Earlier this week, a report citing “terabytes of leaked content” was released by cybersecurity firm DirectDefense. In this report, the firm lambasted Carbon Black (a well-respected endpoint security provider) for purportedly making vast amounts of user data publicly visible on an automated basis. Using language like “Welcome to the world’s largest pay-for-play data exfiltration botnet,” DirectDefense claims that all Carbon Black customers are at risk of massive data breaches.
The story quickly reached the media — as is typically the case when the words “terabytes of data” are thrown around — and spread through infosec circles rapidly. There was only one issue, however:
Every single file contained in the “leak” was uploaded due to an optional, off-by-default setting enabled by the “victim” users.
If you’re well-versed in concepts like base64-encoding, code obfuscation, and malware detection, you’re free to skip down to the good part (literally the section title “The Good Part”). The short version is: You can perform searches for plaintext strings encoded in base64. I’m personally very excited about this.
For the less-experienced, or the more avid readers of the previous category, please read on.