tag:blogger.com,1999:blog-4503292949532760618.post9060068039035710035..comments2024-03-28T13:39:27.601-07:00Comments on DSHR's Blog: Web DRM Enables Innovative Business ModelDavid.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger20125tag:blogger.com,1999:blog-4503292949532760618.post-27657275683767608192018-03-01T08:05:00.476-08:002018-03-01T08:05:00.476-08:00"The Spectre design flaws in modern CPUs can ..."The Spectre design flaws in modern CPUs can be exploited to punch holes through the walls of Intel's SGX secure environments, researchers claim." according to <a href="http://www.theregister.co.uk/2018/03/01/us_researchers_apply_spectrestyle_tricks_to_break_intels_sgx/" rel="nofollow">Richard Chirgwin at <i>The Register</i></a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-91892980562663194332017-11-15T10:36:40.706-08:002017-11-15T10:36:40.706-08:00"Mursch found 30,611 sites on the web running..."Mursch found 30,611 sites on the web running Coin Hive's JavaScript to effectively crypto-jack machines" <a href="https://www.theregister.co.uk/2017/11/15/coin_mining_30000_sites_cryptojacking/" rel="nofollow">Iain Thomson reports for <i>The Register</i></a>. It appears that:<br /><br />"many of these mining operations are being run by one person. Mursch found that one “Mohammad Khezri” of Iran seems to be controlling <a href="https://pastebin.com/raw/FedTqVtr" rel="nofollow">a vast number</a> of mining operations spread across many domains to maximize his returns."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-37792008608076558062017-11-08T16:22:31.059-08:002017-11-08T16:22:31.059-08:00Cryptojacking is on a roll:
"Willem de Groot...<a href="https://arstechnica.com/information-technology/2017/11/drive-by-cryptomining-that-drains-cpus-picks-up-steam-with-aid-of-2500-sites/" rel="nofollow">Cryptojacking is on a roll</a>:<br /><br />"Willem de Groot, an independent security researcher who <a href="https://gwillem.gitlab.io/2017/11/07/cryptojacking-found-on-2496-stores/" rel="nofollow">reported the findings Tuesday</a>, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors' payment card details."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-33332705269491579742017-11-03T09:38:11.191-07:002017-11-03T09:38:11.191-07:00Does anyone think this makes sense? One Bitcoin Tr...Does anyone think this makes sense? <a href="https://motherboard.vice.com/en_us/article/ywbbpm/bitcoin-mining-electricity-consumption-ethereum-energy-climate-change" rel="nofollow"><i>One Bitcoin Transaction Now Uses as Much Energy as Your House in a Week</i></a>:<br /><br />"This averages out to a shocking 215 kilowatt-hours (KWh) of juice used by miners for each Bitcoin transaction (there are currently about <a href="https://charts.bitcoin.com/chart/daily-transactions#b2k" rel="nofollow">300,000</a> transactions per day). Since the average American household consumes <a href="https://www.eia.gov/tools/faqs/faq.php?id=97&t=3" rel="nofollow">901 KWh per month</a>, each Bitcoin transfer represents enough energy to run a comfortable house, and everything in it, for nearly a week. On a larger scale, De Vries' index shows that bitcoin miners worldwide could be using enough electricity to at any given time to power about 2.26 million American homes. "David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-3374230713773653682017-11-01T12:45:09.929-07:002017-11-01T12:45:09.929-07:00One reason for the rise of cryptojacking is the un...One reason for the rise of cryptojacking is the unbelievable level of <a href="http://adage.com/article/digital/business-insider-york-times-shed-details-ad-industry-s-biggest-problem/311081/" rel="nofollow">fraud in Web advertising</a> described by George Slefo in <i>Ad Age</i>:<br /><br />"Business Insider advertiser thought they had purchased $40,000 worth of ad inventory through the open exchanges when in reality, the publication only saw $97, indicating the rest of the money went to fraud.<br /><br />"There was more people saying they were selling Business Insider inventory then we could ever possibly imagine," ... "We believe there were 10 to 30 million impressions of Business Insider, for sale, every 15 minutes."<br /><br />To put the numbers in perspective, Business Insider says it sees 10 million to 25 million impressions a day."