Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Doubt cast on the security of Kim Dotcom's Mega service

Jeremy Kirk | Jan. 22, 2013
Kim Dotcom's bold new venture, the file-storage and sharing service Mega, is drawing criticism as security researchers analyze how the site protects users' data. In short, they advise: don't trust it.

"All that matters is the operators of Mega can claim they don't have the technical ability to inspect the contents on the server for copyright infringement," Marlinspike said.

Like any new online service, Mega's code is already being prodded. On Sunday, it was revealed the site had a cross-site scripting flaw, which in some cases can allow an attacker to steal a user's cookies, which would allow at least a temporary takeover of a victim's account. It was quickly fixed.

"XSS issue was resolved within the hour," wrote Bram van der Kolk, one of the founders of Mega and Megaupload, on Twitter on Sunday. "Very valid point, embarrassing bug."

Efforts to reach Mega were not immediately successful.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.