I agree - not very cool indeed. And it did happen to me with @dlive, but their post was received with welcome from me. Dsound should do the same
You are viewing a single comment's thread from:
I agree - not very cool indeed. And it did happen to me with @dlive, but their post was received with welcome from me. Dsound should do the same
Hey Paula, thanks for chiming in on this subject. I've been waiting for the week days to get a response from @prc, he might not be available, I suppose.
By the way, do you know perhaps where can I get some info on this external tool @dlive and possibly @dsound might be using that does this automatically?
I've done a short google search and can't find anything. But I'll keep at it, still.
It's just that this is kind of dangerous actually, from an #infosec point of view. There's been a wave of attacks on external libraries and modules that are not part of the internal code base of various websites. Much like the recent TextHelp attack discovered by Scott Helme(Twitter Link), a reputable security researcher.
Here's the article on TextHelp if you haven't heard of it:
https://scotthelme.co.uk/protect-site-from-cryptojacking-csp-sri/
In this specific case a crypto miner was running in the TextHelp JS library, leading to all the users visiting the thousands of web-sites using the library, mining an estimated $5000 worth of cryptos. This could have been way worse than just mining cryptos, btw.
In our case here at the steem-sphere, an attack like this could be used to hijack or steal some valuable accounts. So, whatever tool/library/module devs of these projects are using, I'd like to have a look at it, and others certainly more capable than me to do so as well.
So, if you have some info on this to point me in the right direction, I'd greatly appreciate it.
Cheers.