Slashdot Mirror
The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Even more reason to disable Javascript.
Too many miners chasing too little coins will cause a difficulty spike, causing people to mine for satoshis worth of currency. Everyone is waiting for the difficulty to rise so GPUs can go back to normal again.
Captcha: Balloons
I suspect the submitter meant "rife" rather than "ripe".
Of course, since "ripe" can mean "stinky", maybe it fits.
...of not going to so said sites.
Is there a way that someone could write a browser plugin that returns wrong/garbage results to the crypto mining command and control server, rendering entire massive calculation trees wrong and useless and destroying their scheme?
Ideally a way to enable/disable per site so that sites that ask permission can be granted on a case-by-case basis.
Just have a cpu/gpu threshold on what processes on threads can consume, both individually and in aggregate?
In debates about Christianity, there are two groups: those looking for answers, and those looking to just ask questions.
No? Then this is the same discussion we had decades ago about ads and it will end up in the same way.
If you go to a site, then you give it explicit permission to use resources on your computer. Whether that resource is doing stuff on the Internet (AJAX) or doing stuff on your computer (mining).
A user can control your computer though, they can limit the amount of cycles a website or browser gets to spend, block JavaScript, block whatever resource they want. In the end, the user is letting them do this and once sites see that it's costing them more money than it profits (when people stop visiting the "slow website") they'll learn.
Custom electronics and digital signage for your business: www.evcircuits.com
You don't want things loading in your browser session that are doing things you don't want them to do.
But couldn't this be said about any code on a website? When you go to the page, you're loading whatever JS, Flash, etc that is on their site. You're the one going there, it isn't anything malicious.
What's the difference between this stuff, and say someone using uncompressed images that suck your bandwidth excessively? Is the only difference, that they may be profiting from this slightly? If so, why is that bad, when most sites need to show you some ad, sell you something, etc to be profitable?
Whoever thought this was a good idea needs to be taken out back with the fake tech-support scammers.
More like rife.
See subject: It's easy stalling both coinhive & other crypto currency mining scripts as shown here using hosts files to do so https://tech.slashdot.org/comments.pl?sid=11236571&cid=55370569/ & here too https://news.slashdot.org/comments.pl?sid=11233583&cid=55368753/
APK
P.S.=> Accept NO substitutes for APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ to gain more speed, security, reliability & anonymity online (no other single solution does more & for far less resources consumed & complexity)... apk
I believe the word the author was looking for is "rife" as in filled with/replete with.
Just another reason that add blockers like uBlock Origin are mandatory. I also browse with a JS dynamic switch so I can kill JS with a button press for obnoxious sites.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Correct me if I am wrong, but comparing one web monetization method over the other, isn't it preferable for the browser to mine cryptocurrency for a website rather than mine all the user's data and sell it to third-parties?
What's with the outrage? Last time I checked, websites weren't getting explicit consent for user data-mining either.
If I could choose, I would much rather not be invisibly surveilled by corporations. If that means a website must turn to driveby cryptocurrency mining, then so be it. Ideally it would be a setting and a user could choose which way they would prefer to be monetized.
That assumes a website is not doing both ... in that case then fuck them all to hell.
"As an alternative to ads, we are testing out in-browser cryptocurrency mining as a means to fund our website. If you prefer our ad-supported version, click here" and see how many would actively choose ads. I mean if this is a functioning micro-transaction system I think it's got much less downsides than almost every other possible alternative, particularly that you don't need any kind of payment info or personal data. If it's any kind of site where you have an account you could have like points and build up a sort of credit you'd "pay" with to read articles and so on.
Live today, because you never know what tomorrow brings
I presume these are using web workers as they don't lockup the UI? How many legitimate uses of web workers are there, couldn't we just disable them?
Maybe w3c should drop them from the browser spec entirely.
Indeed, yet JavaScript, for all its many, many foibles, is a much more universal computing platform than we have ever been able to achieve by other means. For this reason alone we shouldn't be in such a hurry to abandon it. Is anyone looking forward to going back to having to support Flash, Silverlight, java applets, and whatever new half-baked solution gets dreamed up by a bullying vendor.
