Posts Tagged ‘javascript’

Who And What Is Coinhive?

Saturday, May 5th, 2018

With the value of cryptocurrencies skyrocketing, hackers are continuously seeking means to exploit web services owned by businesses. In this brouhaha, no one is spared. Government-owned websites and cloud service providers like Amazon and even yours could be hijacked by a cryptocurrency miner to mine currencies for free. There are many ways hackers are going about the cryptocurrency gold mine, but coinhive will be the primary focus of this piece.

What is Coinhive?

Coinhive is a JavaScript cryptocurrency miner that has been continuously abused by hackers. Hackers exploit a vulnerability in a website such that every time someone views the site, it anonymously mines cryptocurrency by stealing the processing power of the web visitors. The cryptocurrency miner itself is a legitimate software but has unfortunately been abused by hackers who are looking to earn a living to the detriment of unknown persons.

The JavaScript cryptocurrency mining service depends on a small chunk of computer code, created to be installed on websites. It works by using the power generated from any browser visited, propelling the machine to mine Monero cryptocurrency. The general idea of this software release was a means for Web site owners to make a living without running into intrusive adverts. However, shortly after its official release, Coinhive has been ranked as a top malware threat.

What Happened?

Thousands of websites were hijacked by a cryptocurrency miner, making web visitors a tool to mine digital currencies. It was discovered that Coinhive was at the center of this misdemeanor. Mining cryptocurrencies consume a lot of power; so why absorb so much and pile your bills when you can have numerous people do the work for you? This was the case. The plugin allows websites to anonymously use visitor’s computing power, while they mine for the cryptocurrency. In this case, they mined monero and not bitcoin.

Why Monero, and not bitcoin, the King of cryptocurrencies?

Although bitcoin is the most sought after cryptocurrency, hackers prefer to mine Monero because transactions are virtually untraceable. Monero was created with the same purpose as Bitcoin where transactions occur without a central authority involved. Many people hold a common misconception or belief that bitcoin is an anonymous currency. This is the case. Balances and transactions are connected to the users’ wallet address. As such, operations can be traced to wallet addresses, making it easy to track down hackers or criminals.

It is the contrary case with monero. This cryptocurrency has a more significant anonymity signature. Unlike blockchain wallets, monero wallets are protected by viewkeys. It implies that only the owners have access to their transactions, making it a safer and more discreet option for hackers. There is no way a third-party can intercept transactions between two people.

Hacking Implications

This version of coinhive runs without your knowledge, draining your system’s battery. It works in the background without notifications or permissions from whoever. Aside from wasting your system’s battery, what other implications are there for it? As earlier stated, mining digital currencies consume a lot of power and so can put your system in harm’s way without you detecting the cause of the problem. Some of the implications include:

  • Affecting your machine’s performance, making it run slower than expected. When the fans are kicking, and hardware is working more than usual with the CPU operating more intensively than usual, the machine is bound to fail.
  • Damaging your device. Running at full speed all the time is not ideal for a machine, so you should be careful.
  • Outrageous power consumption, which will make your electricity bill to skyrocket. This, in fact, is the principal reason hackers install these plugins to mine their digital currencies for them.

Worst of all, you don’t get to see the money because the hackers are diverting the currencies. In other words, you are an anonymous making machine for some unknown persons. They use your system and your power and still take the proceeds, leaving you with more bills to pay.

Is there a permanent Solution?

Hackers rely on loopholes in the system to perpetrate mayhem. The reason why government own websites were hacked is that they noticed a vulnerability or inadequacies in the system. A lot of people do not bother to protect their sites from internet fraudsters. It’s a wakeup call for website owners. The easiest way out is to install antivirus software or antimalware programs.

Regardless of how tech-savvy you are, you must ensure your system is equipped with a suitable antivirus software to protect you from hackers. Remember they use the backdoor to install the JavaScript plugin, working in the background, so you don’t notice. An excellent antivirus tool will detect the spyware, notify you with popups so you can proceed to block them from accessing your computer system.

