It seems popular online magazine Salon is the latest company to hop onto the cryptocurrency mining bandwagon. The publication has updated its website to require users to disable their ad-blockers for the right to read articles – or alternatively, lend their CPU power to mine cryptocurrency. Visitors are now prompted to either turn off ad-blockers altogether or select the new ‘Suppress Ads’ option to “block ads by allowing Salon to use your unused computing power.” According to a clarification on its website, opting to lend your “unused processing power” will only happen “when you are browsing Salon.com.” The other options are to…
US and UK government websites have been hit by malware mining Monero.
Government websites in the US and UK, including that of the UK Information Commissioner’s Office (ICO), have been hit by malware designed to mine cryptocurrency.
According to security researcher Scott Helme, the security breach resulted in over 4,000 sites serving up the malicious code.
Others affected include the UK Student Loans Company (SLC), National Health Service (NHS) Scotland, and the Queensland government portal in Australia.
The compromised plugin is called Browsealoud, which helps visually impaired people to access text on websites. The malware uses a site visitor’s own processor to mine for the Monero cryptocurrency.
Helme was made aware of the hack by fellow security specialist Ian Thornton-Trump, who discovered that the ICO’s website was hosting the malware.
Four-hour window of opportunity
Texthelp, the company that makes the plugin, reported that its product was infected for four hours, according to a blog post by security firm Wordfence. Browsealoud was taken offline as soon as the problem was spotted.
In his own blog post, Helme said that the script for the Browsealoud plugin, ba.js, was altered to include the Coinhive cryptocurrency miner, which targets Monero.
“If you want to load a cryptominer on 1,000+ websites, you don’t attack 1,000+ websites, you attack the one website that they all load content from,” he said.
“In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”
In a statement, Texthelp data security officer Martin McKay said, “Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline.
“This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action. Texthelp can report that no customer data has been accessed or lost.”
He added that a security review would be conducted by a specialist independent consultancy. That investigation is still ongoing, and customers will receive an update when it has been completed.
Internet of Business says
As this ‘supply chain hack’ reveals, the downside of an interconnected world is that security problems can spread worldwide in seconds. This will be a major issue in the years ahead for the IoT, unless smart device manufacturers put enterprise-grade security programmes in place to match the reactive security programmes that have been developed over a quarter century of online business.
The post WordPress plugin hacked to mine cryptocurrency: government, ICO, NHS sites hit appeared first on Internet of Business.
UNICEF has launched a new fund-raising project in the same vein as SETI@Home and Einstein@home, but with a cryptocurrency spin. In an effort to raise money for the children in war-torn Syria, the organization is asking gamers, eSports fans and anybod…
Engadget RSS Feed
The world’s largest floating solar farm, sitting on a lake that used to be a coal mine, is China’s latest effort to showcase its commitment to renewable energy. With a 166,000 panels and a total capacity of 40 megawatts, the solar farm can produce enough energy to power 15,000 homes, the South China Morning Post reports.
While it still consumes a lot of oil, coal and natural gas, China is experiencing an unprecedented solar boom. As of November 2017, solar PV accounted for 126 gigawatts, a spike of 67 percent compared to the same time in 2016. Crucially, the country is also trying to move away from highly polluting sources of energy, which are estimated to have contributed to 366,000 deaths in 2013 alone.
In its yearly overview of the world’s energy markets, the International Energy Agency (IEA) finds that China is entering a new phase of its economic development, moving away from heavy manufacturing and other carbon intensive industries. Ambitious investments in clean energy projects such as the floating solar farm, located in the coal-rich Anhui province, are part of the same overarching effort to clean up the Chinese economy.
Sitting on a Coal Mine
Building solar farms over water has the benefit of not interfering with terrestrial ecosystems, preserving wildlife and local vegetation. Additionally, placing panels on water keeps them cool and helps maintain efficiency because the cells don’t overheat.
This type of creative solutions is part of a growing trend. Worldwide, governments are investing to make obsolete sites useful once again. Another example can be found in Ukraine, where a solar farm is being built at the Chernobyl nuclear disaster site.
Investing in solar and renewable energy sources is a major step forward for the world’s biggest polluter, but China still has a long way to go before becoming the climate champion it wants to be. With a population of nearly 1.4 billion, dropping coal is a monumental task that is going to take many years. So, as clean energy continues to rise, China, as well as the rest of the world, will need an array of technologies — including carbon capture and storage — to offset their emissions.
The post China Has Built a Huge Floating Solar Farm on Top of a Deserted Coal Mine appeared first on Futurism.
Did you know that your browser can be tricked into mining cryptocurrency like BitCoin without your knowledge? Apparently, there are scripts floating around out there on various servers and website plugins that can hijack your web browser and use its…
Engadget RSS Feed