- Joined
- Aug 14, 2014
https://arstechnica.com/information...s-remain-open-to-major-crypto-flaw-from-1998/
TLDR: "A surprisingly big number of top-name websites—Facebook and PayPal among them—recently tested positive for a critical, 19-year-old vulnerability that allowed attackers to decrypt encrypted data and sign communications using the sites' secret encryption key... Exploits typically require an attacker to make tens of thousands of connections to a vulnerable site. The requirement puts ROBOT well below the severity of Heartbleed, the critical 2014 vulnerability in OpenSSL that could be exploited in a matter of seconds. Still, ROBOT is serious enough that it deserves immediate attention."
TLDR: "A surprisingly big number of top-name websites—Facebook and PayPal among them—recently tested positive for a critical, 19-year-old vulnerability that allowed attackers to decrypt encrypted data and sign communications using the sites' secret encryption key... Exploits typically require an attacker to make tens of thousands of connections to a vulnerable site. The requirement puts ROBOT well below the severity of Heartbleed, the critical 2014 vulnerability in OpenSSL that could be exploited in a matter of seconds. Still, ROBOT is serious enough that it deserves immediate attention."