lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 9 Jul 2005 14:12:42 -0400
From: "Security" <security@...tainedhits.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: A comment on using CPU resources


> I had an issue with my Firefox browser.  The browser was static, yet it 
> was
> using 70% or 80% of the CPU of the system.
> It got me to thinking.  Java is a programming language.  What would 
> prevent
> companies from running a java script on your computer while you are 
> viewing
> their page that uses your CPU to do some computing for them?  Instead of
> selling (or in addition to selling) advertising the company could also 
> sell
> CPU to other companies.

I was thinking something along these same lines the other day.

The only drawbacks I could figure (and possible solutions to) are:

 - Not all clients will be executing the java (security problems, lack of 
java, etc.)
 - Not all clients will complete the execution of the java (could be avoided 
by having smaller code blocks executed in series or parallel with a 
push/pull on the clientside when the block completes.)  This would occur if 
the user hits back or closes the browser, and utilizing a onclose() or 
onblur() or whatnot will help although not all clients will honor these.
 - Not all users will like this, should they find out you are doing it what 
kind of legal trouble could you get into (if any)?

You'd need a lot of people running this for any reasonable amount of CPU 
cycles being available to you, and some very intuitive code to deal with 
running for an unknown amount of time (before the user clicks something).

Another thing to think of, flash animation clicks that are handled by the 
movie won't stop java. The user can click an item in the flash movie without 
changing the current document's href, which will leave your java threads 
running.  This is a way to ensure your code is executed for at least as long 
as it takes to load the flash, if the user waits at least that long.

Just my $0.02, as I said I was putting some thought into this just the other 
day, although I hadn't considered selling the CPU cycles.

Chris @ Sustained Hits

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