Information Technology (IT) | The Magpie Gazette

Just Say No

February 4, 2018 Techly DoRight

As if the lack of trust hadn’t sunk low enough between internet users, advertisers, and the websites which host advertisements, along comes cryptojacking, a method for either honestly or dishonestly using the computing power and electricity of internet users to mine cryptocurrency. Last week, users of YouTube in some countries noticed that their antivirus and antimalware programs were alerting them to code hidden in ads on YouTube which were enlisting their computers for cryptomining without their permission. Google, which administers YouTube, claims to have fixed the problem. Unfortunately, there are many small websites that don’t have Google’s Information Technology (IT) resources and may have been hacked and had cryptojacking code installed without their knowledge.

Cryptojacking sounds like it should be illegal, but oddly enough it is not. There can be repercussions such as blacklisting for hiding code in ads, and of course this sort of activity serves to push more people toward the use of ad blockers, which deplete the revenue of honest websites as well as dishonest ones. There are now outfits on the web, Coinhive being the most notable, which promote to website owners the idea of replacing ads altogether with a bit of JavaScript code on the website itself that will enlist the computers of visitors in mining Monero, a type of cryptocurrency that, unlike Bitcoin, doesn’t require high end equipment. Coinhive takes 30% of the resulting mining revenue, and the website owner gets 70%. Coinhive rather dubiously promotes this as a fair business model for the website owner in a time of declining revenue from ads, while not mentioning its relative fairness for the website visitor.

A mining farm of Genesis Mining in Iceland. These are mainly Zeus scrypt miners. 2014 photo by Marco Krohn. No subterfuge involved in this cryptocurrency mining operation. Note that because the calculations required to create the currency generate a lot of heat, there are fans at the ends of all the units.

As originally set up by Coinhive, the JavaScript ran without the internet user’s knowledge or permission. If an internet user visited a website running Coinhive‘s JavaScript code, and the user’s security software did not alert the user or block the code from running, the only indication the user had of being legally cryptojacked was how unusually busy their computer was and, when the electric bill arrived, how unusually high it was. Savvy computer users might also check running processes monitored by the task manager on their computer. But it’s a good bet that most computer users have no idea about task manager or where to find it on their computer. Some users don’t run any security software at all, or if they do, they misuse it. Running Coinhive software without the knowledge or permission of website visitors is sneaky at best, and more likely just plain unethical, and any arguments from Coinhive or anyone else that it is a fair replacement for ads is mere sophistry.

After some amount of pushing from internet users, Coinhive started offering an above board, opt-in type of cryptomining code so that website visitors knew what was being asked of them. Naturally that version has not proved popular with the website owners who partner with Coinhive because advising visitors of cryptomining activity only leads to the great majority of them declining to participate. People who are not computer savvy, when confronted with an option which will in all likelihood confuse and frighten them, will resort to the safest option and just say no. More computer savvy visitors will likely decide it’s not worth their while to have their computer slowed down to a crawl and their electricity bill hiked by a few dollars a month just to visit a website. Only the most indispensable websites could get away with it, and they are apt to have access to many other less complicated sources of revenue. Coinhive, meanwhile, continues offering the original, surreptitious version of its software.

Naturalist David Attenborough discusses brood parasitism among birds in this BBC wildlife segment.

The arms race between website owners and advertisers on one side, and website visitors on the other side, began when internet service was incredibly slow and most consumers had data caps. Ads, particularly Flash ads that jumped up and down to attract the visitor’s attention, slowed down internet service even more and sucked up the visitor’s limited data. Enter ad blockers. The thing about ad blockers, however, is that even though most of them offer users the ability to whitelist websites, most users are either unaware of that option or don’t bother to use it unless prompted by the website. Ad blockers often act effectively as blunt instruments then, punishing honest websites which display discreet, reputable ads in an above board manner, along with dishonest or careless websites which display gaudy ads that may or may not harbor malicious code. Like many other areas of life, on the internet a few bad actors can spoil the honest efforts of the majority of website owners. The answer to declining revenue from the arms race between advertisers and advertising blockers is not for website owners to get sneaky, however, which erodes trust, but to develop trust with their visitors and exercise restraint on their advertisers.
— Techly

Computers Advertisement Blockers, Advertisements, Advertisers, Antimalware, Antivirus, Birds, Bitcoin, British Broadcasting Corporation (BBC), Brood Parasitism, Coinhive, Cryptocurrency, Cryptojacking, David Attenborough, Flash, Genesis Mining, Google, Iceland, Information Technology (IT), Internet, JavaScript, Monero, Websites, YouTube

