"The next two attacks breach the integrity of file ciphertexts and allow a malicious service provider to insert chosen files into users’ cloud storage.
"The first two attacks exploit the lack of integrity protection of ciphertexts containing keys (henceforth referred to as key ciphertexts), and allow full compromise of all user keys encrypted with the master key, leading to a complete break of data confidentiality in the MEGA system," the paper explains. Mega chief architect Mathias Ortmann meanwhile published a blog post announcing a client software update addressing three of the five flaws identified by the researchers, promising further mitigations, and thanked the ETH Zurich boffins for responsibly reporting their findings. The findings, detailed on a separate website, proved sufficiently severe that Kim Dotcom, no longer affiliated with the file storage company, advised potential users of the service to stay away.
0 kommentar(er)