We are still heading towards a good place. It took a long time to beat down IE and its deliberate consensus killing behavior, and to nudge JS into a form that is sufficiently standardised and supported. We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there. Rather than rejecting JS outright, I think it is better to continue to find solutions to these sorts of problems. The web needs a common client side computing platform, and I don't see where any useful alternative is going to come from right now.
Is there a way to request them to stop ads?
Yes: pay $4 per month to every single site you visit. The user eventually ends up having to subscribe to multiple sites, or purchase $4 of pay-per-page credits on multiple sites, to read the results from one web search.
Even more reason to disable Javascript.
While I agree with that sentiment, I have to wonder why this is such a big deal?
Assuming that mining is not actually harming me or my computer - destroying files, or leaking my information to someone - why should I care? If I visit a website and read an article, maybe a minute of my time, my computer is otherwise idle and the amount of energy spent is negligible.
We've always wanted a way to monetize visiting a site, could this be a way to do it?
Suppose we had a service where people could submit computationally intensive problems which can be broken down into smaller computational units. Such as "folding at home" or "seti at home".
The answers to some of those problems could be valuable, so we could imagine research institutions paying money to use the system to solve those problems, and pay out based on the amount of computation a website brings in.
This is proportional to the number of users who view the website, and for how long. This could be a user-friendly alternative to advertising.
In fact, one can imagine the *government* paying money to use the system as a make-work program: it would encourage people to make better, more meaningful websites overall. Would the sociological benefit outweigh the extra costs?
(Assuming that people don't game the system, but it seems reasonable that we could learn all the gaming techniques over time and avoid them. Sort of how we deal with advertizing clicks currently.)
I don't see what the problem here is, and look at it as an opportunity.
Could this be a user-friendly way to monetize a website, as an alternative to advertising?
This is the endgame for javascript: executing unauthorized code on your computer. Now that it's becoming so entirely blatant, we may actually start seeing the general public getting protection from runaway javascript scripts.
Anons need not reply. Questions end with a question mark.
This "problem" is so exaggerated it's becoming annoying to hear about it again and again.
First of all, most respectable websites will never do anything like that. Secondly, shady websites which do host mining JavaScript are not normally visited by most people and the ones who visit such websites usually leave them quite fast, which means bad scripts can only run for a very limited amount of time. Thirdly, we've always had websites which peddle malware and somehow they stopped being newsworthy years ago. All of a sudden, they are again in the news.
Fourthly, we now have "good" websites which stress your CPU so much they can be considered "harmful". What about ad networks whose JS tax your CPU? Why aren't we talking about them?
Offline mode in progressive web applications uses a Service Worker, a form of Web Worker that can act as a proxy for the hostname it's hosted on. Without a Service Worker, an application is more likely to show you the error message "There is no Internet connection" if you try using it on a laptop or tablet while riding the bus.
Or must all applications with an offline mode be native and therefore OS-specific?
is because cryptocurrencies are still legal
"the best option right now is to block known Bitcoin mining domains. One of the better options to do that is to add these to the hosts file of the operating system so that these domains redirect to localhost" https://www.ghacks.net/2017/09/22/how-to-block-bitcoin-mining-in-your-browser/ Martin Brinkman - GHacks & "... users can use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ BLEEPING COMPUTER
* See subject - says it all, & you can do it the fastest MOST EFFICIENT way using what you already have natively in hosts files!
APK
P.S.=> "Pats self on back", lol... apk
As long as you are fiddling with what runs on a page, I'd rather have the code altered to place mining results in my own account...
I personally would rather have silent cryptocurrency miners than ads though.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Flag. These. As. Malware. Let's see how these smarty pants website owners and advertisers react when their users start avoiding the site because they are getting anti-malware alerts and get demoted in search engine results
I prefer that any day of the week, better than idiotic ads that cover my reading area or flimmer around the screen, giving me eye-cancer.
I'd vote for a 'Mine me' setting that removes all the ads that come through my ublock and ghostery.
It's parasitic and hidden, but to believe that an opt-in checkbox equates to being "in the clear" - hell, that op-tin being offered at all is supposed to be par for today's commercial atmosphere - is awfully naive.
