Huge Security Flaw

I don´t think someone noticed this but using this app on Facebook can actually lead to your systems being attacked and compromised.


Lets analyze how attackers get access to a corporate network today. First they know they need to penetrate the external perimeters, they know the firewalls and systems so they need to use someone weak in the whole chain. Someone that has access from inside, some IT guy or probably someone else which is not so internet geek. The attackers like most attacks today research someone using social networks, get data, details and then sends them an email with some attachment, from a spoofed email account, the person opens the PDF and he is infected by some custom code Trojan. From here they get access to another network system and from there jump to the disabling the firewall.


Why I do I point this because the first thing they are going to do is research you on Facebook and this apps advertised everywhere you are using BitDefender.


I like to use this, but why in the world would I advertise in Facebook which security suite I have installed? So the attacker that researchs me knows now "ok, he uses BitDefender, so I just need to code a custom backdoor which is not detected by Bitdefender" this vs not knowing exactly what you are using.


Does this make sense? Attackers not only know exactly what security software you are using but actually this is advertising everyone that us uing BitDefender. This is probably true for all Facebook Antivirus apps, but never the less the same reason why I don´t use this.


In terms of security there is no need to marketing which product you are using. Bitdefender needs the extra eye views, but that is not making their own customers any more safer, and in the end that is exactly why they are paying them.

Comments

  • Hello nibb,


    Thank you for your post.


    Facebook has its own security policy which we have to agree with when we release an application for their social networking service. Also, after logging into Safego you can manage who can see posts made by this app on your Facebook timeline. For specific details please read:


    http://www.bitdefender.com/media/html/face...afego/eula.html


    Moreover, we understand the value of private information and we are committed to protecting such information at any time in our relationship with Bitdefender customers throughout the world. We trust that our software will block any attack performed against the security of your computer.


    Thank you! :)