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-48289801341382895882017-10-31T09:43:35.822-07:002017-10-31T09:43:35.822-07:00Dan Goodin at Ars Technica surveys the cryptojacki...Dan Goodin at <i>Ars Technica</i> <a href="https://arstechnica.com/information-technology/2017/10/a-surge-of-sites-and-apps-are-exhausting-your-cpu-to-mine-cryptocurrency/" rel="nofollow">surveys the cryptojacking scene</a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-11094232070511022472017-10-30T14:02:18.702-07:002017-10-30T14:02:18.702-07:00Cryptocurrency mining is now a feature of the Goo...Cryptocurrency mining is now a feature of the Google Play store, writes <a href="https://www.theregister.co.uk/2017/10/30/cryptocurrency_android_apps/" rel="nofollow">Iain Thomson at <i>The Register</i></a>:<br /><br />"Researchers at Trend Micro found three programs available for download ... that were surreptitiously using the spare CPU cycles on people's smartphones to mine Monero, using code built by ... Coin Hive. The mining apps were variously disguised as a wallpaper collection, a wireless safety app, and software to help Catholics with rosary prayers."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-40516879092398030432017-10-24T07:23:49.995-07:002017-10-24T07:23:49.995-07:00Another day, another cryptocurrency miner lurking ...<a href="https://www.theregister.co.uk/2017/10/23/cryptocurrency_miner_google_chrome_extension/" rel="nofollow"><i>Another day, another cryptocurrency miner lurking in a Google Chrome extension</i></a> writes Iain Thompson at <i>The Register</i>:<br /><br />"Alessandro Polidori, ... spotted the use of Coin Hive's Monero-crafting code in the “Short URL (goo.gl)” extension for Chrome. After getting an alert from his network security tools, Polidori dug in and found the extension was downloading and running a file from Coin-Hive.com called cryptonight.wasm every ten seconds. ... It's <a href="https://www.nicehash.com/algorithm/cryptonight" rel="nofollow">estimated</a> there 113,000 Cryptonight miners active right now, gradually generating XMR coins, each worth about $90, using strangers' electricity and computer hardware."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-72323521715490936132017-10-19T11:30:09.228-07:002017-10-19T11:30:09.228-07:00Google Chrome May Add a Permission to Stop In-Brow...<a href="https://www.bleepingcomputer.com/news/google/google-chrome-may-add-a-permission-to-stop-in-browser-cryptocurrency-miners/" rel="nofollow"><i>Google Chrome May Add a Permission to Stop In-Browser Cryptocurrency Miners</i></a> by Catalin Cimpanu quotes a Google bug report:<br /><br />"If a site is using more than XX% CPU for more than YY seconds, then we put the page into "battery saver mode" where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely."<br /><br />This would address blissex's "every browser gifts a free-to-use, unlimited-usage, fast VM to every visited web site".David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-84601942498121716022017-10-19T07:49:18.214-07:002017-10-19T07:49:18.214-07:00More on cryptojacking from Iain Thomson at The Reg...More on <a href="https://www.theregister.co.uk/2017/10/19/malwarebytes_blocking_coin_hive_browser_cryptocurrency_miner_after_user_revolt/" rel="nofollow">cryptojacking from Iain Thomson at <i>The Register</i></a>:<br /><br />"Malwarebytes ... joins ad-block plugins in preventing Coin Hive's Monero-crafting JavaScript from running in webpages, using visitors' electricity and hardware to mine new money. Coin Hive is a legit outfit, and its mining code is supposed to be embedded in pages to earn site owners' revenue as an alternative to annoying ads. However, this freely available tool has been abused."<br /><br />CoinHive is addressing the problem:<br /><br />"Instead of complaining, the Coin Hive team already has a solution. It's come up with new code, released this week, called AuthedMine, and it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-54457168426101301462017-10-18T20:18:50.508-07:002017-10-18T20:18:50.508-07:00blissex, the difference is that there's no fin...blissex, the difference is that there's no financial reward for writing sloppy JavaScript; there is a financial reward for cryptojacking.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-82891907842910535472017-10-18T13:23:19.672-07:002017-10-18T13:23:19.672-07:00That to me does not seem to be that differently fr...That to me does not seem to be that differently from badly written JS-based sites that just consume CPU through careless coding. Many Google and newspaper sites are like that. I run NoScript mostly to avoid that, more than security, and also because many badly written JS frameworks seem to have ever growing memory usage (not quite leaks, but same effect).<br />I think Jamie Zawinski regularly mentions examples on his blog of the more outrageous such sites. O think that it was JWZ who has wisely observed that every thingie that can run executable codes can become a malware platform.<br /><br />In an age in which every browser gifts a free-to-use, unlimited-usage, fast VM to every visited web site, and these VMs can boot and run quite responsive 3D games or Linux distributions, what can we do?