In fact, this "hidden" behavior? Is still transparent relative to the shit being done with various fingerprints/useragents, with the hundred different metrics possible on your phone. To say nothing of you unfortunate souls with accounts on facetweet and socnets.
It's almost refreshingly simple. They're mooching your CPU, your electricity, but the intent is plain, the motives obvious. Compare it to the clusterfuck, the rat-king of trade-and-parcel done with your credit info/score/history/etc. We're oblivious to the amount of closed-door behavior going on around us, of how many databases end up hooking a single instance of you flashing your insurance card to get a painkiller or flu shot, or a scratch on the car.
Again, it's unscrupulous, yes, but "shady"? Consider that word and apply it to the shady pickpocket who grabs your $20's and throws your wallet on the sidewalk, versus the shady cartels running our world, ISPs and Muh Big Pharma and all our good friends trashing the atmosphere/soil/rainforest/aquabeds/whatever without a moment's hesitation, global-scale behaviors behind purchased laws, behind NDAs, behind agreement named with so much obfuscating euphemism you think it benefits consumer proles. Go ask a stranger what "net neutrality" is.
Christ, you can probably stop these scripts with a browser mod or two, or a greasemonkey. Five minutes of placement. While if you fuck with your registry and hosts file maybe you'll get (most of) win10's bullshit to stop showing up on wireshark.
I'd probably prefer a silent miner (esp. if throttled to polite levels) over the butterfly dominoes from an ad watched by DoubleClick, with a facebook pixel watching. Submission is stupid about what he can hope for, naive, thinks an ad is just "Buy my book" and done. Thinks clicking "don't send me emails" is a win.
Not an apologist, just mentioning perspective.
Verses random ads which might include malware which the website does not know about. I would rather mine for a minute than pay for a paywall or get malware installed. If its fully disclosed on the site its a good alternative.
Hosts protect where addons can't (or as well):
Bad sites (past ads)
Botnet C&Cs
DNS down or poisoned
Trackers (dns logs/ads/transparent ISP proxy)
Dns blocks
Spam/phish payload
Slowdown 2 ways: adblocks & hardcodes
Hosts = Ez edit.
AB+ 151mb https://www.google.com/search?q=Adblock+memory+consumption&btnG=Search&hl=en&gbv=1/
UBlock 64MB https://www.google.com/search?q=UBlock+memory+consumption&btnG=Search&hl=en&gbv=1/
Hosts~16mb
Addons = ClarityRay defeatable & crippled http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/
NoScript tag parses. Hosts block script prior to it!
No 1 addon does as much.
Stacked addons slowup.
ADDONS = EXPLOITABLE https://news.slashdot.org/comments.pl?sid=11166303&cid=55266729/
APK
P.S.=> APK Hosts File Engine https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
I bet your fun at partys.
Even smart people come up with bad ideas.
Proof-Of-Work is one of them. Having everyone compute hashes until some magic prefix appears serves no useful benefit on society. It just burns CPU cycles and energy with no useful output.
Especially since reasonable alternatives exist. Proof-Of-Stake for example.
Of course, once you have bought in to one pyramid scheme, it's hard to convince people that the pyramid is destructive and built on sand.
it has to go somewhere right? so why not find that location and send in a goon squad and smash up their operation, or the very least block their ip address or domain so they find themselves out of the loop
Politics is Treachery, Religion is Brainwashing
I think it's officially time to change the job title.
I found out one site I visit uses it. That explains why opening a bunch of tabs for various forum posts eventually caused by system to lag. (Which was quite bizarre considering the site was a forum of text and images.)
Looks like they've found another way to ruin the Internet.
See subject: & https://tech.slashdot.org/comments.pl?sid=11250645&cid=55390545/ & hosts are more efficient + capable vs. browser addons https://tech.slashdot.org/comments.pl?sid=11250645&cid=55390857/ doing far more for FAR less resource consumption & complexity.
APK
P.S.=> "Pats self on back", especially for this https://tech.slashdot.org/comments.pl?sid=11250645&cid=55390733/ ... apk
Crypto faggots lie, cheat, and steal to get their "gold."
A Firefox plugin that prevents external requests to servers that run javascript. Check it out.
