New MEGA service for sharing (former Megaupload)

Discussion in 'privacy technology' started by dogbite, Jan 20, 2013.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    I surely wouldn't upload anything important to me to the cloud. Probably the main users of the service will be, as usual, pirates that want their, well, anonymity and need to host their files. As Bodhitree said, encryption is there probably so that he (Kim) can have one more legal weapon in a future court.

    For the rest, as with all cloud storage, you never know who can access the server, whether the server will be always reachable, whether the HDD will have catastrophic failure and in Kim's case, whether there will be a police raid to his servers, confiscating everything.

    Here you can get a 32GB Pen Drive for something like 18 euros, that's usually enough for most people who want to easily carry with them some data to put them in another device. Costs less than paying Kim every month, you can encrypt the content, put it in your pocket and go.
     
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    Re: Kim Dotcom’s new file locker “Mega” opens to the public

    Agreed. Mega is likely to cater to the same clientele.
    With more than sufficient and much more trustworthy Skydrive, Dropbox and Googledrive, I have no use for it. >95% of my data is local, cloud storage is much more for online collaboration for me.
    Signed up anyway, if only for testing.
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Megabad: A quick look at the state of Mega’s encryption

    http://arstechnica.com/security/2013/01/cracking-tool-milks-weakness-to-reveal-some-mega-passwords/

    "Yet another security researcher is poking holes in the security of Mega, this time by pointing out that the confirmation messages e-mailed to new users can in many cases be cracked to reveal their password and take over their Mega accounts.

    Steve "Sc00bz" Thomas, the researcher who uncovered the weakness, has released a program called MegaCracker that can extract passwords from the link contained in confirmation e-mails. Mega e-mails a link to all new users and requires that they click on it before they can use the cloud-based storage system, which boasts a long roster of encryption and security protections. Security professionals have long considered it taboo to send passwords in either plaintext or as cryptographic hashes in e-mails because of the ease attackers have in intercepting unencrypted messages sent over Internet."



    I figured this was going to start happening. There are probably an ungodly amount of security issues with this service. Not that it's going to last long anyway. I give it a year or two at best before it gets nailed and the government/s make damn sure they have their ducks in a row for the next raid.
     
  4. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    Re: Megabad: A quick look at the state of Mega’s encryption

    As I understand it, the idea is that everything in Mega's cloud is encrypted, even from Mega, while in the cloud so users have privacy and Mega has plausible deniability. Don't ask, don't tell type of thing. I like the idea and hope they work out in kinks in the implementation.
     
  5. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Megabad: A quick look at the state of Mega’s encryption

    The whole thing is set up not to really protect users, but to protect Dotcom and his team. Even if it weren't, the security issues coming out are reason enough not to trust in it, at least not yet. Right here in this article: http://www.techhive.com/article/2025920/doubt-cast-on-the-security-of-kim-dotcoms-mega-service.html, it was admitted that the chief programmer Bram van der Kolk and CTO Mathias Ortmann are "Javascript newbies" and that caused a now fixed (we hope) security issue. They have no real interest in being MegaUpload v2, they just want to stick it to "The Man" in retaliation for taking their first operation away.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Re: Megabad: A quick look at the state of Mega’s encryption

    There's hundreds of millions of dollars in being "MegaUpload v2" - I assure you that they care far more about that than sticking it to anyone. Posing as rebels is a great way to garner attention though.
     
  7. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Megabad: A quick look at the state of Mega’s encryption


    They'll never be "MegaUpload v2" though. This isn't going to work, it'll be gone in a year or two tops. I admit his plan is fairly sound, but so far his security sucks plus he still has to contend with hosting companies who, depending on the country, may or may not want their doors knocked down (and we know the U.S has little trouble when it comes to jurisdictional issues) or may not be trustworthy themselves. File problems are going to come up again too and users are going to be left out in the cold. This service will be a hotspot for illegal stuff but that will be it. Nobody in their right mind is going to trust a man who has a gigantic bulls-eye on him with their important (and legitimate) files. All it'll take is Dotcom being whisked away, the site getting locked up by LEA or getting abandoned for whatever reason, and it's all over. Hell, he could be gone at anytime, along with the others who were charged. The U.S isn't just going to say "Well, we tried" and move on. If they even were able to get New Zealand in on taking him down, you can believe it won't take a lot of strong words or begging to get him on a plane to the U.S.

    The idea may be better and, hey, who will complain about 50 free gigs?...But, there are way too many things that can go wrong here, and it's already started with the security holes.
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Re: Megabad: A quick look at the state of Mega’s encryption

    From what I've seen on the site itself, and the history of the team most measures are angled in my opinion to protect the Mega team more so than the end user. Regardless there are several write ups that for me as a security practitioner hold weight in terms of the security implementation issues with their current architecture.

    A good write up/proof of concept here

     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: Megabad: A quick look at the state of Mega’s encryption

    Nice article, Encrypted.
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Kim Dotcom/MegaUpload interview

    Kim Dotcom wants to encrypt half of the Internet to end government surveillance (FULL RT INTERVIEW)

     
  11. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Good for them. TrueCrypt had some issues early on...everything does. If they fix it (like Windows does every Tuesday, LOL), you can't ask for much more. The free PenTesting/Quality Control is a bonus! :D

    PD
     
  12. guest

    guest Guest

    Re: Megabad: A quick look at the state of Mega’s encryption

    Thanks Nostradamus, btw the security doesn't suck what sucks is that you don't understand it.
    https://mega.co.nz/#blog_3
    https://mega.co.nz/#blog_2
     
  13. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Screenshots of Mega for those who are curious....

    2013-01-29_152909.png
    2013-01-29_152942.png
    2013-01-29_153100.png
    2013-01-29_154214.png
     
    Last edited: Jan 29, 2013
  14. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    I signed up. 50 GB of free cloud storage space is worth it imo.

    Is there a GoogleDrive type desktop app for MEGA (MegaDrive or MegaBox)?
     
  15. guest

    guest Guest

    Not yet but it will be soon, take a look to the blog
     
  16. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.