Posted on Oct 25, 2017
Stealth web crypto-cash miner Coin Hive back to the drawing board as blockers move in
1.92K
6
6
2
2
0
I don't recall if any of my fellow cybersecurity contacts posted about this, but I'm interested in your thoughts. I personally don't have any issue with coin hive as I am usually not on pages long enough for it to truly effect me. However, now that they are implementing a forced consent what types of sited do you think it would be beneficial to run the new code?
Stealth web crypto-cash miner Coin Hive back to the drawing board as blockers move in
Posted from theregister.co.uk
Cyber
Cybersecurity
Bitcoin
INFOSEC
Informational Security
Posted >1 y ago
Responses: 3
1
1
0
SSG Derek Scheller Your timing on this is great. I just received this in my Hacker News Bulletin: "Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version."
https://thehackernews.com/2017/10/coinhive-cryptocurrency-miner.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1608.vl0ao0cqor.yw6
https://thehackernews.com/2017/10/coinhive-cryptocurrency-miner.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1608.vl0ao0cqor.yw6
Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites
Hacker Hijacks CoinHive's DNS Server to Mine Monero Cryptocurrency Using Thousands of Websites
(1)
(0)
SGT (Join to see)
A few things from this article:
1. Every website should have an option for password reset under 45 days and when there's been a breach remotely related to its platform and services.
2. Since all don't, that option should be enabled in a password manager or reset manually often.
3. This reminds me why I left Incapsula. Poor documentation, not being proactive with users' feedback to fix that documentation, and making changes with their free service (adding a static footer to your website) without up-front notification.
4. cPanel doesn't have a built-in easy-to-use log to detect such changes to DNS settings and no one wants to mess with those settings any more than necessary.
1. Every website should have an option for password reset under 45 days and when there's been a breach remotely related to its platform and services.
2. Since all don't, that option should be enabled in a password manager or reset manually often.
3. This reminds me why I left Incapsula. Poor documentation, not being proactive with users' feedback to fix that documentation, and making changes with their free service (adding a static footer to your website) without up-front notification.
4. cPanel doesn't have a built-in easy-to-use log to detect such changes to DNS settings and no one wants to mess with those settings any more than necessary.
(1)
(0)
1
1
0
SSG Derek Scheller They do make some valid points about the negative effect of website adds. Numerous websites are loaded with click bait advertising which if one is not careful can lead to harm. In this day and age of information overload, I find it interesting that there are still legitimate entities operating in shadow like this.
(1)
(0)
SSG Derek Scheller
PO3 Steven Sherrill I agree that they are trying to be legitimate. What I'm more curious about is what would be the best type of site to start to actually put it to use.
(1)
(0)
PO3 Steven Sherrill
SSG Derek Scheller - I think it is less about what type of site, and more a matter of vigilance. Any site using this type of software needs to be checking that particular script and the code running with it often to make sure that it hasn't been modified. At that point I would almost think that it would be more trouble than it is worth.
(0)
(0)
0
0
0
The initial issue of Coin Hive was shared here a week or two ago, but this response from MalwareBytes is new to me. Any blog, news, and creators' site could benefit from this if the site is well optimized to offset CPU usage to maintain user experience. The average user doesn't trust any ad and affiliate links are slowly following as they're usually forced and have little to do with the content on the page at the time. I won't get into tracking campaigns that add 50+ characters to an URL.
Coin Hive does seem to care as they've not only created an opt-in page but different language for courtesy and respect for users' privacy.
Coin Hive does seem to care as they've not only created an opt-in page but different language for courtesy and respect for users' privacy.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google