20-Year-Old Exploit Finds New Life as ROBOT

  • Published byadmin
  • January 17, 2018

20-Year-Old Exploit Finds New Life as ROBOT

There is no shortage of threats on the Internet, from situational issues to deliberate attacks meant to damage your company or steal your valuable data. While new threats pop up almost every day, some have been around for some time–so long, that many seem to not consider them as viable threats.

This can be seen in many considerably-sized Internet companies, including the likes of Facebook and PayPal, which recently tested positive for a vulnerability discovered in 1998 that enabled encrypted data to be decrypted.

When it was first discovered by researcher Daniel Bleichenbacher, this exploit was found in the secure sockets layer, or SSL, encryptions that protected (and still protect) many web platforms and websites. The algorithm that powers the RSA encryption has a flaw that permits a hacker to decrypt ciphertext without the key. The error messages that the encryption presents give hackers enough information to crack it.

As it would happen, instead of eliminating and reworking the flawed RSA algorithm, the SSL architects at the time simply created workarounds to limit the error messages.

This crypto-vulnerability, codenamed “Oracle,” provides “yes” and “no” answers to queries. This means that cybercriminals can phrase their queries specifically enough to ultimately retrieve enough information to form a detailed picture of the encrypted contents. This method is referred to as an adaptive chosen-ciphertext attack.

Recently, researchers have discovered that this vulnerability can be found on over a quarter of the 200 most-visited websites on the Internet, and on around 2.8% of the top million. Naturally, this includes Facebook and PayPal.

Researchers explained the oversight of what is now being called ROBOT, or Return Of Bleichenbacher’s Oracle Threat, as the result of too much focus being directed towards new threats, and the older ones being neglected as a result. As they said in a blog post:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it’s a very classic and well-known attack.”

These researchers sent their findings to vulnerable sites before going public so that a patch could be created.

Having a comprehensive understanding of the threats that are poised to damage your business will greatly help you keep it secured. We can help. For more information, reach out to Catalyst Technology Group today at (317) 705-0333.

Latest blog entries

The End of Your OS’ Life and Your Next Move

  • Published byadmin
  • December 20, 2017

The End of Your OS’ Life and Your Next Move

Software developers create software for function, to make profit, to challenge convention, and many other reasons, but when a software company becomes as important to people as Microsoft has become, they have to ensure that their products are well supported. Microsoft support, as an extension of their software offerings, typically helps users navigate the problems they have with their software. Every so often, however, the product you have navigated automated menu after automated menu for will turn out to be unsupported, leaving you asking yourself, “When did that happen?”

Microsoft is unlike many other software developers, of course. Their software runs a majority of the business computing infrastructures in the world; and, as a result, they continuously update and support their programs for years after launch. They have to. Too many people depend on the software they develop to leave them unsupported. A problem is presented to businesses that don’t know that their software’s end of support dates are coming up. These businesses are in danger of either running systems that depend on unsupported software; or, spending significant capital on upgrading to a more current, and reliable computing construct. Windows 7 and Windows Server 2008 R2 are the next two titles on tap for obsolescence, losing support after January 13, 2020.

Planning for the long term and knowing what your options are can put any organization in an advantageous position. At Catalyst Technology Group, we are dedicated to ensuring our clients are in the know and ready to pounce on any opportunity they have to improve their business. In this case, getting out from under unsupported software, and antiquated hardware. With the end of support date for two of Microsoft’s frequently-used operating systems on the horizon, here are three options your organization has to ensure that, before the time comes, you’ve moved onto circumstances that won’t permanently damage your business’ ability to conduct business.

Update Everything
If your organization has the capital to upgrade your in-house server and software, there is no real downside to doing so. If you host your own hardware now, but run some semblance of Windows Server 2008, there is a good chance that the hardware you run it on is “old”. Older hardware has older components that are naturally more prone to failure than newer components. At Catalyst Technology Group, we can migrate all of your files to new hardware that runs software that is in no danger of being unsupported like Windows Server 2016. We can also upgrade and managed all of your organization’s software. Despite its popularity and effectiveness, Windows 7 will have to be upgraded to Windows 10 as Microsoft has stated that they will be standardizing the Windows platform and be making frequent updates to Windows 10 for the foreseeable future. This option will also cost the most, as buying new hardware is an extraordinarily expensive endeavor.

Completely Virtualize
Another option that the modern business has is to virtualize all of its data and hardware and host their company’s infrastructure in the cloud. Utility computing in the cloud is commonplace today for businesses of all kinds user needs. In fact, your business probably already takes advantage of it on some level. On this large of a scale, however, where everything is virtualized, you need to come in with a plan. The IT Professionals at Catalyst Technology Group can provide you with a detailed roadmap that properly take into account your organization’s situations. Essentially the relationships we’ve established over the years will help your organization quickly move its computing infrastructure to the cloud, providing enhanced accessibility, flexibility, and mitigating the need for you to make outrageous capital investment.

Build a Powerhouse
For companies that aren’t comfortable hosting all of their data and infrastructure in the cloud, there is a powerful solution: to build a hybrid cloud. There is a misconception out there that all cloud interfaces are hosted in faraway data centers. Any organization can build a powerful, reliable, and sustainable cloud computing platform on premises that allows you the best of both worlds: a flexible, accessible computing construct that is available from anywhere there is an Internet connection, on any device; and, one that is hosted in your office, managed by people you trust, and as secure as you want it to be. Catalyst Technology Group technicians can design and implement any strategic hybrid infrastructure platform your business could need. For companies that are tasked with federal and state mandates, the hybrid cloud solution is a great way to maintain the security and reporting necessary, with the collaborative options of hosted utility computing.

Microsoft isn’t the only software company dumping support for old software, but since over 90% of the computers in the world run some semblance of Windows, it is important to understand just what you are up against if you do not get out in front of Microsoft’s decision to stop support early in 2020. Organizations that choose to go this route will need the expertise that only professional IT technicians have. At Catalyst Technology Group, our technicians have experience with server migration, public, private, and hybrid cloud roll-outs, and working with hardware and software vendors to get our clients’ computing infrastructures up and running the way the need them. To learn more about the end of support dates for Windows 7/Windows Server 2008 R2, or to talk to one of our IT professionals about where your organization should go next, call us today at (317) 705-0333.

Latest blog entries