Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Old Crypto Vulnerability Hits Major Tech Firms (securityweek.com) 32

wiredmikey writes: A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world's top websites. The attack/exploit method against a Transport Layer Security (TLS) vulnerability now has a name, a logo and a website. It has been dubbed ROBOT (Return Of Bleichenbacher's Oracle Threat) and, as the name suggests, it's related to an attack method discovered by Daniel Bleichenbacher back in 1998. ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. While proof-of-concept (PoC) code will only be made available after affected organizations have had a chance to patch their systems, the researchers have published some additional details. Researchers have made available an online tool that can be used to test public HTTPS servers. An analysis showed that at least 27 of the top 100 Alexa websites, including Facebook and PayPal, were affected.

Comment Re:Hard to find the truth (Score 2) 132

why was the US diplomatic/CIA annex attacked?

Because they were US buildings that the radicals could target easily.

Who attacked them?

Ansar al-Sharia

What was the attackers' relationship with the US prior to the attack?

Hostile.

Who did Ambassador Stevens meet with just prior to the attack?

A Turkish diplomat

Why was this group not attacked?

Turkey is an ally of the US, Ansar al-Sharia was attacked.

Slashdot Top Deals

Don't hit the keys so hard, it hurts.

Working...