Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kim Dotcom's Mega Fileshare Service Riddled With Security Holes

Posted by timothy on from the all-a-mpaa-front-anyhow dept.

twoheadedboy writes "Kim Dotcom launched his new project Mega on Sunday, claiming it was to be 'the privacy company.' But it might not be so private after all, as security professionals have ripped it to shreds. There are numerous problems with how encryption is handled, an XSS flaw and users can't change their passwords, they say. But there are suspicions Mega is handing out encryption keys to users and touting strong security to cover its own back. After all, if Kim Dotcom and Co don't know what goes on the site, they might not be liable for copyright prosecutions, as they were for Megaupload, Mega's preprocessor." On this front, reader mask.of.sanity points out a tool in development called MegaCracker that could reveal passwords as users sign up for the site.

14 of 151 comments (clear)

  1. Alert by Anonymous Coward · · Score: 5, Funny

    Clearly he is helping the FBI set up a honeypot in exchange for his freedom.

  2. Isn't Some of this Stuff Sort of Nitpicking? by eldavojohn · · Score: 5, Interesting

    The SSL encryption being used on Mega appears to be 1024-bit encryption, which can be broken with far greater ease than 2048-bit encryption viewed as best-practice amongst experts.

    Isn't this kind of nitpicking? Isn't the solution to this like changing a value in your configuration or properties files on both sides and watching performance drop a bit? I guess when you have that many users sign up at the drop of a hat, you're expected to have unblemished perfection available for all. But I don't really see this "riddled with security holes." Instead I'd say "needs improvement before you trust it with anything important." As a software developer, I'm prone to give people a break but I guess if your site isn't prepared to be hosted at DEFCON you're fodder.

    I mean, some of these points are valid like I have no idea why you would choose to do this in JavaScript but I guess if you want it to run entirely contained within the browser you don't have much choice unless you start to get into platform specific things like nacl.

    Sort of offtopic but why are we following this so closely? I mean, I understand he's challenging world governments by doing this again but do we have to watch every little step and misstep of Kim Dotcom? He's starting to rub me the wrong way as a sort of attention whore. The longer his fifteen minutes of fame last the bigger embarrassment he's going to have in the 24 hour news cycle's circle of hate. Ugh, and his name is something straight out of Idiocracy ... did he try to change his first name to "The Bomb" but was blocked by the TSA? :-)

    --
    My work here is dung.
    1. Re:Isn't Some of this Stuff Sort of Nitpicking? by DerekLyons · · Score: 5, Insightful

      Sort of offtopic but why are we following this so closely?

      Because *everyone* loves a good reality show or celebrity meltdown. We all love to live vicariously, but different people chose different targets.
       
      Thus, the Slashdot Demographic follows Dotcom, McAfee, etc... the way the rest of the world follows the Kardashian's, or Paris Hilton, or Lance Armstrong, or whatever their personal flavor of the month is.

    2. Re:Isn't Some of this Stuff Sort of Nitpicking? by Terrasque · · Score: 4, Informative

      You haven't read their own FAQ I take it?

      They're actually upfront about threats to the user's security.

      Is my stored data absolutely secure?

      All security is relative. The following attack vectors exist - they are not specific to MEGA, but we want you to know about the risks:
      Individual accounts are jeopardized by:
      - Spyware on your computer. A simple keylogger is enough, but session credentials and keys could also be extracted from memory or the filesystem.
      - Shoulder surfing. Do not type your password while someone could watch your keystrokes.
      - Password brute-forcing. Use strong passwords.
      - Phishing. Always confirm the security status of your connection (https://) and the correct domain name (mega.co.nz) before entering your password.

      Large-scale attacks could be mounted through:
      - A "man in the middle" attack. Requires issuing a valid duplicate SSL certificate in combination with DNS forging and/or attacks on our BGP routes (a DigiNotar-style scenario).
      - Gaining access to the webservers hosting https://mega.co.nz/index.html and replacing that file with a forged version (this would not affect access through the installed app base). Note that manipulating content on our distributed static content CDN does not pose a security risk, as all active content loaded from index.html is subject to verification with a cryptographic hash (think of it as some kind of "secure boot" for websites). This type of attack requires sending malicious code to the client and is therefore detectable.
      - Gaining access to our core server infrastructure and creating forged key requests on existing shares. This type of attack only affects data in shared folders and is detectable on the client side as well.

