You are here: Home Blog ClearView IT 20-Year-Old Exploit Finds New Life as ROBOT

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

20-Year-Old Exploit Finds New Life as ROBOT

ClearView IT Blog Alerts
0 Comments
20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time--so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to ClearView IT today at 866-326-7214.

Tweet
Tags:
Malware Robot Vulnerabilities
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 05 May 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Business Management Cybersecurity Phishing IT Services Backup Ransomware Data Backup Smartphone communications Microsoft Office Upgrade Small Business Smartphones Network Mobile Devices Data Recovery Communication Managed IT Services Productivity Quick Tips Social Media Users VoIP Mobile Device Tech Term Automation Business Continuity Facebook Windows 10 Passwords Holiday Disaster Recovery Covid-19 IT Support Browser Apps Managed Service Windows 10 Cloud Computing Outsourced IT Miscellaneous Data Management Managed Service Provider Remote Work Internet of Things Saving Money Operating System Government Networking Windows Artificial Intelligence Managed IT services Workplace Strategy Gadgets Mobile Device Management Business Technology App Virtualization Blockchain Spam WiFi Server Information Remote Bandwidth Encryption History Gmail Office Apple Two-factor Authentication Information Technology Office 365 Employee/Employer Relationship Budget BDR Health Big Data Analytics Conferencing Access Control Data Security Cybercrime Wi-Fi Employer-Employee Relationship Voice over Internet Protocol Help Desk Hacking Cost Management IT Management Training Remote Computing Document Management Hacker Save Money Patch Management Vendor Compliance Remote Monitoring Best Practice IBM Website Computing Retail Vendor Management Mobile Office Hard Drive Alert Managed Services Hiring/Firing Outlook Data loss Legal Password Data storage Money Customer Service Unified Threat Management Firewall Applications Augmented Reality Word Search... Project Management BYOD Vulnerabilities Monitoring Storage Healthcare Websites Router Remote Workers Meetings Mobility Windows 7 The Internet of Things Free Resource YouTube Twitter Google Maps Scam User Law Enforcement How To Laptop End of Support Printer VPN Chrome Update Social Sports Travel DDoS Virtual Reality Data Breach SaaS Social Engineering Mobile Computing Cryptocurrency Paperless Office Antivirus Black Market Windows 11 Marketing iPhone Cleaning Maintenance Cortana Running Cable Education Robot Content Filtering Multi-factor Authentication Start Menu Professional Services Computer Care Solid State Drive Downloads Processors Vulnerability Saving Time Chromebook Software as a Service Drones Managed Services Provider Bitcoin Data Protection Computers Virtual Private Network Automobile HIPAA Telephone Current Events How To Wireless Technology Microchip eWaste Excel Solutions Flexibility Integration Downtime Tech Terms Images 101 Safety Identity Theft Display Hack Notifications Managed IT Unified Communications Virtual Assistant Digital Virtual Desktop PowerPoint Experience Employees Google Docs Taxes Avoiding Downtime Administration Bluetooth Distributed Denial of Service Presentation Office Tips Holidays Specifications Private Cloud Processor Memory IT Consultant Disaster Cooperation Physical Security Video Conferencing Customer Relationship Management Politics Co-Managed IT Virtual Machines Lithium-ion battery Entertainment Machine Learning Settings Computer Repair LiFi Banking Touchscreen PCI DSS Entrepreneur Google Wallet Licensing Workplace Documents Messenger Emergency Proxy Server Gig Economy Application Deep Learning Emails Humor Computer Malfunction Fake News Vendor Mangement Service Level Agreement Internet Service Provider Business Intelligence Computing Infrastructure Azure Business Communications Business Metrics Management Regulations Compliance Hosted Solution Samsung Device security Managed IT Service Scams Webcam Microsoft Excel Securty Books Uninterrupted Power Supply Wireless Headphones Memes Domains Language Business Mangement Going Green Net Neutrality Society Business Cards Tech Human Resources Error Financial Data Tablets Cables Visible Light Communication Troubleshooting Reading Bookmark Risk Management Monitors IT Download Windows 8 Supercomputer Piracy Google Calendar Term Google Apps Virus Telework HTML Point of Sale Advertising Motion Sickness Microsoft 365 Relocation Browsers Smartwatch Public Speaking Displays Nanotechnology Communitications Work/Life Balance Google Drive Upload Procurement Tech Support Software License Shortcuts Streaming Media Comparison Google Play Social Network FinTech Keyboard Business Owner Knowledge Data Analysis CES Hard Drives Corporate Profile Screen Reader IT Assessment Telephony Trends Supply Chain Management intranet Employer Employee Relationship Mobile Technology Value Be Proactive In Internet of Things Television Security Cameras Wireless Hacks Customer Resource management Organization Shortcut Network Congestion Cabling Devices Cyber security Environment G Suite Tip of the week Reliable Computing Fileless Malware Heating/Cooling Writing Tablet Smart Devices VoIP Gamification Remote Working Social Networking Tracking Company Culture Workplace Strategies Windows XP Mouse Telephone System AI Regulations Trend Micro Web Server Transportation Inbound Marketing Scalability Directions Digital Security Cameras Backup and Disaster Recovery Electronic Health Records Text Messaging Content Proactive IT Digital Payment Desktop Wasting Time Administrator SharePoint Bring Your Own Device Electronic Medical Records Worker Accountants eCommerce Modem Videos Access Database Surveillance Time Management Music Public Cloud Managing Costs Smart Technology Electronic Payment Staffing Health IT Equifax SSID Hard Drive Disposal Employer/Employee Relationships Audit Media IP Address Spyware Tactics Development Phone System Username File Sharing Virtual Machine Botnet Rental Service Redundancy Reviews Micrsooft Startup Optimization Freedom of Information email scam Teamwork Navigation 2FA Flash Cache Addiction Telephone Systems Unified Threat Management Data Storage Business Growth Workers Mobile Security Hypervisor Supply Chain Recovery User Tip Shopping Competition Legislation News Medical IT CCTV SQL Server Printing Evernote Paperless Computer Accessories Network Management

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here