Kim Dotcom recently launched the file storage service, Mega, which he touted as one of the most secure digital storage services. According to Dotcom, the encryption of all uploaded files ensured that they were secure from third parties. To make things even better, he has now offered awards to the tune of $13,500 for finding a security bug in Mega.
Mega has proved to be a roaring success so far. After its public launch, the service was able to register nearly 100,000 users within the first hour and 1 million users during the first day. And given the fact that this was days ago, we can rest assured that the total user base has gone well into many millions by now.
Immediately after the launch of Mega, many security gurus cited concerns regarding its security. Some stated that the encryption mechanism used by Mega is not fool-proof and can be cracked whereas others piled numerous other objections. It may be in response to these that Dotcom has decided to launch an awards program for finding security bugs in Mega.
The bugs that will qualify for the mega prize have to be of the following nature:
- Remote code execution on any of our servers (including SQL injection)
- Remote code execution on any client browser (e.g., through XSS)
- Any issue that breaks our cryptographic security model, allowing unauthorized remote access to or manipulation of keys or data
- Any issue that bypasses access control, allowing unauthorized overwriting/destruction of keys or user data
- Any issue that jeopardizes an account’s data in case the associated e-mail address is compromised
Only those who are able to find any given bug the earliest will be eligible for the prize. Moreover, any person who is able to brute-force his way into finding the decryption key for a Mega-encrypted file will also be given the big reward. Dotcom is essentially trying to find any possible loopholes in the security of a service which he claims has been built from scratch.
And there’s a significant possibility that Mega may indeed contain certain bugs, given the fact that the service doesn’t make use of any off-the-shelf components. The program will truly test the new service and is a great move by Dotcom, eclipsing his determination to create the hack-and-litigation proof service that he envisioned after MegaUpload’s downfall.
Hit the link below to read the detailed list of eligibility requirements and try your hands at the challenge if you’re up to it.