Mega Defends Its Security Practices

Dangerous_Minds writes "Recently, Slashdot posted about how cloud storage company Mega was 'riddled' with security holes. Freezenet points out that Mega has issued a response to some of these criticisms including one which criticized its use of SSL. Mega responded saying that if you could break SSL, you could break things much more interesting than Mega."

January 23th

[Balthisar]

January 23th is the date of the press release. Just... I guess that's minor compared to alleged encryption issues.

Re:January 23th

[wcrowe]

I don't thee that there'th anything wrong with it. It lookth jutht fine to me.

That is an ignorant response.

[jellomizer]

Assuming your security is good, because bigger people use it and they didn't run in a problem yet, doesn't mean your security is good. Also SSL is fine, however it isn't the end all be all in security. You just don't make it HTTPS and assume you are all good. Who actually reads data packets anyways nowadays?
I mean any basic network now uses switch over hubs now, So traffic is routed more cleanly to the host system with less spots for you packet sniff. Simple rookie mistakes like having your password stored in your session, where if someone has access to your PC can read you memory/cache/paging file/browser history can find it, or the DB UID for your user account is just as bad, or just a back door for your "Administrator" to gain more access.

Most developers don't really think in terms of security. That is the problem. SSL helps a little but but it isn't the end all bee all.

Re:That is an ignorant response.

[aaaaaaargh!]

Mega's response is quite reasonable and not ignorant at all. They adequately address all the incorrect claims and FUD that has been spread about their security, and do so in a timely manner.

Your response, however, makes less sense. You say: "SSL is fine, however it isn't the end all be all [sic!] in security" Who claimed so? Certainly not Mega. They are a file storage service, not Fort Knox! (The rest of your post has nothing to do with Mega's security, so we can skip that.)

Re:That is an ignorant response.

[DJ+Jones]

If an individual could break SSL, yes, they would be going after your bank accounts not your hentai porn collection. But you have to keep in mind who the enemy is here and mega's enemy is the government. The government who basically runs the ISPs and could middle-man SSL very easily these days. In this case, the enemy is more interested in your data than your bank accounts and so the flaws in SSL are relevant and an alternate solution is probably not a bad idea.

At least until you buy drugs

Re:That is an ignorant response.

[Havokmon]

The biggest part of security is risk.

Mega needs to balance risk with usability and cost. Once you get beyond a certain point, every additional security layer will either cost more than it will benefit, or increase complexity so much as it make it unfeasible to use for their average user.

Maybe I've read too many KimDotCom tweets, but the referenced articles seem like government astroturfing just trying to keep customers from using the Mega site. If you want your data THAT secure, just freaking host it yourself with your own locks in place behind double biometric VPNs or whatever and shut the hell up. Jeeesus.
They're selling a product, not a theoretical 100% secure system that will never exist.

Re:That is an ignorant response.

[LordLimecat]

I mean any basic network now uses switch over hubs now, So traffic is routed more cleanly to the host system with less spots for you packet sniff

Well, except for ARP poisoning, mirror ports, and in-line sniffers, sure.

Who actually reads data packets anyways nowadays?

You might be suprised. What do you suppose DPI is? You might be interested to know that even low-end firewalls like SonicWalls have a module for MITM-ing SSL on a network where you control cert installation. And rogue WiFi APs arent exactly rare.

And as for "who", I might start with "China, a lot of middle-eastern countries, and probably a couple of US 3 letter orgs under certain circumstances". This stuff isnt hypothetical.

I generally agree with your point-- that you cant just slap SSL on it and call it secure-- but you would be suprised how common packet inspection is.

Re:That is an ignorant response.

"sic" is short for sic erat scriptum which is Latin for "thus was it written".

You don't change what someone wrote and then say [sic]. You write what they originally wrote and say [sic]. You didn't even just change "bee" to "be" either, you paraphrased his entire sentence and then put it in quotes FFS. When being pedantic, try to get these things right.

Re:That is an ignorant response.

[aaaaaaargh!]

What kind of weed do you smoke? I quoted him literally and used [sic] to point out a typo.

Re:That is an ignorant response.

[kill-1]

The problem is their SSL keys are 1024 bit, which is trivial to break if you have $168 million.

Then guess how many bits the RSA key of the google.com certificate has.

Re:That is an ignorant response.

[TechyImmigrant]

If you mean the private keys, I can assure you that they don't.
There are at least two root CA private keys that I was involved in instantiating that the US government does not have.

Re:That is an ignorant response.

[almitydave]

Offtopic, but your post reminds me that I really hope Kim Dotcom registers one of those new name TLDs for his last name. Maybe he could host a mirror of /., at "slashdot.dotcom". Then we'd never be able to tell people what the URL of this site is!

Re:That is an ignorant response.

[skitchen8]

The flaws aren't really relevant. Anyone using this to store data that needs to be secure just isn't thinking clearly. From my understanding the encryption has little to nothing to do with protecting user data, and everything to do with the company "having no way of knowing" what is contained on their server when it comes to DMCA requests/etc. I don't believe it ever really was advertised as anything other than a way for Kim to cover his own ass.

Keep using the old method?

[cseg]

Encrypt it locally, upload it to the site for storage-only. Maybe use their whatever-it's-an-option encryption as added layer and call it a day. Isn't that how people do with other services like DropBox, anyways?

Re:Keep using the old method?

[Tom]

If you do it this way, then why would you use Mega over any of the other cloud-storage options on the market? The ones with more experience and infrastructure?

Re:Keep using the old method?

[PPH]

That's why Mega generates a RSA key for you when you make an account

I'll encrypt my stuff with my own key, thanks. If Mega wants to encrypt the encryption, that's their problem. But I won't be trusting their (or anyone else's) provided keys for my security.

Re:Keep using the old method?

[Dekker3D]

50 gigs, for one-... like the AC said. AND this thing seems like a sort of personal payback from Dotcom towards the copyright mafiaa. It's not reckless enough to go down easily, but it does seem heavily motivated by that. Which means providing a good service is aligned with his interests.. where every alternative focuses on squeezing the most money out of people.

His personal agenda seems to be counteracting the default business mindset enough to make it worthwhile. I'm intrigued :D

Re:Keep using the old method?

[Tom]

where every alternative focuses on squeezing the most money out of people.

Uh... I don't think Kimble paid for his mansion, cars and other luxuries with good will and motivation. If you think this is motivated by revenge, not money, you need to visit the real world more often.

The biggest security hole

[bfandreas]

The biggest security hole is the company itsself.
They have complied in the past and they will so again.
http://www.wired.com/threatlevel/2012/11/megaupload-investigation-roots/

Kim Schmitz himself(aka Kim Dotcom, aka Kim Jim Tim Vestor, aka kimble...I kid you not) caved in under pressure from the Feds and ratted out on the German hacker/cracker/warez/phreaker scene. In a double twist of irony he cooperated with Günter Freiherr von Gravenreuth who in turn was a bit of a jackal.
The self-styled His Royal Highness King Kimble the First, Ruler of the Kimpire was convicted of embezzlement. Which hardly is a hacktivist crime. More of a sleazebag move.
I wouldn't argue that the Kiwi raid on him wasn't all kinds of wrong. But that doesn't make him trustworthy either. For a cause célèbre I would honestly look elsewhere.
This guy has shady written all over himself and I'd be careful about trusting him. Especially when entrusting him with evidence for things that carry a hefty penalty(justified or no).

Re:The biggest security hole

[aaaaaaargh!]

Trust is a relative measure. I would trust Mega with storing personal copies of my favorite TV show, so I can e.g. access them on my tablet elsewhere. I wouldn't trust Mega with all my banking details, trade secrets, or highly sensitive government secrets, and would dare to say Mega has not been invented for that purpose...

Re:The biggest security hole

[tlhIngan]

Trust is a relative measure. I would trust Mega with storing personal copies of my favorite TV show, so I can e.g. access them on my tablet elsewhere. I wouldn't trust Mega with all my banking details, trade secrets, or highly sensitive government secrets, and would dare to say Mega has not been invented for that purpose...

Hell, I'm sure a lot of Mega's security design wasn't really to keep users data safe, but to protect Mega. Let's say Mega is raided and their servers are all confiscated. If Mega doesn't have access to the user's keys, they can claim they don't know what users are storing because to Mega, it's just encrypted garbage that Mega has no way of decrypting.

So even if ordered to say remove all known pirated content, Mega can say they complied if given a list of files to take down, but they can't go and scan their repositories since they can't tell - even the filenames are encrypted.

Re:/. to review their grammar practises!

[j00r0m4nc3r]

You are an editor of an internationally renowned news aggregation service.

You mean Fark?

