The two main problems appear to be that even though a session is encrypted using the industry standard SSL used all over the internet, JavaScript code is downloaded to a user's browser at every login, which is used to encrypt the files again with hugely powerful 2048-bit encryption, making the files doubly encrypted. This might look like a good thing at first glance, but it does mean that the site has to be trusted not put fake code on a user's computer that for example won't actually encrypt data or may steal your encryption keys. The JavaScript code may also contain a genuine security vulnerability - something which has already been found.
The other problem is the SSL standard itself is vulnerable to various attacks, including fake SSL certificates from an untrusted or duped certificate authority and an attack from a tool called SSLstrip which allows an attacker to intercept and stop an SSL connection. That attacker can then spy on whatever data the user sends to the attacker's fake website.
If Mega's servers were compromised, it would also be possible for an attacker to deliver modified, malicious JavaScript, said Nadim Kobeissi, developer of the encrypted instant messaging program Cryptocat. It would also be possible for Mega itself to deliver malicious code.
"Every time you open the website, the encryption code is sent from scratch," Kobeissi said "So if one day I decide I want to disable all encryption for you, I can just serve your username different code that doesn’t encrypt anything and instead steals your encryption keys."
However, in answer to the above criticisms and others, Mathias Ortmann, Mega's CTO said that these vulnerabilities are also present in other sites which have even higher security requirements, such as online banking.
If they had bothered to read that they would have seen that we basically state exactly what they are accusing us of as possible attack vectors plus some others they are not accusing us of. All of these SSL-related attacks do no apply specifically to us. They apply to companies with equally high security requirements or even higher requirements.
It looks like it might pay to wait a little while before using this service, even the free version, or if you do, not putting any sensitive data on it, at least for now.
Dotcom's new cloud service is at: https://mega.co.nz (note the use of SSL encryption throughout - good thing)
Source: PC World