Avatar feed
Responses: 3
Votes
  • Newest
  • Oldest
  • Votes
PO3 Steven Sherrill
1
1
0
SSG Derek Scheller Your timing on this is great. I just received this in my Hacker News Bulletin: "Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version."

https://thehackernews.com/2017/10/coinhive-cryptocurrency-miner.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1608.vl0ao0cqor.yw6
(1)
Comment
(0)
SGT Writer
SGT (Join to see)
7 y
A few things from this article:
1. Every website should have an option for password reset under 45 days and when there's been a breach remotely related to its platform and services.
2. Since all don't, that option should be enabled in a password manager or reset manually often.
3. This reminds me why I left Incapsula. Poor documentation, not being proactive with users' feedback to fix that documentation, and making changes with their free service (adding a static footer to your website) without up-front notification.
4. cPanel doesn't have a built-in easy-to-use log to detect such changes to DNS settings and no one wants to mess with those settings any more than necessary.
(1)
Reply
(0)
Avatar small
PO3 Steven Sherrill
1
1
0
SSG Derek Scheller They do make some valid points about the negative effect of website adds. Numerous websites are loaded with click bait advertising which if one is not careful can lead to harm. In this day and age of information overload, I find it interesting that there are still legitimate entities operating in shadow like this.
(1)
Comment
(0)
SSG Derek Scheller
SSG Derek Scheller
7 y
PO3 Steven Sherrill I agree that they are trying to be legitimate. What I'm more curious about is what would be the best type of site to start to actually put it to use.
(1)
Reply
(0)
PO3 Steven Sherrill
PO3 Steven Sherrill
7 y
SSG Derek Scheller - I think it is less about what type of site, and more a matter of vigilance. Any site using this type of software needs to be checking that particular script and the code running with it often to make sure that it hasn't been modified. At that point I would almost think that it would be more trouble than it is worth.
(0)
Reply
(0)
Avatar small
SGT Writer
0
0
0
The initial issue of Coin Hive was shared here a week or two ago, but this response from MalwareBytes is new to me. Any blog, news, and creators' site could benefit from this if the site is well optimized to offset CPU usage to maintain user experience. The average user doesn't trust any ad and affiliate links are slowly following as they're usually forced and have little to do with the content on the page at the time. I won't get into tracking campaigns that add 50+ characters to an URL.

Coin Hive does seem to care as they've not only created an opt-in page but different language for courtesy and respect for users' privacy.
(0)
Comment
(0)
Avatar small

Join nearly 2 million former and current members of the US military, just like you.

How are you connected to the military?
  • Active Duty
  • Active Reserve / National Guard
  • Pre-Commission
  • Veteran / Retired
  • Civilian Supporter