Does Coinhive Benefit from The Hack?

This JavaScript cryptocurrency miner appears to benefit from the hack. It takes a 30% share off whatever amount that is mined using its code. Although It was not intended to be exploited, coinhive automatically takes a percentage every time an amount is mined regardless of whether the site gave its authorization or not.  The code has a unique cryptographic key that indicates the user to receive the other 70%. Little wonder why coinhive has been reportedly slow to act.

What Measures Have Been Taken?

Coinhive accepts complaints reporting abuse from but ignores grievances that do not come hacked websites owners. However, they respond to abuse complaints by nullifying the key tied to the abuse, and this does not issue a lasting solution. Instead, it begins to keep 100% of the digital currency linked to that account. The only person losing out is the hacker and you. According to Mursch, invalidating a key does not automatically disrupt the mining process. The code keeps running in the background and coinhive takes it all, leaving the hacker with nothing. In simpler terms, the problem remains the same- your system is still running at risk, and you still have a pile of electricity bills to pay.

As the case may be, coinhive claims that the organization is working to fix the current situation. It stated in an email that a user cannot delete a site key and that they were currently working on a mechanism to disseminate the invalidation of a key to their WebSocket servers. In response to the criticism, it released a code called “AuthedMine” which will prompt miners to seek authorization from website owners before running the cryptocurrency mining script.

What is Node.js?

Tuesday, March 27th, 2018

JavaScript has been around since 1995 and since then has become one of the better known if not the most popular languages for web development. Since JavaScript is one of the older languages, in its infancy it was mainly used within the browser on the client-side inside <script> tags.

Needless to say, this limited what could be done with JavaScript. This meant that developers were working using different frameworks and languages when developing the backend and frontend of web applications which just didn’t perform well enough in real-time situations. Before Node.JS most browsers read JavaScript inefficiently, to say the least. Whenever any piece of code with JavaScript was called the code would have to read and interpreted one at a time which was very slow. The long load times made using JavaScript more of a hassle since the browsers were responsible for converting it into machine language so that the processor could understand it. But all of this changed back in 2009 with the launch of Node.js.

What Is Node.Js & Why Is It Such A Big Deal?

Node.js is an application runtime environment that allows you to write server-side applications in JavaScript that run directly from the computer. Node.js uses Google Chrome’s ultra-fast V8 execution engine that lets it read and execute JavaScript code very fast.
When compared to Ruby, Python, or Perl Node.js makes using JavaScript faster while its event-driven model makes it the perfect choice for real-time applications. Node.js allows JavaScript that previously required a browser to interpret it to be directly executable as a computer process itself making it much faster, sustainable as well as more functional.

Thanks to its event-driven and non-blocking I/O model. Node.js allows you to handle asynchronous JavaScript code that lets you read and write code to perform a variety of activities that execute concurrently such as managing connections with database servers, handling web server requests, updating data in real time and many more that make it a great choice for developing online applications.

Due to its efficiency in handling scalable and real-time situations, many major companies are making the switch to it. To make developing in Node.js even better, it’s lightweight, versatile and lets you use JavaScript on both the frontend and backend that great increases development potions as well as giving your flexibility.

In summary, Node.js can be used to write server-side applications with access faster and more efficiently than other languages while using the operating system, file system, and everything else you need access to develop a working, efficient and reliable application. But when and what can you use Node.js for?

What Can Node.Js Be Used For?

As mentioned before in the past few years, Node.js has become one of the most well-known and widely used languages for web development. Its uses are truly far-ranging and agile which is why we’re seeing more and more major companies like PayPal and LinkedIn making the jump to Node.js.

Both these companies have been using Node.js to build consumer-facing side of their web applications as well as the server side of their mobile apps to show real-time changes. Its massive scale and ability to run in parallel with other services enables it to work in almost any kind of environment. But what does this mean for developers and consumers?

