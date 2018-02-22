The Los Angeles Times Website Is Unintentionally Serving a Cryptocurrency Mining Script (itwire.com) 27
troublemaker_23 shares a report from iTWire: The Los Angeles Times website is serving a cryptocurrency mining script which appears to have been placed there by malicious attackers, according to a well-known security expert. British infosec researcher Kevin Beaumont, who has warned that Amazon AWS servers could be held to ransom due to lax security, tweeted that the newspaper's site was serving a script created by Coinhive. The Coinhive script mines for the monero cryptocurrency. The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.
They are an ultra-liberal paper so the general population should be required to donate to them, so just no. We need to be forced to donate to them.
"Unintentionally" (Score:5, Insightful)
Like how they "unintentionally" point visitors to ads and scripts created by third parties.
If you're going to serve ads on your site, at least:
1 - Be responsible for them.
2 - Host them on your own domain.
Does that break the current webvertising model? GOOD!
I didn't read TFS. This appears to not be caused by ads, but by the LA Times serving content from a fucking publicly-writable storage source.
Point 1 and 2 both stand. They just don't directly apply to the context of ads and this story (which didn't involve ads, but utter stupidity).
If you're going to serve ads on your site, at least:
1 - Be responsible for them.
2 - Host them on your own domain.
The corollary being that if sites host ads on another domain they're not responsible for them and so you a) shouldn't trust they're not malicious code and b) should block them.
This is why. (Score:5, Insightful)
Dear every site that demands that I disable my ad blocker:
This is why is respectfully request that you get bent.
Love,
Scut
Ad blocker
Good quality AV for your OS.
The trust in any site as a brand and their
Corporate Main Stream Media (Score:2)
