Feeds

Rotund Mega baron Dotcom offers bounty for breaking his crypto

Can you burst the bulging cloud locker for €10,000?

Top three mobile application threats

Kim Dotcom is offering a prize of € 10,000 ($13,600) for anyone who can break the cryptography of Mega, his recently launched cloud-based storage site.

Mega's launch last month was meet by criticism from multiple security researchers. Everything a user uploads is encrypted before it leaves their browser, using a master key that can be unlocked by a password only known to the punter. The failure to use a good source of random number generation in coming up with user passwords, the lack of account recovery options - or even the ability to change passwords - as well as the possibility of cracking the cryptographic hashes using dictionary-based attacks all became targets of criticism. The strength of the SSL certificate used on one of the main Mega servers also became an issue.

In response, Mega published a blog post designed to reassure users that all was well. It has since introduced the ability to change passwords and a password reset capability.

All this has failed to placate some critics, who argue that Mega's unconventional cryptography system was more suited to providing it with plausible deniability over the use of the site to share pirated content than an effective means of safeguarding user privacy.

The fat controller himself responded to this ongoing criticism on Friday by making good on an earlier promise to offer a bounty to anyone who breaks the site cryptography.

"‪#Mega‬'s open source encryption remains unbroken! We'll offer 10,000 EURO to anyone who can break it. Expect a blog post today," Dotcom said in a Twitter update.

Further details are yet to appear on Mega's blog. Prizes for hacking into things are all good clean fun but don't actually prove a system is secure, of course. It just shows nobody has found a bug as yet, or they've found something but don't want to go public on the discovery or that they're holding out for a bigger prize.

In other Mega news, the file locker service has begun blocking third-party search engines from indexing publicly available files shared by Mega users. One such third-party service, Mega-Search.em, turned Mega into a source of pirated content. ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.