[39540] in bugtraq
Re: A comment on using CPU resources
daemon@ATHENA.MIT.EDU (Steven Champeon)
Sat Jul 9 17:31:16 2005
X-Received-From: schampeo@habanero.hesketh.net
X-Delivered-To: bugtraq@securityfocus.com
Date: Sat, 9 Jul 2005 16:44:15 -0400
From: Steven Champeon <schampeo@hesketh.com>
To: Raghu Chinthoju <raghu.chinthoju@gmail.com>
Cc: Gandalf The White <gandalf@digital.net>, bugtraq@securityfocus.com
Message-ID: <20050709204415.GC19939@hesketh.com>
Mail-Followup-To: Raghu Chinthoju <raghu.chinthoju@gmail.com>,
Gandalf The White <gandalf@digital.net>, bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <7b8067a405070911531b322cd7@mail.gmail.com>
on Sun, Jul 10, 2005 at 12:23:51AM +0530, Raghu Chinthoju wrote:
> This isn't a new thing, stealing CPU cycles this way is known for some
> time now. The following are the reasons I guess why this isn't
> feasible:
>
> 1. No anonymity. The code is directly visible to the victim.
It is, however, entirely possible to obfuscate JavaScript, or to hide
the data being processed by fetching it post-load.
> 2. As long as any script is running, the browser shows that the page
> is still being loaded. This might drag suspicion to view whats in the
> page or the user might simply cancel loading (ie the java script).
> Time consuming scripts might have less chances.
Canceling loading (e.g., hitting the "stop" button in most modern
graphical desktop browsers) doesn't cancel script execution.
> 3. There are many better ways for a determined CPU thief. For example,
> there are plenty of vulnerable machines connected to Internet offering
> their everything to hackers in a silver plate.
Agreed.
> 4. If CPU cycles were really in huge demand, some one could just start
> a business offering to pay for in return to lending idle CPU. Guess
> not a bad idea ;-)
This is not a new idea - there are already several companies doing
exactly this sort of distributed computing-for-hire. United Devices,
for example.
--
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
