Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software Developer Says Mega Master Keys Are Retrievable

Posted by timothy on from the any-mega-users-out-there-who-care-to-try? dept.

hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users' master key. Koziarski went on to claim that Mega has the ability to grab its users' keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a user's master key, but also gives away a user's RSA private key exponent. 'MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing,' reads an explanation about the bookmarklet on its official page."

1 of 136 comments (clear)

  1. Re:Who trusts Mega anyway by Barefoot+Monkey · · Score: 5, Interesting

    All those other companies gave no illusion of being secure.

    Neither did Mega. They explain these very risks and others right in the FAQ and since they launched have using alternatives that do not involve trusting them. Providing a interface is a significant convenience, but you can't trust anything truly secret to a script someone else can remotely replace on a whim.