The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.
Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms—including Magento, Joomla, and Drupal—are also being hacked in large numbers to run the Coinhive programming interface.
Earlier this month, political fact-checking site hosting Coinhive scripts in a way that exhausted 100 percent of visitors computing resources. A PolitiFact official told Ars the incident occurred when “an unidentified hacker attached a crypto mining script to the PolitiFact code base being stored on a cloud-based server.” The code has since been removed and was active only when people had a window open in their browser.was found
Don’t look, don’t tell
Coinhive presents its service as a way end users can support sites without viewing online ads, which are often criticized for containing malware that surreptitiously infects visitors with ransomware, password stealers, and other malicious wares. And in fairness, the service only consumes 100 percent of a visitor’s computing resources when the Coinhive’s interfaces are being abused. Still, Coinhive doesn’t require third-party sites to tell visitors their computers and electricity are being consumed in exchange for visiting the site. Coinhive has also done nothing to prevent sites from abusing its programming interface in a way that completely drains visitors’ resources.
Ad blocker AdGuard recently reported that 220 sites on the Alexa top 100,000 list serve crypto mining scripts to more than 500 million people. In three weeks, AdGuard estimated, the sites generated a collective $43,000. Both AdGuard, antimalware provider Malwarebytes, and a variety of their peers have recently started blocking or restricting access to Coinhive crypto mining. Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote:
Coinhive’s massive Web audience isn’t lost on other companies. Collin Mulliner, a security researcher and developer of TelStop, said he recently received an e-mail from a startup called Medsweb inviting him to integrate a Monero miner into his creation. “If your app is deployed on thousands/millions of devices, you can monetize it with monero mining and earn really huge income,” the unsolicited e-mail stated. “We manage all the complexity of backend servers and mining operations and you get a really simple control panel to monitor your hashrate and earnings.”
Malwarebytes noted that Coinhive recently introduced, a service that requires third-party sites received explicit permission of end users before using their computers to mine digital coins. But the antimalware provider went on to point out that remains active and continues to require no end-user notice at all. As the recent discovery of the Android apps and the more than 500 hacked websites makes clear, Coinhive continues to turn a blind eye to the abuse of its service in much the way adware providers did in the early 2000s.
The latest Windows 10 build, today’s 16232, contains a few new security features. In addition to the richer control over exploit mitigation that Microsoft announced earlier this week, the new build also includes a trial of a new anti-ransomware capability.
The long-standing approach that operating systems have used to protect files is a mix of file ownership and permissions. On multi-user systems, this is broadly effective: it stops one user from reading or altering files owned by other users of the same system. The long-standing approach is also reasonably effective at protecting the operating system itself from users. But the rise of ransomware has changed the threats to data. The risk with ransomware comes not with another user changing all your files (by encrypting them); rather, the danger is that a program operating under a given user’s identity will modify all the data files accessible to that user identity.
In other words, if you can read and write your own documents, so can any ransomware that you run.
Microsoft’s attempt to combat this is called “Controlled folder access,” and it’s part of Windows Defender. With Controlled folder access, certain directories can be designated as being “protected,” with certain locations, such as Documents, being compulsorily protected. Protected folders can only be accessed by apps on a whitelist; in theory, any attempt to access a Protected folder will be blocked by Defender. To reduce the maintenance overhead, certain applications will be whitelisted automatically. Microsoft doesn’t exactly specify which applications, but we imagine that apps from the Store would automatically be allowed access, for example.
In principle, this should impede the ability of ransomware to encrypt user data. In practice, we’ll have to see just how robust Controlled folder access is. To be effective, such a safeguard would need, for example, to prevent malicious Word macros from accessing a Protected folder, even though Word itself should be allowed to read and write to the Documents directory. If ransomware can readily get a trusted application to do its dirty work for it, the protection will likely be circumvented sooner rather than later.
In the new build, Application Guard for Edge—the new system for running Edge in a special virtual machine to protect the operating system from browser-based flaws—also takes a big step forward in usability. Previously, these virtualized Edge sessions were ephemeral, with no ability to, for example, store cookies or passwords or create bookmarks. This was useful for visiting highly suspect sites, but it made the feature less than practical for routine browsing.
In today’s Windows build, a separate set of persistent data is now maintained for the virtualized browser sessions. This allows a much more normal browsing experience while still offering the safeguards that virtualization provides
I see more people cutting the cable now than I ever imagined would.
