> "Unlike its predecessor, Dotcom's new site Mega offers secure encryption, which he says protects each user's identity and data."
I haven't kept up with Mega much lately, but does anyone know if the security issues identified after the Mega launch were ever fixed (see e.g. http://fail0verflow.com/blog/2013/megafail.html)? It seemed like the Mega launch was rushed to take advantage of the free publicity they were getting, but I would expect that they've had enough time to get their house in order by now.
At the end of the post:
Update (2013-01-24): Mega has now switched to using SHA-256. They get points for fixing it quickly, but I wonder what other subtle or not-so-subtle security problems remain.
It wouldn't matter. You have no insight in whether Dotcom stores the keys to decrypt the data somewhere. Unless the entire mega fad is open sourced and we can verify the code in the repos runs on their webservers, you cannot justify using Dotcom his bussiness knowing what he has done in the past to obtain financial gain over the backs of others.
But then you have to generate the hash each time the source code changes. And you also have to verify the source code each time yourself because you can't know if it's a regular update from mega (they probably update daily or weekly) or if someone compromised the source code.
That sounds like normal software to me. Nobody is forcing you to update unless the ABI changes. And you can start a mailing list that talks about updates if you like.
Many sites (like blockchain.info) offer a browser extension which does the checking for you every time automatically. Mega also has a browser extension which does downloading, but I'm unsure if it does checking.
In addition to oib pointing out that it was fixed same-day, that security flaw wasn't a big deal in the first place, only relevant if the CDN was compromised.
Ok, so I strongly disagree that the raid was part of a deal to film The Hobbit. It would imply some extremely poor negotiation on Warner Brother's part since the raid happened AFTER production had moved from New Zealand. If Dotcom was really such a big deal to WB, why not make filming contingent on him being raided?
Yes, there was a big brew-ha-ha around moving the production of the Hobbit offshore (from NZ). But that was due to negoations falling apart with the New Zealand actor's union[0][1]. This is the dispute that lead to negotiations with NZ's prime minister on 27 October 2010[2]. These negations take place after the film was greenlit and Peter Jackson (not Guillermo Del Toro) is confirmed as director.
The result of these negotiations is that film workers in NZ loose their right to organize.
Now if I were Warner Brothers, and had actually made this deal to have the government raid Kim Dotcom in exchange for filming The Hobbit, wouldn't I wait until the raid happened before starting filming to make sure that New Zealand holds up their end of the bargain?
But, in fact, principal photography on the Hobbit begins on 21 March 2011. Dotcom is raided 9 months later, in January 2012. By this time, all photography in New Zealand is finished.
This timeline doesn't add up. What guarantee did Warner Brothers have that New Zealand would hold up their end of the bargain?
Furthermore, there's no mention of this deal in the e-mails and memos that were released around the Hobbit filming negotiations in February 2013[3].
I don't really buy this story, but I think the intended narrative is that WB was just shooting for the moon. They would have been ecstatic if New Zealand delivered a takedown, but it wasn't actually so vital to them that they'd hold up everything else until it happened.
20 comments
[ 2.9 ms ] story [ 55.3 ms ] threadI haven't kept up with Mega much lately, but does anyone know if the security issues identified after the Mega launch were ever fixed (see e.g. http://fail0verflow.com/blog/2013/megafail.html)? It seemed like the Mega launch was rushed to take advantage of the free publicity they were getting, but I would expect that they've had enough time to get their house in order by now.
edit: Apparently there is an API, problem solved.
You can verify it once and generate a secure hash from it. Then the second time you could just check the hash.
It wouldn't be too difficult to write a browser extension that did it automatically, or a javascript bookmarklet for it.
Yes, there was a big brew-ha-ha around moving the production of the Hobbit offshore (from NZ). But that was due to negoations falling apart with the New Zealand actor's union[0][1]. This is the dispute that lead to negotiations with NZ's prime minister on 27 October 2010[2]. These negations take place after the film was greenlit and Peter Jackson (not Guillermo Del Toro) is confirmed as director.
The result of these negotiations is that film workers in NZ loose their right to organize.
Now if I were Warner Brothers, and had actually made this deal to have the government raid Kim Dotcom in exchange for filming The Hobbit, wouldn't I wait until the raid happened before starting filming to make sure that New Zealand holds up their end of the bargain?
But, in fact, principal photography on the Hobbit begins on 21 March 2011. Dotcom is raided 9 months later, in January 2012. By this time, all photography in New Zealand is finished.
This timeline doesn't add up. What guarantee did Warner Brothers have that New Zealand would hold up their end of the bargain?
Furthermore, there's no mention of this deal in the e-mails and memos that were released around the Hobbit filming negotiations in February 2013[3].
[0]http://screenrant.com/the-hobbit-new-zealand-peter-jackson-k... [1]http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&o... [2]http://en.wikipedia.org/wiki/The_Hobbit_(film_series)#Indust... [3]http://www.3news.co.nz/Hobbit-files-released/tabid/1607/arti...
Edit: Oh that's right HN doesn't operate on evidence anymore.