Your Bitcoin or Your Files

June 25, 2017 Techly DoRight

The WannaCry, or WannaCrypt, ransomware that attacked mostly networked computers running unpatched Windows operating systems last month did not affect many non-networked home computer users, but that doesn’t mean those users will avoid future attacks. The computers of home users are often just as vulnerable as those used by banks, hospitals, and other large institutions. They are less likely to be attacked only because they aren’t generally tied into a larger network and because loss of their data is not critical. Home users also have less money, or access to Bitcoin, than large institutions, making an attack on them not as worthwhile for hackers.

Cat using computer; photo by EvanLovely.

Any computer running any operating system connected to the internet is vulnerable to ransomware, malware, viruses, and a host of other exploits. Macintosh and Linux operating systems are partially less vulnerable than Windows, but not invulnerable. The same goes for the Android and iOS mobile phone platforms. Frequently updating an operating system with patches downloaded from the operating system provider is key to maintaining security. An equally important best practice is to avoid human error in daily computing, such as being wary of web links or attachments in suspicious emails, and even being careful of clicking on ads from unknown providers on sketchy websites. The internet is a teeming public square where pickpockets mix with everyone else, and where some side streets and alleyways lead to unwholesome places, increasing the likelihood of something bad happening.

All this seems like common sense and fairly common knowledge, so why are large institutions with professional Information Technology (IT) staff on hand nonetheless vulnerable to cybercrime exploits that home computer users who are conscientious about updating their software and careful when visiting the internet can usually avoid? Are the IT departments incompetent? The answer is they apparently do their best most of the time, like anyone else with a job to do, but their efforts are many times hobbled by that second factor mentioned above – human error. And the larger the organization and the more computers tied into the network, the greater the chances for one small human error to multiply throughout the organization. IT specialists are also hobbled by the unwillingness of higher ups to let go of outdated operating systems like Windows XP. The WannaCry ransomware targeted unpatched, networked Windows XP computers.

From Woody Allen’s 1969 movie Take the Money and Run, a job interview presumably for an IT position, with a nod to the old TV quiz show, What’s My Line?

Here we have blame enough to go around for everyone: from the executives who, whether out of cheapness or reluctance to overhaul their company’s computer systems, failed to modernize; to the IT specialists who, whether from incompetence or overwork, failed to install vital patches to an outdated operating system; to the end users or user sitting at a computer who, whether out of ignorance or foolishness, clicked on a malicious link or fell for a phishing scam, and then passed it on to co-workers. What made the WannaCry ransomware especially vicious was its ability to exploit the very minimum of human error in order to replicate throughout a network. Computer experts are still not certain of the attack vector WannaCry used to gain initial access. The patch Microsoft issued months earlier should nevertheless have protected Windows XP computers, human error or no.

1940 Oldsmobile Station Wagon advertisement. You rarely see Woodies like this on the road these days!

Windows XP was Microsoft’s most popular operating system ever, and it’s understandable many users are reluctant to let it go. There are a lot of reasons Microsoft has tried to move on from Windows XP, as popular as it remains, and at this stage those reasons, good or bad, believable or not, are beside the point. The fact is Microsoft is moving on. For computer users to cling to Windows XP at this point is like automobile fanciers who own vintage cars: Yes, having a fine old car can be engaging, but don’t expect there will be many qualified mechanics available to work on it, or driving it on interstate highways will be a safe and effective means of travel in the 21st century. Windows 10, the up to date model of Microsoft’s operating system, has plenty of faults, among them being a data hog that is far too chatty with its home base so that it can mine the user’s personal data for sale, a lesson Microsoft learned well from Google, but at least it’s safely built for travel on today’s internet, the information superhighway, as Al Gore called it. Drive safely.
― Techly

Computers Al Gore, Android, Attack Vector, Banks, Cats, Email, Google, Hospitals, Information Superhighway, Information Technology (IT), Internet, Interstate Highways, iOS, Linux, Macintosh, Mechanics, Microsoft, Oldsmobile, Operating System, Pickpockets, Ransomware, Station Wagon, Take the Money and Run, WannaCry, WannaCrypt, Websites, What's My Line?, Windows, Windows 10, Windows XP, Woodies, Woody Allen