Doubt Cast On The Security Of Kim Dotcom's Mega Service
Posted 22 January 2013 - 11:51 AM
But ya, I don't see why you shouldn't trust him with your files..
Posted 22 January 2013 - 12:00 PM
A main problem I see right now, one that perhaps can be fixed, is that Mega has weak password security. In your confirmation email when you sign up, the hyperlink includes a hash of your password. So they have a hash of your password on file. And they've made a poor choice of hashing algorithm. There's already a program out there for recovering the password from the hash, and it's fast.
So Mega themselves, or anybody who seizes their servers, or anybody who compels Mega to hand over the raw data that they have on you, or anybody who gets hold of your confirmation email, any of these people can gain access to your data relatively easily.
Posted 22 January 2013 - 02:10 PM
Computer Crimes!!!!!!!! AHHHHHHH
Posted 22 January 2013 - 02:21 PM
Every one of my online business accounts, including my major banking accounts, uses SSL connections.
This appears to be one person's effort to seize an opportunity to point out the security flaws of SSL combined with another person's agenda to hurt Mega.
Posted 22 January 2013 - 03:53 PM
I'm hoping that some additional client (front end) options will come out for it, maybe some options for advanced users to tweak up the encryption strength a bit, but the stock web interface is pretty cool already.
These Mega people are definitely pretty brazen to be doing all of this - authorities saying don't do it, security experts saying you're doing it wrong, etc. But now that it's working it's looking pretty cool. Just don't trust anything to it that you wouldn't normally trust to a cloud provider or put behind basic password security.
Posted 22 January 2013 - 05:02 PM
And while they are beating up DotCom, maybe their credit card number is being stolen from their fancy six million levels of protection cloud sever ......
I guess they must be jealous of Dotcom's clearly affluent and extravagant lifestyle - and that he is in the news - and not them.
Posted 23 January 2013 - 08:43 AM
Am I the only one who does a little Internet searching before writing? A quick googling of wikipedia and kim.com will verify what I've said.
I'm just saying that people should think well beyond SSL encryption strength and about the implications of trusting a guy who makes his money by outfoxing laws and disregarding ethics. A year from now, we'll have some sad hipster blogger out here crying about how all the pictures of his baby are lost because Mega changed directions, didn't give a rat's azz about his files and left him in the cold. Would you honestly be stunned if that happened?