bypassing cloud providers data validation is a general problem for a while 😺

[gsmachado]

Hey all 👋

It's great to see this repo! Awesome!

I detected this problem in 2013 (10 years now! 😮), when I authored the paper:
"Bypassing Cloud Providers' Data Validation to Store Arbitrary Data"

Available at:

• https://dl.ifip.org/db/conf/im/im2013/MachadoHWS13.pdf
• https://arxiv.org/abs/1404.2637

The paper showed several techniques on how to bypass the "file validation engine" of several cloud providers (like Google, Twitter, etc) to store files (i.e., arbitrary data). The different techniques included files encoded within images, videos, audio (mp3), videos with QR code, etc., and uploaded to several Cloud providers. An actual evaluation was done back then. 😅

It's incredible to see that this "problem" STILL exists at scale and, as I expect, will remain for many many years to come. 😄 At that time I tried to contact some providers trying to help to detect this kind of stuff but, obviously, no answers.

I'm happy to a) discuss this further; and b) re-evaluate several cloud providers nowadays; if anyone is interested. ✌️

[gsmachado]

BTW, if anyone is interested to read more about it: I even implemented a peer-to-peer overlay network "exploiting" the weak data validation of several cloud providers in the past... check it out: https://ieeexplore.ieee.org/document/6838281

I have my code backed up in my old hard drives... just need to find it. 😅

well... drop me a line on Discord or Twitter. 🍀

[kokorin]

Storing data in video is very inefficient because of video encoding and the need to bypass compression. The same is true for audio.
But it looks like subtitles are much more suitable for that, Base64 increases size by 1/3, so it's minimal theoretical overhead.

[kovalensky]

Did some anime girl write this issue?

[gsmachado]

Did some anime girl write this issue?

Yes. And it worked: got your attention.