We're always complaining about the loss of privacy from advertising, isn't mining a good answer? If we can pay a few cents on electricity to a website as a form of micropayment it seems like the idea, anonymous universal payment method.
nc
I think ads, and worse yet, auto play video are malware. In fact, auto play video with sound is the worst abomination on earth.
Crypto mining in the background is a lesser evil in my eyes. Annoying, sure, but less annoying than auto play video by orders of magnitude that wastes tons of cpu cycles and sometimes very expensive bandwidth.
You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
This is just the latest in a sad downward spiral of the internet. I am old enough to remember the pre-monetization days where the internet was something truly innovative and interesting. Now that Big Corporation has got its money mitts on it, it's not interesting anymore. Yesterday was a watershed moment for me as I closed both of my Facebook and Twitter accounts. I want nothing more to do with these scoundrels. They basically circulate news that is either outrightly fabricated or purposely skewed. I even remember when Facebook was about sharing what is happening with other people's lives and that really ended a long time ago. The only things I might still use would be Pinterest, StumbleUpon, and YouTube since I've really found interesting topics and outlets for learning. I would say these sites are the saving the grace of an otherwise dying internet.
While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads
Correct. Only one person in the world might use that argument.
Just add
0.0.0.0 coinhive.com
(or 127.0.0.1 if you prefer) to your hosts file.
Voluntary and Consent = OK!
Otherwise, don't visit that site.
If you don't have JavaScript disabled, your browser is already running code from websites that you never consented to or know what it's doing. So that argument seems ignorant.
The amount of electricity used even if you sat there and kept that browser tab open and active for hours, would be less than a penny. So nix that one too.
Unlike ads, it doesn't target or track users. It doesn't exfiltrate data. It doesn't distract from page content (ads do this by design).
It's egalitarian in that the longer you're on the page, the more the site operator can potentially earn, and the less, less. Thus, it incentivizes site operators to produce engaging content vs clickbait crap.
Oh, and it can be disabled entirely with an adblocker.
Little downside to it, IMO.
Comment removed based on user account deletion
Mining in this way seems like it would yield very low value for the amount of electricity used and only makes sense if electricity was free (or you are not the one paying for it). That seems to be the case here. They don't care one bit if they only get $.05 worth of bitcoin after expending $1 worth of electricity if you are the one paying the dollar instead of them. It is like those charitable organizations that sign up all these ridiculous call centers that take 90% of your donations. The charity still gets 10% which beats nothing, so they do it. It's also like those copper thieves who don't mind at all destroying $100,000 worth of equipment as long as they can scavenge $300 worth of copper to sell to feed their drug habit.
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
(NEED MORE? Ask!)
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk
Ads grab my attention, JS miners just use CPU time. I consider my time to be more valuable than CPU time so that's a win for miners. And if a few cents of electricity is enough to support a website without ads, that's great.
This model is probably unsustainable but for the meantime, I think it is brilliant.
When visiting a site for the first time you get a message saying you are visiting a site that uses cookies. Some sort of dialogue that explains at minimum why.
Governments legislated this regulation. By corollary why not legislate a policy advising a site map of all the javascript resources being loaded by a page.
Its the stuff that can really do malware damage, standardise a system to easily inform site visitors what the JS is doing
At least this way when you go to a non-legit site (eg: pirate site) you know what you're up for possibly. Plus obviously search engines should tell you if a page in the search results mines digital currency.
I really can't wait for companies to start implementing this right, as a way to remove advertisements from their sites. Particularly newspapers and other publications I wish to support financially. There's no way I'm ever disabling my ad blocker, but I would absolutely allow using a share of my CPU resources to send a few cents while I'm reading an article or something. As the OP points out, doing it without user consent is not cool, but when done right I think this could be a very powerful tool.
https://www.ovoenergy.com/guid...
Let's go with U.S.A. electricity prices since they're more or less in the middle.
Let's also say you have a higher-than-average computer, with an Intel Core i7 3970X Extreme Edition at 150W.
12 cents for one kilowatt for one hour. 150W means 0.018 cents per hour. 3600 seconds per hour, so USD$0.018 / 3600 = 0.000005 cent per second.
Let's say you're generous and let them mine on your computer for ten minutes. That's USD$0.003, less than half a cent.