The cable TV business is in trouble—in fact, it is “failing” as a business due to rising programming costs and consumers switching from traditional TV subscriptions to online video streaming, according to a cable lobbyist group.
“As a business, it is failing,” said Matthew Polka, CEO of the American Cable Association (ACA). “It is very, very difficult for a cable operator in many cases to even break even on the cable side of the business, which is why broadband is so important, giving consumers more of a choice that we can’t give them on cable [TV].”
Polka made his comments in an episode of C-SPAN Communicators that is airing this week, though it was recorded in April. Video is available here.
The ACA represents about 750 small and mid-sized cable operators who serve about seven million customers throughout the US. The ACA has also been one of the primary groups fighting broadband regulations, such as net neutrality and online privacy rules, and a now-dead set-top box proposal that would have helped cable TV subscribers watch the channels they subscribe to without a rented set-top box.
Cable “isn’t what it used to be”
“The cable business isn’t what it used to be because of the high costs,” Polka said, pointing to the amount cable TV companies pay programmers for sports, broadcast programming via retransmission consent fees, and other programming.
When asked about cord cutting, Polka said, “it’s the video issue of our time as consumers learn they have choice” from services like Netflix, Hulu, and Amazon Prime.
“It gives consumers more choice, something that they’ve wanted for a long time, more control from the bundle of cable linear programming,” Polka said. “Our members, however, I think are very aggressive in how they are trying to provide consumers that they serve with more choice through on-demand [channels], through availability of over-the-top services, making sure that their broadband plan is fast enough to support a consumer’s video habits. So, yes, it’s a thing that’s happening today, cord cutting, cord shaving. But as an industry, our members are well primed to be able to serve their customers with their broadband service that allows them to consume the video they want.”
Video is “certainly our worst product”
That’s one reason cable companies in the ACA see broadband as “their future,” Polka said.
A cable company executive who appeared alongside Polka on the C-SPAN show echoed those comments.
Video is “certainly our worst product,” said Tom Larsen, senior VP of government and public relations for cable company Mediacom. “It makes the least amount of money.”
Larsen is also an ACA board member. Mediacom is the US’ fifth biggest cable company, though its 832,000 video subscribers are a fraction of Comcast’s 22.5 million. “We used to be the eighth biggest [cable company in the US], but because of all these mergers and acquisitions we keep moving up without doing anything,” Larsen said.
The pay-TV market lost about 410,000 subscribers in Q1 2017, “the first time that the industry has ever had net subscriber losses in the first quarter of a year,” Leichtman Research Group reported last month. The top pay-TV companies across the cable, satellite, and telco industries still account for 93.3 million video subscribers.
While broadband subscriptions are growing, video customers are leaving because of rising prices and online video competition, Larsen said. But historically, video has “always been a big revenue driver for us” and has “paid in a lot of ways for the network that is able today to deliver broadband. So we’re not ready to abandon it yet.”
High prices, low customer satisfaction
Basic-cable TV prices have been rising faster than inflation for 20 years, according to Federal Communications Commission data. The fact that cable companies rarely compete against each other directly in cities and towns helps them keep prices high, and customers have begun filing lawsuits over “broadcast TV” and “regional sports” fees that push cable prices above the advertised rates.
Pay-TV and Internet service providers rank last among 43 industries tracked by the American Customer Satisfaction Index (ACSI), suggesting widespread consumer dissatisfaction.
Even the biggest cable companies complain about programming costs. But Polka said it’s “very fair” to say that, because of economies of scale, Comcast and Charter can deliver programming more cheaply than the small cable companies in the ACA. (Comcast also owns much of the programming it delivers over its cable TV system, such as NBC and various regional sports networks, and it charges other cable operators for the right to air that programming.)
Cord-cutting has also hurt programmers such as ESPN, which has lost millions of subscribers and is laying off many on-air personalities.
The ACA has complained repeatedly about broadcasters demanding higher retransmission consent fees from small cable companies than from big ones. TV channels are often blacked out when cable companies refuse to pay the broadcasters’ price (even though they’re available for free with an antenna). Last year, the Federal Communications Commission decided not to step up its oversight of contract disputes that sometimes take these channels off cable systems.
