The Pirate Bay recently made the news by mining the cryptocurrency Monero in users' browsers without their knowledge or consent. They did this in an effort to reduce their reliance on advertising, whose utility as a revenue-generator is increasingly being undermined by ad-blocking software.

Around the same time, CBS Showtime was maliciously compromised to likewise mine cryptocurrency in users' browsers, stoking fears that "cryptojacking" attacks will become commonplace in the future. Moreover, a new company called Coinhive began offering in-browser mining as a service, possibly furthering the likelihood of "legitimate" in-browser mining becoming mainstream.

In this article, I will discuss the pros and cons of these mining trends, and propose what I consider to be a superior alternative to this style of ad-hoc, in-browser mining.

Read More

The following article was published in 2600 magazine (Volume 30, Number 2) in Summer of 2013. It is republished here with permission.

Read More

I've been working on a tool that I call "Watchtower" for the last several weeks. Watchtower is a platform- and language-agnostic Static Code Analysis tool that can be used for code audits and incident-response.

Read More

I recently published a new plugin to the Wordpress.org Plugins Directory. I call it Foresight. It is available for download here:

http://wordpress.org/extend/plugins/foresight/

Foresight is a simple plugin that serves a simple purpose: it helps blog administrators to stay current on known exploits for Wordpress and for Wordpress plugins.

Read More

I enjoy using PHP for writing command-line applications. PHP's power and flexibility make it ideal, in my opinion, for writing both full-featured applications, as well as for use as a "glue language" for automating various system-administrative tasks. There's one area where PHP has traditionally fallen short in my mind, however - it lacks a good command-line option parser.

Read More