frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Illicit crypto-miners pouncing on lazy DevOps configs leaving clouds vulnerable

https://www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/
34•rntn•1d ago

Comments

HenryBemis•1d ago
Apologies for the (not really) dark humor, but.. [0]. Focus on the cat, and replace the ill did described on the TV with 'higher cloud costs'

[0]: https://i.imgur.com/T8BmaVd.jpeg

hluska•1d ago
Maybe I don’t understand your sense of humour but it sure seems like you’re laughing at victims of a crime. That’s not funny.
southernplaces7•1d ago
Sure it is, sometimes at least, depending on who and how dumb the victims were.
HenryBemis•1d ago
I am obviously not happy that this happens/happened to people and they had to cough up large amounts of $$$ because they got hacked. If anything I'm in the profession Audit/Sec/GRC and VERY much against thieves.

The 'amusing' part is... since the first time I encountered "DevOps" I thought that it is a terrible idea (but what do I know...). There are some stupid buzzwords that became the norm and I thought they were moronic/creepy/dangerous form the fist time I heard them (and I was spot on). DevOps is one. It's like saying "someone eats swords for a living" and "that very someone pierced his stomach". I will feel sorry for the fella and will wish him speedy recovery, but I will whisper to myself "what a f... moron".

Also, due to my Audit/Sec/GRC background, I laugh when I read/hear such stories because "you auditors know shit, we don't need ITGCs" and plenty other stupid shit that I hear from Tech Bros. Well, how do you like them apples/ITGCs now??? So, don't try to bark at the one who laughs. Instead punch the moron who says "we don't need ITGCs, documentation, reviews, etc, they are a waste of time".

So.. sorry, not sorry (at all).

EDIT: as you can understand this is a sensitive topic for me, because ITGCs cause time/money, but hey, go ask those DevOps, (now) would they prefer to have ITGCs are X cost in time, or they prefer the loss? And seeing that they have BAD IT practices who will ever trust them again to do something right?

southernplaces7•1d ago
And of course you get downvoted, because if something abounds on this site's comment sections, it's utterly humorless pedants.
udev4096•1d ago
First rule of running any service is to not expose it blindly on the internet. If you do, have a goddamn auth in place. I see way better security practices on /r/selfhosted and /r/homelab than on some of these reckless companies.
latchkey•1d ago
These sorts of articles always seem suspect to me. Blame the miners is a great trope. There really aren't any valuable crypto's being mined on CPU/GPU any longer. After ETH switched from PoW to PoS, it decimated the whole mining industry. Nothing else has enough volume to really make a huge dent, so the incentive was destroyed. Sure a few people deep into it can make a few grand a day, but this isn't enough to drive a whole market.
buffalobuffalo•1d ago
Yeah i was wondering about that too. Even small cap PoW chains have dedicated mining hardware that is orders of magnitude faster than a GPU. I guess in theory it could work if you cobbled together enough hacked AWS accounts, but the scale required to make any sort of real profit would be gigantic. It just doesn't seem worthwhile.
latchkey•1d ago
Exactly. The problem is volume on exchanges to unload what you've mined. Some of these tokens only have a few thousand a day and any selling risks dumping the entire market. If you can steal the compute, sure, that is one thing, but it is very risky for not a huge payout.
gavinray•1d ago
I actually had this happen to my personal AWS account a month ago.

Someone had gotten ahold of one of my security keys and I stupidly didn't have 2-FA enabled.

They spun up dozens of EC2's with high-end GPU's mining crypto and managed to rack up a $600 bill before AWS flagged it and halted activity + contacted me by email.

I was surprised to learn that AWS support does not have any sort of automated tooling for large-scale service wipes. I asked them just to nuke any AWS service attached to my name, as I had no personal projects or databases I needed to keep.

They couldn't do this, and it was a lot of hand-cleaning and using some public tools from Github.

I refused to pay the $600 and now my AWS account is permanently closed.

Lesson learned: If you have your credit card attached to something, immediately enable 2-FA.

blacksmith_tb•1d ago
Also, never expect AWS support to actually help with anything around billing or account setup, I had to close out an org on a project that was EOL and it was like pulling teeth, their answer to every roadblock was "you should have known you'd need to have the credentials of your former employees, because we might have demanded their payment info too, as backup" etc. I ended up having to spin back up several email accounts so I could impersonate people who'd left years earlier, just to close their accounts (including add payment info to their accounts in order to close them... mind boggling).

