Posts Tagged ‘javascript’

Who And What Is Coinhive?

Saturday, May 5th, 2018

With the value of cryptocurrencies skyrocketing, hackers are continuously seeking means to exploit web services owned by businesses. In this brouhaha, no one is spared. Government-owned websites and cloud service providers like Amazon and even yours could be hijacked by a cryptocurrency miner to mine currencies for free. There are many ways hackers are going about the cryptocurrency gold mine, but coinhive will be the primary focus of this piece.

What is Coinhive?

Coinhive is a JavaScript cryptocurrency miner that has been continuously abused by hackers. Hackers exploit a vulnerability in a website such that every time someone views the site, it anonymously mines cryptocurrency by stealing the processing power of the web visitors. The cryptocurrency miner itself is a legitimate software but has unfortunately been abused by hackers who are looking to earn a living to the detriment of unknown persons.

The JavaScript cryptocurrency mining service depends on a small chunk of computer code, created to be installed on websites. It works by using the power generated from any browser visited, propelling the machine to mine Monero cryptocurrency. The general idea of this software release was a means for Web site owners to make a living without running into intrusive adverts. However, shortly after its official release, Coinhive has been ranked as a top malware threat.

What Happened?

Thousands of websites were hijacked by a cryptocurrency miner, making web visitors a tool to mine digital currencies. It was discovered that Coinhive was at the center of this misdemeanor. Mining cryptocurrencies consume a lot of power; so why absorb so much and pile your bills when you can have numerous people do the work for you? This was the case. The plugin allows websites to anonymously use visitor’s computing power, while they mine for the cryptocurrency. In this case, they mined monero and not bitcoin.

Why Monero, and not bitcoin, the King of cryptocurrencies?

Although bitcoin is the most sought after cryptocurrency, hackers prefer to mine Monero because transactions are virtually untraceable. Monero was created with the same purpose as Bitcoin where transactions occur without a central authority involved. Many people hold a common misconception or belief that bitcoin is an anonymous currency. This is the case. Balances and transactions are connected to the users’ wallet address. As such, operations can be traced to wallet addresses, making it easy to track down hackers or criminals.

It is the contrary case with monero. This cryptocurrency has a more significant anonymity signature. Unlike blockchain wallets, monero wallets are protected by viewkeys. It implies that only the owners have access to their transactions, making it a safer and more discreet option for hackers. There is no way a third-party can intercept transactions between two people.

Hacking Implications

This version of coinhive runs without your knowledge, draining your system’s battery. It works in the background without notifications or permissions from whoever. Aside from wasting your system’s battery, what other implications are there for it? As earlier stated, mining digital currencies consume a lot of power and so can put your system in harm’s way without you detecting the cause of the problem. Some of the implications include:

  • Affecting your machine’s performance, making it run slower than expected. When the fans are kicking, and hardware is working more than usual with the CPU operating more intensively than usual, the machine is bound to fail.
  • Damaging your device. Running at full speed all the time is not ideal for a machine, so you should be careful.
  • Outrageous power consumption, which will make your electricity bill to skyrocket. This, in fact, is the principal reason hackers install these plugins to mine their digital currencies for them.

Worst of all, you don’t get to see the money because the hackers are diverting the currencies. In other words, you are an anonymous making machine for some unknown persons. They use your system and your power and still take the proceeds, leaving you with more bills to pay.

Is there a permanent Solution?

Hackers rely on loopholes in the system to perpetrate mayhem. The reason why government own websites were hacked is that they noticed a vulnerability or inadequacies in the system. A lot of people do not bother to protect their sites from internet fraudsters. It’s a wakeup call for website owners. The easiest way out is to install antivirus software or antimalware programs.

Regardless of how tech-savvy you are, you must ensure your system is equipped with a suitable antivirus software to protect you from hackers. Remember they use the backdoor to install the JavaScript plugin, working in the background, so you don’t notice. An excellent antivirus tool will detect the spyware, notify you with popups so you can proceed to block them from accessing your computer system.

Does Coinhive Benefit from The Hack?

This JavaScript cryptocurrency miner appears to benefit from the hack. It takes a 30% share off whatever amount that is mined using its code. Although It was not intended to be exploited, coinhive automatically takes a percentage every time an amount is mined regardless of whether the site gave its authorization or not.  The code has a unique cryptographic key that indicates the user to receive the other 70%. Little wonder why coinhive has been reportedly slow to act.

What Measures Have Been Taken?

Coinhive accepts complaints reporting abuse from but ignores grievances that do not come hacked websites owners. However, they respond to abuse complaints by nullifying the key tied to the abuse, and this does not issue a lasting solution. Instead, it begins to keep 100% of the digital currency linked to that account. The only person losing out is the hacker and you. According to Mursch, invalidating a key does not automatically disrupt the mining process. The code keeps running in the background and coinhive takes it all, leaving the hacker with nothing. In simpler terms, the problem remains the same- your system is still running at risk, and you still have a pile of electricity bills to pay.

As the case may be, coinhive claims that the organization is working to fix the current situation. It stated in an email that a user cannot delete a site key and that they were currently working on a mechanism to disseminate the invalidation of a key to their WebSocket servers. In response to the criticism, it released a code called “AuthedMine” which will prompt miners to seek authorization from website owners before running the cryptocurrency mining script.

What is Node.js?

Tuesday, March 27th, 2018

JavaScript has been around since 1995 and since then has become one of the better known if not the most popular languages for web development. Since JavaScript is one of the older languages, in its infancy it was mainly used within the browser on the client-side inside <script> tags.

Needless to say, this limited what could be done with JavaScript. This meant that developers were working using different frameworks and languages when developing the backend and frontend of web applications which just didn’t perform well enough in real-time situations. Before Node.JS most browsers read JavaScript inefficiently, to say the least. Whenever any piece of code with JavaScript was called the code would have to read and interpreted one at a time which was very slow. The long load times made using JavaScript more of a hassle since the browsers were responsible for converting it into machine language so that the processor could understand it. But all of this changed back in 2009 with the launch of Node.js.

What Is Node.Js & Why Is It Such A Big Deal?

Node.js is an application runtime environment that allows you to write server-side applications in JavaScript that run directly from the computer. Node.js uses Google Chrome’s ultra-fast V8 execution engine that lets it read and execute JavaScript code very fast.
When compared to Ruby, Python, or Perl Node.js makes using JavaScript faster while its event-driven model makes it the perfect choice for real-time applications. Node.js allows JavaScript that previously required a browser to interpret it to be directly executable as a computer process itself making it much faster, sustainable as well as more functional.

Thanks to its event-driven and non-blocking I/O model. Node.js allows you to handle asynchronous JavaScript code that lets you read and write code to perform a variety of activities that execute concurrently such as managing connections with database servers, handling web server requests, updating data in real time and many more that make it a great choice for developing online applications.

Due to its efficiency in handling scalable and real-time situations, many major companies are making the switch to it. To make developing in Node.js even better, it’s lightweight, versatile and lets you use JavaScript on both the frontend and backend that great increases development potions as well as giving your flexibility.

In summary, Node.js can be used to write server-side applications with access faster and more efficiently than other languages while using the operating system, file system, and everything else you need access to develop a working, efficient and reliable application. But when and what can you use Node.js for?

What Can Node.Js Be Used For?

As mentioned before in the past few years, Node.js has become one of the most well-known and widely used languages for web development. Its uses are truly far-ranging and agile which is why we’re seeing more and more major companies like PayPal and LinkedIn making the jump to Node.js.

Both these companies have been using Node.js to build consumer-facing side of their web applications as well as the server side of their mobile apps to show real-time changes. Its massive scale and ability to run in parallel with other services enables it to work in almost any kind of environment. But what does this mean for developers and consumers?

