crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Integrated Business Technologies today at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 23 October 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Privacy Managed Service Provider Business Management Internet Cloud Microsoft Business Computing Best Practices Saving Money Productivity Workplace Tips IT Services Hosted Solutions Hackers Backup Email Malware Business Software Mobile Devices Data IT Support Network Hardware Small Business Communication Server Smartphones Computer VoIP Upgrade Efficiency Business Continuity Google Windows Disaster Recovery Mobile Device Management Innovation Microsoft Office Virtualization Data Backup Tech Term Outsourced IT Miscellaneous Mobile Office Vendor Management Social Media Holiday Gadgets Quick Tips Passwords User Tips BYOD Network Security Smartphone Browser Mobile Computing Android Windows 10 Productivity Internet of Things Managed IT services WiFi Bring Your Own Device Remote Monitoring Data Recovery The Internet of Things Ransomware Spam Best Practice Users Alert Wireless Technology Data Management Save Money Trending Operating System Apple Remote Computing Artificial Intelligence Gmail Customer Relationship Management Unified Threat Management Office Collaboration Encryption Going Green Content Filtering Firewall History Cloud Computing Managed IT App Big Data Analytics IT Support Router IT Solutions Lithium-ion Battery Facebook Printer Tech Support IT Consultant Information Technology Current Events Maintenance Hard Drives Employer-Employee Relationship Website Windows 8 Applications Two-factor Authentication Humor Saving Time Antivirus Phishing Document Management Avoiding Downtime Mobile Device Paperless Office Business Growth VPN Wi-Fi Risk Management Fax Server Outlook Health Customer Service Hacking Computers Marketing Phone System Excel Government Managed IT Services Compliance Automation Office Tips Retail Bandwidth Apps Project Management Application Cybersecurity IT service Virus Digital Payment Chrome PowerPoint User Error Social Networking Unified Communications Co-Managed IT Tablet Data Security Office 365 Password iPhone Healthcare Infrastructure Administration Inbound Marketing Presentation Augmented Reality Budget Managed Service Proactive IT Computer Repair Regulations Point of Sale Mouse Files Recovery Money Training Net Neutrality Running Cable Social Licensing File Sharing Help Desk Wearable Technology Robot Conferencing IoT Windows 10 Hiring/Firing Display Alerts Printing End of Support Tip of the week LiFi Computing Statistics Intranet Competition Business Intelligence Network Congestion Recycling eWaste Downtime Scam Remote Workers Search Piracy Vulnerability Virtual Desktop USB Business Owner Information Data loss Blockchain HIPAA Sports BDR Hacker User Programming Redundancy Company Culture Analyitcs Twitter Education Machine Learning Specifications Safety Internet Exlporer Settings Flexibility Hosted Solution IBM Storage Cost Management Data storage Mobility Smart Technology Wireless Mobile Security Cybercrime Save Time WPA3 Migration E-Commerce Public Cloud Downloads Hacks Gaming Console Documents Distributed Denial of Service Hotspot Halloween Networking Entrepreneur Vulnerabilities Fleet Tracking Chatbots Features PC Care Sync Multi-Factor Security Undo 5G PDF Value People Star Wars Software Tips Managed IT Service eBay Language Scary Stories Virtual Reality Geography Asset Tracking Remote Support Identity Electronic Health Records Leadership Mobile Device Managment Google Calendar Monitors Skype Streaming Media Utility Computing New Additions Break Fix Text Messaging Server Management Computing Infrastructure SaaS Techology Deep Learning Adminstration Print Server High-Speed Internet OneNote Work Station Cyberattacks Legislation Domains Google Wallet 3D Fun Writing LinkedIn Congratulations Dark Web Video Surveillance Cooperation Chromebook Disaster Resistance Word Law Firm IT Development Windows 8.1 Update Employee-Employer Relationship Motherboard Read Only G Suite Public Speaking Drones Cortana Social Engineering Best Available Buisness Hard Drive Data Warehousing Patch Management Staff IT Consulting Identities Cables Modem Bookmarks Travel Software as a Service Backups Knowledge Environment CIO Scheduling Cache Microsoft Excel Operations Politics Data Breach Solid State Drive Bluetooth Wires Online Currency Samsung Cookies Favorites Meetings Technology Tips Legal Experience Troubleshooting Debate Management Computer Accessories Virtual Private Network Telephony Technology Laws Heating/Cooling Alt Codes Consumers Monitoring Crowdfunding Nanotechnology Instant Messaging Comparison YouTube Enterprise Resource Planning How To Permissions MSP IT Technicians Unified Threat Management Typing Screen Reader Identity Theft Black Friday IP Address Google Drive Fraud How To Mobile Assessment Proactive Touchscreen Mirgation Consulting Access Control Refrigeration Cryptocurrency Disaster Macro Smart Tech Cyber Monday Google Docs IT Management Managing Stress Remote Monitoring and Management Business Technology Managed Services Provider Private Cloud SharePoint Bitcoin Digital Signature Memory Connectivity Network Management Laptop communications Enterprise Content Management

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code