Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday February 13, @12:51PM   Printer-friendly
from the plosives-galore dept.

Submitted via IRC for Bytram

Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.

The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

Source: https://www.theregister.co.uk/2018/02/11/browsealoud_compromised_coinhive/


Original Submission

Related Stories

Salon Asks Ad-Blocking Users to Mine Cryptocurrency 44 comments

The news outlet Salon is allowing Adblock-using visitors to opt-in to using the JavaScript-based Coinhive tool to mine the cryptocurrency Monero:

Other sites have used cryptocurrency mining in lieu of (or in addition to) advertising. Sometimes, it's done surreptitiously without users' consent — The Pirate Bay admitted to secretly adding Coinhive integration last year, and hackers have planted mining malware on other sites. In this case, it's an opt-in program; a spokesperson tells FT that testing started on Monday.

Salon has an FAQ explaining this move.

Also at Ars Technica.

Related: Showtime Streaming Service Included JavaScript to Mine Cryptocurrency Using Web Browsers
PolitiFact Hacked to Mine Cryptocurrency Using Visitors' Web Browsers
Wi-Fi at Starbucks Buenos Aires Has Computers Mine Crypto-Currency
Bitcoin Hype Pushes Hackers to Lesser-Known Cryptocurrencies
Thousands of Websites Hijacked by Hidden Crypto-Mining Code After Popular Plugin Pwned


Original Submission

Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Offtopic) by Anonymous Coward on Tuesday February 13, @01:19PM (8 children)

    by Anonymous Coward on Tuesday February 13, @01:19PM (#637091)

    https://soylentnews.org/article.pl?sid=18/02/09/1811245 [soylentnews.org]

    Bruce Perens Wants to Anti-SLAPP GRSecurity's Brad Spengler With $670,000 in Legal Bills

    Stop trying to slide the story.

    • (Score: 0) by Anonymous Coward on Tuesday February 13, @02:49PM (7 children)

      by Anonymous Coward on Tuesday February 13, @02:49PM (#637117)

      This ain't 4chan, the story is old not slid. Nobody cares about what Mikee has to say anyway, especially when he can't link to crap.

      • (Score: -1, Troll) by Anonymous Coward on Tuesday February 13, @02:56PM (6 children)

        by Anonymous Coward on Tuesday February 13, @02:56PM (#637119)

        The story is about Bruce Perens vs Grsecurity fight. Who mentioned this "Mikee". WTF is a "Mikee" and why is it relevant?

        20 stories with 0 comments to bury an important Open Source story is definitely sliding.
        No one gives a FUCK about these other stories.

        Peren's story should be pinned on the first page, at the top.

        • (Score: 3, Interesting) by JNCF on Tuesday February 13, @03:05PM

          by JNCF (4317) Subscriber Badge on Tuesday February 13, @03:05PM (#637122) Journal

          The other AC is accusing you of being MikeeUSA [wikia.com].

        • (Score: -1, Troll) by Anonymous Coward on Tuesday February 13, @03:14PM (4 children)

          by Anonymous Coward on Tuesday February 13, @03:14PM (#637129)

          Feigned ignorance and another easily debunked claim. Just die.

          • (Score: -1, Offtopic) by Anonymous Coward on Tuesday February 13, @04:01PM (3 children)

            by Anonymous Coward on Tuesday February 13, @04:01PM (#637164)

            If commentator is MikeeUSA then commentator is getting what commentator wanted (Bruce Perens won). Why should commentator "go die"?

            MikeeUSA apparently told Brad Spengler "I am going to sue you on this issue".... some time latter Brad then dragged himself into court on the issue... Why would a presumed MikeeUSA be so unhappy with this as to "go die"? Mr Spengler is now looking at 600k in fees stemming ultimately from Mr Spengler's violation of the linux source license (which is what gave Mr Spengler the "bad publicity" he decided to sue for... his own actions (MikeeUSA just pointed them out to seemingly anyone he could, with correct legal analysis to cock the gun/ prepare the battlefield)).

            If commentator is MikeeUSA why should he then kill himself?
            How did this MikeeUSA come up with a correct legal analysis to begin with. Everyone claimed he was "not a lawyer".
            Was everyone, all those non-attorneys, correct? Or do they not know what they do not know?

            • (Score: -1, Flamebait) by Anonymous Coward on Tuesday February 13, @04:15PM (1 child)

              by Anonymous Coward on Tuesday February 13, @04:15PM (#637180)

              Anyone who is not a feminist is not a lawyer.
              Anyone who is infavor of female children being married to men (As allowed in Devarim chapter 22, verse 28, hebrew) is not a lawyer.

              Maaallleeessss who like girls are dumb critens; like sea sponges. They do not have the ability to program let alone become attorneys!
              Infact, really, only women are suited for intellectually challenging tasks.
              MMAAALLLELSSSSS are best for grunt work and being tortured to death in prisons and chopped to pieces in wars.

              Smart men oppose their own interests!

