There's no denying that Mega has been one of the biggest launches online of 2013, and quite possibly, of recent memory as well. With the launch only announced three days ago and some reports estimating better than a million users signing up, it's clear that Mega is a big deal indeed. But with the mass number of signups and Dotcom's loud protestations that no one could ever break Mega security, there have been those who wanted to try. Amid the din of those wanting a crack at breaking Dotcom's new baby, Dotcom himself threw down the gauntlet, or at least set up the process of doing so, announcing that in the coming days, there will be some kind of encryption challenge.
With the phrase "let's see what you got," Dotcom has at least started the process. Just what the stakes will be is unclear, but Dotcom's announcement made it clear that those involved not only welcomed the ongoing debate, but also planned cash prizes for those who could break the encryption on Mega. But Dotcom may want to be warming up his checkbook now, because the early word is suggesting a lot of possible angles for those interested to pursue.
Reports from French security researcher Olivier Laurelli, otherwise known as Bluetouff, had plenty of good things to say about Mega's security. Laurelli pointed out that Mega's team was quick to react to most pointed-out problems, but there may be a whole lot of little problems working together to create one big security nightmare for Mega. Laurelli pointed out issues of confirmation links that have been cracked, XSS issues that could lead to RSA (News - Alert) theft, and the ability to disable the vaunted cryptography from the Mega side on one particular user without ever actually notifying said user about the changes, which all represent some serious potential weaknesses in the vaunted Mega security.
Image via Shutterstock
Laurelli wasn't the only one pointing out a distinct lack of fabric in the metaphorical emperor's new suit of clothes, either, with others pointing out issues of in-browser encryption, key generation and handling of decryption keys. Mega, for its part, responded to some of the issues, and dismissed others outright, saying that Mega is still a product in beta, and beta products can always stand a bit of improvement.
Mega, however, has already reportedly done a pretty sound job of fending off intrusion. But as Laurelli points out, the security was never really put in place to protect the user base so much as it was put in place to protect the site from legal hassles of the type that took down its predecessor, Megaupload. But still, it's clear to most that, for average users, security won't be a problem here, especially considering how many file hosting sites don't even bother with encryption of any sort.
Despite the issues, it's important to remember that no encryption is foolproof. Sure, Mega can likely benefit from having some break-in attempts, and benefits even more from having a couple actually succeed so they know where to patch holes. This isn't a new practice in the industry; Facebook (News - Alert) has done it before, as have Google (News - Alert) and several others. Anything found now that can be fixed only helps the user base.
While Mega may not be the bastion of security some hope for, it's clear that things are likely to only get better as further vigilance reveals hidden flaws and improvements are made in those directions.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Brooke Neuman