![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Carbon Black's Cb Defense Software may be sending your companies private information to third parties. In a blog post today, DirectDefense, a security consultancy claims Carbon Black's Cb Response protection software would, once installed for a customer, spew sensitive data to third parties. This included customers' AWS, Azure and Google Compute private keys, internal usernames and passwords, proprietary internal applications, and two-factor authentication secrets.
Carbon Black has since replies in a blog post of their own claiming DirectDefence has it's facts wrong. Them sending private dats to third parties isn't a bug - it's a feature. Michael Viscuso, cofounder of Carbon Black stated "This is an optional feature, turned off by default, to allow customers to share information with external sources for additional ability to detect threats."
So very sensitive data from passwords to cloud keys being transmitted offsite to a 3rd part where it can be intercepted is a "feature." That is an interesting defense to say the least.
When a new file appears on a protected endpoint, a cryptographic hash is calculated. This hash is then used to look the file up in Carbon Black’s cloud. If Carbon Black has a score for this file, it gives the existing score, but if no entry exists, it requests an upload of the file. Since Carbon Black doesn’t know if this previously unseen file is good or bad, it then sends the file to a secondary cloud-based multiscanner for scoring. This means that all new files are uploaded to Carbon Black at least once.
Carbon Black has since replies in a blog post of their own claiming DirectDefence has it's facts wrong. Them sending private dats to third parties isn't a bug - it's a feature. Michael Viscuso, cofounder of Carbon Black stated "This is an optional feature, turned off by default, to allow customers to share information with external sources for additional ability to detect threats."
So very sensitive data from passwords to cloud keys being transmitted offsite to a 3rd part where it can be intercepted is a "feature." That is an interesting defense to say the least.
When a new file appears on a protected endpoint, a cryptographic hash is calculated. This hash is then used to look the file up in Carbon Black’s cloud. If Carbon Black has a score for this file, it gives the existing score, but if no entry exists, it requests an upload of the file. Since Carbon Black doesn’t know if this previously unseen file is good or bad, it then sends the file to a secondary cloud-based multiscanner for scoring. This means that all new files are uploaded to Carbon Black at least once.
