About Us | Contact Us
View Cart

Mega Weaknesses Found In MEGA Cloud Storage System

By Vigilize | Wednesday, January 23, 2013 - Leave a Comment

Yet another example of just how unsafe cloud storage can be.

These days, cloud computing has us all retooling our due diligence processes. Here’s an example of why!

A security researcher has found that confirmation emails sent by MEGA to new users put users’ passwords at risk for being cracked by hackers. A program called MegaCracker has recently been released by the very researcher who discovered the vulnerability which can take the link given in one of these confirmation emails and extract the user’s password. It is well known that attackers have no problem intercepting unencrypted email messages, so the fact that MEGA is sending passwords as hashes over email has many security professionals scratching their heads.

MEGA has only so far responded by defending its methods and claiming that as long as users use strong passwords, there is no risk. However, security researches maintain that it is unconventional to send both the hashed password and the master encryption key in a confirmation email. Many other companies, such as Netflix and Twitter, option for sending new users a random number value which is only known by the server and recipient. In the hours following the announcement of the program and the vulnerability, articles from Forbes and IDG News have cautioned their readers to avoid placing confidential information on the company’s cloud servers.


Original article by Dan Goodin.
Read the full story here.

Latest News
    The One Test… …Is there a Test that Covers 9/11’s of the Battle? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Twenty years ago two geek-friends and I debated the following question:  “Is there an Audit Test that covers 9/11’s of the battle?” This […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX infotex has just hired Tanvee Dhir, to be a new Data Security Analyst. “Tanvee is an outstanding addition to the team, bringing a new skillset we are eager to utilize.” says Chad Smith, NOC Manager of infotex. “I am really excited to be […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]
    Seven Trends . . . that small bank Information Security Officers face in 2021 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article about the seven trends in technology that will impact the Information Security Officers of […]
    Top Seven Risks . . . that small bank Information Security Officers face in 2021 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Once again, I compile this list in preparation for updating our normal board of directors awareness training PowerPoints and movies and such. […]