For Real-Time Applications

Node.js shines the brightest when it’s being used for real-time applications. Any applications that needs to process messages in low latency can easily be developed in Node.js with exceptional stability, speed, and performance. Take applications like Trello or Google Docs for example. When working on a document you can see the changes that are being made by another user and add your own changes in as well as the same time. It facilitates collaboration and allows for true interactivity when working on projects.

Online Browser Games

One of the most surprising and revolutionary new uses of Node.Js are online games that are played in real time with thousands if not millions of people from around the world. If you’ve played one of the many online browser-based games today, then you’d be surprised to find that Flash, Java, or Shockwave games have been completely replaced with better, faster and more complex Node.js based games. IO games are a fine example of just how efficient and scalable browser-based games have become thanks to Node.js.

Developing A User Interface

Netflix is one of the biggest and well-known sites online. To improve the speed and performance of their site and app they developed the whole user interface is built with Node. The result was a much faster, lighter and modular application that reduced startup time of the app by 70%! When implemented correctly. This is one of the many examples of sites and applications that have successfully improved the user experience with a gorgeous, fast and lightweight user interface.

When it comes down to it, Node.js is easy to implement not only in real time web applications but also for site and application development. Thanks to its increasing popularity, we’re sure to see even more amazing uses of this developing language.

Random Password Generation Using JavaScript and PHP

Thursday, September 4th, 2014

If you are a web developer you may have used random password generation many times on user registration forms. Many websites doesn’t allow users to enter their own passwords upon registering new accounts. For example you can see that in WordPress powered website.

We can use this random password generation technique instead of using activation emails. All we have to do is, just allow users to enter username and other details (if necessary) on registering new account. Then do a random password generation automatically and send it to users email. If that was a spam user they will not be able to login without getting password form their email.

As a web developer I also had used random password generation many times during my web development works. Usually we do that upon considering security of the website.

Today I am going to show you random password generation in front end using JavaScript and at back end using PHP.

Random Password Generation at Front End Using JavaScript

This is the case where we do random password generation from our browser itself. As we all know JavaScript runs on your browser. So in this case we use JavaScript for random password generation. We are using JavaScript because it is very easy to implement and we don’t have to send any request or we don’t have to do any page reload.

In some case you may need to show a button to user to do random password generation. In this case this method can be used. Also using this method you can add random password as a hidden field and send to server.

Warning : Generating random password at front end is not safe since anyone can see that password if they want to.

Just one line of JavaScript code is enough for random password generation. Use following code to generate random password.

var pass = Math.random().toString(36).slice(-8);

That code will generate a 8 digit random password. You can even show that to user using jQuery or even JavaScript. So if you want to show random password when user clicks on a button just check these codes.

//add html form
<input type="text" id="password" value="">
<button id="generate">generate</button>

<script type="text/javascript">
//using jquery to run this on click
$('#generate').click(function() {

//generating random password using javascript
var pass = Math.random().toString(36).slice(-8);
$('#password').val(pass);
return false;
});
</script>

Note : If you are using this jQuey code to fll the text box with random password then you should also load jQuery library along with these code.

Random Password Generation at Back End Using PHP

This is the best and secure method for random password generation. User will not see generated password since it runs at back end. Using this method you can block spam too.

Here we use PHP for random password generation. We assign one random password to a variable here. Then you can do what ever you want to do with that. Just use below code, and that will generate a random string on each requests.

$password = random_string(‘alnum’, 10);

As you can see random password will be stored to a variable $password. You can use $password to get that value. just try below code to see this in action.

<?php
//generate password
$password = random_string('alnum', 10);
//show password
echo $password;
?>

Note : You can change the length of the password by adjusting the value on the code. Here as you can see it will generate a 10 alphabet password.

This is how I do random password generation always ;). You have got any other methods? Just share with us. Use comments or contact form to add your codes and opinion. Thanks for reading BTW. 🙂