Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday January 09 2020, @08:02PM   Printer-friendly
from the noscript dept.

From ZDNet:

Around half of the websites that use WebAssembly, a new web technology, use it for malicious purposes, according to academic research published last year.

WebAssembly is a low-level bytecode language that was created after a joint collaboration between all major browser vendors.

[...] However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.

The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.

The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found [as] part of malvertising campaigns.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Unixnut on Friday January 10 2020, @09:49PM (1 child)

    by Unixnut (5779) on Friday January 10 2020, @09:49PM (#942051)

    Well of course you have to consent. To be honest I thought that "with consent" was the obvious default, so I didn't include it in my original post. Perhaps I should have, but it never occurred to me to do it without consent. Your CPU/power cycles are yours to share (or not).

    I envisaged sites that would give you the option to turn the mining on/off if you want (so more like a voluntary donation), while others can restrict access unless you mine (possibly even a set amount of crypto before they let you in, or different levels of access depending on how much you mine). Then the choice becomes an agreement between individuals, with the crypto representing value, with no third party to take their cut/spy on the transaction, etc....

    It seems better than what we currently have, which quite frankly is a dystopian cess pit IMO.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by All Your Lawn Are Belong To Us on Monday January 13 2020, @10:39PM

    by All Your Lawn Are Belong To Us (6553) on Monday January 13 2020, @10:39PM (#942888) Journal

    Sure, I think I agree that if someone wants to consent to it (or be given a chance to leave without viewing the content) that would be great. (I'd prefer that to "by coming here you have already automatically consented...." but even that would be nice). It's my impression that what's being talked about here is that you are not being told that these activities are occurring - they just use your computer while showing you the shiny. Which qualifies it as malware IMHO.

    --
    This sig for rent.