Security firms are, understandably, quite sensitive about claims that their products are insecure, so accusations of this sort tend to cause a kerfuffle. On Wednesday, security consultancy DirectDefense published a blog post1 claiming endpoint security vendor Carbon Black’s Cb Response protection software would, once installed for a customer, spew sensitive data to third parties . This included customers’ AWS, Azure and Google Compute private keys, internal usernames and passwords, proprietary internal applications, and two-factor authentication secrets, allegedly. Jim Broome, president of DirectDefense, said the problem stems from the way Cb Response patrols corporate file systems, and transmits data out to third-party malware scanners to check whether files are legit or infected with nasties . If the Cb Response installation doesn’t recognize a document or executable, it can punt it out to multiple scanners to see if they have come across the binaries before, and if they’re safe or need quarantining.
“This means that files uploaded by Cb Response customers first go to Carbon Black (or their local Carbon Black server instance), but then are immediately forwarded to a cloud-based multiscanner, where they are dutifully spread to anyone that wants them and is willing to pay,” he explained.
“Welcome to the world’s largest pay-for-play data exfiltration botnet.”
Broome said that his team had discovered this flow of data while working for a client last year, and have since found multiple organizations using the Cb Response system . He said his team went public with its findings to warn people without informing the vendor and put out a press release2 to highlight the supposed danger. However, Carbon Black has fired back with a blog post of its own, claiming DirectDefense got its facts wrong . It’s not a bug causing the data emissions it’s a feature.
Bug ? Feature?
“This is an optional feature, turned off by default, to allow customers to share information with external sources for additional ability to detect threats,” said3 Michael Viscuso, cofounder of Carbon Black.
“In Cb Response, there is an optional, customer-controlled configuration (disabled by default) that allows the uploading of binaries (executables) to VirusTotal for additional threat analysis .
This option can be enabled by a customer, on a per-sensor group basis . When enabled, executable files will be uploaded to VirusTotal, a public repository and scanning service owned by Google.”
He pointed out that even with the information sharing feature turned on, users can customize exactly what data is sent out of the network . There’s also a popup warning page telling admins that they are sending data outside the company network. He also notes that DirectDefense could have contacted them about this before creating a big fuss about it, and Carbon Black would have explained the issue. A spokeswoman for DirectDefense told The Register that they didn’t tip off Carbon Black about the issue because it didn’t consider the data transmission a vulnerability, instead describing Cb Response as suffering “a function of how the tool is architected” in the original blog.
“However, the recommendations or messaging from Carbon Black’s professional services team during the course of installing the product is to turn this feature on to help accelerate the analysis of the file scans.”
So DirectDefense decided to “educate users” about the issue, albeit in somewhat alarmist terms .
Education or PR stunt that backfired you decide.
The boss of a Canterbury security firm has condemned light court sentences handed down to drunks and thugs. Oli Nonis, who runs Akon Security in St Dunstan s, has twice this year watched as his staff have reacted to serious incidents in the city centre, only to see the perpetrators walk free from court with suspended prison sentences. In one, a student pulled a knife on doormen in Whitehorse Lane after he was ejected from a nightspot, while in the other a female bouncer suffered a broken hip after she was kicked by a drunken student in Guildhall Street.
Oli Nonis of Akon Security
Mr Nonis, 37, said: Our guys do the job they re supposed to do and then all we hope is that justice takes its course.
But it leaves a bitter taste in the mouth when people walk free from court . Our guys who put themselves into dangerous situations are not getting justice.
And it doesn t matter what the authorities say, the number of serious incidents and the number of people carrying knives is escalating. In January, Canterbury Christ Church University student Gideon Wallace pulled a knife on doormen1 after he was thrown out of the Cuban for vomiting at the bar.
Door staff disarmed him, bundled him to the ground and detained him until police arrived. The 19-year-old received a six-month suspended prison sentence for possessing a knife and threatening behaviour. The following month, 24-year-old Cuban bouncer Linda Dubsky s hip was shattered when she was hit by a flying kick as she tried to break up a fight 2across the road in Guildhall Street.
Linda Dubsky suffered a broken hip after student Ali Ketbi flying kicked her at the Cuban
Student Ali Ketbi, 20, admitted grievous bodily harm and received an 18-month suspended sentence. Mr Nonis said: The reason these things are happening more and more is because the deterrent doesn t exist to prevent them.
You won t stop the hardened criminals from carrying knives, but if the deterrent for all crime was more powerful then perhaps you would stop the kids the Gideon Wallaces of this world from going out armed with a knife.
“It s worrying and I ve got a lot of my guys now coming to me saying that they want stab-proof vests, which aren t cheap. Police insist that knife crime is not worse in Canterbury than other places and that the city remains a safe place to live, work and socialise .
We are actively looking to recruit a Full Time Security Gate House Officer working a 4 on, 4 off, days / nights shift pattern paid at 8.00 per hour. Premier Foods or the Ambrosia Creamery, Lifton Devon PL16 0BB is where the role is based. We offer a good hourly pay rate, a fixed schedule with an average of 40 hours per week , pension, full training and uniform.
The position is working day and night shifts working to man a busy Gatehouse 247 undertaking Security, reception, customer service and administration functions. This would be an immediate start subject to vetting for the right candidate – MUST HAVE SIA License, own transport and fully vettable 5 year history as well as legal right to work in the UK. Please submit a full CV in the first instance covering the last five years work history, by email, to arrange a local interview.
Job Type: Full-time
Salary: 8.00 /hour
- Lifton PL16