Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Old Crypto Vulnerability Hits Major Tech Firms (securityweek.com) 32

wiredmikey writes: A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world's top websites. The attack/exploit method against a Transport Layer Security (TLS) vulnerability now has a name, a logo and a website. It has been dubbed ROBOT (Return Of Bleichenbacher's Oracle Threat) and, as the name suggests, it's related to an attack method discovered by Daniel Bleichenbacher back in 1998. ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. While proof-of-concept (PoC) code will only be made available after affected organizations have had a chance to patch their systems, the researchers have published some additional details. Researchers have made available an online tool that can be used to test public HTTPS servers. An analysis showed that at least 27 of the top 100 Alexa websites, including Facebook and PayPal, were affected.
This discussion has been archived. No new comments can be posted.

Old Crypto Vulnerability Hits Major Tech Firms

Comments Filter:
  • I've got lots of old stuff in use. The big issue is where do I draw the line between generating e-waste and using older energy hungry hardware instead of something more efficient?

    • by Mashiki ( 184564 )

      The big issue is where do I draw the line between generating e-waste and using older energy hungry hardware instead of something more efficient?

      Where the question of longevity comes in. Compare stuff made 40-50 years ago to what's made today, including some of the stuff that has "planned obsolescence" built in or really shady shit like with video cards(see where nvidia degraded performance on cards when new models come out). My parents are still using the same refrigerator that they bought when they got married in the mid 1970's. Is it inefficient? Yep. Does the damn thing weigh an assload? Yep. But it's also built like a tank and keeps going.

    • Wow - how did I do this?

      This was supposed to be a reply to the e-waste posting, not the crypto one. I guess I clicked back to the wrong tab or something. When people come into my office and interrupt my train of thought I make mistakes. I was upset someone marked me off-topic until I realized I was playing in the wrong playground.

  • by Anonymous Coward

    So, bad news for those fancy currencies - or are we using Crypto to mean cryptography again? Decide already.

  • Updates? Since 1998? Liability? Damage?
  • by Anonymous Coward

    Pretty much every piece of F5 equipment I've ever come across has usually been somehow fucked up, insecure or somehow non-operational in some retarded way. Years ago we had an F5 appliance doing TLS offload for us, but for some fucking reason it was mixing up data that came in via HTTP pipelining from the backend servers. So we had users getting credit card statements for other people. Terribly useful shit, I tell you.

    • Today I'm re-writing a TLS (ssl) client to use the same hacky workarounds other clients have to use because F5 tries to read the ClientHello request into 256 byte buffer. The full packet is 684 bytes, and standards compliant. Since F5 standards compliant, we have to try three time to initiate a TLS connection, with three ClientHello requests, each under 256 bytes.

  • No RSA key recovery (Score:5, Interesting)

    by flink ( 18449 ) on Wednesday December 13, 2017 @03:09PM (#55733565)

    From the OP:
    "ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions."

    As far as I can tell from reading the attack, this is not true. The attack lets you use the server as an oracle, that is, you can exploit the protocol to trick the server into signing arbitrary data with the server's private RSA key. I think this could be leveraged to mount a MITM attack, but it could not be used to recover the private RSA key. If the RSA private key was recoverable from a flaw in the TLS protocol, that would be a much bigger finding.

    • by jabuzz ( 182671 )

      However that is still a huge fricking deal, because any TLS connection to an effected server can be man in the middled.

  • Its just me...or we are getting threads from other (random) topics

"Pull the trigger and you're garbage." -- Lady Blue

Working...