 sj |
||
|
||
Tech: Web code weakness allows data dump on PC
|
|
|
|||||||
|
Tech: Web code weakness allows data dump on PC |
Share Thread
|
||||||
|
Subject: Tech: Web code weakness allows data dump on PC From: Bert Date: 02 Mar 13 - 03:04 AM Link to BBC news Gigabytes of junk data could be dumped onto PCs via a loophole in web code, a developer has found. The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do. |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: Newport Boy Date: 02 Mar 13 - 05:04 AM The short-term solution is to use Firefox. It's the only browser which fully implements the W3C recommendations for limits on this option in HTML5. I expect the others will catch up soon. Phil |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: Mr Red Date: 02 Mar 13 - 07:42 AM Firefox is asking to update to Ver 19 already. |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: Bill D Date: 02 Mar 13 - 11:12 AM Why in the world would anyone publicly report such a possible flaw, when he seemed to be the only one who realized it existed? Why would he not just quietly inform the various browsers & security companies so they could update BEFORE malicious idiots learned of it? |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: JohnInKansas Date: 02 Mar 13 - 02:03 PM It's not clear that this capability has any use other than as a practical joke, since it says someone can store all kinds of junk on your computer but doesn't say it can be retrieved by the one who put it there. More information will be necessary to look at whether it would be useful to malware distributors, and there's little reason why they would want to retrieve their own stuff. They're more interested in your stuff. One of the linked sites could, of course, download malware to take over your computer, but dumping a lot of junk would make it much more obvious that you'd been invaded, and any sensible person would immediately clean up. Most malware distributors don't want you to know they've been there. The bug appears to only allow each individual file downloaded to be the size of the intended allowed limit for a single site, and anyone wanting to steal "mass storage space" wouldn't be too interested, I'd think. As noted, it apparently is possible to write browser code to block the effect (within the up front limit intended for the browser) it's unlikely that browser makers would be likely to have worried about it, given the high percentage in crap code in most of them. An additional problem is that in fact THERE IS NO HTML5 STANDARD, and won't be until at least sometime next year (they hope). This allows browser and website builders to add any hallucination they may have had last night, without confirmation that it "complies" to anything. HTL5 has (sort of) been in design for several years. Some progress has apparently been made, but the cake ain't quite done. John |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: Newport Boy Date: 02 Mar 13 - 04:42 PM It's important to understand that it's not a 'bug' in the normal sense. This is a perfectly standard facility in HTML5 code to allow storage of data on your computer, and is no different in principle to the storage of cookies. Writers of code (eg for browsers) are recommended to set limits for the quantity of data stored. Most of them seem to have ignored this advice. Phil |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: McGrath of Harlow Date: 02 Mar 13 - 08:33 PM It doesn't need to be 'useful' be of interest to someone who merely wants to screw things up - which I have always understood to be quite a common ambition among the kind of people who think up nasty stuff. I note that according to the story it isn't just PCs that are at risk, but MacBooks, and presumably Apple computers generally, are also vulnerable. |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: GUEST,Rev Bayes Date: 03 Mar 13 - 12:05 PM Bill D, what you are talking about is referred to in the security industry as "responsible disclosure". While it is indeed an ideal, there are several reasons not to use it: - companies tend to ignore warnings - bad guys probably already know about it and it's only fair the good guys do too. Or as they put in the 19th century, "Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery." |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: GUEST,chicken little Date: 03 Mar 13 - 09:14 PM So... Mr. Bert???? Have YOU ever experienced a "real dump"....something more than a vicarious, imaginary, "big bubba thing - off in the clouds - waiting to seize any and every of your internet vulnerable orrifes. Sincerely, Gargoyle Real...printed text is diabolocal...it cannot be cleasned, or expunged ... like digital. Wether in handwritten scrpt or typeset .... a hard py will endure. |
|
Subject: RE: Tech: Web code weakness allows data dump on PC From: Newport Boy Date: 05 Mar 13 - 04:37 AM For those who ask "Why?", this is from a NZ computer engineer on another forum. Re: How to troll using HTML5 localStorage I had an older XP laptop computer come in today with a relatively small hard disk, (80GB) which ran out of hard disk space to the point where windows could no longer function. When I investigated it using a live-CD, I found the IE storage folders were crammed with junk, 32GB of junk !. I didn't bother to see what it was, I just deleted it all, but I wonder if it might have been related to this? Phil |
| Share Thread: |