| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Jul 2005 16:44:15 -0400 From: Steven Champeon <schampeo@...keth.com> To: Raghu Chinthoju <raghu.chinthoju@...il.com> Cc: Gandalf The White <gandalf@...ital.net>, bugtraq@...urityfocus.com Subject: Re: A comment on using CPU resources on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote: > This isn't a new thing, stealing CPU cycles this way is known for some > time now. The following are the reasons I guess why this isn't > feasible: > > 1. No anonymity. The code is directly visible to the victim. It is, however, entirely possible to obfuscate JavaScript, or to hide the data being processed by fetching it post-load. > 2. As long as any script is running, the browser shows that the page > is still being loaded. This might drag suspicion to view whats in the > page or the user might simply cancel loading (ie the java script). > Time consuming scripts might have less chances. Canceling loading (e.g., hitting the "stop" button in most modern graphical desktop browsers) doesn't cancel script execution. > 3. There are many better ways for a determined CPU thief. For example, > there are plenty of vulnerable machines connected to Internet offering > their everything to hackers in a silver plate. Agreed. > 4. If CPU cycles were really in huge demand, some one could just start > a business offering to pay for in return to lending idle CPU. Guess > not a bad idea ;-) This is not a new idea - there are already several companies doing exactly this sort of distributed computing-for-hire. United Devices, for example. -- antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
Powered by blists - more mailing lists