For Real-Time Applications

Node.js shines the brightest when it’s being used for real-time applications. Any applications that needs to process messages in low latency can easily be developed in Node.js with exceptional stability, speed, and performance. Take applications like Trello or Google Docs for example. When working on a document you can see the changes that are being made by another user and add your own changes in as well as the same time. It facilitates collaboration and allows for true interactivity when working on projects.

Online Browser Games

One of the most surprising and revolutionary new uses of Node.Js are online games that are played in real time with thousands if not millions of people from around the world. If you’ve played one of the many online browser-based games today, then you’d be surprised to find that Flash, Java, or Shockwave games have been completely replaced with better, faster and more complex Node.js based games. IO games are a fine example of just how efficient and scalable browser-based games have become thanks to Node.js.

Developing A User Interface

Netflix is one of the biggest and well-known sites online. To improve the speed and performance of their site and app they developed the whole user interface is built with Node. The result was a much faster, lighter and modular application that reduced startup time of the app by 70%! When implemented correctly. This is one of the many examples of sites and applications that have successfully improved the user experience with a gorgeous, fast and lightweight user interface.

When it comes down to it, Node.js is easy to implement not only in real time web applications but also for site and application development. Thanks to its increasing popularity, we’re sure to see even more amazing uses of this developing language.

CodeLobster PhP IDE Free version Review

Wednesday, October 5th, 2016

A good coding editor is a necessity when it comes to creating a website. Having a code editor or an Integrated Development Environment (IDE) essentially makes the entire task of website building less arduous, yet more efficient. But what should be given more thought is the choice of IDE to use when developing a website. In this article, we will look into one of the most trusted and free IDEs in the market, CodeLobster.

CodeLobster is a portable IDE that has three options: free, lite, and professional. In this review, we will look into the free option and its features to see just how useful this Codelobster’s free option is for programmers. Here are the most useful features of Codelobster.

  1. Code Highlighting – Depending on the coding language used, CodeLobster IDE highlights different codes such as HTML, CSS, PHP, Javascript as well as other mixed codes in the same file. For this feature, the user can also customize the color scheme used for different coding categories through the Preference option
  2. Autocompletion – Like other IDEs, CodeLobster also offers autocompletion option for HTML, CSS, PHP and Javascript. For faster coding, Codelobster also identifies the structure of the project and helps implement tags, functions, etc., for the supported coding languages.
  3. HTML and CSS Inspector- Codelobster uses an HTML and CSS Inspector such as Firebug to help users inspect the elements on a web page, as well as see the changes in real time.
  4. SQL Manager – This feature gives the user control in handling their database such as add, edit, delete, export or perform SQL queries.
  5. Debugger – CodeLobster’s free version comes with a thorough PHP debugger that runs the PHP script, line by line, to determine which parts of the code doesn’t operate as it should.
  6. FTP Support – This feature allows the user to work with a server to edit and implement the necessary changes to a file
  7. Context help – It supports all types of languages, and gives a short description about a tag or function. To enable this function, simply place the pointer on an element or press the F1 button.

Other features of CodeLobster’s free PHP IDE include pair highlighting, block selection, code folding, viewing of structure of files, split window, file explorer, bookmarks, previews in a browser, and a portable option for users who do not want to access the editor without installation.

CodeLobster’s Pro version, on the other hand, provides better support for developers who work with different frameworks. It supports Drupal CMS, Joomla, Smarty, Twig, JQuery library, AnguarJS, BackboneJS, MeteorJS, CodeIgniter framework, CakePHP, Laravel, Symfony, Yii and WordPress.

This PHP IDE also supports interface languages in English, German, French, Italian, Slovak, and many others. Overall, CodeLobster is a highly reliable IDE for web programming, especially for users who are looking for a product that has a lot of features without spending a lot, or in this case, without spending at all.

CodeLobster’s free option is considerably useful and dynamic due to its powerful features. It is also easy to upgrade with  Codelobster, from Free to Lite or Professional. Users who have downloaded the free version and want to get plugins for different popular CMS and frameworks can easily get another version by visiting the CodeLobster website.