FFmpeg merges WebRTC support

https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/167e343bbe75515a80db8ee72ffa0c607c944a00
727•Sean-Der•17h ago•155 comments

Air Lab – A portable and open air quality measuring device

https://networkedartifacts.com/airlab/simulator
47•256dpi•1h ago•15 comments

Cursor 1.0

https://www.cursor.com/en/changelog/1-0
360•ecz•12h ago•252 comments

A proposal to restrict sites from accessing a users’ local network

https://github.com/explainers-by-googlers/local-network-access
384•doener•15h ago•207 comments

Why I wrote the BEAM book

https://happihacking.com/blog/posts/2025/why_I_wrote_theBEAMBook/
499•lawik•22h ago•127 comments

Show HN: I made a 3D SVG Renderer that projects textures without rasterization

https://seve.blog/p/i-made-a-3d-svg-renderer-that-projects
121•seveibar•7h ago•17 comments

OpenAI slams court order to save all ChatGPT logs, including deleted chats

https://arstechnica.com/tech-policy/2025/06/openai-says-court-forcing-it-to-save-all-chatgpt-logs-is-a-privacy-nightmare/
757•ColinWright•11h ago•546 comments

Autonomous drone defeats human champions in racing first

https://www.tudelft.nl/en/2025/lr/autonomous-drone-from-tu-delft-defeats-human-champions-in-historic-racing-first
181•picture•13h ago•137 comments

A Spiral Structure in the Inner Oort Cloud

https://iopscience.iop.org/article/10.3847/1538-4357/adbf9b
85•gnabgib•9h ago•18 comments

Differences in link hallucination and source comprehension across different LLM

https://mikecaulfield.substack.com/p/differences-in-link-hallucination
41•hveksr•5h ago•17 comments

Prompt engineering playbook for programmers

https://addyo.substack.com/p/the-prompt-engineering-playbook-for
267•vinhnx•17h ago•97 comments

LLMs and Elixir: Windfall or Deathblow?

https://www.zachdaniel.dev/p/llms-and-elixir-windfall-or-deathblow
83•uxcolumbo•10h ago•12 comments

Apple Notes Expected to Gain Markdown Support in iOS 26

https://www.macrumors.com/2025/06/04/apple-notes-rumored-markdown-support-ios-26/
236•danso•14h ago•191 comments

parrot.live

https://github.com/hugomd/parrot.live
81•jasonthorsness•10h ago•17 comments

The iPhone 15 Pro’s Depth Maps

https://tech.marksblogg.com/apple-iphone-15-pro-depth-map-heic.html
277•marklit•15h ago•73 comments

Ada and SPARK enter the automotive ISO-26262 market with Nvidia

https://www.adacore.com/press/ada-and-spark-enter-the-automotive-iso-26262-market-with-nvidia
90•gneuromante•13h ago•48 comments

Tesla seeks to guard crash data from public disclosure

https://www.reuters.com/legal/government/musks-tesla-seeks-guard-crash-data-public-disclosure-2025-06-04/
288•kklisura•9h ago•170 comments

End of an Era: Landsat 7 Decommissioned After 25 Years of Earth Observation

https://www.usgs.gov/news/national-news-release/end-era-landsat-7-decommissioned-after-25-years-earth-observation
14•keepamovin•5h ago•2 comments

Authentication with Axum

https://mattrighetti.com/2025/05/03/authentication-with-axum
51•mattrighetti•9h ago•13 comments

A practical guide to building agents [pdf]

https://cdn.openai.com/business-guides-and-resources/a-practical-guide-to-building-agents.pdf
174•tosh•17h ago•22 comments

IRS Direct File on GitHub

https://chrisgiven.com/2025/05/direct-file-on-github/
557•nickthegreek•17h ago•237 comments

Not all tokens are meant to be forgotten

https://arxiv.org/abs/2506.03142
33•MarcoDewey•10h ago•10 comments

When memory was measured in kilobytes: The art of efficient vision

https://www.softwareheritage.org/2025/06/04/history_computer_vision/
103•todsacerdoti•16h ago•18 comments

Comparing Claude System Prompts Reveal Anthropic's Priorities

https://www.dbreunig.com/2025/06/03/comparing-system-prompts-across-claude-versions.html
60•dbreunig•11h ago•20 comments

Show HN: GPT image editing, but for 3D models

https://www.adamcad.com/
142•zachdive•17h ago•71 comments

PromptArmor (YC W24) Is Hiring in San Francisco

https://www.ycombinator.com/companies/promptarmor/jobs/hZ3xFlj-founding-engineer-full-stack
1•VikramJayanthi•10h ago

How we reduced the impact of zombie clients

https://letsencrypt.org/2025/06/04/how-we-reduced-the-impact-of-zombie-clients/
108•jaas•17h ago•16 comments

AGI is not multimodal

https://thegradient.pub/agi-is-not-multimodal/
146•danielmorozoff•18h ago•136 comments

Amelia Earhart's Reckless Final Flights

https://www.newyorker.com/magazine/2025/06/09/amelia-earharts-reckless-final-flights
76•Thevet•12h ago•92 comments

Old payphones get new life, thanks to Vermont engineer

https://www.core77.com/posts/137183/Engineer-Fixes-and-Re-Installs-Old-Payphones-Provides-Free-Calls-to-the-Public
95•surprisetalk•5h ago•48 comments