Thursday, October 10, 2024
HomeInfosec- ResourcesMega vs Dropbox : Most Important Cyber security Consideration in the Cloud

Mega vs Dropbox : Most Important Cyber security Consideration in the Cloud

Published on

Mega vs Dropbox, If history is something to learn from, then we know there is not enough cybersecurity to protect us 100% against security breaches or DDoS attacks. When we purchase cloud services, the concerns of doubles or triples, as we have to rely on third-party providers to offer us data safety with seamless access.

For today’s discussion, we chose to analyze the security offered by Dropbox versus the one provided by Mega. We picked the first because it has worldwide fame, while we focused on the latter because experts say it shines in the security department.

Mega vs Dropbox – Newbie meets Veteran

Mega is one of the newer kids on the block, and we recommend you to read at least a review of Mega cloud storage to discover its main strengths, plans and prices, and other tech specs. The cloud service also comes with a bonus plan, a correspondent app, and other options for synchronizing and data access, aspects that usually pique the interest of business owners.

- Advertisement - EHA

It makes sense then to compare a veteran with a new entry regarding security. As you will undoubtedly learn from the following article, each comes with its own set of features. The final decision will be, of course, yours, depending on your cybersecurity needs and pricing options.

The Cybersecurity of Dropbox – Where are We Now?

Dropbox came as a revelation in the cloud service department, but few things changed over the years. The security system employed by the cloud service relies on communication protection based on the SSL protocol and encrypts the data in the servers with the AES-256.

The main reason for concern when it comes to Dropbox is still keeping the private encryption keys to all users’ accounts. Moreover, the company can access and decrypt users’ passwords, even if the system offers password encryption.

Dropbox complies with the SAFE Port Act and insists on the fact that Dropbox staff can only access users’ passwords and accounts just under exceptional conditions.

However, for businesses using sensitive data falling under strict provisions (PCI, HIPAA, GDPR in some cases,etc.), the thought that Dropbox has access to their data and their clients’ data (which they can decrypt and transmit) is not something to keep them calm

Dropbox’s reasons for cybersecurity concern do not stop here. You have to be aware of the following issues:

  • Dropbox receives your registration password (albeit sent through a TLS connection) without the password going through a hash function for instance; in other words, the servers have a clear view of your written passwords; the danger is that some can intercept this exchange of information.
  • Dropbox uses advanced programming to deal with de-duplication, but cross-user de-duplication can represent a breach in the safety of an account, allowing third-party access; lately, Dropbox updated its protocols, allowing the de-duplication only of single-user files, which enhances the security overall.
  • The file sharing in Dropbox relies on links. Individuals and businesses using the free accounts of Dropbox cannot protect these sharing links with a password or anything else.

In comparison to other newer and modern clouds, Dropbox does not offer integration or compatibility with personal passwords management systems.

If we listen to the Identity Theft Resource Center, last year the world reached record-breaking numbers of security breaches. Dropbox is no stranger of foul play, as Dropbox’s two significant past outages a few years back seem to have been the results of hackers and DDoS attacks. While you can learn how to prevent a DDoS attack on your enterprise system, this does not mean that everything you keep in the cloud is equally safe.

Dropbox comes with excellent features, and the company genuinely works hard to improve security. They implemented double factor authentication support, the possibility of adding a personal passcode for mobile security, and more. However, if you deal with immensely valuable data (company, staff, users, clients,etc.), you should consider your option.

The Cybersecurity of Mega – Where Will We Be Tomorrow?

If you checked out the reviews and analyses of Mega, you know the cloud promises plenty of benefits to its individual or corporate users.

The web-based cloud service (similar to Google Drive) offers compatible versions for mobile phone users, desktop synchronization, and an API enabling the creation of non-official clients.

For its web connections, Mega uses TLS 1.2, and the AES-256 encryption in CBC mode, but the topic where Mega shines in the cybersecurity department is the privacy by design concept – Mega includes privacy and security in its design.

  • Mega does encrypt passwords and files when in rest and transit;
  • It also offers users the possibility to set up their encryption keys, which they control; in other words, in comparison to Dropbox, Mega’s employees have no access whatsoever to users’ passwords or accounts; these keys derived from the password the user enters in the registration process and go through JavaScript code to generate the values;
  • Mega makes third-party interventions and attacks almost impossible, as only Mega can decrypt the TLS keys that the clients have generated;
  • The user can recover the uploaded files from anywhere;
  • While there is little information on Mega’s de-duplication policy, experts deduce that Mega uses client-side single-user deduplication at a file level. Specialists received confirmation that Mega employs server-side cross-user file deduplication, once the files went through the encryption process;
  • The files receive encryption on the client’s side by using generated128-AES randomly;
  • You have three options for securely sharing your files: a link with the key, a link without the key, and direct sharing with a contact; if you share the link with the key, make sure the information does not fall in the wrong hands.

One of the main concerns regarding Mega’s security protocols is the use of JavaScript, as it rises controversy when it comes to cryptographic functionality. As its comparison to Dropbox, Mega does not offer compatibility or integration with personal password management systems.

What do We Choose?

The registration, connection, and sharing protocols of Mega seem to be more powerful, while Dropbox has files’ deletion policies that are more explicit.

Dropbox is the go-to solution worldwide for individuals, small and large businesses, and so on. Mega seems to be the cloud of choice for businesses storing sensitive data and files and having to comply with customer’s data protection regulations.

Before you take the opportunity of buying one or the other, do your homework, read reviews and statistics, and check out professional studies conducted on the cybersecurity of cloud services.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...

8 Common Hacking Techniques & 3 Ways to Avoid Them All

Hackers come in many forms with sophisticated Hacking Techniques, While there has been a...