Full Disclosure mailing list archives
Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS)
From: Shreyas Zare <shreyas () secfence com>
Date: Tue, 12 Oct 2010 23:14:59 +0530
On Tue, Oct 12, 2010 at 12:02 AM, Andriy Tereshchenko <tag () 24 odessa ua>wrote:
Hi, I suspect that real reason for this app is intelligence on data about bank clients from Facebook database. To be used during debt collection or while making loan decisions. App has no Privacy Policy defined, but request permissions to access Facebook profile, friends list and other info. ;-) Person who has "invented" this app Alexander Vityaz has posted on his wall (on 1 October) link to article on how many data-mining employees LinkedIn has and that they do. Seems like he is willing to replicate same effort for banking purpose. References: 1. Alexander Vityaz Facebook Wall http://www.facebook.com/profile.php?id=544590214&v=wall&ref=ts 2. Article about Dip Nashar - CEO of LinkedIn (in russian) http://www.forbes.ru/karera/rynok-truda/57722-zaprogrammirovat-kareru -- TAG
Interesting. Providing the same level of security to financial details and FarmVille is really bad idea. Many banks are providing two factor authentication, different password for transactions etc to provide better security but, in this case things have gone backwards. Shreyas Zare Sr. Information Security Researcher Secfence Technologies www.secfence.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Andriy Tereshchenko (Oct 11)
- Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Shreyas Zare (Oct 11)
- Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Andriy Tereshchenko (Oct 11)
- Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Andriy Tereshchenko (Oct 11)
- Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Shreyas Zare (Oct 12)
- Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS) Shreyas Zare (Oct 11)