browsealoud   17

Thousands of websites hijacked by hidden crypto-mining code after Browsealoud hacked
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.
browsealoud  accessibility  http  sri  coinhive  monero  hacks  ico  nhs 
12 days ago by jm
Protect your site from Cryptojacking with CSP + SRI
If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from. In this case it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed. The offending asset can be found here (https://www.browsealoud.com/plus/scripts/ba.js) for the duration it remains but here is the snippet that matters.
cryptojacking  browsealoud  ba.js 
13 days ago by vielmetti
Energy Rating
w00t! and our Energy Rating site get mentioned by Jacqui Van Teulingan at
ozewai  BrowseAloud  from twitter_favs
december 2014 by jod999
TextHelp Demo - Floating toolbar for HTML
A further advantage to publishers with Lexiflow is that the system provides a cost- effective, accessible solution, that includes royalty-free, high-quality voices and a simple cost per title licensing fee.
texthelp  publishers  lexiflow  browsealoud  accessibility  vendor  508 
april 2007 by ajfrosty
Accessify Forum: Speech enabling websites?
The original kerfuffle. They've got much better in the interim, it seems.
browsealoud 
june 2006 by pauldwaite
All aboard the PAS 78 gravy train - The Web Standards Project
A guy from the Browsealoud people got back to Patrick, though, so they're looking a bit better.
accessibility  pas78  browsealoud 
may 2006 by pauldwaite

related tags

508  access  accessibility  ba.js  bitcoin  blues  choices  code  coinhive  cryptojacking  cryptomining  csp  disability  free  hacks  http  ico  industrial_control_systems  injction  lexiflow  magazine  malware  monero  netvouzimported  netvouzpublic  newstatesman  nhs  ozewai  pas78  pinterest  plugin  publishers  radiflow  security  snippet  speech  sri  statesman  testtools  texthelp  the  uk  vendor  | 

Copy this bookmark:



description:


tags: