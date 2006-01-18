from the another-reason-for-using-VPNs dept.
Arthur T Knackerbracket has found the following story:
Thanks to the ridiculous valuation of Bitcoin and other cryptocurrencies, cryptomining code has become a common mechanism for converting authorized and stolen computing cycles into potential cash.
Antivirus and ad-blocker makers have responded by trying to halt crafty coin-crafting code from hijacking CPU time, particularly in browsers.
For those interested in violating computer laws – please, don't – and those interested in computer security research projects, a developer named Arnau, based in Spain, has published a proof-of-concept walkthrough for hacking public Wi-Fi networks to inject crypto-mining code in connected browsing sessions.
[...] As Arnau explained, the attack – demonstrated on a VirtualBox set up rather than in the wild – can be automated. The published version doesn't work with requests for HTTPS webpages, though the addition of sslstrip could solve that.
The code, mostly Python, is available on GitHub. ®
(Score: 4, Insightful) by Justin Case on Sunday January 07, @04:40PM (5 children)
This is it! As the official counting-person, I can report that The Number is now below 5 digits! Hoorah!
What "Number" you ask?
I thought that was obvious.
The Number of additional proofs we still need, that running executable code from hostile strangers in a text-formatting program is and forevermore shall be a Bad Idea.
Timmy played Nintendo all night then slept till 2PM. Johnny earned $20 mowing lawns. How much is Timmy entitled to take?
Reply to This
(Score: 1, Insightful) by Anonymous Coward on Sunday January 07, @05:38PM
running executable code from hostile strangers in a text-formatting program
Was that even possible before unicode? But really, isn't the elephant in the room a text-formatting program that can make system calls? And when are we going to put the OS on ROM? Or at least an image of the OS on ROM, not EPROM, not firmware (dumbest idea ever), but real, honest to god ROM! You can still update your BIOS, but you would still have real ROM when the update fucks up, as they frequently do, subsequently bricking the device because it has no ROM! Have I made myself clear yet?? Only ROM can save us. And where's my damn reset button??! Who stole my hat?!
Reply to This
Parent
(Score: 4, Insightful) by jelizondo on Sunday January 07, @06:02PM (2 children)
A couple of weeks ago while trying to access an European daily that I fancy I got a message telling me how I was hurting its business by blocking ads and no content would be served unless ads are were allowed.
I don’t have a problem with the ads, I understand it is how they make money, I have a problem with having to allow 7 or 8 different sites execute code on my machine to see the frickin’ ads.
Certainly, I could whip a VM and visit the site that way but it is too much trouble, so I now don’t visit them anymore. They lost the chance of showing me ads to no gain for themselves while I get to keep my machine (relatively) secure while missing on some good content. No winner here.
Reply to This
Parent
(Score: 2) by aiwarrior on Sunday January 07, @08:08PM (1 child)
Totally agree. In noscript it is so complicated due to the shear number of domains I would need to audit that, that I just go away. When there are few domains to audit and they seem legit i promptly temporarily white-list them. As far as I go.
Reply to This
Parent
(Score: 3, Insightful) by Justin Case on Sunday January 07, @08:57PM
When a site is pulling in code (often not even over https!) from other domains you can bet they probably haven't audited it either*. In other words, they are handing off their -- and your -- data to strangers whose motives are unknown.
That alone is a large enough mark of incompetence -- or they just don't care, which is close to the same thing -- that I will usually decide to stay away.
* Yeah, maybe one developer had a look at it before deciding to use the latest cool dancing-fonts library. Do they check every hour to see if the other site posted an update? Do they check if the other site delivers different code to different clients? Most are too dim-bulb to even imagine such issues, much less realize that it would be essentially impossible to defend against them.
Timmy played Nintendo all night then slept till 2PM. Johnny earned $20 mowing lawns. How much is Timmy entitled to take?
Reply to This
Parent
(Score: 2) by realDonaldTrump on Sunday January 07, @10:26PM
The Dictaphone was so easy. You talked into the machine, you said your message. And sent the belt -- or the tape -- to the typing pool. It wasn't Hi-Fi, it wasn't Wi-Fi, it didn't sound great. But your message got out. And there were always plenty of good looking girls in the typing pool.
Let me tell you, cyber has turned us all into an INCOMPETENT typing pool. And it's bringing crime, a lot of crime. So many hacks, who hasn't been hacked? I love getting my message out to hundreds of millions of people -- I have more followers than the Pope -- but sometimes I want to say, "give me a goddamned Dictaphone and a pretty typist."
Text TRUMP to 88022 for mobile alerts! Message&data rates apply. Text STOP to opt-out. T&C/Privacy: sms-terms.com/88022
Reply to This
Parent