Security hole in Facebook’s secure file transfer platform
As a brand Facebook is up there with the biggest of them, with over a billion users each month according to company reports . This makes them a big target for the cybercrime community. As a countermeasure their ‘Bug Bounty Program’ encourages friendly hackers to report vulnerabilities in their systems and it was one such researcher that noted the security hole in their Accellion private cloud deployment.
Writing on his blog on this Monday, Nir Goldshalger announced that he had previously uncovered a hole affecting Accellion Secure File Transfer appliance that would allow an attacker to gain control of a users account with little more than their email address account.
A closer look at the date on the video at the bottom of his blog article (19th March 2012) and when the problem was patched (patch 9_1_166 released on 20th March 2012) would suggest that Nir did in fact identify this vulnerability, meaning that Facebook Bug Bounty Program is a worthwhile exercise. It also demonstrates that Accellion took the issue seriously, quickly and efficiently addressing the problem when it came to light.
Software is rarely ever without flaws but all vendors do their best to ensure products don’t reach the market with problems and when they do, responding quickly is the key to maintaining brand integrity. This also goes to highlight how important it is for customers to update the software patches released by vendors in a timely manner. Nir was likely paid for his research and held off releasing this information for nine months, whilst I expect Accellion made a concerted effort to ensure all customers were running the latest versions of software. It will no doubt have a small negative impact on Accellion’s brand image but on the plus side, it appears to show that Accellion handled the matter in a professional manner.
Ad Hoc file transfer is one of the largest segments of the managed file transfer industry and we’re pleased to be working with some of the industries leading brands. With solutions from Biscom, Ipswitch, Globalscape and more, we at Pro2col are able to help you choose the right product to fit your feature requirement and budget limitations. To speak to an ad hoc file transfer consultant call Pro2col today on 0333 123 1240.