[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050709204415.GC19939@hesketh.com>
Date: Sat, 9 Jul 2005 16:44:15 -0400
From: Steven Champeon <schampeo@...keth.com>
To: Raghu Chinthoju <raghu.chinthoju@...il.com>
Cc: Gandalf The White <gandalf@...ital.net>,
bugtraq@...urityfocus.com
Subject: Re: A comment on using CPU resources
on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote:
> This isn't a new thing, stealing CPU cycles this way is known for some
> time now. The following are the reasons I guess why this isn't
> feasible:
>
> 1. No anonymity. The code is directly visible to the victim.
It is, however, entirely possible to obfuscate JavaScript, or to hide
the data being processed by fetching it post-load.
> 2. As long as any script is running, the browser shows that the page
> is still being loaded. This might drag suspicion to view whats in the
> page or the user might simply cancel loading (ie the java script).
> Time consuming scripts might have less chances.
Canceling loading (e.g., hitting the "stop" button in most modern
graphical desktop browsers) doesn't cancel script execution.
> 3. There are many better ways for a determined CPU thief. For example,
> there are plenty of vulnerable machines connected to Internet offering
> their everything to hackers in a silver plate.
Agreed.
> 4. If CPU cycles were really in huge demand, some one could just start
> a business offering to pay for in return to lending idle CPU. Guess
> not a bad idea ;-)
This is not a new idea - there are already several companies doing
exactly this sort of distributed computing-for-hire. United Devices,
for example.
--
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
Powered by blists - more mailing lists