back to article Your smartphone browser: A ZOMBIE in password-crunching botnet

Computer scientists in the US have discovered a potential means to abuse cloud-based web browsers. Cloud-based web browsers such as Amazon Silk on the Kindle Fire feature a split architecture that means some processing associated with rendering web-pages is offloaded onto server farms in the cloud. Some smartphone browsers, …


This topic is closed for new posts.
Silver badge

Has been done

There was some site which would recognize characters for you and spit out the TeX code for it. It secretly ran a JS Bitcoin miner.


And yet...

They want you to believe your data is safe(r) in the cloud. Once you let someone else manager your data, it is no longer your data. Build your own "cloud", even though you probably already have it. They're called servers for those of you blinded by marketing.


And the commentards blow it again

Christian Berger: What you describe is the opposite of what this team has done. The site you mentioned offloaded work onto the client machines (by having them run Javascript[1] worker roles). This research describes tricking HTML-rendering servers into performing computations.

Rick Giles: Your comment is so awesomely, stunningly irrelevant to the story that it's difficult to believe you actually read the piece before responding. Customer data is in no way involved in this exploit; nor does it have anything to do with hosting private data in the cloud.[2] It's about abusing a particular class of publicly-accessible computation resources by coopting their protocols and disguising one type of workload as another.

I can only assume the two people who upvoted you are similarly so keen to grind this particular axe that they too can't be bothered to see whether it's relevant to the story. The Internet echo chamber at work.

[1] Technically ECMAScript, unless it used extensions proprietary to Mozilla's implementation, which is what the "Javascript" trademark describes.

[2] In fact, it's arguable that the researchers shouldn't have used the "cloud" terminology at all - what they're talking about are basically publicly-accessible HTML rendering farms, which can be implemented using a "cloud"[3] approach, but don't have to be.

[3] I.E., utility computing, with an opaque abstraction layer between workloads and the hardware clusters they run on.


There was a title, but I lost it to the cloud because someone was mis-using the HTML rendering farm

Looks like I awoke a CIO trying to get upper manglement to buy off on his cloud idea...

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017