How can we prevent this attack from recurring?

[Cryddit]

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

1) Get access to a switch at an ISP (or, really, anywhere in the network fabric)
2) Divert mining getwork requests to the cracker's own pool server
3) Run a mining pool that none of the participants know they're in
4) Don't pay the participants.
5) Profit!

[DannyHamilton]

http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

1) Get access to a switch at an ISP (or, really, anywhere in the network fabric)
2) Divert mining getwork requests to the cracker's own pool server
3) Run a mining pool that none of the participants know they're in
4) Don't pay the participants.
5) Profit!

Have miners sign the getwork reply?

[azeteki]

Pretty much any boring auth method would work.

You don't need a CA or WoT even to gain a huge improvement on the current status quo.

See SSH 'known hosts'. After first connection, halt work and sound a bell / send e-mail to hardware owner if the key changes.

[gmaxwell]

BFGminer supports TLS and can do cert validation.

Or better, just run P2Pool. This sort of thing isn't a threat when you're not blindly selling your hashrate to third parties.

[-ck]

TLS requirement is overkill. Simply preventing redirection to a URL from a different domain is enough to avoid it and has been successful at doing so for a while now. The report is for ancient versions of software that have long since provided protection against it. Mining is changing so rapidly that any news you read outside of these forums is long since ancient and irrelevant by the time it's published.