statistics Windows 8 Hack Environment HIPAA Redundancy Office Tips WannaCry Mouse Social Engineering Entertainment Teamwork Data Breach Google Drive Blockchain Printer Distributed Denial of Service Regulations Micrsooft SharePoint LiFi Gaming Console Time Management Tip of the week Emails Staffing Computing LinkedIn Emergency Audit Access Evernote Visible Light Communication Skype Best Available Virtual Assistant Music Computer Care Public Speaking Vulnerability Deep Learning Printing Spyware Data Warehousing Advertising File Sharing Value Computer Accessories Keyboard Read Touchscreen Hard Drive Disposal Black Market Securty Streaming Media Bluetooth Storage Hacker Risk Mangaement Business Technology Downloads Cache Windows Server 2008 Politics Electronic Payment Product Reviews Shortcut Websites Fiber-Optic Google Calendar Settings IP Address Data Protection Assessment Windows 7 Permissions Public Cloud Fraud Google Wallet Displays Corporate Profile Technology Tips switches Troubleshooting Augmented Reality Knowledge Consultation Freedom of Information Processors Upgrades Trending email scam Drones CIO VoIP Business Owner Tech Terms Online Currency Bata Backup News How To PDF Human Resources User Error Computer Repair Competition Vulnerabilities Cabling Capital Mobile Technology Content Management IT consulting Inbound Marketing USB Co-Managed IT Entrepreneur Vendor Mangement Fake News Cleaning Sports Application Business Cards Worker Productuvuty Mobile Payment Windows XP Domains Router Business Mangement Microsoft Excel Society Sync Writing Customer Relationship Management Pain Points Licensing

      Top Blog

      Don't be Afraid to Replace Got an older PC that's causing you a lot of issues? Older technology is typically more expensive to run, and after a while, it's cheaper to simply buy a new desktop than it is to continue pouring money into something that always seems broken. It's a great time to buy wo...