Yes, damn those damn crypto-mining scripts! I let my guard down for a whole 10 minutes and they cost me less than one-third of a cent! And that's if crypto-mining actually was able to draw 150W from your CPU, using all cores at 100%.
So in the grand scheme of things, what would you prefer:
1. Ads that requires multiple address lookups, slow down your connection, add more delays for viewing the actual content you're trying to read and just be totally annoying to look at, distracting you and preventing you from reading?
2. Crypto-mining in the background, a single thread of our multi-core processors, at maybe 20~50% capacity of that one core out of two/four/eight+ cores?
#DeleteFacebook
But if they ALSO = advertise, track you, and do not warn you, that is Fraud.
excitingthingstodo.blogspot.com
UBlock has a security issue in 'pattern matching' you note (you fail/lose due to it) http://www.theregister.co.uk/2017/10/17/ublock_origin_csp_reports/ & it uses TONS more CPU/RAM & other I/O too vs. hosts (operates in faster kernelmode vs. slower usermode slowing usermode browsers even MORE via messagepassing (which only gets WORSE the more addons you use/stack together @ once)).
* Hosts do much more than any 1 addon does, for less (minus security hassles noted above + hosts data is, as you admit, EASY to edit (try it w/ regexp addons use for most people) & is something you have already vs. illogically "Bolting on 'MoAr'" that does less yet uses more in addons!)
APK
P.S.=> This link SPECIFICALLY extolls the virtues of hosts files use vs. browser addon pitfalls/fails vs. hosts https://tech.slashdot.org/comments.pl?sid=11250645&cid=55390857/ in GREAT detail with UNDENIABLE facts ... apk
It's disgustingly inefficient. How much cryptocurrency do they make per tonne of extra CO2 they cause?
Browse with Javascript DISABLED.
Use a hot-key to enable it on sites where you absolutely need it.
Keep forcing site designers to present web pages reasonably without JS enabled.
Mike
-- Mike Greaves
I encourage you to consider the response regarding the local caving website. There are millions of small-time websites hosted by vendors who might be inclined to increase their revenue by injecting this malicious javascript into their customers' websites.
It might not always be the decision of the 'respectable website' to monetize traffic in this manner.
$5 / month hosted VPS on linux = awesome!
Registered 'lusers' = trackable & script +cookie slaves - there's the BULK of my answer to you behind your FAKE NAME for your FAKE LIFE...
* The rest is that I've had some troll fanclub of stalkers I have 'threaten' to "downmod bomb me" to hell etc.
(Work for you? It certainly does ME on many levels! I don't require that crap I listed @ the TOP of this post so I avoid it by posting as I do...)
Lastly - Before I started posting here, an "AndrewK" took 'APK' so I see no point in using a FAKE NAME (or fake initials) too - I can't GET what I want in my own initials!
APK
P.S.=> Tracking me is a LOT more difficult than it is "your kind" via your posting histories also... apk
My time is more important. If a page wants to use my CPU for whatever useful activity, that's fine. Will leave it up to browsers to limit CPU use when on battery and prioritize when other things need to be done on the device.
The problem is that most of the places where cryptojacking has been spotted still ran hoards of ads. Furthermore, a Trustware report highlights that running an in-browser miner is not actually free, and this may end up in extra costs for a user’s electricity bill.
I’ve been saying it for decades, thrusting advertisements down my throat while I browse is THEFT driven by GREED , pure and simple.
Stealth cryptocurrency mining proves I was 100% correct.
Visit CryptoGnome in his home.
This is way, way way better than ads, and I'd be willing to bet it uses less CPU/memory then these crappy fucking ad scripts. At least it doesn't tie up the network.
I think the idea is to shore up declining ad revenue so some of these smaller guys can stay in business making content. I'm seeing a _lot_ less content online these days and for a lot of content makers it's because they went back to their day jobs. If you combine ad revenue, affiliate programs, patreon and this you might get something approaching a living.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
One option is to set up a separate user. Then use cgroups to limit the cpu/ram that user is allowed to use.
I have to imagine Chrome/Moz/Opera will quickly put in code to throttle threads in their browser.
Yes Francis, the world has gone crazy.