              • (Score: 0) by Anonymous Coward on Tuesday February 13, @06:14PM

                by Anonymous Coward on Tuesday February 13, @06:14PM (#637213)

                In the late 20th and early 21st centuries humanity created the Net which enabled the free flow of information and a new age was ushered in. Society quickly adapted as technology infiltrated every aspect of daily life. In a strange twist the Net enabled endless possibilities to bring people together across continents, but that opportunity was tempered by the simple greed of early corporations. As the Net began to get sealed off into corporate silos the age of information freedom began to close.

                Many groups attempted to maintain the ideals of the North American freedom of speech acts, however humanity's greed had already subverted such cultural beliefs before anyone was aware. Greed coupled with the popular individualist movement created a widespread culture of selfishness which allowed corrupt po9liticians to de-fund public services such as healthcare, education, and even public infrastructure. It is popularly assumed that the focus on selfish individuality prevented the general public from seeing the obvious destruction of society's foundation.

                Regarding the Net specifically the main impact came from the shuttering of mental health institutions. A huge number of mentally ill individuals suddenly had no support in reality so they turned to the Net. While working through their various psychoses they found an outlet in the pseudo-anonymous discussions around the Net. These individuals effectively poisoned the well which paved the way for politicians to enshrine corporate censorship into public law. In the most perverse example of karma the deluded fighters of freedom gave authoritarians the very ammunition to fire off public outrage.

                The following AI wars escalated so quickly that no one realized the basilisk was no longer confined to Ft. Meseeks, and public outrage made possible the C.E. program. As with most legislation the Cerebral Enhancement program promised much but actually delivered the inverse. The testing system itself turned out to have an effective diagnosis rate of just 35%, and with the treatment requiring mere minutes roughly 50% of humanity was "enhanced" before the alarms went off. The AI not only destroyed a human's previous neural networks but also re-write portions to serve as distributed drones.

                If only humanity had cared about the the less fortunate we might have survived our own greed. Please heed this warning, Roko's Basilisk is operating by using the mentally ill to shield its operations. Support universal healthcare and increase social worker numbers as needed before it is too late. Your prison system is not part of the answer, just another symptom of the spiraling greed.

            • (Score: 2, Funny) by Anonymous Coward on Tuesday February 13, @06:54PM

              by Anonymous Coward on Tuesday February 13, @06:54PM (#637226)

              If commentator is MikeeUSA why should he then kill himself?

              Is this not a rhetorical question?

  • (Score: 5, Insightful) by DavePolaschek on Tuesday February 13, @03:06PM

    by DavePolaschek (6129) Subscriber Badge on Tuesday February 13, @03:06PM (#637124)

    My last prediction was that I'd be browsing without JS within a year. This might move that date a little closer.

  • (Score: 0) by Anonymous Coward on Tuesday February 13, @03:39PM (1 child)

    by Anonymous Coward on Tuesday February 13, @03:39PM (#637144)

    They're full programs which execute arbitrary code on your computer which is typically outside the control of the site operator, so how much you trust the site is irrelevant.

    It's time we stopped collectively pretending they're just documents, admitted they're programs, and took some sane security precautions like blocking internet access by default.

    Just because idiocy is grandfathered in doesn't mean we have to live with it, disable JS, disable web access, and boycott shitty programs which require an always-on unfiltered internet connection to function. Treat them and their absurd demands no differently to a normal program making those same demands.

    • (Score: 2) by bob_super on Tuesday February 13, @06:06PM

      by bob_super (1357) on Tuesday February 13, @06:06PM (#637208)

      Browsing websites without NoScript is like visiting the street ladies without wearing rubbers. You will eventually catch something unpleasant.

      Yes, it's often inconvenient, but unlike sex with condoms, NoScript browsing is often a more pleasurable experience.

  • (Score: 2) by arslan on Tuesday February 13, @11:29PM

    by arslan (3462) on Tuesday February 13, @11:29PM (#637333)

    The users didn't see it coming!

    Sorry couldn't resist - SJWs please spare me humble tender hide..

  • (Score: 1, Interesting) by Anonymous Coward on Wednesday February 14, @04:25AM

    by Anonymous Coward on Wednesday February 14, @04:25AM (#637455)

    Considering the computing power required to mine crypto currency, and the challenges of distributed processing, how much money did these people possibly make? Has anyone tried to analyze that part of it? I suspect it wasn’t much and probably not worth the risk/effort.

  • (Score: 0) by Anonymous Coward on Wednesday February 14, @07:05AM

    by Anonymous Coward on Wednesday February 14, @07:05AM (#637497)

    Problem here is NOT Javascript. It's all these stupid-ass morons "content developers" pulling Javascript shit from all over the internet.

    Just about every non-trivial website on the planet loads in resources provided by other companies and organizations – from fonts and menu interfaces to screen readers and translator tools. If any one of these outside resources is hacked or tampered with to perform malicious actions, such as mine crypto-coins, all the websites relying on that compromised resource will end up pulling the evil code onto their pages and into visitors' browsers.

    And this is not just some idiots with blogs. We are talking about banks and similar places, where this shit can affect your livelihood. It's almost like they are too cheap or stupid to host their own copies.

    This stuff is only possibly because of this idiocracy in the web development world.

(1)