[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <FGEKICEHHGOCCGIILDIBEEFPCJAA.s_marburger@ip3.org>
Date: Sat, 9 Jul 2005 16:23:31 -0400
From: "Scott Marburger" <s_marburger@....org>
To: "Raghu Chinthoju" <raghu.chinthoju@...il.com>,
"Gandalf The White" <gandalf@...ital.net>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: A comment on using CPU resources
Several thoughts-
I am reminded of some responses concerning "social engineering", and marvel
as I see people with seven or eight browser windows open and minimized- in
order to maintain "productivity".
I have noticed on my own machine after having two or three windows open and
closing all, that the machine seems sluggish. Going to task manager, I see
one or two copies of Firefox still running, sucking up 30 or 40 percent when
they should have closed.
Shake thoughts well, add pinch of paranoia-
Would it be possible to mask or disguise firefox to appear to be closed
while still running it's java payload? Spitting back it's chunk of data
when done?
Scott Marburger
Director, ICT
The Institute for Public-Private Partnerships, Inc.
Waterfront Center
1010 Wisconsin Avenue
Washington, DC 20007
-----Original Message-----
From: Raghu Chinthoju [mailto:raghu.chinthoju@...il.com]
Sent: Saturday, July 09, 2005 2:54 PM
To: Gandalf The White
Cc: bugtraq@...urityfocus.com
Subject: Re: A comment on using CPU resources
This isn't a new thing, stealing CPU cycles this way is known for some
time now. The following are the reasons I guess why this isn't
feasible:
1. No anonymity. The code is directly visible to the victim.
2. As long as any script is running, the browser shows that the page
is still being loaded. This might drag suspicion to view whats in the
page or the user might simply cancel loading (ie the java script).
Time consuming scripts might have less chances.
3. There are many better ways for a determined CPU thief. For example,
there are plenty of vulnerable machines connected to Internet offering
their everything to hackers in a silver plate.
4. If CPU cycles were really in huge demand, some one could just start
a business offering to pay for in return to lending idle CPU. Guess
not a bad idea ;-)
cheers!
Raghu
On 7/9/05, Gandalf The White <gandalf@...ital.net> wrote:
> Greetings and Salutations:
>
> I had an issue with my Firefox browser. The browser was static, yet it
was
> using 70% or 80% of the CPU of the system.
>
> It got me to thinking. Java is a programming language. What would
prevent
> companies from running a java script on your computer while you are
viewing
> their page that uses your CPU to do some computing for them? Instead of
> selling (or in addition to selling) advertising the company could also
sell
> CPU to other companies.
>
> Is this feasible?
>
> Ken
>
> ---------------------------------------------------------------
> Do not meddle in the affairs of wizards for they are subtle and
> quick to anger.
> Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC
> WWW Page - http://digital.net/~gandalf/
> Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
> Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
> Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm
>
>
>
Powered by blists - more mailing lists