Minimal effort

[gmuslera]

There are easier approachs. And if well that approach could work now even for government agencies, the user side is also open to intrusion (like Red October) and of course, is in Mega side to do things right too. All of that before even trying to break SSL.

levels of trust

[fermion]

Mega seems to be trying to exploit either the misunderstanding or the ambiguity of trust and security. In Liars and Outliers Bruce Schneier discuss how we depend on a basic level of trust to efficiently live our life, but we still have levels of trust. So while we may well trust Mega to hold pictures of cat, do we trust Mega enough to store our bank accounts or business records? Some will.

Now they are saying if you don't trust their implementation of SLL, then you can't trust anything on the web. That is stilly It is like saying if you are just as well off banking with a stranger standing on the corner as a well FDIC insured bank.

I was pretty up on this new venture until all of these clearly misleading statements began to appear.

Re:levels of trust

[Tom]

I was pretty up on this new venture until all of these clearly misleading statements began to appear.

Indeed, for a self-labelled Robin Hood, it's all just so much standard corporate PR damage-control talk.

However, it is a lot more clueful than the first statements. At least this time they had someone who understood the basics of crypto look over it.

IPv6less

[arttulaine]

New global and high visibility service, without IPv6 service. The future is apparently briefly visiting the elsewhere.

JavaScript local file access APIs

[tepples]

From my iPhone when I click on the issued a response link, all I get is a page saying a dedicated app is coming soon. I view that as another failure on Mega's side.

Mega uses JavaScript local file access APIs to read and encrypt user-selected files before uploading them. Historically, Safari for iOS has been severely lacking in JavaScript local file access APIs. So if Apple doesn't give web application developers the proper tools to read and encrypt user-selected files, how should that be regarded as a "failure on Mega's side" rather than Apple's?

Its not about confidentiality.

[jzilla]

The encryption is there for mega to maintain plausable deniabity about copyright infringement. If you want to keep something private don't upload it to mega. The question is not whether the encyrption scheme is sound, but whether it is reasonable in court to expect a company to break encryption (and most likely laws) to ferret out copyright violations.

This rebuttal is clear, concise and correct

[Omnifarious]

Or, without actually delving into their Javascript to verify their claims myself it's correct.

I still don't like the idea of them holding the key, even encrypted. It does set it up so if a government wants to figure out what files I have, they have to get Mega to capture my key after my password decrypts it, but that's not so hard.

But that sort of thing is still significantly better than most cloud storage services.

The problem is Mega seems to be doing de-dupe

[sl4shd0rk]

From the Mega TOS*:
"8. Our service may automatically delete a piece of data you upload or give someone else access to where it determines that that data is an exact duplicate of original data already on our service. In that case, you will access that original data."

That seems to point to deduplication -- if things were actually encrypted and the keys unknown to Mega, dedupe would be impossible.

[*] - http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/

Re:The problem is Mega seems to be doing de-dupe

[jkflying]

Dedupe is only implemented on a same-file-same-key basis. So if *you* upload the same file twice it will be deduped, but it won't share the data backend with anybody else.

Just as expected

[Terrasque]

This is similar to what I've said earlier (eerily similar, in fact..).

The issues the original article raise are either false or silly, and just glancing at the JS code could tell you that.

However, there are some other potential issues with the code I noticed, and at least one of them have proven to be a problem.

I look forward to knowledgeable people looking through the site and report what they find, and hopefully Mega fixing the problems found. Right now I trust them slightly more than for example Dropbox, for no other reason that they need a bit of effort to get your data (and probably in a way you can notice / avoid if you're vigilant), instead of it happening by accident. Also, their whole legal and business defense rides on them not being (trivially) able to do that, so it's in their own best interest to keep things working properly.

Re:/. to review their grammar practises!

[Dekker3D]

"Security practises": you've got some folks, referred to as "security", practising.
"Security practices": you've got a practice, and another practice, and together they make practices.

Makes a lot of sense, though my fingers still reach for the s key instead of c in both cases. Whoops.

Re:/. to review their grammar practises!

[nitehawk214]

Go learn

Go and learn.

Actually, just go.

Why would anyone ever upload anything...

[John+Hasler]

...sensitive to the "cloud" without encrypting it first?

I'd like to see an encrypted remote file system (or at least a backup system) that transparently uses several of these free "cloud" sevices. I'm not going to write it, though.

Never take security advice from a guy who can't re

[SmallFurryCreature]

Never take security advice from a guy who can't read. The static content web servers use 1024 bit keys, the encryption servers 2048. So you can spend a small fortune decrypting the content on static content web servers. Wheee!