LiveZilla Live Help

Call Us! (847) 564-0040

Michael Kahn

Business Solutions Group has been serving the Mt. Prospect area since 2009, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Business Solutions Group today at (847) 564-0040.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 27 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Newsletter Sign Up

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Blog Archive

      Recent Comments

      Tip of the Week: How to Plan Your Network’s Cabling Like an IT Pro
      24 May 2018
      It is about time I am learning about the cabling of the networks. I had been so caught with cabling ...
      Have You Tried Google’s Cloud Printing?
      20 May 2018
      That gives off an impression of being brilliant anyway i am still not very beyond any doubt that I l...
      Have You Tried Google’s Cloud Printing?
      20 May 2018
      Google Cloud printing is amazing and I've tried it for โกลเด้นสล็อต. It's amazing and it's fast. It ...
      Security Comes In Two Parts--Don’t Neglect The Physical Half
      15 May 2018
      The physical half of the security aspect is the most important, in my opinion. If you don't know how...
      Tip of the Week: Touch Keyboard Capabilities in All Windows 10 Devices
      06 May 2018
      Micheal Kahn, this is great to know. Now that I know how these features work, I can work on my best ...

      Upcoming Events

      No events