Kim Dotcom's Mega Fileshare Service Riddled With Security Holes 151
twoheadedboy writes "Kim Dotcom launched his new project Mega on Sunday, claiming it was to be 'the privacy company.' But it might not be so private after all, as security professionals have ripped it to shreds. There are numerous problems with how encryption is handled, an XSS flaw and users can't change their passwords, they say. But there are suspicions Mega is handing out encryption keys to users and touting strong security to cover its own back. After all, if Kim Dotcom and Co don't know what goes on the site, they might not be liable for copyright prosecutions, as they were for Megaupload, Mega's preprocessor." On this front, reader mask.of.sanity points out a tool in development called MegaCracker that could reveal passwords as users sign up for the site.
Alert (Score:5, Funny)
Re:preprocessor?? (Score:5, Funny)
They're using Megaupload as a preprocessor? Clever - that way there's no copyright infringement at compile time.
Re:Isn't Some of this Stuff Sort of Nitpicking? (Score:2, Funny)
For the longest time I thought Kim Dotcom was a woman. I mused that perhaps she is an ex-pornstar? So I wasn't surprised or bothered by the blatant attention whoring. Then I saw his picture and... I remain deeply troubled.
Password overuse (Score:2, Funny)
There is a global shortage of passwords as we have reached peak passwords. It is time to find alternative ways to secure our security.