Cryptocurrency mining, the process of providing book keeping services to crypto currency networks in exchange for payment has moved from PC’s to warehouses of dedicated ASIC computing devices. A new approach is to distribute the processing over thousands of unsuspecting web users:
A new report suggests hundreds of websites have taken The Pirate Bay’s lead and are now using visitor PCs to mine cryptocurrency without the consent of users.
A month or so ago, torrent search website The Pirate Bay raised concern among the community as visitors noticed their CPU usage surged whenever a page was opened.
At first, some worried that malvertising or embedded malware was at play; however, when the domain’s operators realized the game was up, they admitted the power surge was due to a “small experiment” in cryptocurrency mining.
Cryptocurrency, such as Bitcoin or Monero can be “mined” and acquired through computational power. If enough PC owners donate power, then mining can be a way to rake in revenue.
In The Pirate Bay’s case, the website’s operators were experimenting with a mining script from CoinHive which hunted for Monero. The trial was explained as a potential way for the website to run for free, without needing to rely on adverts.
It seems this idea has now taken root in other websites, too.
According to a new report from Adguard, in a matter of weeks, 2.2 percent of the top 100,000 websites on the Alexa list are now mining through user PCs.
In total, 220 sites that launch mining when a user opens their main page, with an aggregated audience of 500 million people.
Read the rest of the article at ZD.net by clicking here.
It was a quiet morning here until a customer let us know that one of their users encountered a “Certificate Error” while accessing their site. I immediately checked our AutoSSL configuration in WHM to see if we had a problem brewing.
Nope. All looked good.
I asked for a screenshot of the error. It revealed the source of the problem: an old version of Windows XP and Internet Explorer 8. In my case, we use SSL certificates from Let’s Encrypt – pretty much the standard around cPanel installations. Not every OS/Browser combination is compatible with these or any other certificates. From the Let’s Encrypt website:
- Mozilla Firefox >= v2.0
- Google Chrome
- Internet Explorer on Windows XP SP3 and higher
- Microsoft Edge
- Android OS >= v2.3.6
- Safari >= v4.0 on macOS
- Safari on iOS >= v3.1
- Debian Linux >= v6
- Ubuntu Linux >= v12.04
- NSS Library >= v3.11.9
- Amazon FireOS (Silk Browser)
- Cyanogen > v10
- Jolla Sailfish OS > v188.8.131.52
- Kindle > v3.4.1
- Java 7 >= 7u111
- Java 8 >= 8u101
- Blackberry >= 10.3.3
- PS4 game console with firmware >= 5.00
- Blackberry < v10.3.3
- Android < v2.3.6
- Nintendo 3DS
- Windows XP prior to SP3
- cannot handle SHA-2 signed certificates
- Java 7 < 7u111
- Java 8 < 8u101
- Windows Live Mail (2012 mail client, not webmail)
- cannot handle certificates without a CRL
- PS3 game console
- PS4 game console with firmware < 5.00
However – there is another wrinkle to this. NO Windows XP system, even running SP3 supports Server Name Indication (SNI). SNI allows multiple domains on one IP address to support HTTPS browsing. If SNI is in use, XP machines can only connect to the first domain added in AutoSSL without generating an error.
Generally it’s safe to tell users blocked by these issues to click past the warnings and continue to the site.
We explain to clients that it’s more important to support users of Google than Windows XP pre-SP3. Frankly these old systems shouldn’t even be connected to the Internet as they are unsupported.
After 12 years, support for Windows XP ended April 8, 2014. Microsoft will no longer provide security updates or technical support for the Windows XP operating system. It is very important that customers and partners migrate to a modern operating system such as Windows 10.