Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday September 27 2017, @10:43PM   Printer-friendly
from the follow-the-monero dept.

Showtime, a premium cable, satellite, and streaming television service owned by CBS, included JavaScript on two of its domains that used users' web browsers to mine the cryptocurrency Monero:

The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.

The flagship Showtime.com and its instant-access ShowtimeAnytime.com sibling silently pulled in code that caused browsers to blow spare processor time calculating new Monero coins – a privacy-focused alternative to the ever-popular Bitcoin. The hidden software typically consumed as much as 60 per cent of CPU capacity on computers visiting the sites.

The scripts were written by Code Hive, a legit outfit that provides JavaScript to website owners: webmasters add the code to their pages so that they can earn slivers of cash from each visitor as an alternative to serving adverts to generate revenue. Over time, money mined by the Code-Hive-hosted scripts adds up and is transferred from Coin Hive to the site's administrators. One Monero coin, 1 XMR, is worth about $92 right now.

However, it's extremely unlikely that a large corporation like CBS would smuggle such a piece of mining code onto its dot-coms – especially since it charges subscribers to watch the hit TV shows online – suggesting someone hacked the websites' source code to insert the mining JavaScript and make a quick buck.

The JavaScript, which appeared on the sites at the start of the weekend and vanished by Monday, sits between HTML comment tags that appear to be an insert from web analytics biz New Relic. Again, it is unlikely that an analytics company would deliberately stash coin-mining scripts onto its customers' pages, so the code must have come from another source – or was injected by miscreants who had compromised Showtime's systems.

Also at PCMag.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by JNCF on Wednesday September 27 2017, @11:42PM (5 children)

    by JNCF (4317) on Wednesday September 27 2017, @11:42PM (#574097) Journal

    Users should be told what's going on upfront, of course. That being said, good. Given that we're running arbitrary code from whoever when we browse without NoScript, why shouldn't website owners use our machines/electricity to gather cryptocurrency through a leaky bucket? Is this worse than tracking us to sell our profiles to ad firms, or displaying annoying ads that take up the processing power of our brains? I like the idea of this revenue model, though I think it would ideally be paired with a premium option sans mining.

    I know there's an open-source library for mining Bitcoin with JavaScript, but Bitcoin isn't ideal (it should use a coin that is efficient with GPUs in the moment, whichever moment it happens to be).

    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by aristarchus on Wednesday September 27 2017, @11:51PM (1 child)

    by aristarchus (2645) on Wednesday September 27 2017, @11:51PM (#574106) Journal

    (it should use a coin that is efficient with GPUs in the moment, whichever moment it happens to be).

    DogeCoin? Is that still a thing? If not, it would be super efficient!

    • (Score: 2) by JNCF on Thursday September 28 2017, @12:04AM

      by JNCF (4317) on Thursday September 28 2017, @12:04AM (#574109) Journal

      Since practically nobody cared to mine an inflationary currency, and miners are necessary for security in a PoW system, DogeCoin can now be merge mined with LiteCoin. The ASICs, they are everywhere.

  • (Score: 2) by Reziac on Thursday September 28 2017, @02:48AM

    by Reziac (2489) on Thursday September 28 2017, @02:48AM (#574184) Homepage

    How about pay me a percentage of what's mined using my hardware and electricity? then maybe I'll let you borrow my CPU.

    --
    And there is no Alkibiades to come back and save us from ourselves.
  • (Score: 0) by Anonymous Coward on Thursday September 28 2017, @04:34PM (1 child)

    by Anonymous Coward on Thursday September 28 2017, @04:34PM (#574416)

    I know there's an open-source library for mining Bitcoin with JavaScript, but Bitcoin isn't ideal (it should use a coin that is efficient with GPUs in the moment, whichever moment it happens to be).

    That quite literally defeats the whole point of a cryptocurrency. The whole idea is that it's hard to derive, and therefore rare. The more efficient it is with the GPU, the easier it is to mine, and thus the less viable the currency is.

    For example, imagine there is a currency where you just need to select a floating point number which hasn't been used. There would be transfinite many coins, and thus absolutely worthless to everybody.

    • (Score: 2) by JNCF on Thursday September 28 2017, @08:40PM

      by JNCF (4317) on Thursday September 28 2017, @08:40PM (#574523) Journal

      That quite literally defeats the whole point of a cryptocurrency. The whole idea is that it's hard to derive, and therefore rare. The more efficient it is with the GPU, the easier it is to mine, and thus the less viable the currency is.

      An ASIC is just an Application Specific Integrated Chip, or a hardware implementation of a given algorithm. When the value of block hashing passes some point, people will start designing hardware to hash blocks more efficiently. When it becomes uncompetitive to mine using off the shelf hardware, the barrier of entry for new miners has been raised and we can expect comparative fewer miners participating in the ecosystem. If we believed that security was improved by having a greater diversity of miners, thus making it harder for miners to conspire in a 51% (or less) attack, we would want off the shelf hardware to be competitive. For this reason coins have been designed to be ASIC-resistant by employing algorithms that GPUs are particularly good at, most notably LiteCoin with it's scrypt algorithm. When LiteCoin passed a certain point of value it still made financial sense to start producing ASICs that targeted scrypt.

      All that said, I'm not even convinced that ASIC-resistance is something that should be strived for. In the long run, dedicated hardware might be fine. But let's consider this from the perspective of a selfish entity operating in the current landscape, not caring about what should be but instead what is. Given that some coins have reached such value that GPUs are not competitive, and some coins have not reached such value, we can mine the latter coins on off the shelf hardware that users are using to visit webpages while attempting to mine the former coins with that same hardware will be very unlikely to result in anything. The coins we can mine can then be traded for coins we can't practically mine, so we don't care about the long term viability of the currency we're mining. We don't even care if it's an efficient use of electricity to mine the coins, because we aren't paying for the electricity -- our users are. The coins just have to cover server and maintenance costs, or supplement some other income to help cover those costs.

      For example, imagine there is a currency where you just need to select a floating point number which hasn't been used. There would be transfinite many coins, and thus absolutely worthless to everybody.

      With no further rules, there could eventually be a ridiculously large number of coins mined (though still theoretically finite -- you can't keep mining after heat death unless we come up with a wacky time-crystal based turing machine). Real PoW cryptocurrencies employ scaling difficulties; in the case of Bitcoin this takes the form of an increasing (or theoretically decreasing if mining scales down for too long) number of leading zeros in the hash of a block. We could swap out the hashing algorithm while keeping the scaling difficulty and new ASICs would need to be designed, but the time it takes for blocks to be mined wouldn't really be affected in the long term.