<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-6012474980302713832017-10-18T12:30:27.355-07:002017-10-18T12:30:27.355-07:00Cryptojacking is exploding across the Internet, re...Cryptojacking is exploding across the Internet, reports <a href="https://www.bleepingcomputer.com/news/security/the-internet-is-ripe-with-in-browser-miners-and-its-getting-worse-each-day/" rel="nofollow">Catalin Cimpanu at <i>Bleeping Computer</i></a>:<br /><br />"Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. ... Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. ... On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. ... On top of this, the cryptojacking craze has also spread to WordPress plugins."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-42226981989431258132017-10-14T07:55:18.287-07:002017-10-14T07:55:18.287-07:00On Adguard's blog, Andrey Meshkov has an excel...On Adguard's blog, Andrey Meshkov has an <a href="https://blog.adguard.com/en/crypto-mining-fever/" rel="nofollow">excellent overview of cryptojacking</a>. He's actually quite enthusiastic about the idea:<br /><br />"1) Cryptocurrencies are growing rapidly; existing currencies grow in value and new ones appear. Mining will eventually become more profitable.<br />2) Mining may not promise huge profits, but neither do ads. An audience of a website might be big, but not “expensive” from the marketing point of view.<br />3) Any alternative to advertising is a good thing. Ads annoy, so more and more people use ad blockers and simply do not see ads. Ads, after all, abuse users’ device resourсes -- the same thing mining is criticized for. But what do we have besides ads, if we want a non-ecommerce website to feed us or at least to feed itself? We know that ideas like paid subscriptions and donations are truly at the end of the list. Of course, there are vehicles like crowdfunding, investments, and IPOs, but to put it mildly, these sources of capital are not accessible for everyone."<br /><br />I think this misunderstands the economics of cryptocurrencies. For example, the more miners the smaller the proportion of the total available mining reward each gets, And $43K in 3 months isn't much money for 220 sites with 500K users total. About 1/100th of a cent per site per user per month. Not going to cover the costs. Let alone the fact that, as with Polifact, the money isn't going to the site, its going to the bad guys.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-6629713966230846412017-10-14T07:37:24.726-07:002017-10-14T07:37:24.726-07:00Polifact is the latest site to be detected running...Polifact is the <a href="https://www.theregister.co.uk/2017/10/13/politifact_mining_cryptocurrency/" rel="nofollow">latest site to be detected running CoinHive</a>:<br /><br />"the code hidden on Politifact.com at this moment appears to be malicious: it is completely non-throttled, and kicks off eight instances of the miner, which means it hammers the visiting machine's processor, taking up 100 per cent of spare processor capacity."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-72464060575588939212017-10-13T08:00:41.823-07:002017-10-13T08:00:41.823-07:00John Leyden at The Register is all over the crypto...John Leyden at <i>The Register</i> is all over the <a href="https://www.theregister.co.uk/2017/10/13/cryypto_mining/" rel="nofollow">cryptojacking story</a>:<br /><br />"More than 220 websites – mostly porn sites and torrent trackers – silently launch mining threads when surfers visit their sites, according to a new <a href="https://blog.adguard.com/en/crypto-mining-fever/" rel="nofollow">study</a> by Adguard. The consumer-focused security firm reckons at least $43K was mined in Monero, as of October 10, based on the average time spent on website. Cryptocurrency mining code contaminated websites with an aggregated audience of 500 million people."<br /><br />He even claims that cryptojacking was actually an <a href="https://www.theregister.co.uk/2017/04/01/invisible_bitcoin_paywall/" rel="nofollow">innovation by <i>The Register</i> itself</a>, and it <a href="https://web.archive.org/web/20170401071145/https://www.theregister.co.uk/2017/04/01/invisible_bitcoin_paywall/" rel="nofollow">really was</a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-58432275880435512332017-10-12T15:54:19.179-07:002017-10-12T15:54:19.179-07:00Oops - I see I screwed up the first paragraph of t...Oops - I see I screwed up the first paragraph of the comment before last including the all-important link. It should be as follows:<br /><br />It isn't just W3C that has enabled the new Web business model. Reading <a href="https://ipres2017.jp/wp-content/uploads/30.pdf" rel="nofollow"><i>Trustworthy and Portable Emulation Platform for Digital Preservation</i></a> by Zahra Tarkhani, Geoffrey Brown and Steven Myers made me realize that Intel has provided the <a href="https://www.virusbulletin.com/virusbulletin/2014/01/sgx-good-bad-and-downright-ugly" rel="nofollow">hardware to go with the software for cryptocurrency mining in your browser</a>:David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-83297026371447796922017-10-10T08:33:38.327-07:002017-10-10T08:33:38.327-07:00The cryptocurrency mining business model ("cr...The cryptocurrency mining business model ("cryptojacking") is spreading. John Leyden at <i>The Register</i> <a href="https://www.theregister.co.uk/2017/10/10/cryptojacking/" rel="nofollow">writes</a>:<br /><br />"In some cases internet publishers are making money by using the spare processor cycles of visiting surfers to mine cryptocurrency, but in other incidents, hackers have planted JavaScript that covertly takes over the systems – a process that has become known as cryptojacking.<br /><br />Dodgy code capable of running the trick surfaced on TV channel Showtime.com late last month before it appeared on the official website of Portugal and Real Madrid football star Cristiano Ronaldo last week."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-7354969918209086512017-10-10T08:31:21.191-07:002017-10-10T08:31:21.191-07:00It isn't just W3C that has enabled the new Web...It isn't just W3C that has enabled the new Web business model. Reading <a href="https://ipres2017.jp/wp-content/uploads/30.pdf" rel="nofollow"><i>Trustworthy and Portable Emulation Platform for Digital Preservation</i></a> by Zahra Tarkhani, Geoffrey Brown and Steven Myers for my <a href="javascript:void(0);" rel="nofollow">cryptocurrency mining in your browser</a>:<br /><br />"Normal botnet operation is straightforward: after infecting a computer, the bot phones home and downloads and updates malware on the zombie computer. With SGX, the attacker could create an enclave, perform remote attestation with their C&C (command and control) server from inside the enclave, set up some private-public key encryption based on their SGX keys, and receive a payload to execute inside the enclave or any other commands from the C&C server. Furthermore, by leveraging strong encryption, none of this behaviour can be emulated or tracked, with the exception of the C&C traffic itself (which, of course, is encrypted).<br /><br />This would be a terrible adversary to face in the wild. The defender cannot scan for the malware in memory and cannot create a signature for it. The only way to detect it at this point would be to examine the effects (such as file I/O)."<br /><br />In other words, you as the owner of the computer would be unable to detect that cryptocurrency mining was going on except by a shortage of CPU cycles. You would be unable to see the code or know anything about what it was doing.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-7604289349211683282017-09-29T07:01:14.752-07:002017-09-29T07:01:14.752-07:00Jérôme Segura at Malwarebytes has an informative p...Jérôme Segura at Malwarebytes has an <a href="https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/" rel="nofollow">informative post on Coinhive</a>:<br /><br />"While cryptominers do have an impact on system resources, there was at least a sense that they may be safer and less intrusive than ads. But publishers ought to be more transparent with their audience because no-one likes unannounced guests. Unfortunately, there will always be publishers that care very little about what kind of traffic they push, so long as it generates good revenues; for those, cryptominers are just an added income to their existing advertising portfolio.<br /><br /><a href="https://www.malwarebytes.com/" rel="nofollow">Malwarebytes</a> users are already protected against this drive-by mining. In fact, we are blocking over 5 million connection attempts to Coinhive every single day, which shows that browser-based mining has really taken off in a big way."<br /><br />Note that Coinhive isn't mining Bitcoin:<br /><br />"This concept of mining digital currency via the browser is a little odd at first because it is well known how resource intensive mining can be, requiring powerful machines loaded with expensive hardware. While this is true for Bitcoin, it is not for other currencies that were designed for ordinary CPUs.<br /><br />Take the <a href="https://en.wikipedia.org/wiki/Monero_(cryptocurrency)" rel="nofollow">Monero</a> digital currency, powered by the <a href="https://en.bitcoin.it/wiki/CryptoNight" rel="nofollow">CryptoNight</a> algorithm, which can be mined with a standard CPU with little difference in overall results compared to running more advanced hardware. This literally opens the door to a large and still mostly untapped market comprised of millions of typical consumer machines."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com