Home page logo

bugtraq logo Bugtraq mailing list archives

Re: A comment on using CPU resources
From: Steven Champeon <schampeo () hesketh com>
Date: Sat, 9 Jul 2005 16:44:15 -0400

on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote:
This isn't a new thing, stealing CPU cycles this way is known for some
time now. The following are the reasons I guess why this isn't

1. No anonymity. The code is directly visible to the victim.

It is, however, entirely possible to obfuscate JavaScript, or to hide
the data being processed by fetching it post-load.

2. As long as any script is running, the browser shows that the page
is still being loaded. This might drag suspicion to view whats in the
page or the user might simply cancel loading (ie the java script).
Time consuming scripts might have less chances.

Canceling loading (e.g., hitting the "stop" button in most modern
graphical desktop browsers) doesn't cancel script execution.

3. There are many better ways for a determined CPU thief. For example,
there are plenty of vulnerable machines connected to Internet offering
their everything to hackers in a silver plate.


4. If CPU cycles were really in huge demand, some one could just start
a business offering to pay for in return to lending idle CPU. Guess
not a bad idea ;-)

This is not a new idea - there are already several companies doing
exactly this sort of distributed computing-for-hire. United Devices,
for example.

antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]