• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

Raevenlord

News Editor
Staff member
Joined
Aug 12, 2016
Messages
1,890 (2.66/day)
Likes
1,537
Location
Portugal
System Name The Ryzening
Processor Ryzen 7 1700 @ 3.7 GHz
Motherboard MSI X370 Gaming Pro Carbon
Cooling Arctic Cooling Liquid Freezer 120
Memory 16 GB G.Skill Trident Z F4-3200 (2x 8 GB)
Video Card(s) TPU's Awesome MSI GTX 1070 Gaming X
Storage Boot: Crucial MX100 128GB; Gaming: Crucial MX 300 525GB; Storage: Samsung 1TB HDD, Toshiba 2TB HDD
Display(s) LG 29UM68P (21:9 2560x1080 FreeSync Ultrawide)
Case NOX Hummer MC Black
Audio Device(s) ASUS Xonar DX
Power Supply Seasonic M12II Evo 620W 80+
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
#1
Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.

The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm.





"We were able to identify eight vendors and open-source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998," the researchers wrote in their research paper. "The most notable fact about this is how little effort it took us to do so. We can therefore conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities." Affected products include some made by F5, Citrix, and Cisco.

"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers wrote in a blog post. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack."
 
Joined
Aug 20, 2007
Messages
9,173 (2.30/day)
Likes
8,248
System Name Pioneer
Processor Intel i7 8700k @ 4.8 GHz All-Core + Uncore & AVX Offset @ 0
Motherboard ASRock Z370 Taichi
Cooling Noctua NH-U14S + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) NVIDIA Titan XP Star Wars Collectors Edition (Galactic Empire)
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FSExt/TS: FSExt 14625:https://www.3dmark.com/fs/15253894 TS 10496:https://www.3dmark.com/spy/3557134
#2
The thing I have learned from all these security breach news releases?

You aparently can't be a hacker without a hoodie.
 
Joined
Jul 5, 2013
Messages
2,503 (1.36/day)
Likes
1,364
Location
USA
#4
The thing I have learned from all these security breach news releases?
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
 
Joined
Aug 20, 2007
Messages
9,173 (2.30/day)
Likes
8,248
System Name Pioneer
Processor Intel i7 8700k @ 4.8 GHz All-Core + Uncore & AVX Offset @ 0
Motherboard ASRock Z370 Taichi
Cooling Noctua NH-U14S + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) NVIDIA Titan XP Star Wars Collectors Edition (Galactic Empire)
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FSExt/TS: FSExt 14625:https://www.3dmark.com/fs/15253894 TS 10496:https://www.3dmark.com/spy/3557134
#5
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
Nature of complicated interconnected systems. Comes with the territory.
 
Joined
Nov 4, 2005
Messages
10,047 (2.16/day)
Likes
2,416
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#6
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.
 
Joined
Sep 11, 2015
Messages
369 (0.35/day)
Likes
95
#7
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
 
Joined
Jul 5, 2013
Messages
2,503 (1.36/day)
Likes
1,364
Location
USA
#8
It's a great tool, but very poorly implemented from the beginning.
Completely disagree. The internet has always been and will likely forever be an ever evolving construct of information technology. When it was created, it was put together with the best that technology of the time had to offer.
 
Joined
Aug 20, 2007
Messages
9,173 (2.30/day)
Likes
8,248
System Name Pioneer
Processor Intel i7 8700k @ 4.8 GHz All-Core + Uncore & AVX Offset @ 0
Motherboard ASRock Z370 Taichi
Cooling Noctua NH-U14S + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) NVIDIA Titan XP Star Wars Collectors Edition (Galactic Empire)
Storage HGST UltraStar 7K6000 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) BenQ BL3200PT (a 1440p VA Panel with decent latency)
Case Thermaltake Core X31
Audio Device(s) Onboard Toslink to Schiit Modi Multibit to Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply Seasonic PRIME 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Keycaps, Blue legends
Software Windows 10 Enterprise (From former workplace, yay no telemetry)
Benchmark Scores FSExt/TS: FSExt 14625:https://www.3dmark.com/fs/15253894 TS 10496:https://www.3dmark.com/spy/3557134
#9
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.
It's really much more complicated than that.
 
Joined
Dec 30, 2010
Messages
470 (0.17/day)
Likes
166
#10
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
This. Nobody would knew that back in the time, IPV4 would run out of blocks looking at the amount of devices currently 'hooked' up to the internet. Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.

Nobody would know back in the time, that the date of '2000' and not 1999, would cause problems into certain DOS applications which had problems with storing '00' as last 2 digits showing the year.

Nobody would knew, that intel was having hardware that had build in flaws that exist for more then 20 years and never is found untill recent. I think the world is going so fast these days that due to production, costs and mangement, crucial parts of hard and software are being skipped on.

People want things faster and if they cant get it they head to competition as well. It's no secret that all intel hardware is rejected by country's such as russia considering the bugs / backdoors built into the CPU. For example, IMEI which cant really be shutdown but yet be exploited.

The idea is great but the experience is that not many teams really focus on getting a genuine, solid & safe product. Look at Ipone's. It takes a company from Israel to hack the device for the FBI. I mean apple has done a great job securing their phone's that millions need to be paid in order to crack the security on these phone's. That's how a decent product should be.

