- ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced
A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. The attack called as ROBOT (Return of Bleichenbacher’s Oracle Attack). According to the researcher, the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers. Leveraging an adaptive chosen-ciphertext attack which occurred due to error messages by SSL servers for errors in the PKCS #1 1.5 padding, Bleichenbacher attack allows attackers to determine whether a decrypted message is correctly padded. This information eventually helps attackers decrypt RSA ciphertexts without recovering the server’s private key, completely breaking the confidentiality of TLS when used with RSA encryption. According to the researchers, some of the most popular websites on the Internet, including Facebook and Paypal, are affected by the vulnerability. The researchers found “vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa.”
Cyber Security Tips: Most of the companies have already released patches, administrators are strongly recommended that apply patches as soon as possible. The researchers have also released a python tool to scan for vulnerable hosts. You can also check your HTTPS server against ROBOT attack on their website (https://robotattack.org/).
- Bitfinex cryptocurrency exchange hit by massive DDoS attacks
Bitfinex, known as one of the world largest cryptocurrency exchange was forced to shut down its ongoing operations after suffering a series of non-stop distributed denial of service (DDoS) attacks on Tuesday, December 12th. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. In Bitfinex case, this is the second attack in just one week. On December 4th, the company suffered significant attacks on its server that carried on for days and stopped on December 7th. The company said that a DDoS attack does not result in theft user funds.
Cyber Security Tips: To prevent from DDOS attacks keep your network secure with security devices such as firewall, Intrusion detection, and prevention system, rate limit your router to prevent your Web server being overwhelmed, add filters to tell your router to drop packets from obvious sources of attack, drop spoofed or malformed packages.