:: Megafail

http://fail0verflow.com/blog/2013/megafail.html

tl;dr: Mega uses hash checks so that resources can be served from less secure CDNs while index.html is served from a more secure server. Sound idea, but the implementation isn't, in that they aren't using an actual hash function, they're using CBC-MAC. Which means that said CDNs can forge a valid looking script and hijack Mega.

Discuss

[b][u]NOBODY CARES[u][b]

Hahaha, javascript fucking sucks.
Just found this gem:
var x = {}
['foo', 'bar'].forEach(console.log)
Guess why it doesn't work

>>3
Who would ever write that?

>>4
Javashit ``brogrammers''.

javcascript bould be good isf it wasnt so fukken slow
in fact any programming language would be good isf it wasnt so fukken slow
why are computers so slow?

chained block cipher message auth codes? i forget, is that like a ciphertext-stealing mode?
http://en.wikipedia.org/wiki/CBC-MAC
lol, mega-botnet waiting to happen..? (You could just encrypt all blocks (of your virus/etc) bar 1, then decrypt the final target into a dummy-data-block?) ;)

did i get that right..? Seems almost too easy =/ must be more to it than that....
2013 & still not using SHA3

>>6-8
You make the antijew fucktard sound smart.

>>7
botnet

go back to /g/, /g/ shitstain

>>10
because there's no such thing? (and a false-sense-of-security wouldn't make it worse..?)

what, does it use Hyper-Secure-Padding or something? (use two final blocks with a meet-in-the-middle attack ^^ )