301-571-5040    Get SUPPORT

Washington Works Blog

Washington Works has been serving the Bethesda area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Washington Works today at 301-571-5040.

Tip of the Week: Do You Know What Your Android Per...
Here’s Our Rundown on Blockchain Technology


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 22 March 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Cloud Business Computing Malware Hackers Privacy Email Software Network Security Business Backup Productivity Ransomware Microsoft User Tips Mobile Devices Android Smartphone Small Business Efficiency Google Windows 10 Internet Computer Managed Service Provider Managed IT Services Office 365 Communication Cloud Computing Data Management Encryption IT Services Business Continuity Business Management Hosted Solutions Tip of the week Outsourced IT Work/Life Balance Browser Workplace Tips Productivity Social Media Server Data Recovery Disaster Recovery Remote Monitoring Smartphones Hardware Infrastructure BYOD Password Apps IT Management Big Data Innovation Word Save Money App Artificial Intelligence Holiday Phishing Hosted Solution IT Support Unified Threat Management Antivirus Data Backup Money Windows Facebook Virtual Reality Cybersecurity Risk Management How To SaaS Windows 10 Government Paperless Office Computer Care Tech Term Bandwidth Data Robot Tech Support Training Scam Recovery File Sharing Remote Computing Vulnerability Data loss Mobile Device VPN Employer-Employee Relationship Automobile Data Security Telephone Systems Alert Server Management Virtual Private Network HIPAA Health Firewall Samsung Mobile Security Computing Wi-Fi Politics Document Management Taxes Websites Physical Security Hacker Managed IT Services Botnet Office Identity Theft Automation Maintenance Saving Money Business Technology Chrome Collaboration Twitter Two-factor Authentication Private Cloud Superfish Update Firefox Tablet Digital Payment Augmented Reality Downtime Internet of Things Patch Management Staff Monitors Staffing Web Server Error Compliance Vendor Management Comparison Disaster Heating/Cooling Blockchain Gmail Computer Repair Network Budget Cameras Gadgets Communications Networking Regulations Chromebook Specifications Uninterrupted Power Supply Cybercrime Processors Servers Permissions Law Enforcement Wearable Technology YouTube Printer WiFi CCTV Quick Tips Black Friday Upgrade Fraud Gadget Settings Virtualization Access Control GPS Emoji Google Drive Cyber Monday Wireless Solid State Drive Search Travel Statistics Mail Merge Applications Electronic Medical Records Digital SharePoint Tracking G Suite Techology VoIP Smart Technology Hotspot Hard Disk Drive Motion Sickness Bluetooth Address IT Technicians Legal Spyware Cortana Downloads Passwords Office Tips Unified Threat Management Avoiding Downtime Distributed Denial of Service Language Social IBM Notifications Mirgation Sports Multi-Factor Security IT Consultant Microsoft Office User Error Time Management Managed IT Service Computing Infrastructure Customer Relationship Management Meetings Storage How To Google Calendar Administrator Network Management Break Fix Managed IT Alerts Webcam Education Machine Learning Chatbots Analytics IT Solutions Legislation Supercomputer IT Support Black Market Touchscreen Dark Web Crowdsourcing Outlook Licensing Corporate Profile Spam Point of Sale Cleaning Relocation Lenovo Identity Upgrades Mouse IT Budget Mobile Device Management Cabling Microsoft Excel Shortcut Cooperation Personal Information WannaCry Lithium-ion battery Safety The Internet of Things Hiring/Firing Competition Fun Users Miscellaneous VoIP Presentation 5G Wireless Technology Marketing CrashOverride Emergency IP Address Website Customer Service Mobile Office Domains Hard Drives Public Speaking