Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

The version of the attack invented back in 1998, is still suitable for hacking the traffic of Facebook, PayPal, and other large sites

Researchers working in the field of information security found that a cryptographic attack, Invented 19 years ago, can still be successfully used, albeit with minor changes. It allows an attacker to obtain a private key for decrypting HTTPS traffic.

The version of the attack invented back in 1998
Must Read:  Ethical Hackers Club.

A new attack was called ROBOT (Return Of Bleichenbacher's Oracle Threat). In short, it allows a remote user to obtain a TLS session key without authorization. It is declared that the vulnerability on which the attack is built, is in the implementation of RSA, at least eight major equipment manufacturers, including Citrix and Cisco. This, in particular, allows you to crack the traffic of Facebook, PayPal, and other large sites.
Must Read:  On Moore, "the passions fell" .

The fact is that the original vulnerability, which made it possible to "guess" the key with a straightforward search, was covered not by a change in the algorithm, but by measures preventing the search. A new method of hacking is built on counteraction to these measures, as a result of which the old approach becomes available again.

To eliminate the vulnerability, researchers recommend that you block encryption using RSA. In modern TLS connections, the Diffie-Hellman protocol is used to obtain the key on elliptical curves, so there is no need for RSA.





This post first appeared on Ethical Hackers Club, please read the originial post: here

Share the post

The version of the attack invented back in 1998, is still suitable for hacking the traffic of Facebook, PayPal, and other large sites

×

Subscribe to Ethical Hackers Club

Get updates delivered right to your inbox!

Thank you for your subscription

×