November 8, 2017 – Tech Today w/ Ken May

Cryptojacking craze that drains your CPU now done by 2,500 sites

Enlarge / A music streaming site that participated in Coinhive crypto mining maxes out the visitor’s CPU. (credit: Malwarebytes ) A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks ago. Willem de Groot, an independent security researcher who reported the findings Tuesday, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors’ payment card details. “Apparently, cyberthieves are squeezing every penny out of their confiscated assets,” he said. Read 6 remaining paragraphs | Comments

More:
Cryptojacking craze that drains your CPU now done by 2,500 sites

These photos of insects look like alien robots

You’ve never seen insects look so magnificent before. Microsculpture: Portraits of Insects is a large coffee table book of mind-boggling photos of insects by Levon Biss, and published by Abrams.

Continue reading here:
These photos of insects look like alien robots

Code mistake freezes up to $280 million in digital currency

Imagine if one person’s code error deprived you of a pile of money, and there was no guarantee you’d get your funds back. Wouldn’t you be hopping mad? That’s how many cryptocurrency owners are feeling right now. The digital wallet company Parity is warning users that a large volume of Ethereum funds have effectively been frozen after code contributor devops199 claims to have accidentally deleted the library needed to use multi-signature wallets (those that require more than one signature to move funds) created after July 20th. Devops triggered a long-unpatched bug that turned Parity’s wallet contract into a standard multi-signature wallet, making every wallet “suicide” and erase the guiding library code. Whether or not you believe that it was a mistake, it could have very serious consequences. Observers estimate that there could be more than 1 million in ether locked away, which would amount to roughly $280 million. A lower estimate still pegs the damage at over $150 million. Parity describes these figures as “speculative” and suggests you should take them with a grain of salt, but there’s no question that some Ethereum holders are suddenly without a lot of cash. This doesn’t mean that the currency is permanently off-limits, but unfreezing it and compensating users could involve a bailout. And whatever happens, the incident highlights a simple problem: digital wallets and cryptocurrency in general are only as reliable as the code that guides them. The software needs to be airtight if you’re going to tie your livelihood to non-traditional income. Via: Comae (Medium) , Business Insider Source: Parity , Twitter , GitHub

See the article here:
Code mistake freezes up to $280 million in digital currency