• Twitter

Saved searches

  • Remove
  • Verified account @
Suggested users
  • Verified account @
  • Verified account @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Čeština
    • Dansk
    • Deutsch
    • EnglishUK
    • Español
    • Filipino
    • français
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • română
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Русский
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • हिन्दी
    • বাংলা
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Sign in New to Twitter? Join Today »
    Sign In

    Forgot password?
    Already using Twitter via text message?

  1. Michael Koziarski ‏@nzkoz 2 Sep 2013

    MEGApwn, a tiny bit of javascript that shows how easy it would be for MEGA to decrypt your files without you knowing http://nzkoz.github.io/MegaPWN/ 

    Expand Collapse 0 replies 28 retweets 6 favorites
    Bram van der Kolk ‏@bramosnl 2 Sep 2013

    Hey @nzkoz: "anyone else with access to your computer without you knowing" - you seriously want MEGA to protect users against this?

    0 replies 0 retweets 1 favorite
    • Favorite 1
    • Andrei Stoleru
    4:07 PM - 2 Sep 2013
    1. Michael Koziarski ‏@nzkoz 2 Sep 2013

      @bramosnl No, I want users to understand just how easily you could read all their files if you wanted to.

      Expand Collapse 0 replies 0 retweets 0 favorites
    2. Bram van der Kolk ‏@bramosnl 2 Sep 2013

      @nzkoz you mean how easily the user himself can read his own files. How exactly can an external attacker take advantage of this?

      Expand Collapse 0 replies 0 retweets 0 favorites
    3. Michael Koziarski ‏@nzkoz 2 Sep 2013

      @bramosnl So you agree MEGA is only secure against external attackers, that you can read my files if you wanted to? Because that’s my point

      Expand Collapse 0 replies 0 retweets 1 favorite
    4. Bram van der Kolk ‏@bramosnl 2 Sep 2013

      @nzkoz are you seriously suggesting that we will serve trojaned JavaScript? Install one of our browser extensions and turn off auto-updates.

      Expand Collapse 0 replies 0 retweets 0 favorites
    5. Michael Koziarski ‏@nzkoz 2 Sep 2013

      @bramosnl I have no idea what you’ll do, you seem nice enough, my point is just that your security is effectively identical to SSL/dropbox

      Expand Collapse 0 replies 0 retweets 1 favorite
    6. Philippe Symons ‏@PhilippeSymons 3 Sep 2013

      @bramosnl @nzkoz What about browser extensions? As developers, can we prevent this? encrypt key in-memory with session key and randomize JS?

      Expand Collapse 0 replies 0 retweets 0 favorites

      Don’t miss any updates from Bram van der Kolk

      • © 2014 Twitter
      • About
      • Help
      • Ads info

      Flag this media

      This has already been marked as containing sensitive content.

      Learn more about flagging media
      Dismiss
      Previous
      Next

      Go to a person's profile

      Saved searches

      • Remove
      • Verified account @
      Suggested users
      • Verified account @
      • Verified account @

      Retweet this to your followers?

      Are you sure you want to delete this Tweet?

      Block

      • Add a location to your Tweets

        When you tweet with a location, Twitter stores that location. You can switch location on/off before each Tweet and always have the option to delete your location history. Learn more

      • Turn off location

      Profile summary

      Your lists

      Create a new list


      Under 100 characters, optional

      Privacy

      Embed this Tweet

      Add this Tweet to your website by copying the code below. Learn more

      Hmm, there was a problem reaching the server.

      Preview

      Sign up for Twitter

      Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

      Have an account? Sign in »

      Two-way (sending and receiving) short codes:

      Country Code For customers of
      United States 40404 (any)
      Canada 21212 (any)
      United Kingdom 86444 Vodafone, Orange, 3, O2
      Brazil 40404 Nextel, TIM
      Haiti 40404 Digicel, Voila
      Ireland 51210 Vodafone, O2
      India 53000 Bharti Airtel, Videocon, Reliance
      Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
      Italy 4880804 Wind
      3424486444 Vodafone
      » See SMS short codes for other countries

      Confirmation

      Buy Now

      Buy Now

      Hmm... Something went wrong. Please try again.