Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kim Dotcom's Mega Fileshare Service Riddled With Security Holes

Posted by timothy on from the all-a-mpaa-front-anyhow dept.

twoheadedboy writes "Kim Dotcom launched his new project Mega on Sunday, claiming it was to be 'the privacy company.' But it might not be so private after all, as security professionals have ripped it to shreds. There are numerous problems with how encryption is handled, an XSS flaw and users can't change their passwords, they say. But there are suspicions Mega is handing out encryption keys to users and touting strong security to cover its own back. After all, if Kim Dotcom and Co don't know what goes on the site, they might not be liable for copyright prosecutions, as they were for Megaupload, Mega's preprocessor." On this front, reader mask.of.sanity points out a tool in development called MegaCracker that could reveal passwords as users sign up for the site.

1 of 151 comments (clear)

  1. Re:Security hole 1, Kim Dotcom by sunderland56 · · Score: 5, Informative

    You can encypher your data before uploading on *any* site. At that point they are all equally secure. Kim's claim was that Mega was more secure by design.

    However, the claim is completely broken. Mega is using a public/private key pair - generated by the web site - and so their servers actually *do* know both your keys, and *can* decrypt your data. So, basically, it is no more secure than dropbox.