Mega's bug bounty program - one week down, "a few billion billion years" to go

Filed Under: Cryptography, Featured

Mega, the cloud storage service brought to you by larger-than-life New Zealand digeratus Kim Dotcom, has released the first feedback on its bug bounty program.

Mega, in case you missed it, is a recent reincarnation of the controversial Kiwi file-sharing service Megaupload.

Megaupload imploded a year ago when Dotcom was arrested in New Zealand to face extradition to the USA on serious criminal charges, including racketeering (organised criminality) and money laundering.

The background to the charges was the allegedly vast amount of pirated material hosted on the Megaupload site.

On the anniversary of the big fella's arrest (in case you haven't come across Dotcom before, he's said to have the impressive vital statistics of 200cm and 135kg - he's the silhouette on the left in the image above), Mega arose from the ashes of Megaupload.

This time the company aims to sidestep accusations that it's a front for piracy by using built-in cryptography so that it doesn't, and indeed cannot, know what you're uploading and downloading.

As we put it when Mega launched, "all it does is to store a giant pile of shredded cabbage on your behalf."

Cryptanalysts and cypherpunks soon took aim at some aspects of Mega's cryptography.

Critics came up with some interesting commentary about its design and implementation, such as:

  • Disapproving of the random number generation technique used when setting up your encryption keys.
  • Questioning the cryptographic mechanism for generating confirmation links sent by email.
  • Wondering how Mega could claim to offer a deduplication feature if it genuinely knew nothing about the content of your uploads.
  • Lamenting that most of Mega's secure content servers used only 1024-bit public keys, currently considered the lowest rung of acceptability.

Mega soon fired its own verbal broadside back, declaring itself "not too impressed with the results."

The company was particularly scathing of the critique of its cheap-and-cheerful 1024-bit keys, pointing out that the 1024-bit-protected content was itself protected by a cryptographic checksum authenticated with 2048-bit security, so there.

That counterblast was followed a critique from hacking group fail0verflow, pointing out that Mega's programmers had got the implementation of the 2048-bit-protected checksum all wrong.

This time, Mega hit back with actions, not words, quickly adapting its own code to repair the mistakes, and rightly earning praise for the speed of its response.

Instead of concatenating all checksummed files and computing a single "combo-checksum", Mega began to publish separate checksums for each file.

Checksumming all files as if they were one is imprecise because you can alter the boundaries between the combined files without changing the checksum.

Subtle attacks might be possible by shifting JavaScript code out of one source file into another.

And instead of using a forgeable CBC-MAC checksum, it switched to SHA-256.

Shortly after that, Mega got onto the front foot and announced bug bounties that would pay "up to €10,000 per bug, depending on its complexity and impact potential."

It also published two outright challenges that are worth €10,000 each.

One requires you to to find the decryption key for a file on the site. (Decrypting the file is not enough. You have to recover the key, which is a somewhat stronger result.) The other requires you to recover the user's password from a confirmation email link.

Whatever you think of Mega, its founder, its raison d'etre, its bombasticity and even the value of the bounties its offering, it nevertheless reflects to the company's credit that it came out with the bounties at all.

And just a week after the bounties were announced, Mega has announced the first "interim results," as it calls them.

No mention of how much was paid to whom for exactly what, but no-one's pulled off a crown jewels crack yet (or Severity V and Severity VI in Mega's terminology: remote code execution or worse).

That's good news for Mega, though of course it's only a week into the bug bounty program.

Nevertheless, the company is as gung-ho as ever, needlessly mentioning that it is "needless to mention that nobody cracked any of the brute-force challenges yet (please check back in a few billion billion years)."

Let's hope the Megabloggers are right...

Image of cabbage, including the shredded stuff, courtesy of Shutterstock.

, , , , , , ,

You might like

6 Responses to Mega's bug bounty program - one week down, "a few billion billion years" to go

  1. anon · 628 days ago

    That's an iceberg lettuce, not a cabbage.

    • Guest · 627 days ago

      That's definitely not iceberg, it's a cabbage. I cut 1-2 cabbages up every week, so I know what they look like on the inside.

    • Paul Ducklin · 627 days ago

      According to our chums at Shutterstock, it's "green cabbage shredded on wooden chopping board isolated on white background."

      http://www.shutterstock.com/pic.mhtml?id=55597324

      Anyway, if we're not even sure what vegetable it is, I put it to you that it's a better metaphor for encryption than I ever hoped :-)

      (I'm with @Guest. I reckon it's a cabbage. It even looks brassicaic. Like a brussels sprout, only bigger.)

  2. The first person to be paid for finding a vulnerability in MEGA was Frans Rosén. He found an XSS vuln and earned $1,337
    https://twitter.com/TheHackersNews/statuses/30050...

    Love the fact that total prize monies that he received were 1337

    • Paul Ducklin · 627 days ago

      One article I saw converted it as $1336 - I'm not sure if they were being cute/ironic/nerdy or simply that it came out that way on the currency exchange site they used and they decided to be strictly accurate rather than, well, 1337.

  3. Nunz · 627 days ago

    That's the irony of currencies :D They pay 1000€ not their fault it is 1337 dollars ahaha

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog