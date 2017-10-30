A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency (arstechnica.com) 17
Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.
my Crypto Purloined Unit (Score:2)
This is just indicative of the much larger issue of how incredibly dangerous it is to allow servers to inject and run arbitrary code from third parties on your client machines. Third party ad-networks already do this, and if they're benign, they'll only TRACK you. If they're not, they'll do this, or try to hack your machine, or just about anything else they want to with all the power Javascript gives them - crypto-currency mining included.
Again? (Score:2)
There is some good in this. (Score:2)
If people still knew how to write HTML, almost no web site would need to use any "JavaScript" or other "active content", with all the security issues this implies.
Eye Candy Sells [Re:There is some good in this.] (Score:1)
I doubt enough browsers support the fancy animations that PHB's love so much: wiggly throbbing bouncy controls. They want the UI to behave like the breasts they get slapped for trying to touch.
Eye-candy sells and the silly humans fall for it. Proverbial books continue to get judged by their covers. Good luck fixing human nature.
Not all web apps work with just HTML and CSS (Score:2)
If people still knew how to write HTML, almost no web site would need to use any "JavaScript" or other "active content"
How would, say, a web-based front-end to an IRC server work without script? It needs to know when messages have arrived in order to display them. The same is true of a multi-user whiteboard, which needs to know when another user has drawn a stroke. In addition, server-side image map doesn't support drag input, only click input.
Or should those instead be native executables that a user can download, install, and use? If so, then because native executables are generally specific to one operating system, Murphy
Does this work? (Score:2)
How many cell phones would you need to commandeer, and for how long, in order to successfully mine a Bitcoin using JavaScript?
It seems like trying to boil the ocean by stealing cigarette lighters...