      What if I don't trust you? Is it still safe for me to use MEGA?

      If you don't trust us, you cannot run any code provided by us, so opening our site in your browser and entering your password is off limits. If you still want to use MEGA, you have to do so through a client app that was written by someone you trust.

      Doesn't that look pretty reasonable? What more do you want them to do? They created a pretty impressive webclient-driven easy-to-use file locker system, and they clearly spell out the problems with that approach.

      Many of the article's points are pretty moot, btw. It does not use JS random function, they have extra verification for the 1024 bit SSL encrypted data, and the deduplication only works for shared files ("copy to my locker" functionality is mentioned - same data, same key, same place on the storage servers).

      The part about mega.co.nz being able to send malicious code stealing your password is explicitly mentioned in their FAQ, and in a better way too. They even cover other attack vectors the article didn't.

      They made a decent system, and they're upfront and honest about it's limitations. The article is at best FUD.

      --
      It's The Golden Rule: "He who has the gold makes the rules."
  3. A grain of salt by aaaaaaargh! · · Score: 4, Insightful

    While it seems likely that Mega's encryption is not exactly the creme de la creme of crypto implementations, I have also read some pretty dubious assessments of its cryptography, for example the review at Ars Technica which spreads more FUD than facts. Or take the claim in one of the above articles claims that the FBI is probably already typing their search warrants, which ignores the fact that this time not a single server is located within the US.

    Perhaps some writers on tech news sites fear about their ad revenues?

  4. preprocessor?? by 1u3hr · · Score: 5, Insightful
    "... Megaupload, Mega's preprocessor."

    I expect this means "predecessor". The editors are actually paid in money to click "submit" without reading or understanding the articles?

    1. Re:preprocessor?? by coldsalmon · · Score: 4, Funny

      They're using Megaupload as a preprocessor? Clever - that way there's no copyright infringement at compile time.

  5. All about deniability by Melakh · · Score: 5, Insightful

    Who cares if you can intercept the private encryption key (not often you get to say that) - seriously, noone with a brain is going to be uploading sensitive data to Mega and expecting them to take care of it. There are no multinationals sitting in the wings waiting to outsource storage of their customer's credit card numbers to Mega. This is just supposed to be Megaupload minus the ability for the recording industry to demand all copies of the same file get deleted and minus the ability for the FBI to be able to ask Mega a question and get an answer about what's stored.

  6. Re:Meh by GameboyRMH · · Score: 4, Informative

    http://www.i2p2.de/bittorrent.html

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  7. Re:Security hole 1, Kim Dotcom by sunderland56 · · Score: 5, Informative

    You can encypher your data before uploading on *any* site. At that point they are all equally secure. Kim's claim was that Mega was more secure by design.

    However, the claim is completely broken. Mega is using a public/private key pair - generated by the web site - and so their servers actually *do* know both your keys, and *can* decrypt your data. So, basically, it is no more secure than dropbox.

  8. Re:Security hole 1, Kim Dotcom by sunderland56 · · Score: 4, Insightful

    But that's the point. If they can in theory, then the site is not secure.

    If they can in theory, then they can be forced to do so by a court order. Capture your password the next time you log in, decrypt your keys, then decrypt your files. If the courts can compel Mega to deliver unencrypted files as evidence, then the site is useless.

  9. No one really gets it by JWW · · Score: 4, Insightful

    The security does not have to be good. The purpose of Mega is to disable the RIAA and MPAA's abilities to see what is shared.

    It doesn't matter how bad the encryption is. If the MPAA or RIAA break the encryption on Mega's files they are violating the DMCA plain and simple.

    Mega is using the RIAA and MPAA's weapons against them.

  10. Re:Kim Dotcom by Sloppy · · Score: 4, Insightful

    I was shocked to learn how much money this guy made the first time around...I suppose he hasn't learned his lesson.

    Did the person who wrote the second half of that sentence, ever read the first part? Because the first part of your sentence says exactly what the lesson was, and Dotcom trying again is evidence that he did learn it.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  11. False alarm by davidwr · · Score: 4, Insightful

    It's frequently wrong to assume malice when getting sloppy in a rush to deliver explains everything.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.