crn5000-inc2015 BPTW logo
Contact us today!
(918) 770-8738
 
 

Integrated Business Technologies Blog

Integrated Business Technologies has been serving the Broken Arrow area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Integrated Business Technologies today at (918) 770-8738.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 20 April 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      freeconsultation
       

      Tag Cloud

      Security Technology Tip of the Week Business Management Privacy Managed Service Provider Cloud Internet Microsoft Saving Money Business Computing Productivity Best Practices Workplace Tips IT Services Backup Hackers Hosted Solutions Malware Mobile Devices Email IT Support Business Small Business Software Hardware Network Communication Server Smartphones Data Upgrade Windows Mobile Device Management VoIP Business Continuity Google Virtualization Computer Efficiency Microsoft Office Disaster Recovery Miscellaneous Mobile Office Vendor Management Innovation Gadgets Holiday Social Media Android Smartphone User Tips Quick Tips Mobile Computing Outsourced IT BYOD Windows 10 Passwords Browser WiFi Network Security Ransomware Best Practice Remote Monitoring Bring Your Own Device Spam Remote Computing Users The Internet of Things Trending Operating System Internet of Things Wireless Technology Data Management Apple Managed IT services Data Backup Going Green History Alert Firewall Content Filtering Tech Support Artificial Intelligence Information Technology Current Events Gmail Managed IT Analytics IT Solutions Save Money Lithium-ion Battery Unified Threat Management IT Consultant Big Data Office Printer Encryption Humor Saving Time Avoiding Downtime Maintenance Hard Drives App Customer Relationship Management Facebook Windows 8 Antivirus Automation Digital Payment Mobile Device Office Tips Retail VPN Risk Management Phishing Apps Application IT service Virus Business Growth Fax Server Phone System Employer-Employee Relationship Outlook Customer Service Health Hacking Computers Collaboration Marketing Excel Two-factor Authentication Router Cloud Computing Data Recovery Document Management Recovery PowerPoint Money Social Networking Infrastructure Running Cable Licensing Tablet Tech Term Training Chrome Project Management Applications Managed IT Services iPhone User Error Co-Managed IT Administration Website Augmented Reality Office 365 Data Security Password Cybersecurity Government Proactive IT Computer Repair Mouse Presentation Inbound Marketing Budget Net Neutrality Social IBM Hacker Compliance Programming User File Sharing Analyitcs Regulations Wearable Technology Education Display Bandwidth Alerts Safety Specifications Redundancy Settings Hosted Solution Wireless Flexibility Save Time Cybercrime Data storage Intranet Help Desk Wi-Fi Paperless Office Hiring/Firing Business Intelligence Data loss Robot Unified Communications Printing End of Support LiFi Statistics Computing HIPAA Piracy Competition Network Congestion Tip of the week Sports Downtime Mobility Point of Sale Search Scam Virtual Desktop USB Business Owner Files Mobile Security Migration Heating/Cooling Downloads Software Tips Legal Distributed Denial of Service Consumers Vulnerability Crowdfunding Private Cloud Alt Codes Hotspot Technology Laws Chatbots Multi-Factor Security YouTube IP Address Managed IT Service Virtual Private Network Public Cloud Typing Conferencing Language Unified Threat Management Identity Refrigeration Google Calendar Disaster Google Drive PC Care Break Fix How To Sync Cryptocurrency Value Computing Infrastructure Access Control eBay Cost Management Legislation Digital Signature IT Support Google Docs Macro Remote Support Leadership Dark Web Memory Mobile Device Managment Skype Bitcoin Streaming Media Laptop New Additions Cooperation SharePoint Text Messaging Motherboard Print Server communications Work Station Data Warehousing Documents Business Technology Productivity LinkedIn Gaming Console Hacks Halloween Congratulations Staff Entrepreneur Video Surveillance Modem Undo Software as a Service Law Firm IT Windows 8.1 Update Recycling 5G Microsoft Excel PDF Networking People Travel Best Available Scary Stories Operations Cookies Technology Tips IT Management Virtual Reality Blockchain Identity Theft Nanotechnology Domains Comparison Windows 10 Monitors Bluetooth SaaS Online Currency Adminstration Deep Learning Fun Permissions Techology 3D Google Wallet IT Technicians Word Computer Accessories Public Speaking Black Friday Writing Cortana Fraud eWaste Disaster Resistance Drones Mirgation Buisness Cyber Monday Server Management Social Engineering Telephony Company Culture Identities Twitter Knowledge Internet Exlporer Environment IT Consulting Backups Storage Scheduling CIO Touchscreen Smart Technology Samsung Debate Solid State Drive Experience Troubleshooting Data Breach

      Top Blog

      Basically, any machine that uses fans and vents to cool itself can overheat if airflow is restricted. If you have used a laptop on your lap for an extended session, then you know what we are talking about when the computer becomes hot to the touch. Every portable device is designed a little diffe...
      QR-Code