And if not, is there something I can add to my AdBlock filter list that will block these in-browser miners or some other way to block these that doesn't require turning off JavaScript or white-listing every JavaScript site I actually want to visit?
This just in: everything honest and pure have to have a web presence! Anti-Internet is the work of the DEVIL*!
(* or your religion/worldview equivalent, mine is the neighbor upstairs - damn him and his non-disturbing manners!)
I thought Javascript was supposed to protect us from this kind of abuse... Oh wait.
The term is "rife".
https://www.merriam-webster.co...
Kudos!
What about all those ads nobody want to see that provide no way of reporting abuse and turning them off?
No way, not on any machine I control. Websites are not that expensive to run. Most web hosts give out GBs of bandwidth for very little money, and besides, being online costs money. Owning a website is the cost of being online. Unless you (metaphorically) are offering something of value, I should not be footing your bill. I will continue to block all cookies, ads, beacons, trackers, and use a VPN/VPS. I also block most scripts and avoid all Google and Microsoft properties and accounts. I have a right to pursue being as anonymous as possible.
You willingly visited a site using software that's designed to download and run scripts pointed to by that site. How is that not giving permission?
Put another way, do you also want to give permission for ads, tracking, analytics and other scripts that run on the pages you visit?
The web is RIFE with mining...
Definition of rife
1 :prevalent especially to an increasing degree :abundant, common :copiously supplied :abounding —usually used with with rife with rumors
suspicion and cruelty were rife —W. E. B. DuBois
2
3
— rife adverb
Take my excess CPU cycles, content creators, and leave my brain alone.
I'm not the OP and technically, it would be the JavaScript engine that is exploited, rather than the JavaScript language per se. But that's a trivial distinction in this context, given that every browser uses some JavaScript engine to execute it.
Anyhow, it's was really easy for me to find a repo of CVEs for JavaScript engine bugs containing the code to reproduce them with that might interest you. As you can see from this list, there are good reasons not to run untrusted code, sandbox or no sandbox.
Each page gets 10 seconds of js time while it's not being interacted with. Browser gets a global pause button that pauses all activity.
See subject: I can block whatever they talk back to (this defeats them & HOSTS ARE SUGGESTED AS A DEFENSIVE MEASURE by pros ala:
"the best option right now is to block known Bitcoin mining domains. One of the better options to do that is to add these to the hosts file of the operating system so that these domains redirect to localhost" https://www.ghacks.net/2017/09/22/how-to-block-bitcoin-mining-in-your-browser/ Martin Brinkman - GHacks
+
"... users can use this classic Windows hosts trick to block the Coinhive or Crypto-Loot domains at the OS level" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ BLEEPING COMPUTER
Hmmm?
I also use Opera classic v12.18: I set all sites to not run javascript globally & IF a site needs script I make an exception site preference
APK
P.S.=> Thanks for FAILING vs. me YET AGAIN, AssFux... apk
Why do we imagine that its mining or ads, not mining and ads?
Your ad here. Ask me how!
THough my cell phone might not be mining cryptocurrency, Am sure is it CONSTANTLY reporting what I am doing to whoever will pay for it. Is there a way to run something like iptraf to monitor where my cell phone is giving away my info? Would like to own my Cell phone and cut out the bastards ensuring my privacy is cashed in for their benefit? The end users need to unite. Like in the Matrix: " Unite Coppertops!"
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
Open your task manager. Look at your CPU. Is it high? If not, no problem. If so, how many brain cells does it take to comprehend that you might have a problem when sitting on a website that you are familiar with, doing nothing, and having your CPU high.
As for GPU, use open monitor. I don't go more than 10 minutes without checking them as I have them open all the time, (unless I'm in a game.)
When I visit https://www.yahoo.com/news/ my miner blocker shows it is indeed blocking something. OK Yahoo money troubles but has it come to this?
Alarmist nonsense. Within like 15 seconds all major browsers I know of will pop up something to the effect of "a script on this page is using a lot of CPU time" or whatever and pause it while allowing you to terminate that one single process and stop running the script. So it's impossible for a browser to be secretly wasting all your CPU time without catching it nearly immediately.
...to decide if they want it enabled or not.
The catch will be you'll have to choose - enable mining or enable ads, pick one.
On a long enough timeline, the survival rate for everyone drops to zero.
See subject: I'd use hosts to block the site off totally. No running that bitcoin script on my CPU or RAM minus me allowing it.
* Pros ARE recommending using hosts too again https://tech.slashdot.org/comments.pl?sid=11250645&cid=55393257/ quoted right there with sources no less also...
APK
P.S.=> It's that PLUS I'd do what I said I DO really do with Opera (having globally set ALL sites to NOT use javascript & IF a site does need it, THEN, I made an "by site preference" exception & allow it to run scripts)... apk
The word the author was trying to think of was rife.
I'll see your Constitution and raise you a Queen.
It's not a security issue and has nothing to do with pattern matching. It does exactly what it's supposed to do, block unwanted requests. You don't even understand the higher concepts beyond your crude little hosts file. It's all you ever knew, like a hillbilly stuck on the evolutionary ladder.
"The internet is ripe..."?
Indeed. It is a ripe corpse, a zombie infested with all manner of unpleasant things worming their way throughout.
Yet the context suggests that "rife" is actually meant.
O!
The English!
It is Perverting!
Before our very Eyes it Mutates!
The Form Unrecognisable!
Farewell, English!
Farewell!
Au revoir!
See subject & "uBlock... prevents browsers from sounding the alarm on hacking attacks" http://www.theregister.co.uk/2017/10/17/ublock_origin_csp_reports/ ... & there is NO QUESTION it tears up CPU/RAM & other I/O (especially messagepassing oriented) like MAD (orders of magnitude more vs. hosts on ALL of those fronts too no less) + its data is NOT as simple/easy to manage as hosts is + UBLOCK DOESN'T DO AS MUCH AS HOSTS DOES (yet Ublock uses more) - Period/fact!
APK
P.S.=> I understand plenty about that quote above & it IS blocking valid security warnings (that IS a SECURITY PROBLEM moron)... apk
You'd have to know about it first. If every site starts doing it themselves, you'll never have a definitive list.
Change is certain; progress is not obligatory.
See subject: Here is one of a few that are tracking bitcoinmining script using sites https://censys.io/domain?q=%22coinhive.min.js%22&page=1/ stupid...
* Thanks for making my bookmarks once more of "classic AssFux FAILS" vs. "yours truly" (me) - In fact, I posted on it DAYS ago, here https://news.slashdot.org/comments.pl?sid=11233583&cid=55368655/ fool!
APK
P.S.=> AssFux - please, FOR YOUR OWN SAKE - give up! You can't EVER win vs. me... apk
See subject: I have lists of sites using bitcoin script (that I block out immediately via hosts which IS what my program is for, building up lists that grow to blockout just like they do vs. TONS of kinds of malware)
&
Again there's always Opera to stall javascript GLOBALLY & make "exception site" by site prefs to allow it on sites that DEMAND it (ordinarily I ditch a site like that & find alternate that don't require it... & there are ALWAYS those (/. is a PRIME "example thereof" in fact - I don't require script here, you "registered 'lusers'" do as script/cookie slaves, lol)).
APK
P.S.=> Quote Tom Petty: "but NOT ME, baby - I've got YOU to SAVE me..." (Opera & my own work, best of its kind no questions asked on MANY fronts vs. competitors of ALL kinds, even progs like it APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
So no non-(console)-game, third party examples.
Tiny Wings is a game exclusive to iOS. It is third party, and not available for a Microsoft, Nintendo, or Sony video game console.
Penultimate is an iPad Pro-exclusive non-game third-party app from the makers of Evernote.
A Google search for apps "not on android" brought me "23 iPhone-only apps that will make your Android friends jealous" by Nathan McAlone and "20 iPad Apps That Will Make Your Android Friends Jealous" by Steven Tweedie.
It's a security problem for users too in them not being notified of possible security issues when UBlock is blocking them. Call me what you will but you're the one that doesn't understand basic security here, not I.
APK
P.S.=> Unbelievable - I've created one of the MOST effective security tools there is with what you already natively have - have you? No. Hosts do TONS more than any easily detected & blocked slower usermode browser addon for TONS less (beat that with a stick UNIDENTIFIABLE anonymous coward "ne'er-do-well" that you clearly are)... apk