crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Integrated Business Technologies today at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 20 July 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Business Management Managed Service Provider Internet Cloud Microsoft Best Practices Business Computing Saving Money Productivity Workplace Tips IT Services Hackers Hosted Solutions Backup Mobile Devices Malware Email Software IT Support Business Small Business Hardware Network Data Server Smartphones Communication Upgrade Computer Windows Business Continuity VoIP Google Mobile Device Management Virtualization Efficiency Microsoft Office Disaster Recovery Vendor Management Miscellaneous Innovation Mobile Office Gadgets Social Media Holiday Outsourced IT BYOD User Tips Quick Tips Passwords Mobile Computing Android Smartphone Data Backup Windows 10 Internet of Things Managed IT services Browser Network Security WiFi Bring Your Own Device Tech Term Best Practice The Internet of Things Remote Monitoring Ransomware Spam Data Recovery Alert Users Data Management Trending Wireless Technology Operating System Apple Remote Computing Firewall Save Money Content Filtering Going Green Artificial Intelligence History Gmail Managed IT App Big Data Office Analytics Customer Relationship Management Unified Threat Management IT Solutions Lithium-ion Battery Facebook IT Consultant Encryption Printer Tech Support Information Technology Current Events Applications Avoiding Downtime Employer-Employee Relationship Maintenance Hard Drives Two-factor Authentication Windows 8 Router Antivirus Document Management Cloud Computing Humor Paperless Office Saving Time Application Virus Customer Service Productivity Website Hacking Computers Fax Server Managed IT Services Phone System Outlook Health Collaboration Compliance Automation Marketing Cybersecurity Excel Office Tips Retail Phishing Bandwidth IT service Digital Payment Mobile Device Chrome Business Growth VPN Risk Management Apps Unified Communications Training Tablet Infrastructure Office 365 Password iPhone User Error Co-Managed IT Administration Government Presentation Augmented Reality Project Management Budget Proactive IT Computer Repair Regulations Inbound Marketing Mouse Recovery Money Data Security Net Neutrality Running Cable Social Licensing File Sharing PowerPoint Wi-Fi Social Networking Hiring/Firing Display Alerts Printing End of Support LiFi Computing Statistics IT Support Help Desk Vulnerability Intranet Competition Business Intelligence Blockchain HIPAA Network Congestion Recycling Data loss eWaste Downtime Redundancy BDR Search Piracy Virtual Desktop USB Business Owner Internet Exlporer Sports Files Hacker Smart Technology Mobile Security Scam User Point of Sale Programming Company Culture Analyitcs Twitter IoT Mobility Education Safety Specifications IBM Tip of the week Settings Flexibility Hosted Solution Cost Management Wireless Data storage Cybercrime Save Time Wearable Technology Robot Cooperation Halloween Disaster Resistance Entrepreneur Development Motherboard Macro PC Care Mobile Device Managment Undo 5G PDF Value People Hard Drive Data Warehousing eBay Patch Management Staff Scary Stories Virtual Reality IT Consulting Cables Remote Support Modem Leadership Software as a Service Monitors Skype Streaming Media Cache New Additions Microsoft Excel Gaming Console Text Messaging Operations SaaS Data Breach Deep Learning Print Server Wires Work Station Cookies G Suite Technology Tips Domains Google Wallet Fun Writing LinkedIn Management Congratulations Video Surveillance Virtual Private Network Chromebook Technology Laws Word Law Firm IT Windows 8.1 Update Nanotechnology Travel Comparison Public Speaking Drones Permissions Cortana Social Engineering Best Available Buisness Enterprise Resource Planning IT Technicians Unified Threat Management Identities Backups Screen Reader Black Friday Assessment Fraud Knowledge Environment CIO Mobile Adminstration 3D Mirgation Telephony Access Control Solid State Drive Bluetooth Legal Online Currency Samsung Smart Tech Identity Theft Cyber Monday IT Management Experience Troubleshooting Debate Managing Stress Computer Accessories Business Technology Storage SharePoint Heating/Cooling Alt Codes Consumers Crowdfunding Connectivity Network Management YouTube Enterprise Content Management Networking Migration Machine Learning Downloads Typing IP Address Google Drive Scheduling Distributed Denial of Service Windows 10 Hotspot How To Vulnerabilities Disaster Touchscreen Chatbots Private Cloud Multi-Factor Security Refrigeration Cryptocurrency Google Docs Star Wars Managed IT Service Language Geography Digital Signature Techology Identity Public Cloud Google Calendar Bitcoin Memory Utility Computing Software Tips Break Fix Server Management Computing Infrastructure Laptop communications High-Speed Internet Sync Legislation Hacks Documents Conferencing Healthcare Dark Web

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code