crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Integrated Business Technologies today at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 19 January 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Business Management Managed Service Provider Internet Microsoft Saving Money Cloud Productivity Business Computing Workplace Tips Best Practices IT Services Backup Hackers Hosted Solutions IT Support Business Mobile Devices Email Small Business Malware Hardware Network Software Data Smartphones Communication Upgrade Windows Server Business Continuity Mobile Device Management VoIP Virtualization Microsoft Office Disaster Recovery Google Efficiency Miscellaneous Mobile Office Computer Holiday Vendor Management Gadgets Innovation Android Social Media Quick Tips User Tips BYOD Mobile Computing WiFi Smartphone Windows 10 Remote Monitoring Outsourced IT Browser Bring Your Own Device Best Practice Passwords Internet of Things Wireless Technology The Internet of Things Trending Operating System Apple Spam Users Managed IT services Going Green Network Security Content Filtering Remote Computing Firewall History Alert Big Data Office Analytics Data Management IT Solutions Lithium-ion Battery Save Money Printer IT Consultant Information Technology Current Events Managed IT Unified Threat Management Data Backup Windows 8 Facebook Tech Support Humor Saving Time Ransomware Avoiding Downtime Artificial Intelligence Gmail Maintenance Hard Drives App Customer Relationship Management Phone System Marketing Excel Collaboration Two-factor Authentication Encryption Automation Office Tips Antivirus Retail Phishing Apps Application Data Recovery IT service Virus Digital Payment Business Growth Risk Management Fax Server Outlook Employer-Employee Relationship Health Customer Service Hacking Computers Router Administration Inbound Marketing Presentation Budget Computer Repair Proactive IT Recovery Mouse Money Social Training Net Neutrality Running Cable Mobile Device PowerPoint Cybersecurity VPN User Error Co-Managed IT Tablet Office 365 iPhone Password Business Intelligence Competition Network Congestion Files Downtime Data Security Scam Managed IT Services Augmented Reality Search Virtual Desktop USB Piracy Business Owner Sports Applications Hacker Point of Sale Programming User Tip of the week Analyitcs Bandwidth Education Document Management Safety Specifications Hosted Solution Licensing IBM Settings Wireless Data storage Chrome Cybercrime File Sharing Save Time Help Desk Social Networking Wi-Fi Robot Unified Communications Hiring/Firing Mobility Printing Display Alerts Redundancy End of Support LiFi Government Website Computing Statistics Project Management Intranet Congratulations Networking Fun Writing LinkedIn Word Law Firm IT Video Surveillance Multi-Factor Security Distributed Denial of Service IT Support Hotspot Public Speaking Drones Windows 8.1 Update Recycling Cortana Social Engineering Best Available eWaste Buisness Identities Google Calendar Private Cloud Managed IT Service Language Backups Techology Knowledge Environment Scheduling CIO Solid State Drive Bluetooth Legislation Public Cloud Break Fix Data loss Computing Infrastructure Legal Online Currency Samsung Debate Disaster Resistance Experience Compliance Troubleshooting Heating/Cooling Alt Codes Computer Accessories Sync Dark Web Windows 10 Consumers Crowdfunding IT Consulting Regulations YouTube Mobile Device Managment Data Warehousing Typing Software as a Service IP Address Google Drive Company Culture Twitter Data Breach How To Productivity Microsoft Excel Refrigeration Cryptocurrency Disaster Touchscreen Technology Tips Google Docs Macro Technology Laws Flexibility Travel Blockchain Cost Management Bitcoin Digital Signature Comparison Memory Vulnerability communications Unified Threat Management Laptop Permissions Gaming Console Hacks Wearable Technology Conferencing Virtual Private Network Documents Entrepreneur Access Control Halloween SaaS Black Friday PC Care Fraud Undo Value People 5G PDF eBay SharePoint Scary Stories Cyber Monday Leadership Software Tips Internet Exlporer Remote Support Streaming Media New Additions Monitors Skype Adminstration Deep Learning Print Server Text Messaging Downloads Telephony Smart Technology Mobile Security Domains 3D Google Wallet Work Station

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code