As talking about flaws. I remember in the past i bought alot of HDD's from ebay, figuring out i could restore the complete history of what people did with those drives with a simple, low level undelete tool. Not many people actually realise that dragging something into the recycle bin will actually delete the contents from harddrive. Or that a format is not sufficient enough to completely wipe the data. When i sold old parts such as my own HDD's i pretty much made sure that they where overwritten for at least 12 times minimum, just to prevent what i did on my own by someone else.

Napster. Great program. Simular as many other forks and programs to share stuff with everyone on the internet. Yet with one flaw. The complete C drive among many people was being shared. So it was a piece of cake to search for 'inbox.dbx' and basicly download everyone's stupid IMAP / POP3 folder from outlook express. Oh man i had some fun years with experimenting on the internet. In the past there where alot of triple x websites which had their security 'flawed' in such a matter that i was able to 'write' my own user and hashed password into a .htaccess file which was'nt properly secured and gained access to normally, websites from which should be payed for in the first place with credit card.

From my experience, the world and technology is moving so fast that even i cant keep up. I really dislike Windows 10 for switching to a service model with bullshit telemetry and privacy invading techniques. Yes MS is capable of identifying a person just based on the details it is harvesting. MS can push an update to a particular user which grants NSA or some shit access. Skype has a backdoor for the NSA and proberly other intelligence services and so are many other digital forms of communications. You are not safe on the internet. Privacy does not exist and company's are going more further and further to completely sell all your details.

I've wrecked the telemetry that's build into W7 and made sure it's not communicating again to the outside world. When support ends for W7, i am switching over to Linux and start focussing more and more on privacy.
 
Joined
Sep 15, 2011
Messages
4,671 (1.87/day)
Likes
1,183
Processor Intel Core i7 3770k @ 4.3GHz
Motherboard Asus P8Z77-V LK
Memory 16GB(2x8) DDR3@2133MHz 1.5v Patriot
Video Card(s) MSI GeForce GTX 1080 GAMING X 8G
Storage 59.63GB Samsung SSD 830 + 465.76 GB Samsung SSD 840 EVO + 2TB Hitachi + 300GB Velociraptor HDD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Anker
Software Win 10 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
#11
Funny, as Mr. Robot TV Show also got inspiration from this. Amazed to see that in 2018 still kicks and run :roll::roll::roll::roll:
 
Joined
Jul 5, 2013
Messages
2,503 (1.36/day)
Likes
1,364
Location
USA
#12
Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
 
Last edited:

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
22,102 (6.19/day)
Likes
11,164
Location
IA, USA
System Name BY-2015
Processor Intel Core i7-6700K (4 x 4.00 GHz) w/ HT and Turbo on
Motherboard MSI Z170A GAMING M7
Cooling Scythe Kotetsu
Memory 2 x Kingston HyperX DDR4-2133 8 GiB
Video Card(s) PowerColor PCS+ 390 8 GiB DVI + HDMI
Storage Crucial MX300 275 GB, Seagate 6 TB 7200 RPM
Display(s) Samsung SyncMaster T240 24" LCD (1920x1200 HDMI) + Samsung SyncMaster 906BW 19" LCD (1440x900 DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay
Audio Device(s) Realtek Onboard, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse SteelSeries Sensei RAW
Keyboard Tesoro Excalibur
Software Windows 10 Pro 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
#14
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.


As to this news/OP, the NSA probably shed another tear.

Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
 
Last edited:
Joined
Oct 17, 2017
Messages
22 (0.08/day)
Likes
15
#15
Joined
Jul 5, 2013
Messages
2,503 (1.36/day)
Likes
1,364
Location
USA
#16
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.
Who says it has to be limited to 32bits? Really, who has ever said that? 40, 48, 56 and 64bits would all work just fine and are mathematically & effectively backwards compatible. Any time someone says "that's the only way" it makes me sad. No it isn't. What was suggested above was done on a chalkboard in a high school classroom 26 years ago as a thought experiment. It would work with the right minds behind it. But that's the problem. The powers that be thought the current mess was a better idea than simply expanding what works already.
Basic mathematical principles state that no number is too big. Take any number you can think of and add 1. So applying that principle to byte math, take 4bytes and add 1byte. You get 5bytes, or 40bits. Keep adding until you reach a bit/byte number that is sufficient to the needs of the task. We have generally gone by powers of two because it makes some things easier, but there is nothing actually limiting us from using other schemes. Example, there have been 3bit, 5bit, 6bit, 7bit, 9bit and 12bit CPU's. It's why we have so many color palette sizes for graphic display array's. 1, 2, 4, 8, 10, 12, 14, 15, 16, 20, 24 and 32bit color palettes and so on. The same is true for storage. Microsoft Server 2003 is a 32bit OS and yet it can address up to 64GB of RAM. How do they do this? 36bit memory address space applied via PAE. That math, used in network transmission protocols, is identical in practice. Need more address space? Add a few bits or a byte, or set of bytes, to the scheme. We don't have to rewrite the whole system to accommodate more address space. The only action needed is the application of basic math; Addition. K.I.S.S.
Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
Now this is a very good point!
 
Last edited:
Top