4201
Living Room / Re: The Piece for my Son (and Daughter-in-Law)'s Wedding
« Last post by Deozaan on January 28, 2013, 10:39 AM »Nice work. (c:
Recent Posts
In case you’ve been living under a rock the past few days, Kim Dotcom (of Megaupload infamy) has launched his new cloud storage site, Mega. Mega has an impressive sales pitch, promising secure cloud storage where only the user has the key to decrypt his or her files, and the encryption and decryption happens securely in the browser.
Today we aren’t going to take a look at their encryption or their key generation, which have already been the subject of several articles. Instead, we’re going to look at the security of the Mega website itself. As Mega themselves admit, if you use their web interface (and not a third-party client), the security of the entire ordeal depends on whether you trust them. After all, anyone with the ability to modify the site could just replace the JavaScript code with one that sends them (or anyone else) your password or master key. There’s no way around having to trust Mega for this, but you also have to trust that Mega’s site is delivered securely to you.
The standard solution to this problem is to use a strong form of SSL. However, Mega chose an interesting approach to SSL. Instead of serving the entire site from a single secure server or group of servers using strong SSL, they came up with a clever scheme to allow them to serve most of their site insecurely. Mega’s main index.html is hosted on a secure server using SSL with 2048-bit RSA. However, everything else is loaded dynamically from JavaScript code in index.html, and hash checked. This additional content comes from a CDN that uses weaker 1024-bit SSL with MD5 authentication. The CDN servers are third-party servers, and thus potentially easy to compromise for an attacker. Therefore, you would have to trust the entire CDN network and also trust that nobody has broken 1024-bit SSL yet (which is known to be weak by modern standards). In order to solve this problem, Mega hashes all of the additional content, and stores the hashes in index.html. This creates a chain of trust, or as they put it, “secure boot for websites”. Clever.
There’s nothing inherently wrong with this idea. However, security designs are only as secure as their implementation. Let’s look at Mega’s “web secure boot” implementation.
I dont suppose you've any idea of the origin of the image Stephen?-tomos (January 21, 2013, 06:51 AM)
What is this?-wraith808 (January 19, 2013, 12:58 PM)
More precisely I was thinking of triggering the screen capture by pushing a combination of say: Control + Left Mouse
instead of having to go click on the tray icon every time you want to screen capture.
In my particular case I need to screen capture a rectangular area of about 3000 screens.
Each one must be area selected.-viau2555 (January 17, 2013, 05:05 PM)
lmfao nope dyslexic plus typing too quick lolGeez, you can't even spell dsyelxic!
-Hally (January 10, 2013, 07:09 AM)
...-f0dder (January 10, 2013, 11:57 AM)
Now multi-core Android phones can be PCs too. Ubuntu for Android enables high-end Android handsets to run Ubuntu, the world’s favourite free PC desktop operating system. So users get the Android they know on the move, but when they connect their phone to a monitor, mouse and keyboard, it becomes a PC.
I'm not in the market for a new smartphone/device, but the next time I am, I'll be looking for a GNU GPL device.-Renegade (January 08, 2013, 05:22 AM)
It just gives me the urge to defecate......-Tinman57 (January 03, 2013, 08:25 PM)
My only wish for Android is if I could get root without having to have a custom rom. DAMN annoying when I can't do a fool task like changing the fecking DNS without rooting it. Bleah.-Edvard (January 03, 2013, 01:46 PM)
