the current ecosystem of E2EE cloud storage is largely broken.
Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month.
(PDF)
previous analyses of MEGA and NextCloud have shown that even the largest providers of E2EE cloud storage are affected by cryptographic vulnerabilities and creating secure E2EE cloud storage is a harder problem than initially thought.
(Summary of the report)
http://brokencloudstorage.info
BleepingComputer reports that Sync is "fast-tracking fixes," while Seafile "promised to patch the protocol downgrade problem on a future upgrade."
@Jorro go to
Once file is uploaded you'll get a unique URL to copy - you can also set limits for downloads either a time limit or by number of downloads allowed
You need to be pro to upload files, and logged in to CoSo via browser, but non-pro users or non-CoSo can download via the link - very handy for sharing files with people not on CoSo 👍
@ecksmc what are the files for? I need to know to see if I really need them, thanks again!!
@Jorro the files are our own files
For example that link I shared will download a pdf file that I had gotten from the source of that report via url
http://brokencloudstorage.info
So, after I read it I uploaded it for others to download - kinda skipping out the "middle-man" so to speak 😆
users can use the service for uploading various files - the service is a file sharing service individuals will upload whatever files they have and want to share - files aren't associated with CoSo - that helpful?
The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext. Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs.