Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Los Angeles Times Website Is Unintentionally Serving a Cryptocurrency Mining Script (itwire.com)

Posted by BeauHD on from the heads-up dept.

troublemaker_23 shares a report from iTWire: The Los Angeles Times website is serving a cryptocurrency mining script which appears to have been placed there by malicious attackers, according to a well-known security expert. British infosec researcher Kevin Beaumont, who has warned that Amazon AWS servers could be held to ransom due to lax security, tweeted that the newspaper's site was serving a script created by Coinhive. The Coinhive script mines for the monero cryptocurrency. The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.

2 of 58 comments (clear)

  1. "Unintentionally" by sexconker · · Score: 5, Insightful

    Like how they "unintentionally" point visitors to ads and scripts created by third parties.

    If you're going to serve ads on your site, at least:

    1 - Be responsible for them.
    2 - Host them on your own domain.

    Does that break the current webvertising model? GOOD!

  2. This is why. by Scutter · · Score: 5, Insightful

    Dear every site that demands that I disable my ad blocker:

      This is why is respectfully request that you get bent.

    Love,
    Scut

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"