Bram van der Kolk on Twitter: "Hey @nzkoz: "anyone else with access to your computer without you knowing" - you seriously want MEGA to protect users against this?"

Michael Koziarski ‏@nzkoz 2 Sep 2013

MEGApwn, a tiny bit of javascript that shows how easy it would be for MEGA to decrypt your files without you knowing http://nzkoz.github.io/MegaPWN/
Expand Collapse 28 retweets 6 favorites

Michael Koziarski ‏@nzkoz 2 Sep 2013

@bramosnl No, I want users to understand just how easily you could read all their files if you wanted to.
Expand Collapse
Bram van der Kolk ‏@bramosnl 2 Sep 2013

@nzkoz you mean how easily the user himself can read his own files. How exactly can an external attacker take advantage of this?
Expand Collapse
Michael Koziarski ‏@nzkoz 2 Sep 2013

@bramosnl So you agree MEGA is only secure against external attackers, that you can read my files if you wanted to? Because that’s my point
Expand Collapse 1 favorite
Bram van der Kolk ‏@bramosnl 2 Sep 2013

@nzkoz are you seriously suggesting that we will serve trojaned JavaScript? Install one of our browser extensions and turn off auto-updates.
Expand Collapse
Michael Koziarski ‏@nzkoz 2 Sep 2013

@bramosnl I have no idea what you’ll do, you seem nice enough, my point is just that your security is effectively identical to SSL/dropbox
Expand Collapse 1 favorite
Philippe Symons ‏@PhilippeSymons 3 Sep 2013

@bramosnl @nzkoz What about browser extensions? As developers, can we prevent this? encrypt key in-memory with session key and randomize JS?
Expand Collapse

Country	Code	For customers of
United States	40404	(any)
Canada	21212	(any)
United Kingdom	86444	Vodafone, Orange, 3, O2
Brazil	40404	Nextel, TIM
Haiti	40404	Digicel, Voila
Ireland	51210	Vodafone, O2
India	53000	Bharti Airtel, Videocon, Reliance
Indonesia	89887	AXIS, 3, Telkomsel, Indosat, XL Axiata
Italy	4880804	Wind
Italy	3424486444	Vodafone
» See SMS short codes for other countries

Add a location to your Tweets