00:34:42 <jtgrassie> you sure about that? IIRC it inserts the miner id in the reserved extra space.
00:51:47 <jtgrassie> just d/checked, you are correct, just a single byte. It is not, like the other proxy, rebuilding the hashing blob.
05:35:00 <cohcho> https://github.com/UnamSanctam/SilentXMRMiner/issues/3
05:35:20 <cohcho> haha, read the question in that issue to hidden miner hosted on github
06:12:03 <tevador> of course it will be detected by AV, it has xmrig built-in
12:19:20 <gingeropolous> heh. we're sure to see a new crop of mining software
12:19:38 <gingeropolous> i remember monero YAM (yet another miner).... im pretty sure the sole purpose was to avoid detection
12:56:34 <sech1> If hidden/illicit mining gets big, AV software will just integrate randomx sniffer
15:41:52 <hyc> would be great if anti-virus software actually analyzed a system and traced a virus back to its point of entry into a system, then closed the hole.
15:42:15 <hyc> all the existing stuff is just so much bloatware
15:43:31 <hyc> if you take periodic snapshots of signatures of every file on the system, you can narrow down the time of infection. then just search system logs to see what activity occurred at that time.
15:44:31 <hyc> we used to do this for firewalls back in the 1990s. Run tripwire, syslog to a remote loghost so the logs can't be erased/modified.
15:45:11 <hyc> today you could do the same thing by running all of your main user activity in a VM or container, and log to a separate VM or container (or just the main host)
15:45:40 <hyc> as long as everything you rrun or download only gets written into the container/VM, your log infrastructure is secure
15:47:01 <hyc> if the VM/container uses shared storage accessible from the host, the signature scanning can be done on the host, invisible to any malware running in the VM/container
15:53:50 <moneromooo> If it could close the hole automatically, it could go through all known holes in the first place and close the ones it finds, no ? No need to wait for it to be used.
15:54:36 <moneromooo> I suppose waiting for it to be used makes your software seem like the valliant defender rather than than plodding engineer though.
16:01:31 <sech1> most of the time the security hole is between chair and monitor
16:03:16 <moneromooo> The... keyboard! :o
16:07:14 <hyc> I guess the question is whether you believe you can reliably enumerate all possible holes in advance, when writing the antivirus. If you could do so, you could just get the S vendor to fix them all and be done with it.
16:07:26 <hyc> s/S/OS/
16:08:21 <hyc> but yeah, I suppose the majority of malware these days just enters a system because some user clicked "OK"
16:31:01 <hyc> personally I like seeing new Android exploits because my phone is otherwise locked and I want root access
17:41:03 <tevador> https://i.imgur.com/ezZelhf.png
17:48:39 <hyc> lol
17:50:31 <kico> lmao
21:17:27 <sech1> tevador hyc I bought Radeon RX 5500 XT and results are interesting. I've tested only unoptimized generic OpenCL code so far, but it's 2 times faster than Vega 64 even though it's half of it by specs.
21:17:42 <sech1> 270 h/s vs 137 h/s
21:18:13 <sech1> RX 5700 XT should do around 500 h/s with unoptimized code (VM interpreter)
21:18:30 <sech1> I wonder now what it can do with optimized code...