Dotcom's Mega security bugs detailed
Cloud storage service Mega has released details of the first wave of vulnerabilities identified under its bug bounty program.
Founder Kim DotCom launched the program earlier this month and offered a maximum $13,000 to those who could break the site's security.
Bugs are classified from severity six which include "fundamental and generally exploitable cryptography design flaws" down to level one encapsulating "all lower-level impact or purely theoretical scenarios". The most severe of the reported vulnerabilities is an "invalid application of CBC-MAC as a secure hash to integrity-check active content loaded from the distributed static content cluster" which led only to man-in-the-middle risks, a Mega blog post read. Other flaws relate to cross site scripting and bad headers.
- Wed, 2013-01-23 11:42
- Wed, 2013-01-23 01:39
- Wed, 2013-01-23 01:32