SoylentNews is people
SoylentNews
Showtime, a premium cable, satellite, and streaming television service owned by CBS, included JavaScript on two of its domains that used users' web browsers to mine the cryptocurrency Monero:
The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.
The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.
The scripts were written by Code Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Code-Hive-hosted scripts adds up and is transferred from Coin Hive to the site's administrators. One Monero coin, 1 XMR, is worth about $92 right now.
However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.
The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems.
Also at PCMag.
(Score: 4, Insightful) by bob_super on Wednesday September 27 2017, @11:35PM (4 children)
Good, we now have a concrete thing to point at when we tell relatives that they should use NoScript, despite how annoying it can be.
(Score: 0) by Anonymous Coward on Thursday September 28 2017, @04:23AM (1 child)
Exactly. How many other sites do this and other even more underhanded things? We have no idea, how reassuring. Your money and reputation is at stake.
But we have the choice to not run their concoction. Use it.
(Score: 1) by anubi on Thursday September 28 2017, @05:11AM
Maybe this explains why after visiting some sites, I have to reboot Firefox to get my CPU off the rail. I usually don't notice it until my computer gets really sluggish, and I open up the resource monitor to see what's gone wrong. Rarely happens when I am using NoScript, but often happens on my phone, when I usually have to completely close out the browser and restart it to clear.
I feel I have to put up with these annoyances because some web planning committee approved these protocols, knowing full good and well they could be used to harass, but approved because some supporter wanted them put in so he could backdoor his code into someone else's computer to force the display of likely unwanted content, covertly collect information, or act as his rights enforcement agent.
As long as we tolerate DRM, we are going to have this.
While DRM can be used for "rights management", running a rights enforcement agent in someone else's machine against their will, it can also be used to run any arbitrary code in someone else's machine against their will - often having disastrous result.
We may think a nation full of dumbed-down DRM-accepting sheeple as profitable for someone claiming rights to something, as we are used to things like farming, mining, or manufacturing, where the resources we are exploiting do not defend themselves. But the very DRM that enforces someone's wishlist is also quite useful for carrying out the deeds of anyone who has the knowledge to know how to ask.
Dealing with copyright infringement is like dealing with privacy issues.
Once you put info out there, its public. Simple as that. You basically have to trust the person you shared your little secret with not to share it to anyone else. I have no idea of how to enforce "ownership" of a "secret".
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by DannyB on Thursday September 28 2017, @05:14PM (1 child)
I've come to like uMatrix as a replacement for NoScript.
The lower I set my standards the more accomplishments I have.
(Score: 2) by bob_super on Thursday September 28 2017, @05:25PM
I don't usually blame NoScript for the tediousness of trying to view some web pages without scripts.
I'll check uMatrix...