“What happens in the video marketplace is the big [cable companies] get the best prices and the programmers look to the littlest guys to make up the difference, so our price will disproportionately get higher,” Larsen said. “So the markets we serve, which are traditionally small, rural markets, will pay more than an urban market. It’s kind of a different digital divide. It’s a pricing divide.”
In negotiations, broadcasters “pretty much have the leverage because they can simply black out their stations,” Larsen said.
Larsen and Polka both praised the FCC’s new Republican leadership for taking a deregulatory approach to broadband. But Larsen said he doesn’t expect the FCC to take any major action on TV blackouts. “I think, short of some major marketplace event, I don’t see the new chairman doing anything about that issue,” Larsen said.
The National Association of Broadcasters argues that cable companies “are simply attempting to avoid fairly compensating broadcasters, who produce the highest-rated content on television.” The association says the government shouldn’t intervene in contract disputes.
Replacing your leased modem and routers from Spectrum/Brighthouse in most cases fixes the rebooting issues that started when Spectrum came to town.
Lower your monthly bill by having equipment you install and control instead of paying monthly fees for cheap buggy outdated hardware from the cable company.
Packages start at $140, all inclusive. (labour, equipment, taxes)
They did this to me. I have a feeling they are doing this to nearly everyone. This on top of the fact that they charged me for upgrades that Brighthouse had given me for free without my knowledge. And the service has become terrible. My cable modem reboots throughout the day now and I haven’t been able to log into any wifi hotspots since the changeover.
Lara Bartelds has no beef with a broadband company charging customers a one-time activation fee for brand-new service.
But what happens when Spectrum is the new guy on the block and connects its network to the thousands of Tampa Bay customers the company inherited last year when it acquired Bright House Networks?
In Bartelds’ case, she still got charged a new customer wifi activation fee.
Spectrum’s response Wednesday: Oops, our bad.
Bartelds, 41, a Feather Sound resident in Clearwater, noticed a one-time “wifi activation” fee on her December Spectrum bill and twice called customer service demanding an explanation. She said Spectrum told her this was the charge customers must pay after its parent company, Charter Communications, bought Bright House last May.
Spectrum said the charge was a mistake, not policy, and waived the fee for Bartelds. But four additional Spectrum customers contacted the Tampa Bay Times after it posted a story about Bartelds saying they, too, were charged a wifi-connection charge on their December bills. All said they first signed up for Bright House Internet service years ago and their accounts were assumed by Spectrum.
“I didn’t connect with them, they connected to me,” said Bartelds, who works as a software technical analyst. “It wasn’t my option to go from Bright House to Spectrum. It was their choice to buy Bright House. We’re being penalized for their buyout.”
Max Perez said he and his mother, Rosa Perez, 82, both of Tampa, saw the wifi-connection fee on their separate bills in December.
“My mom’s on Social Security and every dollar counts,” Perez said. “Spectrum said its computer system would not allow them to waive the fee. So I gave my mom $10 and said, ‘Here, mom. Just pay it.’ ”
Tammy Sassin, a commercial real estate broker from Lutz, said she, too, was charged a $9.99 wifi fee in December, though she first signed up for Bright House Internet more than a decade ago.
“Mistake?” Sassin said. “No, no, no.”
Though the Bright House acquisition was finalized last May, Charter did not begin rolling out its Spectrum brand locally until November, which might account for why such a charge has only recently appeared on bills.
Spectrum spokesman Joe Durkin said the fee should not apply to customers the company inherited from Bright House who already had Internet service. He said Spectrum is reviewing cases the Times has brought to its attention to see if the charges were appropriate.
Durkin said the company was investigating the issue but thought any mistaken billings would have been very limited.
“As you know, we’ve said from the beginning that Bright House legacy customers aren’t going to see any change in their service or price package,” Durkin said. “We have over a million customers in the Bay area, so this doesn’t look like a widespread issue.”
Frontier Communications, which acquired Verizon’s TV, Internet and landline phone business last year, said it does not charge the customers it inherited any connection fee. Frontier spokeswoman Brigid Smith defended her company’s rival, saying she was skeptical it was Spectrum policy to charge any such fee to existing customers.
“We don’t want to push (Spectrum) under the bus,” Smith said.
Bartelds, however, said she remains skeptical that Spectrum wasn’t trying to sneak a charge by her.
“Their customer-service representatives were dismissive of me,” she said. “A lot of people don’t notice these kinds of charges. I think Spectrum was hoping we’re just not paying attention to our bills.”