Forgot your password?
typodupeerror
Piracy Privacy Security IT

Kim Dotcom's Mega Fileshare Service Riddled With Security Holes 151

Posted by timothy
from the all-a-mpaa-front-anyhow dept.
twoheadedboy writes "Kim Dotcom launched his new project Mega on Sunday, claiming it was to be 'the privacy company.' But it might not be so private after all, as security professionals have ripped it to shreds. There are numerous problems with how encryption is handled, an XSS flaw and users can't change their passwords, they say. But there are suspicions Mega is handing out encryption keys to users and touting strong security to cover its own back. After all, if Kim Dotcom and Co don't know what goes on the site, they might not be liable for copyright prosecutions, as they were for Megaupload, Mega's preprocessor." On this front, reader mask.of.sanity points out a tool in development called MegaCracker that could reveal passwords as users sign up for the site.
This discussion has been archived. No new comments can be posted.

Kim Dotcom's Mega Fileshare Service Riddled With Security Holes

Comments Filter:
  • by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Tuesday January 22, 2013 @10:03AM (#42656235) Journal

    The SSL encryption being used on Mega appears to be 1024-bit encryption, which can be broken with far greater ease than 2048-bit encryption viewed as best-practice amongst experts.

    Isn't this kind of nitpicking? Isn't the solution to this like changing a value in your configuration or properties files on both sides and watching performance drop a bit? I guess when you have that many users sign up at the drop of a hat, you're expected to have unblemished perfection available for all. But I don't really see this "riddled with security holes." Instead I'd say "needs improvement before you trust it with anything important." As a software developer, I'm prone to give people a break but I guess if your site isn't prepared to be hosted at DEFCON you're fodder.

    I mean, some of these points are valid like I have no idea why you would choose to do this in JavaScript but I guess if you want it to run entirely contained within the browser you don't have much choice unless you start to get into platform specific things like nacl.

    Sort of offtopic but why are we following this so closely? I mean, I understand he's challenging world governments by doing this again but do we have to watch every little step and misstep of Kim Dotcom? He's starting to rub me the wrong way as a sort of attention whore. The longer his fifteen minutes of fame last the bigger embarrassment he's going to have in the 24 hour news cycle's circle of hate. Ugh, and his name is something straight out of Idiocracy ... did he try to change his first name to "The Bomb" but was blocked by the TSA? :-)

  • Re:Bullshit (Score:2, Interesting)

    by Anonymous Coward on Tuesday January 22, 2013 @10:18AM (#42656351)

    This is waht it looks like. The same thing has never been said about rapidshare, uploaded, bitshare, dropbox or sugarsync, and Mega hasn't realy been out yet, has already about a million registered users, and it already is the target of a disinformation campaign that no other service has been subjected to date.

    It does smell fishy and it looks like Kim DotCom does scare some people.

  • Kim Dotcom (Score:1, Interesting)

    by SexToyDR (2821565) on Tuesday January 22, 2013 @10:32AM (#42656449) Homepage
    I was shocked to learn how much money this guy made the first time around...I suppose he hasn't learned his lesson. I agree with eldavojohn, though; who cares about this guy?

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Working...