Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]
The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.
Continue reading Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable→