| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Jul 2005 16:23:31 -0400 From: "Scott Marburger" <s_marburger@....org> To: "Raghu Chinthoju" <raghu.chinthoju@...il.com>, "Gandalf The White" <gandalf@...ital.net> Cc: <bugtraq@...urityfocus.com> Subject: RE: A comment on using CPU resources Several thoughts- I am reminded of some responses concerning "social engineering", and marvel as I see people with seven or eight browser windows open and minimized- in order to maintain "productivity". I have noticed on my own machine after having two or three windows open and closing all, that the machine seems sluggish. Going to task manager, I see one or two copies of Firefox still running, sucking up 30 or 40 percent when they should have closed. Shake thoughts well, add pinch of paranoia- Would it be possible to mask or disguise firefox to appear to be closed while still running it's java payload? Spitting back it's chunk of data when done? Scott Marburger Director, ICT The Institute for Public-Private Partnerships, Inc. Waterfront Center 1010 Wisconsin Avenue Washington, DC 20007 -----Original Message----- From: Raghu Chinthoju [mailto:raghu.chinthoju@...il.com] Sent: Saturday, July 09, 2005 2:54 PM To: Gandalf The White Cc: bugtraq@...urityfocus.com Subject: Re: A comment on using CPU resources This isn't a new thing, stealing CPU cycles this way is known for some time now. The following are the reasons I guess why this isn't feasible: 1. No anonymity. The code is directly visible to the victim. 2. As long as any script is running, the browser shows that the page is still being loaded. This might drag suspicion to view whats in the page or the user might simply cancel loading (ie the java script). Time consuming scripts might have less chances. 3. There are many better ways for a determined CPU thief. For example, there are plenty of vulnerable machines connected to Internet offering their everything to hackers in a silver plate. 4. If CPU cycles were really in huge demand, some one could just start a business offering to pay for in return to lending idle CPU. Guess not a bad idea ;-) cheers! Raghu On 7/9/05, Gandalf The White <gandalf@...ital.net> wrote: > Greetings and Salutations: > > I had an issue with my Firefox browser. The browser was static, yet it was > using 70% or 80% of the CPU of the system. > > It got me to thinking. Java is a programming language. What would prevent > companies from running a java script on your computer while you are viewing > their page that uses your CPU to do some computing for them? Instead of > selling (or in addition to selling) advertising the company could also sell > CPU to other companies. > > Is this feasible? > > Ken > > --------------------------------------------------------------- > Do not meddle in the affairs of wizards for they are subtle and > quick to anger. > Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC > WWW Page - http://digital.net/~gandalf/ > Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html > Trolls crossposts - http://digital.net/~gandalf/trollfaq.html > Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm > > >
Powered by blists - more mailing lists