Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bitcoin Communications Privacy Security The Internet

The Los Angeles Times Website Is Unintentionally Serving a Cryptocurrency Mining Script (itwire.com) 58

troublemaker_23 shares a report from iTWire: The Los Angeles Times website is serving a cryptocurrency mining script which appears to have been placed there by malicious attackers, according to a well-known security expert. British infosec researcher Kevin Beaumont, who has warned that Amazon AWS servers could be held to ransom due to lax security, tweeted that the newspaper's site was serving a script created by Coinhive. The Coinhive script mines for the monero cryptocurrency. The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.
This discussion has been archived. No new comments can be posted.

The Los Angeles Times Website Is Unintentionally Serving a Cryptocurrency Mining Script

Comments Filter:
  • Not me, that's who.

  • "Unintentionally" (Score:5, Insightful)

    by sexconker ( 1179573 ) on Thursday February 22, 2018 @08:00PM (#56173125)

    Like how they "unintentionally" point visitors to ads and scripts created by third parties.

    If you're going to serve ads on your site, at least:

    1 - Be responsible for them.
    2 - Host them on your own domain.

    Does that break the current webvertising model? GOOD!

    • Re:"Unintentionally" (Score:5, Interesting)

      by sexconker ( 1179573 ) on Thursday February 22, 2018 @08:03PM (#56173137)

      I didn't read TFS. This appears to not be caused by ads, but by the LA Times serving content from a fucking publicly-writable storage source. Wooooooooooooooooooooo oooooooooooooooooooooooooooooooooo oooooooooooooo oooooooooooooooooooooooooo oooooooooooooooooow.

    • by Anonymous Coward

      In the summary, it says they had a -rw-rw-rw- AWS S3 bucket. Who am I kidding, you probably read the summary, but don't grasp what that means. SAD!

    • If you're going to serve ads on your site, at least:

      1 - Be responsible for them.
      2 - Host them on your own domain.

      The corollary being that if sites host ads on another domain they're not responsible for them and so you a) shouldn't trust they're not malicious code and b) should block them.

  • This is why. (Score:5, Insightful)

    by Scutter ( 18425 ) on Thursday February 22, 2018 @08:58PM (#56173399) Journal

    Dear every site that demands that I disable my ad blocker:

      This is why is respectfully request that you get bent.

    Love,
    Scut

    • I also make that request, but without the respect.
    • You might not be aware of the fact that Coinhive scripts can run in your browser even if you have AdBlock - because they are not ads.
      Disabling JS will help though.

  • No script
    Ad blocker
    Good quality AV for your OS.
    The trust in any site as a brand and their .com is gone.
  • Just another collection of bloggers with delusions of grandeur, still thinking they are what they were last millennium, gate keepers and controllers of the public mind state and in reality nothing but yesteryears corporate propagandists and corrupters of democracy. I find it hardly surprising they are running crypto miners and it probably isn't as accidental as they are trying to pretend it is. Corporations are waking up to the reality of the great election blowout, where corporate main stream media, the ma

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...