lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050709204415.GC19939@hesketh.com>
Date: Sat, 9 Jul 2005 16:44:15 -0400
From: Steven Champeon <schampeo@...keth.com>
To: Raghu Chinthoju <raghu.chinthoju@...il.com>
Cc: Gandalf The White <gandalf@...ital.net>,
	bugtraq@...urityfocus.com
Subject: Re: A comment on using CPU resources


on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote:
> This isn't a new thing, stealing CPU cycles this way is known for some
> time now. The following are the reasons I guess why this isn't
> feasible:
> 
> 1. No anonymity. The code is directly visible to the victim.

It is, however, entirely possible to obfuscate JavaScript, or to hide
the data being processed by fetching it post-load.

> 2. As long as any script is running, the browser shows that the page
> is still being loaded. This might drag suspicion to view whats in the
> page or the user might simply cancel loading (ie the java script).
> Time consuming scripts might have less chances.

Canceling loading (e.g., hitting the "stop" button in most modern
graphical desktop browsers) doesn't cancel script execution.

> 3. There are many better ways for a determined CPU thief. For example,
> there are plenty of vulnerable machines connected to Internet offering
> their everything to hackers in a silver plate.

Agreed.

> 4. If CPU cycles were really in huge demand, some one could just start
> a business offering to pay for in return to lending idle CPU. Guess
> not a bad idea ;-)

This is not a new idea - there are already several companies doing
exactly this sort of distributed computing-for-hire. United Devices,
for example.

-- 
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