Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

:: Megafail

Name: fail0verflow 2013-01-23 14:55

http://fail0verflow.com/blog/2013/megafail.html

tl;dr: Mega uses hash checks so that resources can be served from less secure CDNs while index.html is served from a more secure server. Sound idea, but the implementation isn't, in that they aren't using an actual hash function, they're using CBC-MAC. Which means that said CDNs can forge a valid looking script and hijack Mega.

Discuss

Name: Anonymous 2013-01-23 20:08

chained block cipher message auth codes? i forget, is that like a ciphertext-stealing mode?
http://en.wikipedia.org/wiki/CBC-MAC
lol, mega-botnet waiting to happen..? (You could just encrypt all blocks (of your virus/etc) bar 1, then decrypt the final target into a dummy-data-block?) ;)
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -