1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This top cloud storage firm has some Mega security issues

    From TechnologyDaily@1337:1/100 to All on Thu Jun 23 15:30:04 2022
    This top cloud storage firm has some Mega security issues

    Date:
    Thu, 23 Jun 2022 14:11:08 +0000

    Description:
    Five flaws were recently discovered on the Mega file-hosting platform, some
    of which remain unpatched

    FULL STORY ======================================================================

    One of the worlds most popular cloud storage service providers was carrying several severe vulnerabilities that allowed threat actors to read even encrypted files, researchers have found.

    A team from ETH Zurich discovered five vulnerabilities on the Mega platform that revolve around stealing and deciphering an RSA key (a private key based on RSA algorithm).

    The team discovered the flaws in late March this year, and reported it to the company. Soon enough, Mega released patches and mitigations for some of the flaws, while for others, the patches are still a work in progress. The
    patches do not affect user experience, and dont require users to encrypt
    their stored data all over again, it was said. They also dont need to change any passwords, or create any new keys.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Ideal for disgruntled employees

    While patches not being available for all flaws is certainly bad news, good news is that Mega hasnt seen anyone exploit them in the wild, just yet.
    Theres no concrete timeline on when the remaining patches will be released.

    In a video explanation of the flaw, the researchers said the attack relies on prime factor guessing through comparison, and that the attacker would need at least 512 login attempts to breach an endpoint . Whats more, they would also need to have access to Megas servers, which means for outsider threats - the vulnerabilities are not exactly viable. Read more

    Mega launches new business-focused offering


    Mega cloud storage review


    Best Dropbox alternatives in 2022

    For insiders or disgruntled employees, however, its a whole different story.

    "Seeing how seemingly innocuous cryptographic design shortcuts taken almost a decade ago backfire under scrutiny by three of the sector's brightest minds
    is both frightening and intellectually fascinating," Mega said in a
    statement.

    "The very high threshold of exploitability, despite the broad range of identified cryptographic flaws, provides a certain sense of relief."

    A detailed breakdown of the flaw and MEGAs countermeasures can be found on this link .

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-top-cloud-storage-firm-has-some-mega-secur ity-issues/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)