Podcasts about Coinhive

Greece Travels; Copytrack Can't Coinhive; Zadig & Voltaire Data Breach; Kaspersky Banned From the US; Sponsored by Push Security https://www.troyhunt.com/weekly-update-405/See omnystudio.com/listener for privacy information.

話した内容Blog このポッドキャストでは、Kaggleを中心としたデータサイエンス・機械学習に関連する情報、仮想通貨、xR、新しい働き方等について配信していきます。 今回は、Coinhive事件、Data2vec、１月の目標結果、今週の分析コンペ、雑談・来週話したいこと について話しました。

(収録日: 2022/02/05) # 感想はtwitterでハッシュタグ「#secure旅団 #secureLiaison」やGoogle Formにいただけると嬉しいです。 # 内容 Mini Hardeningの運営の話 Firefoxの障害の振り返り　(Retrospective and Technical Details on the recent Firefox Outage) Coinhive訴訟の話　（一般社団法人日本ハッカー協会の寄付先はこちら） 地球外少年少女 #積ん読 特に無い # 参加者: 針金細工さん（元名無しさん）、ykyanさん, 松本さん(@ym405nm)、ken5scal # BGM: "A Fool in Love" by Imprismed ジングル: @hajipion

- コインハイブ事件、最高裁で“逆転無罪”に　「おめでとうございます！」「長い間本当にお疲れさまでした」と祝福の声 - 不正指令電磁的記録に関する罪 - なぜコインハイブ「だけ」が標的に　警察の強引な捜査、受験前に検挙された少年が語る法の未整備への不満 - 警察庁が「仮想通貨マイニングツール」に注意喚起　「法的根拠が示されていない」と批判も - 遊戯王 Master Duel

Taking Time Out; Audio & Cameras; Tradies Rant; Lockdown in Queensland; Coinhive & Pwned Passwords; Shellies & MQTT; Elle & 3D Printing; Sponsored by Varonis https://www.troyhunt.com/weekly-update-255/ See omnystudio.com/listener for privacy information.

Special thanks to RITUAL - https://ritual.com/acw10 & Use Code ‘ACW10’, SKILLSHARE - https://skillshare.com/defranco, MANSCAPED - http://manscaped.com/ & Use Code ‘DEFRANCO20’, & NORDVPN - http://nordvpn.com/ACW & Use Code ‘ACW’ for sponsoring! WATCH Previous Podcast: https://youtu.be/CjYRblfIeB4 MORE Troy Hunt: https://twitter.com/troyhunt ———————————— LISTEN to the audio podcasts: http://LinksHole.com SUBSCRIBE to ACW Clips: https://www.youtube.com/acwclips?sub_confirmation=1 SUBSCRIBE to our newsletter! http://www.DeFrancoDailyDownload.com ———————————— 00:00 - PODCAST START 03:06 - What is the single biggest threat to the everyday person when it comes to cybersecurity 07:11 - What are the three things a person could do to protect themselves? 11:02 - Have I Been Pwned? 21:48 - I got into cybersecurity by accident… 29:51 - What do you allow the kids to do when it comes to the Internet? 36:52 - 3D Printing 44:20 - China’s Threat to Cybersecurity 50:06 - Cryptojacking & Coinhive 58:36 - Cryptocurrency - To The Moon? 1:11:46 - The Internet is Forever 1:13:54 - Why I Partnered with NordVPN… 1:18:08 - Parler Discussion 1:23:11 - I kinda miss Trump, he was entertaining… 1:31:41 - LAST QUESTION ———————————— THANKS TO OUR SPONSORS: - Go to https://ritual.com/acw10 and use code ACW10 to get 10% off your first three months! -Special thanks to Skillshare -https://skillshare.com/defranco -Get 20% OFF @Manscaped + FREE Shipping with code DEFRANCO20 at http://bit.ly/2VRJm6N - Go to http://nordvpn.com/ACW and use code ‘ACW’ to get an additional month for free! ———————————— FOLLOW ME OFF YOUTUBE: https://linktr.ee/PhilipDeFranco ———————————— Edited by: William Crespo Executive Producer: Amanda Morones - https://twitter.com/MandaOhDang https://www.instagram.com/mandaohdang/ Art Director & Motion Graphics Artist: Brian Borst - https://twitter.com/brianjborst https://www.instagram.com/brianborst/ Production & Photography: Zack Taylor - https://twitter.com/zacktaylor_92 http://instagram.com/zacktaylor92 #CyberSecurity #PhilipDeFranco #AConversationWith

The popular cryptomining tool Coinhive has closed its doors. So the cryptojacking threat should decline, right? ‘Not so fast’ Webroot threat analysts Tyler Moffitt tells host Joe Panettieri. Here's who's filling in where Coinhive left off.

各位链团财经的读者朋友们，大家早上好。欢迎收听链团财经早间资讯。今天是2020年3月24日星期二，农历庚子年三月初一。首先让我们聚焦今日财经：日本“CoinHive”一案被告再次提起上诉新韩金融集团布局数字核心技术 旗下Orange Life将主导区块链业务河北印发打击传销工作要点 重点打击“虚拟货币”等传销活动广东省鼓励企业运用区块链等科技帮助文旅体行业复苏新冠肺炎期间美国国债的避险表现优于比特币和黄金比特币与华尔街市场逐渐脱钩通常预示着加密市场的复苏新华京东区块链指数正式发布Maker基金会否认有关其参与债务拍卖指控蔡凯龙：事实证明比特币不是严格定义的避险资产刘昌用：应回归密码共识本来面目 用非对称密码和分布式共识构建数字经济今日财经就到这里，下面我们来聊一聊关于区块链的那些事儿： 据福布斯3月22日消息，新冠肺炎危机给每种产品的全球供应链带来前所未有的压力，而面临最大压力的是关键医疗用品。全球对关键物资的需求飙升。而传统的采购系统无法按照这场危机要求的速度运行。在全球医疗供应链中，基本上存在信任危机。福布斯文章提出，区块链可以针对全球医疗供应链面临的五大信任挑战提供帮助：1. 产品要求：为卫生系统提供一种机制，使工厂不断更新最新的产品需求和规格，就像生产拍卖一样。2. 供应商信誉：为卫生系统提供一种可靠的方法，以评估哪些工厂具有高质量控制，并能满足所需的规格和生产量。3. 金融支付：作为一种贸易融资机制，确保向工厂支付由区块链提供支持的预付款，然后在预先商定的生产里程碑和供应进入供应链的下一步时作为营运资本发放。4. 海关认证：基于区块链的海关认证已经被用于监管从野生动物贸易到药品的许多产品的出口，并且可以在这里应用。5. 运输跟踪：需要在全球范围内安全地跟踪供应，以确保供应链的透明度，这可以通过基于区块链的来源跟踪实现。文章还表示，在美国国会探讨一项2万亿美元的经济刺激方案时，区块链解决方案也有助于确保企业遵守该方案设定的条件。以上就是今天链团财经早间资讯的全部内容，感谢您的关注与支持，祝您生活愉快，我们明天再见。

2020 marks the start of a new decade. But it's also worth taking a look back at where we've come from and what has changed in infosec. F-Secure's Christine Bejerasco joins the show to review the highlights of the last ten years - from nation state malware to ransomware to Snowden and more - and to discuss how far we have, or maybe haven't, come. Links: Episode 36 transcript

Naoki Hiroshima さんをゲストに迎えて、Kobe Bryant, Coinhive, Apple Card, 大統領選などについて話しました。 Show Notes Kombucha 横浜FMと神戸の9人連続PK失敗 スペイン紙も衝撃「ギネス記録」 Coinhiveで“無断採掘”、逆転有罪　二審・東京高裁 Coinhive事件裁判費用の寄付のお願い - 一般社団法人日本ハッカー協会 As crime dries up, Japan’s police hunt for things to do Defenestration Emoji Version 13.0 List Which emoji scissors close Zelle Export your Apple Card Faulty Iowa App Was Part of Push to Restore Democrats’ Digital Edge TestFairy リングにかけろ１ 影道編 Parks and Recreation Yumi Nagashima best savage moments 2018 Anthony Jeselnik Netflix: どうしたら自動再生をオン/オフできますか? Miss Americana The Pharmacist Voyager 2 gets back to sciencing

Cryptojacking browsers is getting increasingly more sophisticated and the newest bug is able to escape even the windows task manager. This is a problem because at this point you'll either have to enter safe mode or completely reinstall windows, an enormous headache. Remember to keep updating your antivirus software, the really only line of defense that individual users have from disabling cryptojacking efforts. The incentivization of being able to mine Monero blocks by doing some black hat techniques is too high and many talented blackhat coders are taking the easy route to ensuring their financial futures.

トピック 枕：平成の次の元号を、AIだけで決めさせる物語 (00:06～) 漢籍 南総里見八犬伝 1. PythonだけでIoTのPoCを組める、「Degu」はWeb系エンジニア向けのIoTセンサー (08:13～) Degu 株式会社アットマークテクノ Seeed Technology Co.,Ltd コアスタッフ株式会社 Thread MicroPython 2. コインハイブ事件で無罪判決　弁護人「警察の暴走、食い止められることを願う」 (17:57～) Coinhive 不正指令電磁的記録に関する罪 他人のパソコンで「マイニング」有罪判決 3. フォートナイトを非力なマシンでも楽しめるクラウドゲーミングサービス「Vectordash」 (26:33～) Vectordash Radeon RX570 RX470の投げ売りが始まっているようです CPU・GPU同時稼働のマイニング収益結果と電気代を全て公開します。 4. MyMeは会った相手全員を覚えてくれる――OrCamから顔と名刺を認識するウェアラブル・カメラ登場へ (37:40～) ORCAM 5. Googleのゲームサービス『STADIA』発表。YouTubeのゲーム動画から即プレイ開始 (45:30～) STADIA 『Apex Legends』EAが人気ストリーマーNinjaに約1億円の報酬支払いか―ロイター報道 Android App Bundle 6. Scientists rise up against statistical significance (56:15～) 「“統計的に有意差なし”もうやめませんか」　Natureに科学者800人超が署名して投稿 ご意見、ご感想 Twitter メールアドレス：recalog1@gmail.com 編曲 @Touden氏 最大限の感謝を BGM 騒音のない世界 beco様より OP:オオカミ少年 本編:蜃気楼 免責 本ラジオはあくまで個人の見解であり現実のいかなる団体を代表するものではありません ご理解頂ますようよろしくおねがいします

Podcast 1. El hardware libre puede evitar el espionaje 2. Facebook deja que te busquen por tu número telefónico de seguridad 3. Coinhive cierra operaciones

In this week's episode we’ll talk about Coinhive shutting down and the founder of Onecoin gets arrested. Of course we’ll do a technical analysis of the current market and bitcoin price. Hosted by Walter and Sico from Amsterdam. Everything in the podcast is not financial advice, it’s just our personal opinion.   Twitter: @CNW_Walter @sicovanderplas   E-mail: info@cryptonewsweekly.io   Some extra links of articles we talk about: -https://tweakers.net/nieuws/150082/amerikanen-arresteren-leider-van-cryptocurrency-project-onecoin.html -https://www.nu.nl/internet/5769012/malafide-software-coinhive-voor-delven-cryptovaluta-stopt-in-maart.html -https://newsbit.nl/enjin-coin-omhoog-met-65-door-samenwerking-met-samsung/ -https://cointelegraph.com/news/unity-unveils-patent-for-blockchain-based-uniquely-identified-in-game-token-system      

Salon is using CoinHive to make money? Facebook has a VPN? Can you actually still read?! Also, a NON-SPOILER review of “Black Panther,” the biology of individuality, and much, much more! Co-Hosts: N/A Opening Audio: N/A The Foreplay:--The Sovryn Tech Newsletter (zog.email), new items in the Sovryn Tech Store (store.sovryntech.com), iOS 9 source code leaked (bit.ly/2Ees1Nq), crypto mining halting the search for aliens (www.bbc.com/news/technology-43056744), Salon using CoinHive (for.tn/2st5kn1), Skype is broken (engt.co/2ENHNlG), Facebook is sending you annoying texts you shouldn’t respond to (bit.ly/2CqVpy8), Haven app (guardianproject.github.io/haven/). Story of the Week:--“Forgetting How To Read” Link: tgam.ca/2EzH0BJ Important Messages:--"Sovryn Tech Contact Form” Link: contact.zog.ninja--“Real Men”--“Creating Content and Money”--“Data Packet Radio” HackSec:--“Don’t Touch That Facebook VPN” Link: bit.ly/2ELpDky GameTalk:--"AtariCoin” Link: bit.ly/2CsDgQm Wild Card:--“The Biological Roots of Individuality” Link: bit.ly/2Cs9YBF The Climax: --“Black Panther” APPENDIX: --“Heleum” Link: heleum.com/sovryn --“ZenCash” Link: zensystem.io/ --"Roberts & Roberts Brokerage" Link: rrbi.co--"CryptoCompare" Link: www.cryptocompare.com/--“Unixstickers” Link: stickers.sovryntech.com--“Liberty Forum 2018: USE CODE lava10” Link: nhlibertyforum.com/--“Sovryn Tech T-Shirts!” Link: store.sovryntech.com--”Sovryn Tech Solutions” Link: solutions.zog.ninja --”Libreboot X200” Link: bit.ly/1FI57ew --"NeverAgain.tech" Link: neveragain.tech/ --"Surveillance Self-Defense" Link: ssd.eff.org/ --"That One Privacy Site" Link: thatoneprivacysite.net/ --"Privacytools.io" Link: www.privacytools.io/ --"ipleak.net" Link: ipleak.net/ --"Secure Messaging Apps" Link: www.securemessagingapps.com/ --"Lavabit" Link: lavabit.com --"Obsolete! Magazine" Link: obsolete-press.com/ --"A Graduate Course in Applied Cryptography" Link: toc.cryptobook.us/ --"URLscan.io" Link: urlscan.io/ --"TatianaCoin Campaign" Link: TatianaCoin.com --"Zcash4win" Link: zcash4win.com/--"EFF Guide to the US Border" Link: bit.ly/2m79lGe--"Max Stirner's 'The Unique and Its Property' Book" Link: amzn.to/2rCGM95--"RetroShare" Link: retroshare.net/--"PortaPow USB Condom" Link: amzn.to/2sPMuoL--“Books of Liberty” Link: booksofliberty.com/--“DongleAuth” Link: www.dongleauth.info--"Dark Android: 2017 Edition" Link: darkandroid.info---------------------------------------------------------------------------------------- Make easy monthly donations through Patreon: patreon.com/sovryntech Donate with Crypto! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d ZenCash Shielded (encrypted) Address: zceDc5yyR5wY5w9ArxhAvLxWz2gpKMESTzC3iwzASong3o4oVgqp1VkZU1eeMUobPW87TStRABqcfN3rPSErFwyFnU8AjJeZenCash Transparent (unencrypted) Address: znZCyUwzGt19KqhCVzeR5iiUG5CEjNoe1YpZcash Shielded (encrypted) Address: zcfUhN29ddFdtZ1iKvv6WFFXUB9nKWwL5kXvcrvhQuB2yMw6eabshv1CGN92kkbtRt1Ykf1k2266sJvZAQQUrhmpuCwXUDD Zcash Transparent (unencrypted) Address: t1ZAA33YYzPmm4Ks5aq13N4NJBjqqSypY8G Donate with PayPal! Link: donate.zog.ninja Donate with our Amazon Wish List! Link: wishlist.zog.ninja ---------------------------------------------------------------------------------------- You can e-mail the show at: bbs@sovryntech.com---------------------------------------------------------------------------------------- You can also visit our IRC channel on Freenode: #SovNet Or just go to: irc.zog.ninja ---------------------------------------------------------------------------------------- sovryntech.com twitter.com/sovryntech

Josepha Haden is the Executive Director of the WordPress project at Automattic. She oversees and directs all contributor teams in their work to build and maintain WordPress. Josepha can be found at https://josepha.blog. In our news segment, we talk about recent vulnerabilities in the Freemius library affecting WordPress plugins, the CoinHive shutdown, and why potential changes in WordPress core development will benefit end users' security and more.

Salon is using CoinHive to make money? Facebook has a VPN? Can you actually still read?! Also, a NON-SPOILER review of “Black Panther,” the biology of individuality, and much, much more! Co-Hosts: N/A Opening Audio: N/A The Foreplay:--The Sovryn Tech Newsletter (zog.email), new items in the Sovryn Tech Store (store.sovryntech.com), iOS 9 source code leaked (bit.ly/2Ees1Nq), crypto mining halting the search for aliens (www.bbc.com/news/technology-43056744), Salon using CoinHive (for.tn/2st5kn1), Skype is broken (engt.co/2ENHNlG), Facebook is sending you annoying texts you shouldn’t respond to (bit.ly/2CqVpy8), Haven app (guardianproject.github.io/haven/). Story of the Week:--“Forgetting How To Read” Link: tgam.ca/2EzH0BJ Important Messages:--"Sovryn Tech Contact Form” Link: contact.zog.ninja--“Real Men”--“Creating Content and Money”--“Data Packet Radio” HackSec:--“Don’t Touch That Facebook VPN” Link: bit.ly/2ELpDky GameTalk:--"AtariCoin” Link: bit.ly/2CsDgQm Wild Card:--“The Biological Roots of Individuality” Link: bit.ly/2Cs9YBF The Climax: --“Black Panther” APPENDIX: --“Heleum” Link: heleum.com/sovryn --“ZenCash” Link: zensystem.io/ --"Roberts & Roberts Brokerage" Link: rrbi.co--"CryptoCompare" Link: www.cryptocompare.com/--“Unixstickers” Link: stickers.sovryntech.com--“Liberty Forum 2018: USE CODE lava10” Link: nhlibertyforum.com/--“Sovryn Tech T-Shirts!” Link: store.sovryntech.com--”Sovryn Tech Solutions” Link: solutions.zog.ninja --”Libreboot X200” Link: bit.ly/1FI57ew --"NeverAgain.tech" Link: neveragain.tech/ --"Surveillance Self-Defense" Link: ssd.eff.org/ --"That One Privacy Site" Link: thatoneprivacysite.net/ --"Privacytools.io" Link: www.privacytools.io/ --"ipleak.net" Link: ipleak.net/ --"Secure Messaging Apps" Link: www.securemessagingapps.com/ --"Lavabit" Link: lavabit.com --"Obsolete! Magazine" Link: obsolete-press.com/ --"A Graduate Course in Applied Cryptography" Link: toc.cryptobook.us/ --"URLscan.io" Link: urlscan.io/ --"TatianaCoin Campaign" Link: TatianaCoin.com --"Zcash4win" Link: zcash4win.com/--"EFF Guide to the US Border" Link: bit.ly/2m79lGe--"Max Stirner's 'The Unique and Its Property' Book" Link: amzn.to/2rCGM95--"RetroShare" Link: retroshare.net/--"PortaPow USB Condom" Link: amzn.to/2sPMuoL--“Books of Liberty” Link: booksofliberty.com/--“DongleAuth” Link: www.dongleauth.info--"Dark Android: 2017 Edition" Link: darkandroid.info---------------------------------------------------------------------------------------- Make easy monthly donations through Patreon: patreon.com/sovryntech Donate with Crypto! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d ZenCash Shielded (encrypted) Address: zceDc5yyR5wY5w9ArxhAvLxWz2gpKMESTzC3iwzASong3o4oVgqp1VkZU1eeMUobPW87TStRABqcfN3rPSErFwyFnU8AjJeZenCash Transparent (unencrypted) Address: znZCyUwzGt19KqhCVzeR5iiUG5CEjNoe1YpZcash Shielded (encrypted) Address: zcfUhN29ddFdtZ1iKvv6WFFXUB9nKWwL5kXvcrvhQuB2yMw6eabshv1CGN92kkbtRt1Ykf1k2266sJvZAQQUrhmpuCwXUDD Zcash Transparent (unencrypted) Address: t1ZAA33YYzPmm4Ks5aq13N4NJBjqqSypY8G Donate with PayPal! Link: donate.zog.ninja Donate with our Amazon Wish List! Link: wishlist.zog.ninja ---------------------------------------------------------------------------------------- You can e-mail the show at: bbs@sovryntech.com---------------------------------------------------------------------------------------- You can also visit our IRC channel on Freenode: #SovNet Or just go to: irc.zog.ninja ---------------------------------------------------------------------------------------- sovryntech.com twitter.com/sovryntech

Coinhive Shutting Down https://coinhive.com/blog/en/discontinuation-of-coinhive Azure Blob Storage Phishing https://www.edgewave.com/phishing/feeling-blue-about-phishing/ Old 2014 Elastic Search Vulnerability Exploited https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html Latest Drupal Vulnerability Exploited https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/ F5 Big IP Patches https://support.f5.com/csp/article/K91026261

In today’s podcast we hear that a misconfigured Amazon Web Services database has exposed a risk screening database--and it seems the exposure itself was an instance of third-party risk. Farewell to Coinhive, long a favorite of cryptominers everywhere. Intel pulls back from a 5G project with a Chinese partner. A quick look at Bronze Union, and what the threat actor’s up to. Facebook will soon help you clear your data. And if you have a lawful intercept tool you no longer need, please don’t sell it on eBay. Malek Ben Salem from Accenture Labs on the commoditization of malware. Guest is Michelle Dennedy from Cisco with results from their most recent Data Privacy Benchmark Study. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_28.html  Support our show

Coinhive to shut down on March 8th, a new free hacking toolkit, and Thunderclap Thunderbolt vulnerabilities on episode 229 of our daily cybersecurity podcast.

Coinhive Shutting Down https://coinhive.com/blog/en/discontinuation-of-coinhive Azure Blob Storage Phishing https://www.edgewave.com/phishing/feeling-blue-about-phishing/ Old 2014 Elastic Search Vulnerability Exploited https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html Latest Drupal Vulnerability Exploited https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/ F5 Big IP Patches https://support.f5.com/csp/article/K91026261

Troy Hunt, creator of “Have I been pwned”, gives a virtual keynote that explores how security threats are evolving - and what we need to be especially conscious of in the modern era. In this keynote, you’ll learn: Real world examples of both current and emerging threats How threats are evolving and where to put your focus How to stem the flow of data breaches and protect against malicious activity and much more! Transcript Cindy Ng: Troy Hunt is a world-renowned web security expert known for public education and outreach on security topics. And we recently invited Troy to give a keynote on the modern state of insecurity. Troy Hunt: Then moving on another one I think is really fascinating today is to look at the supply chain, the modern supply chain. And what we're really talking about here is what are the different bits and pieces that go into modern-day applications? And what risks do those bits and pieces then introduce into the ecosystem? There's some interesting stats, which helps set the scene for why we have a problem today. And the first that I want to start with, the average size of webpage, just over 700 kilobytes in 2010. But over time, websites have started to get a lot bigger. You fast forward a couple of years later and they're literally 50% larger, growing very, very fast. Go through another couple of years, now we're up to approaching 2 megabytes. Get through to 2016 and we're at 2.3 megabytes. Every webpage is 2.3 megabytes. And when you have a bit of a browse around the web, maybe just open up the Chrome DevTools and have a look at the number of requests that come through. Go through on the application part of the DevTools, have a look at the images. And have a look at how big they are. And how much JavaScript, and how many other requests there are. And you realize not just how large pages are, but how the composition is made up from things from many, many different locations. So, we've had this period of six years where we've tripled the average size of a webpage. And of course, ironically, during that period we've become far more dependent on mobile devices as well. Which very frequently have less bandwidth or more expensive bandwidth, particularly if you're in Australia. So, we've sort of had this period where things have grown massively in an era where we really would have hoped that maybe they'd actually be a little bit more efficient. The reason I stopped at 2016 is because the 2.3-megabyte number is significant. And the reason it's significant is because that's the size of Doom. So, remember Doom, like the original Doom, like the 1993 Doom, where if you're a similar age to me or thereabouts, you probably blew a bunch of your childhood. When you should've been doing homework, just going through fragging stuff with BFG. So, Doom was 2.3 megabytes. That's the original size of it. And just as a reminder of the glory of Doom, remember what it was like. You just wander around these very shoddy looking graphics, but it was a first-person shoot-em-up. There were monsters, and aliens, and levels, and all sorts of things. Sounds. All of that went into two floppy disks and that's your 2.3 megabytes. So, it's amazing to think today when you go to a website, you're looking at the entire size of Doom, bundled into that one page, loaded on the browser. Now, that then leads us into where that all goes. So, let's consider a modern website. The U.S. Courts website. And I actually think it's pretty cool looking government website. Most government websites don’t look this cool. But, of course, to make a website look cool, there's a bunch of stuff that's got to go into it. So, if we break this down by content type, predictably images are large. You've got 1.1 megabytes worth of images, so almost half the content there is just images. The one that I found particularly fascinating though when I started breaking this apart is the script. Because you've got about 3/4 of a megabyte worth of JavaScript. Now keep in mind as well, JavaScript can be very well optimized. I mean, we should be minimizing it. It should be quite efficient. So, where does 726 kilobytes worth of script go? Well, one of the things we're seeing with modern websites is that they're being comprised of multiple different external services. And in the case of the U.S. Courts website, one of those web services is BrowseAloud. And BrowseAloud is interesting. So, this is an accessibility service made by a company called Texthelp. And the value proposition of BrowseAloud is that if you're running a website, and accessibility is important to you...and just to be clear about what we mean by that, if someone is visually impaired, if they may be English is second language, if they need help reading the page, then accessibility is important. And accessibility is particularly important to governments because they very often have regulatory requirements to ensure that their content is accessible to everyone. So, the value proposition of a service like BrowseAloud is that there's this external thing that you can just embed on this site. And the people building the site can use all their expertise to sort of actually build the content, and the taxonomy, and whatever else of the site. They just focus on building the site and then they pull in the external services. A little bit like we're pulling an external library. So, these days there's a lot of libraries that go into most web applications. We don't go and build all the nuts and bolts of everything. We just throw probably way too much jQuery out there. Or other themes that we pull from other places. Now, in the case of BrowseAloud, it begs the question, what would happen if someone could change that ba.js file? And really where we're leading here, is that if you can control the JavaScript that runs on a website, what would you do? If you're a bad dude, what could you do, if you could modify that file? And the simple answer is is that once you're running JavaScript in the browser and you have control over that JavaScript, there is a lot you can do. You can pull in external content, you can modify the DOM. You can exfiltrate anything that can be accessed via client script. So, for example, all the cookies, you can access all the cookies so as long as the cookies aren't flagged as HTTP only. And guess what? A lot of them which should be, still are. So, you have a huge amount of control when you can run arbitrary JavaScript on someone else's website. Now, here's what went wrong with the BrowseAloud situation. So, you've got all of these websites using this exact script tag, thousands of them, many of them government websites. And earlier this year, Scott Helme, he discovered that the ICO, the Information Commissioner's Office in the UK, so basically the data regulator in the UK, was loading this particular JavaScript file. And at the top of this file, was some script which shouldn't be there. And if you look down at about the third line and you see Coinhive, you start to see where all of this has gone wrong. Now, let's talk about Coinhive briefly. So, everyone's aware that there is cryptocurrency and there is crypto currency mining. The value proposition of Coinhive...and you can go to coinhive.com in your browser. Nothing bad is going to happen. You can always close it. But bear with me, I'll explain. So, the value proposition of coinhive.com is you know how people don't like ads. You know because you get a website, and there's tracking, and they're obnoxious, and all the rest of it. Coinhive believe that because they don't like ads, but you might still want to monetize your content, what you can do is you get rid of the ads, and you just run a crypto miner on people's browser. And what could go wrong? And in fairness, if there's no tracking and you're just chewing up a few CPU cycles, then maybe that is a better thing, but it just feels dirty. Doesn't it? You know, like if you ever go to a website and there's a Coinhive crypto miner on there, and they usually mine Monero, and you see your CPU spiking because it's trying to chew up cycles to put money in someone else's pocket, you're going to feel pretty dirty about it. So, there is a valid value proposition for Coinhive. But unfortunately, when you're a malicious party, and there's a piece of script that you can put on someone else's website, and you can profit from it, well then obviously, Coinhive is going to be quite attractive to you as well. So, what we saw was this Coinhive script being embedded into the BrowseAloud JavaScript file, then the BrowseAloud JavaScript file being embedded into thousands of other websites around the world. So, U.S. Courts was one. U.S. House of Representatives was another. I mentioned the Information Commissioner's Office, the NHS in Scotland, the National Health Service, so all of these government websites. Now, when Scott found this, one of the things that both of us found very fascinating about it is that there are really good, freely accessible browser security controls out there that will stop this from happening. So, for example, there are content security policies. And content security policies are awesome because they're just a response killer, and every single browser supports them. And a CSP lets you say, ''I would like this browser to be able to load scripts from these domains and images from those domains.'' And that's it. And then if any script tries to be loaded from a location such as coinhive.com, which I would assume you're not going to whitelist, it gets blocked. So, this is awesome. This stops these sorts of attacks absolutely dead. The adoption of content security policies is all the sites not using it. And that's about 97%. So, it's about a 3% adoption rate of content security policies. And the reason why I wanted to flag this is because this is something which is freely accessible. It's not something you go out and spend big bucks on a vendor with. When I was in London at the Infosecurity EU Conference, loads of vendors there selling loads of products and many of them are very good products, but also a lot of money. And I'm going, ''Why aren't people using the free things?'' Because the free things can actually fix this. And I think it probably boils down to education more than anything else. Now, interestingly, if we go back and look at that U.S. Courts website, here's how they solved the problem. So, they basically just commented it all out, and arguably this does actually solve the problem. Because if you comment out the script, and someone modifies it, well, now it's not a problem anymore. But now you've got an accessibility problem. I actually had people after I've been talking about this, say, ''Oh, you should never trust third-party scripts. You should just write all this yourself.'' This is an entire accessibility framework with things like text to speech. You're not going to go out and write all that yourself. You're actually got to go and build content. Instead, we'd really, really like to see people actually using the security controls to be able to make the most of services like this, but do so in a way that protects them if anything goes wrong. Now, it's interesting to look now at sites that are still embedding BrowseAloud but are doing so with no CSP. And in case anyone's wondering, no Subresource Integrity as well. So, things like major retailers, there are still us government sites, there are still UK government sites. And when I last looked at this, I found a UK transportation service as well. Exactly the same problem. And one of the things that that sort of makes me lament is that even after we have these issues where we've just had an adversary run arbitrary script and everyone's browser, and let's face it, just Coinhive is dodging a bullet. Because that is a really benign thing in the scope of what you could have done if you could have run whatever script you wanted in everyone's browser. But even after all that these services are still just doing the same thing. So, I don't think we're learning very well from previous incidents. ...

In today's podcast we hear that the US Intelligence Community warns of Russian threats, again. A criminal spearphishing campaign hits Russian industrial companies. A cryptojacking wave is installing CoinHive in MicroTik routers. Speakers at the Billington Automotive CyberSecuirty Summit stress collaboration, design for security, and the convergence of cyber and safety. Autonomy and connectivity make these imperative for the next generation of vehicles. Municipalities hit by malware feel the pain.  Ben Yelin from UMD CHHS on a NYT story on records being seized from a reporter. Guest is David Spark, cohost of the CISO Security Vendor Relationship podcast.   For links to all of today's stories check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_03.html  

規模は大きいがリファクタできるほど稼げているわけではない。そんなシステムとの付き合い方。 仮想通貨マイニング（Coinhive）で家宅捜索を受けた話 Coinhiveで支援しよう

Mariko Kosaka さんをゲストに迎えて、JSConf EU, TC39, オープンソースとサステナビリティ、Coinhive などについて話しました。 Show Notes JSConf EU 2018 Eyeo Festival 25 de Abril Bridge User-Agent 家系図 SafariのUA文字列が固定されて固定されなくなったおはなし Twitter ‘smytes’ customers 10 Things I Regret About Node.js - Ryan Dahl - JSConf EU 2018 ry/deno: A secure TypeScript runtime on V8 propelml/propel: Differential Programming in JavaScript. TensorFlow.js Rollup Computer, build me an app - Rich Harris - JSConf EU 2018 Svelte • The magical disappearing UI framework webpack To push, or not to push?! - The future of HTTP/2 server push - Patrick Hamann - JSConf EU 2018 Rebuild: 154: Chinese Menu Selection (kazuho) Towards ever faster websites with early hints and priority hints HTTP2 Early Hints Living on the Edge with Fastly's Tyler McMullen スラスラ読める JavaScriptふりがなプログラミング Rebuild.fmの宮川氏がRubyまつもと氏に聞いた、Ruby開発の10の論点 SmooshGate FAQ Summary for the 64th meeting of Ecma TC39 Open source sustainability Between the Wires: An interview with Vue.js creator Evan You OpenCollective The Varnish Moral License — PHKs Bikeshed 矢文案件 Gratipay Pointer Events Coinhive設置で家宅捜索受けたデザイナー、経緯をブログ公開 Using Web Workers 警察庁　サイバー犯罪対策 Government Digital Service The HTTPS-Only Standard JSConf US 2018

Podcastの概要 このPodCastはIT企業に所属する「めんぼう」と「かんてつ」が好きなサービスやガジェ … "【第103回】不正QRコード, Sony RX100 VI発売, 身体で覚えるVRトレーニング, Coinhiveしたらどうなるの？" の続きを読む

先週日本を震撼させた大事件「Coinhive逮捕事件」の簡単なご紹介と、それについてワタシが思ったことを一方的に述べています。なんというか、だんだん怖いハナシが多くなってきますねえ。 関連リンク: LODGE　-Yahoo! JAPANのオフィス内に誕生した日本最大級のコワーキングスペース- 仮想通貨マイニング（Coinhive）で家宅捜索を受けた話 - Webを楽しもう「ドークツ」 NHK「専門家によるとマイニングのサイトにアクセスした瞬間からパソコンに負荷がかかります」→専門家「全部カットされて真逆のことを報道されました！」 - Togetter コインマイナーをサイトに設置して犯罪になる条件とは？　警察庁と神奈川県警に問い合わせてみた - INTERNET Watch 高木浩光＠自宅の日記 - 魔女狩り商法に翻弄された田舎警察 Coinhive事件 大本営報道はまさに現代の魔女狩りだ カナダ、娯楽目的の大麻使用を合法化へ - BBCニュース Google ポッドキャスト - Google Play のアプリ にわかには信じられない Music From: Light Years Away / earthling (License CC-by) Room To Breath / earthling (License CC-by) Moment by Moment / earthling (License CC-by) その他リンク:  Twitterアカウント Facebookページ Google+ページ YouTubeチャンネル

VPNFilter router malware (persistent, reset router to clear, FBI warning), 4K vs UHD TV defined (4K has 4096 horizontal pixels and 2160 vertical lines, UHD has 3480 horizontal pixels and 2160 vertical lines), impact of quantum computing on Internet security (does not look good, 2025 expected deployment), negotiating with ISPs after cordcutting (try to be treated as a new customer), Profiles in IT (Bradford Parkinson, one of the fathers of GPS), Electromagnetic Drive does not work (NASA got it wrong, drive violates laws of physics), Amazon bans shoppers who return too many items, Samsung ordered to pay Apple over %500M for patent infringement, DOJ investigates cryptocurrency manipulation (looking at pump and dump), skills that AI will not make obsolete (higher cognitive skills, social and emotional skills, technological skills), mining malware is dominant cybersecurity threat (Coinhive and Crytoloot are top two violators), Stich Fix uses AI to amke clothes buying easy for consumer (fashion industry beware), Twitter CEO does not have laptop (uses mindfulness and awareness to be more productive), and General Data Protection Regulation goes into effect in EU (companies scramble to comply). This show originally aired on Saturday, June 2, 2018, at 9:00 AM EST on WFED (1500 AM).

VPNFilter router malware (persistent, reset router to clear, FBI warning), 4K vs UHD TV defined (4K has 4096 horizontal pixels and 2160 vertical lines, UHD has 3480 horizontal pixels and 2160 vertical lines), impact of quantum computing on Internet security (does not look good, 2025 expected deployment), negotiating with ISPs after cordcutting (try to be treated as a new customer), Profiles in IT (Bradford Parkinson, one of the fathers of GPS), Electromagnetic Drive does not work (NASA got it wrong, drive violates laws of physics), Amazon bans shoppers who return too many items, Samsung ordered to pay Apple over %500M for patent infringement, DOJ investigates cryptocurrency manipulation (looking at pump and dump), skills that AI will not make obsolete (higher cognitive skills, social and emotional skills, technological skills), mining malware is dominant cybersecurity threat (Coinhive and Crytoloot are top two violators), Stich Fix uses AI to amke clothes buying easy for consumer (fashion industry beware), Twitter CEO does not have laptop (uses mindfulness and awareness to be more productive), and General Data Protection Regulation goes into effect in EU (companies scramble to comply). This show originally aired on Saturday, June 2, 2018, at 9:00 AM EST on WFED (1500 AM).

Coinhive cryptomining (malware or not), Facebook Notes (a convenient blogging platform), butt calls (lock screen to prevent), cloud backup vs cloud syncing), Profiles in IT (Dustin Muskovitz, Facebook co-founder and first CTO), programmer who created Like Button (deletes Facebook account), Baltimore 911 infected with ransomware (open Firewall port to blame), leaked NSA hacking tools aided recent attacks (Eternal Blue and Eternal Romance exploits enabled ransomware), Atlanta hit with ransomware, ransomware attack vectors (best defensive practices), chemistry of Easter egg dyes (need acidic solution to bond), Apple release iOS 11.3 (battery health addressed, augmented VR added, privacy improved), and free online credit reports (Credit Karma, Free Credit Score). This show originally aired on Saturday, March 31, 2018, at 9:00 AM EST on WFED (1500 AM).

Coinhive cryptomining (malware or not), Facebook Notes (a convenient blogging platform), butt calls (lock screen to prevent), cloud backup vs cloud syncing), Profiles in IT (Dustin Muskovitz, Facebook co-founder and first CTO), programmer who created Like Button (deletes Facebook account), Baltimore 911 infected with ransomware (open Firewall port to blame), leaked NSA hacking tools aided recent attacks (Eternal Blue and Eternal Romance exploits enabled ransomware), Atlanta hit with ransomware, ransomware attack vectors (best defensive practices), chemistry of Easter egg dyes (need acidic solution to bond), Apple release iOS 11.3 (battery health addressed, augmented VR added, privacy improved), and free online credit reports (Credit Karma, Free Credit Score). This show originally aired on Saturday, March 31, 2018, at 9:00 AM EST on WFED (1500 AM).

This week, Keith and Paul continue to discuss OWASP Application Security Verification Standard! In the news, Cisco investigation reveals ASA vulnerability is worse than originally thought, Google Chrome HTTPS certificate apocalypse, Intel made smart glasses that look normal, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode05   Visit https://www.securityweekly.com/ for all the latest episodes!

HDR photos (great for sunsets), Wi-Fi SSID (hiding your network), code for kids (five great sites that inspire), Profiles in IT (Michael Stonebraker, Father of Big Data), SEC rejects cryptocurrency ETF funds (citing volatility and security), cryptocurrency mining malware (Coinhive and Cryptoloot), Apple responds to iOS slowdown issue (users can opt out, $29 battery replacement), Facebook adjusts Newsfeed again (crowd-sourced news rankings), Twitter and Russian bots (50,000 and counting), Russian Cyber Forces stealing US technology edge (a real crisis), and Social Media as a Social Disease). This show originally aired on Saturday, January 20, 2018, at 9:00 AM EST on WFED (1500 AM).

HDR photos (great for sunsets), Wi-Fi SSID (hiding your network), code for kids (five great sites that inspire), Profiles in IT (Michael Stonebraker, Father of Big Data), SEC rejects cryptocurrency ETF funds (citing volatility and security), cryptocurrency mining malware (Coinhive and Cryptoloot), Apple responds to iOS slowdown issue (users can opt out, $29 battery replacement), Facebook adjusts Newsfeed again (crowd-sourced news rankings), Twitter and Russian bots (50,000 and counting), Russian Cyber Forces stealing US technology edge (a real crisis), and Social Media as a Social Disease). This show originally aired on Saturday, January 20, 2018, at 9:00 AM EST on WFED (1500 AM).

Ep. 282 | Everything Cryptocurrency: Coinhive, RIG Exploit Kit, Olympic Malware | AT&T ThreatTraq

In the Application Security News, Paul and Keith talk about impatient employers designing their own courses, measurable CPU differences in AWS from Intel CPU vulnerabilities, the CEO of Intel selling a gigantic amount of stock, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Paul Asadoorian and Keith Hoodlet bring you our brand new show, Application Security Weekly! On our first episode, Paul and Keith will discuss the history of application security and software security! In the news, what you need to know about CPU vulnerabilities, negative results testing Intel CPU design, Mozilla Firefox patches, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00   Visit https://www.securityweekly.com/psw for all the latest episodes!

Paul Asadoorian and Keith Hoodlet bring you our brand new show, Application Security Weekly! On our first episode, Paul and Keith will discuss the history of application security and software security! In the news, what you need to know about CPU vulnerabilities, negative results testing Intel CPU design, Mozilla Firefox patches, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00   Visit https://www.securityweekly.com/psw for all the latest episodes!

In the Application Security News, Paul and Keith talk about impatient employers designing their own courses, measurable CPU differences in AWS from Intel CPU vulnerabilities, the CEO of Intel selling a gigantic amount of stock, and Starbucks Wi-Fi mines Monero via CoinHive! All that and more, on the first episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode00 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In today's podcast, we hear that Berlin says Beijing's been catphishing, and that Beijing says no way. Banking Trojans in Google Play look for Polish accounts. Spider malware spins out of the Balkans. Transferring risk doesn't mean you can ignore it. The SEC calls cease-and-desist on another ICO. That venti in Buenos Aires may have come with a CoinHive miner. Rick Howard from Palo Alto Networks on DevOps vs. site reliability engineers. Marcelle Lee from LookingGlass on the Bad Rabbit ransomware. The Doctor puts down his tools and closes BrickerBot. 

Добрый день, уважаемые подписчики! Новый выпуск подкаста стучится к вам в интернет-приемники, мчится по оптике и «витой паре». И сразу новость — наш проект наконец-то можно поддержать на Patreon! В этот раз мы наконец-то поговорили об «искусственном» противостоянии спецификаций Flexbox и CSS Grids. На самом деле они ни в коем случае не должны заменить одна другую, а лишь дополнить и сделать верстку еще удобнее и приятнее. Кроме этого в очередной раз поговорили про теорию цвета, о влиянии архитектуры на настроение человека и о будущем дизайна. А еще обсудили большое количество новостей из мира IT, например скупку почти всех видеокарт Сбербанком и введением Twitter нового лимита — 280 символов. Тему к следующему выпуску предлагайте здесь: Тему к подкасту #146. «Дизайн» Причиной столкновения американского эсминца стал запутанный UI. Ученые впервые доказали, что архитектура и природа действительно влияют на наше настроение. Теория цвета, как устроен цветовой круг, какое психологическое воздействие оказывают разные цвета и как понять цвет в живописи. Художник-постановщик «Бегущего по лезвию» о творческом методе, андроидах и будущем дизайна. «Светские новости» Твитить стало проще. #Twitter280Characters. Coinhive и майнинг с помощью посетителей сайтов. Рунет впервые обогнал телевидение по уровню доходов от рекламы. Сбербанк извинился за скупку почти всех видеокарт на российском рынке. «Русский Патреон». Бойтесь шахмат, Вам навязываемых. Сотрудник Microsoft установил Google Chrome посреди презентации, потому что Edge зависал. Письмо, которое вас обчистит. И еще Х способов украсть деньги у вашей фирмы. Лучший хостинг SmartApe готов потянуть и Flexbox и CSS Grids↓ «Разработка» Flexbox vs CSS Grids. У вас есть синдром ученика. С темами к выпуску можно ознакомиться по ссылке: Темы к подкасту #145. Спасибо всем, кто так или иначе принял участие, и дай вам Бог на эти коротенькие семь дней.

Recorded October 12, 2017 Topics Meetup Cloudflare ditches sites that use Coinhive mining code after classing it as malware Instagram post by Collin Cunningham Taylor Otwell

In episode 9 of TetraByte Podcast, Wike and Weber discuss YouTubes latest changes and complaints its content creators and ShowTime hosting Coinhive Cryptocurrency harvesting on your CPUs!