Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Privat24 (Facebook version) bypass of static password for accounts of PrivatBank (Ukraine, Russia and CIS)
From: Shreyas Zare <shreyas () secfence com>
Date: Tue, 12 Oct 2010 23:14:59 +0530

On Tue, Oct 12, 2010 at 12:02 AM, Andriy Tereshchenko <tag () 24 odessa ua>wrote:


I suspect that real reason for this app is intelligence on data about
bank clients from Facebook database.
To be used during debt collection or while making loan decisions.

App has no Privacy Policy defined, but request permissions to access
Facebook profile, friends list and other info. ;-)

Person who has "invented" this app Alexander Vityaz  has posted on his
wall (on 1 October) link to article on how many data-mining employees
LinkedIn has and that they do.  Seems like he is willing to replicate
same effort for banking purpose.

1. Alexander Vityaz  Facebook Wall

2. Article about Dip Nashar - CEO of LinkedIn (in russian)


Interesting. Providing the same level of security to financial details and
FarmVille is really bad idea. Many banks are providing two factor
authentication, different password for transactions etc to provide better
security but, in this case things have gone backwards.

Shreyas Zare

Sr. Information Security Researcher
Secfence Technologies
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]