Rotund Mega baron Dotcom offers bounty for breaking his crypto
Can you burst the bulging cloud locker for €10,000?
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Kim Dotcom is offering a prize of € 10,000 ($13,600) for anyone who can break the cryptography of Mega, his recently launched cloud-based storage site.
Mega's launch last month was meet by criticism from multiple security researchers. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password only known to the punter. The failure to use a good source of random number generation in coming up with user passwords, the lack of account recovery options - or even the ability to change passwords - as well as the possibility of cracking the cryptographic hashes using dictionary-based attacks all became targets of criticism. The strength of the SSL certificate used on one of the main Mega servers also became an issue.
In response, Mega published a blog post designed to reassure users that all was well. It has since introduced the ability to change passwords and a password reset capability.
All this has failed to placate some critics, who argue that Mega's unconventional cryptography system was more suited to providing it with plausible deniability over the use of the site to share pirated content than an effective means of safeguarding user privacy.
The fat controller himself responded to this ongoing criticism on Friday by making good on an earlier promise to offer a bounty to anyone who breaks the site cryptography.
"#Mega's open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today," Dotcom said in a Twitter update.
Further details are yet to appear on Mega's blog. Prizes for hacking into things are all good clean fun but don't actually prove a system is secure, of course. It just shows nobody has found a bug as yet, or they've found something but don't want to go public on the discovery or that they're holding out for a bigger prize.
In other Mega news, the file locker service has begun blocking third-party search engines from indexing publicly available files shared by Mega users. One such third-party service, Mega-Search.em, turned Mega into a source of pirated content. ®
COMMENTS
Re: Hrm
.. which is why I suspect the reward will not be claimed *publicly*. He'll be told once he has some good revenue coming in, because then it's worth a LOT more.
If you want to play with fire, you best assume you'll end up burned..
Not likely
It's not likely that anyone would want the obese one's booty for anything.
Re: Mega Hurts
Not really. Either the files are public which is essentially the same as before or the keys are shared. If you want to share the keys at any decent scale then they'll need to be posted on forums somewhere, probably a private one reminiscent of Demonoid. It really isn't hard for the feds to join pirate sites, they don't exactly require photo ID.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
