• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.35/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.

The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm.





"We were able to identify eight vendors and open-source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998," the researchers wrote in their research paper. "The most notable fact about this is how little effort it took us to do so. We can therefore conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities." Affected products include some made by F5, Citrix, and Cisco.

"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers wrote in a blog post. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack."

View at TechPowerUp Main Site
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The thing I have learned from all these security breach news releases?

You aparently can't be a hacker without a hoodie.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,105 (1.31/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
The thing I have learned from all these security breach news releases?

You aparently can't be a hacker without a hoodie.

Just like you cannot be a Hooker without a Rugby Ball :)
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
The thing I have learned from all these security breach news releases?
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.

Nature of complicated interconnected systems. Comes with the territory.
 
Joined
Nov 4, 2005
Messages
11,654 (1.73/day)
System Name Compy 386
Processor 7800X3D
Motherboard Asus
Cooling Air for now.....
Memory 64 GB DDR5 6400Mhz
Video Card(s) 7900XTX 310 Merc
Storage Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s) 56" Samsung 4K HDR
Audio Device(s) ATI HDMI
Mouse Logitech MX518
Keyboard Razer
Software A lot.
Benchmark Scores Its fast. Enough.
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.
 
Joined
Sep 11, 2015
Messages
624 (0.20/day)
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
It's a great tool, but very poorly implemented from the beginning.
Completely disagree. The internet has always been and will likely forever be an ever evolving construct of information technology. When it was created, it was put together with the best that technology of the time had to offer.
 
Joined
Aug 20, 2007
Messages
20,709 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.

It's really much more complicated than that.
 
Joined
Dec 30, 2010
Messages
2,082 (0.43/day)
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.

This. Nobody would knew that back in the time, IPV4 would run out of blocks looking at the amount of devices currently 'hooked' up to the internet. Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.

Nobody would know back in the time, that the date of '2000' and not 1999, would cause problems into certain DOS applications which had problems with storing '00' as last 2 digits showing the year.

Nobody would knew, that intel was having hardware that had build in flaws that exist for more then 20 years and never is found untill recent. I think the world is going so fast these days that due to production, costs and mangement, crucial parts of hard and software are being skipped on.

People want things faster and if they cant get it they head to competition as well. It's no secret that all intel hardware is rejected by country's such as russia considering the bugs / backdoors built into the CPU. For example, IMEI which cant really be shutdown but yet be exploited.

The idea is great but the experience is that not many teams really focus on getting a genuine, solid & safe product. Look at Ipone's. It takes a company from Israel to hack the device for the FBI. I mean apple has done a great job securing their phone's that millions need to be paid in order to crack the security on these phone's. That's how a decent product should be.

As talking about flaws. I remember in the past i bought alot of HDD's from ebay, figuring out i could restore the complete history of what people did with those drives with a simple, low level undelete tool. Not many people actually realise that dragging something into the recycle bin will actually delete the contents from harddrive. Or that a format is not sufficient enough to completely wipe the data. When i sold old parts such as my own HDD's i pretty much made sure that they where overwritten for at least 12 times minimum, just to prevent what i did on my own by someone else.

Napster. Great program. Simular as many other forks and programs to share stuff with everyone on the internet. Yet with one flaw. The complete C drive among many people was being shared. So it was a piece of cake to search for 'inbox.dbx' and basicly download everyone's stupid IMAP / POP3 folder from outlook express. Oh man i had some fun years with experimenting on the internet. In the past there where alot of triple x websites which had their security 'flawed' in such a matter that i was able to 'write' my own user and hashed password into a .htaccess file which was'nt properly secured and gained access to normally, websites from which should be payed for in the first place with credit card.

From my experience, the world and technology is moving so fast that even i cant keep up. I really dislike Windows 10 for switching to a service model with bullshit telemetry and privacy invading techniques. Yes MS is capable of identifying a person just based on the details it is harvesting. MS can push an update to a particular user which grants NSA or some shit access. Skype has a backdoor for the NSA and proberly other intelligence services and so are many other digital forms of communications. You are not safe on the internet. Privacy does not exist and company's are going more further and further to completely sell all your details.

I've wrecked the telemetry that's build into W7 and made sure it's not communicating again to the outside world. When support ends for W7, i am switching over to Linux and start focussing more and more on privacy.
 
Joined
Sep 15, 2011
Messages
6,457 (1.41/day)
Processor Intel® Core™ i7-13700K
Motherboard Gigabyte Z790 Aorus Elite AX
Cooling Noctua NH-D15
Memory 32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s) ZOTAC GAMING GeForce RTX 3080 AMP Holo
Storage 2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Logitech Hero G502 SE
Software Windows 11 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
Funny, as Mr. Robot TV Show also got inspiration from this. Amazed to see that in 2018 still kicks and run :roll::roll::roll::roll:
 
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
 
Last edited:

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.65/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.


As to this news/OP, the NSA probably shed another tear.

Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
 
Last edited:

GenericAMDFan

New Member
Joined
Oct 17, 2017
Messages
23 (0.01/day)
Joined
Jul 5, 2013
Messages
25,559 (6.52/day)
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.
Who says it has to be limited to 32bits? Really, who has ever said that? 40, 48, 56 and 64bits would all work just fine and are mathematically & effectively backwards compatible. Any time someone says "that's the only way" it makes me sad. No it isn't. What was suggested above was done on a chalkboard in a high school classroom 26 years ago as a thought experiment. It would work with the right minds behind it. But that's the problem. The powers that be thought the current mess was a better idea than simply expanding what works already.
Basic mathematical principles state that no number is too big. Take any number you can think of and add 1. So applying that principle to byte math, take 4bytes and add 1byte. You get 5bytes, or 40bits. Keep adding until you reach a bit/byte number that is sufficient to the needs of the task. We have generally gone by powers of two because it makes some things easier, but there is nothing actually limiting us from using other schemes. Example, there have been 3bit, 5bit, 6bit, 7bit, 9bit and 12bit CPU's. It's why we have so many color palette sizes for graphic display array's. 1, 2, 4, 8, 10, 12, 14, 15, 16, 20, 24 and 32bit color palettes and so on. The same is true for storage. Microsoft Server 2003 is a 32bit OS and yet it can address up to 64GB of RAM. How do they do this? 36bit memory address space applied via PAE. That math, used in network transmission protocols, is identical in practice. Need more address space? Add a few bits or a byte, or set of bytes, to the scheme. We don't have to rewrite the whole system to accommodate more address space. The only action needed is the application of basic math; Addition. K.I.S.S.
Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
Now this is a very good point!
 
Last edited:
Top