Name: fail0verflow 2013-01-23 14:55
http://fail0verflow.com/blog/2013/megafail.html
tl;dr: Mega uses hash checks so that resources can be served from less secure CDNs while index.html is served from a more secure server. Sound idea, but the implementation isn't, in that they aren't using an actual hash function, they're using CBC-MAC. Which means that said CDNs can forge a valid looking script and hijack Mega.
Discuss
tl;dr: Mega uses hash checks so that resources can be served from less secure CDNs while index.html is served from a more secure server. Sound idea, but the implementation isn't, in that they aren't using an actual hash function, they're using CBC-MAC. Which means that said CDNs can forge a valid looking script and hijack Mega.
Discuss