But like all in security thinks. NOTHING is 100% safe. If company claims that then its false. If you ask why nothing 100% safe that is because there is no suck thinks as 100% security everything can be hacket or broken or workaround to be found. even highest encryption methods can be broken (in teory + time) brute force works but if you did not make 20-50 charracters long password then it can be broken in reasanably in time. (good password in key = brute force takes even with millions computer 10-20 years or more time)

When it comes securing file backups if you want to be sure they are remain hidden(from everyone else eyes) you need encrypt them its not enough that place where you put them is encrypts files they need be encrypted in case mega safety fails, this is called fail safe.

Fail safe works if megas gets court order subpoena to continue their thinks as normal but with feds(or police) watching their operations in multiple locations, but fail safe will work since IF they manage get files somehow but you have encrypted them in safety. What they can do? nothing.

Mega is working EXACTLY THE SAME!

https://mega.co.nz/#developers

Your master-key gets encrypted with your password (which is not transferred to Mega) before it is stored on their servers. All Koziarski did is displaying his own master-key on his own PC after he logged into his Mega account – the same could also “happen” with Wuala. This whole news-story is pointless.

And if you fear that Mega could update their code to do evil things (which Wuala could do too by the way) then install the Browser-Extension mentioned by Van der Kolk that loads the code locally and disable auto-update:

https://mega.co.nz/#chrome

Fact: In the UK it is impossible to be thrown in jail (and anywhere else i would imagine) for the impossibility of not providing impossible to exist non existing keys!

Honestly, i do so love such ridiculosity as such tautology, so i just got to have a great big (and exclaimed) LOL! LOL! LOL!

And to all who care, (maybe no one) Disqus has not only a hard time with the word Disqus but the word ridiculosity. How apt. Oh yes!

Arp poison User.
Arp poison users router. <– not needed!
Claim to be the router… to user.
Claim to be the user….. to router. <– also not needed
Setup forwarding.

You sslstrip then .. oh wait, you can't. User connected with https directly via his bookmark. SSLstrip can't change anything without generating scary looking browser errors.

And even if he followed a link sslstrip can modify, or just wrote in without https, as long as he's been on the page even ONCE the last two years, the browser will refuse to connect to it via http, no matter what you do (Header Strict-Transport-Security:max-age=63072000).

So if you arp intercept the traffic successfully, run sslstrip, and the user have NEVER visited that page on his machine, then yeah, you could maybe do it. If the user didn’t notice the HTTPS badge missing. Quite a lot of assumptions here, mate. And you can’t fake a legit certificate. You can, if you control a CA, make the CA issue a new certificate for the domain, but that’s it.

“Just sniff , capture and modify traffic.” – as I have explained, that’s actually pretty hard to do. You have to be in the “people NSA want to go after individually” level before things get scary.. And there are of course ways to migrate that threat level too (like convergence.io, and Mega’s browser plugin).

And btw, nitpick. You verify you are you by logging into the site, by knowing your account’s password. That’s kinda what passwords do. HTTPS verify the server is the server, so you don’t send your login info to Johnny Hacker. So the server’s identity is verified by it having a CA issued certificate. Your identify is verified by the knowledge of your account’s password.

Also also, to read the key from the JS code, you need to execute your own code in the Mega webpage’s execution domain in the browser. That means spyware (bookmarklet, malicious browser plugin, or malicious program running on your machine) or JS injection via either breaking SSL (which IS hard, and nearly impossible against a careful, informed user) or Mega’s server sending out malicious code (can also be migrated by a careful user).

safer.

I never said “break ssl encryption protocols”. You implied that is the ONLY way to mitm. It isn’t.

Also disregard that certificates are authentication added on, that 99% of the time are one way verification that the end user has to verify is legit. Like I said, my bank asks me for a response code via sms text to verify I am me.

You can always forge/fake legit looking certificates btw.

OK. here goes. (average mitm)

ONE WAY…. there are plenty more elaborate ways that if you use different tools, you can fake legit certificates etc…

Arp poison User.
Arp poison users router.
Claim to be the router… to user.
Claim to be the user….. to router.
Setup forwarding.
Done.

All traffic runs through you. You sslstrip then forward on the fly along with ripping site’s pages too.

You could easily swap “router” for “MEGA. site” all you are spoofing is your identity, via hijacking the identity of both via arp poisoning.

You don’t need to compromise the users computer. You don’t need to break the encryption. There are lot’s of other ways too.
Why would you want to break the encryption anyway. It is far easier and quicker to spoof being the endpoint.

Finally, I agree that security isn’t perfect.

Sorta the point. Why even the slightest thing is a real issue. In isolation if you trust MEGA, which I do relatively btw…. then it is a non issue. BUT… Tools/exploits/vulnerabilities don’t live in isolation.

Where do you want your private key ?
On someones server ?
In an “online connected” js DOM ?

On your HD ?

If you upload already properly encrypted files to MEGA. MITM attack, MEGA site etc… will not be able to see the files content.
Why is this such a bad thing to bring up ?

It is clearly better than having your private key available online.(even tho you may have to jump through hoops to get that private key online) It is still possible. Even if offline js encrypted.

Don’t even need to compromise your system. Just sniff , capture and modify traffic. Maybe access the js DOM too.

No security is perfect. Get used to it. Truecrypt secure? No, keyloggers exist. TPM secure? No, Blue Pill exist. And so on. Does that mean they’re completely broken and insecure? Not at all. Most flaws in a layer is fixed by another layer, or can be ignored because the attack is so limited. I repeat, there’s NO such thing as “perfect security” – it does not exist.

SSL have some weaknesses, but it’s not broken – despite what you think – and is keeping things damn secure on a daily basis. Certificates secure the data in transit. CA Signed Certificates verify that the endpoint you’re talking to is the endpoint you think you’re talking to. Hence, why it stops MitM.

SSLstrip can sometimes avoid SSL, but all modern browsers display clearly if it’s https or not, and the RFC I mentioned tell browsers that that site shall only be contacted over https (and yes, Mega use it. Which, unless it’s your first time ever visiting the site in a browser, stops sslstrip completely)

Can you explain to me how you want to mitm an SSL connection, without breaking SSL? Please, I’m listening. Put your money where your mouth is. Prove that you know what you’re talking about. Enlighten me. Otherwise, don’t even bother to reply.