Software Developer Says Mega Master Keys Are Retrievable

hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users' master key. Koziarski went on to claim that Mega has the ability to grab its users' keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a user's master key, but also gives away a user's RSA private key exponent. 'MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing,' reads an explanation about the bookmarklet on its official page."

of course they are retrievable

[Noishe]

Once you enter your password into a website, the website can do anything that you can do.... Duh

Yes, mega doesn't have your key stored on their servers.
Yes, at any point while you're logged in they can change this fact, or they can just log your password, or whatever.

Doesn't matter what the website is, you have to trust it to use it.

How is this news?

What's the big deal?

[schneidafunk]

I don't get it, why is this a big deal? This just displays your local storage in your web browser.

what's odd about this? Your key is local

[YesIAmAScript]

That's how you want it to be. It's zero-knowledge from MEGA's point of view. You generate your own key, keep it and use it to decrypt and encrypt stuff.

So of course if someone gets access to your computer they can get your key, it was on your computer all the time, by design.

His assertion that MEGA can get your key is what is a bit more surprising. But if you read it, he's simply saying it's conceptually possible that MEGA could use a script on their site to grab your key and send it to them. This is of course possible, but we have no way to know whether they've done it. If the javascript can access your key to encrypt/decrypt stuff, then it is also possible it can squirrel it away somewhere.

Re:what's odd about this? Your key is local

[bluefoxlucid]

The issue is that it's 'conceptually possible' for Ubuntu to ship a package in the base system that uploads your keys to Canonical's servers. I can give you a script that you run on RHEL and it'll show decrypted ssh, ssl, and gpg keys (if you've entered the password). I can put a package on your system and show that RHAT could put a modified gpg that logs all your shit and passwords and everything to their server. And so on.

This isn't a vulnerability. It's like saying it's conceptually possible for a thief to steal your car after you've put the key in the ignition.

Summary

[LordLimecat]

Unless Im misreading it, this can be summarized as follows:
  * Coder has discovered that, in order to encrypt data, your computer must have access to the encryption key
  * Further, if someone has root access to your machine, they can get your encryption key.

Wow. What a discovery.

MEGA and anyone else with access to your computer can see this, and use it to decrypt any file you upload.

Wait, someone with access to my computer has access to things that my computer has access to? WOW!

Re:JavaScript not secure?

[gl4ss]

yeah something you run on your browser.. ..that gives you access to the files.. CAN GIVE YOU ACCESS TO THE FILES.

wow what a shock! because in this case, MEGA can alter the js so that they get the keys. how this is is news I don't really get. it's just common sense.

the real question is, are there 3rd party mega clients that are not javascript or subject to changing without notice..

Re:Who trusts Mega anyway

[denmarkw00t]

Does anyone actually trust his stuff?

For sensitive material? Of course not. But, I have used Mega a number of times for legit downloads (Android ROMs, Linux, various open-source projects). Let's not forget that MegaUpload was used for non-nefarious purposes, although people who store sensitive data unencrypted on someone else's service are always taking a risk.

Re:Who trusts Mega anyway

[aaaaaaargh!]

the guy is a self-aggrandizing scam artist and charlatan

However, if he wore a suit with tie and had not only fullfilled DMCA requests (which he always did) but also had proactively given away his customers data to any US authority and private copyright holders like the RIAA without any real legal basis and had additionally given money to the two leading US parties, he'd be considered quite a decent fellow in the US now. In other words, while he never did anything else than Google and thousands of other companies, including US ones today, he hasn't shown "the right attitude" and that is the main and real reason why he is being persecuted now. He doesn't act the way you are expected to act as a rich entrepreneur with a serious business. Such misbehavior is usually sanctioned. They even wondered whether they could turn an inflatable tank he had in his garden into some kind of evil plot, but didn't manage to find the right legal angle to it...

Regarding trust ... well, at least New Zealand law cannot force you to install backdoors and lie to everyone about it, but of course you cannot trust any closed source company with data security. Encrypt on your own before storing something on Mega and you're fine.

Re:Who trusts Mega anyway

[glassware]

I read this as "Sega Master System Keys Are Retrievable." I was sadly disappointed.

Re:Who trusts Mega anyway

[Tom]

he hasn't shown "the right attitude" and that is the main and real reason why he is being persecuted now.

If you aren't a paid shill, you should change that. Your misleading and faulty argument surely qualifies, and you'd have to be an idiot to think that a multi-millionaire scam artist in the public spotlight would not have hired a PR agency to improve his online image.

Kimble is a career criminal, simple as that. He was prosecuted and even convicted before, and by several other governments. That distinct sound you're hearing is the shattered pieces of your argument falling apart.

If you are a large-scale career criminal, there are two paths you can go.

One, you can fly under the radar, like the people in the famous train robberies and serial bank breaks that many of us have heard about but almost nobody can name even one of the actual people involved.

Two, you can scale it up so much that it becomes quasi-legal by sheer scale and being-part-of-the-system, like the financial industry, the corporate corruption or the various pet-sectors of the various countries that are untouchable (Spain had a huge real estate scandal - nobody was ever convicted. Germany even has a name for the network of corporations, banks and government entities so closely connected that they all protect each other: Deutschland AG. In Greece, the shipping industry was holy for decades. In the US it is probably the military industry, and so on).

Kimble was arrogant and self-obsessed enough to think he could reach the same place simply by having an overblown ego and being audacious.

Re:Who trusts Mega anyway

[Barefoot+Monkey]

All those other companies gave no illusion of being secure.

Neither did Mega. They explain these very risks and others right in the FAQ and since they launched have using alternatives that do not involve trusting them. Providing a interface is a significant convenience, but you can't trust anything truly secret to a script someone else can remotely replace on a whim.