Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Web code weakness allows data dump on PC

Bert 02 Mar 13 - 03:04 AM
Newport Boy 02 Mar 13 - 05:04 AM
Mr Red 02 Mar 13 - 07:42 AM
Bill D 02 Mar 13 - 11:12 AM
JohnInKansas 02 Mar 13 - 02:03 PM
Newport Boy 02 Mar 13 - 04:42 PM
McGrath of Harlow 02 Mar 13 - 08:33 PM
GUEST,Rev Bayes 03 Mar 13 - 12:05 PM
GUEST,chicken little 03 Mar 13 - 09:14 PM
Newport Boy 05 Mar 13 - 04:37 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:




Subject: Tech: Web code weakness allows data dump on PC
From: Bert
Date: 02 Mar 13 - 03:04 AM

Link to BBC news

Gigabytes of junk data could be dumped onto PCs via a loophole in web code, a developer has found.

The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: Newport Boy
Date: 02 Mar 13 - 05:04 AM

The short-term solution is to use Firefox. It's the only browser which fully implements the W3C recommendations for limits on this option in HTML5.

I expect the others will catch up soon.

Phil


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: Mr Red
Date: 02 Mar 13 - 07:42 AM

Firefox is asking to update to Ver 19 already.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: Bill D
Date: 02 Mar 13 - 11:12 AM

Why in the world would anyone publicly report such a possible flaw, when he seemed to be the only one who realized it existed? Why would he not just quietly inform the various browsers & security companies so they could update BEFORE malicious idiots learned of it?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: JohnInKansas
Date: 02 Mar 13 - 02:03 PM

It's not clear that this capability has any use other than as a practical joke, since it says someone can store all kinds of junk on your computer but doesn't say it can be retrieved by the one who put it there. More information will be necessary to look at whether it would be useful to malware distributors, and there's little reason why they would want to retrieve their own stuff. They're more interested in your stuff.

One of the linked sites could, of course, download malware to take over your computer, but dumping a lot of junk would make it much more obvious that you'd been invaded, and any sensible person would immediately clean up. Most malware distributors don't want you to know they've been there.

The bug appears to only allow each individual file downloaded to be the size of the intended allowed limit for a single site, and anyone wanting to steal "mass storage space" wouldn't be too interested, I'd think.

As noted, it apparently is possible to write browser code to block the effect (within the up front limit intended for the browser) it's unlikely that browser makers would be likely to have worried about it, given the high percentage in crap code in most of them.

An additional problem is that in fact THERE IS NO HTML5 STANDARD, and won't be until at least sometime next year (they hope). This allows browser and website builders to add any hallucination they may have had last night, without confirmation that it "complies" to anything.

HTL5 has (sort of) been in design for several years. Some progress has apparently been made, but the cake ain't quite done.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: Newport Boy
Date: 02 Mar 13 - 04:42 PM

It's important to understand that it's not a 'bug' in the normal sense. This is a perfectly standard facility in HTML5 code to allow storage of data on your computer, and is no different in principle to the storage of cookies.

Writers of code (eg for browsers) are recommended to set limits for the quantity of data stored. Most of them seem to have ignored this advice.

Phil


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: McGrath of Harlow
Date: 02 Mar 13 - 08:33 PM

It doesn't need to be 'useful' be of interest to someone who merely wants to screw things up - which I have always understood to be quite a common ambition among the kind of people who think up nasty stuff.

I note that according to the story it isn't just PCs that are at risk, but MacBooks, and presumably Apple computers generally, are also vulnerable.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: GUEST,Rev Bayes
Date: 03 Mar 13 - 12:05 PM

Bill D, what you are talking about is referred to in the security industry as "responsible disclosure". While it is indeed an ideal, there are several reasons not to use it:

- companies tend to ignore warnings
- bad guys probably already know about it and it's only fair the good guys do too.

Or as they put in the 19th century, "Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery."


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: GUEST,chicken little
Date: 03 Mar 13 - 09:14 PM

So... Mr. Bert????

Have YOU ever experienced a "real dump"....something more than a vicarious, imaginary, "big bubba thing - off in the clouds - waiting to seize any and every of your internet vulnerable orrifes.

Sincerely,
Gargoyle

Real...printed text is diabolocal...it cannot be cleasned, or expunged ... like digital. Wether in handwritten scrpt or typeset ....

a hard py will endure.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Web code weakness allows data dump on PC
From: Newport Boy
Date: 05 Mar 13 - 04:37 AM

For those who ask "Why?", this is from a NZ computer engineer on another forum.

Re: How to troll using HTML5 localStorage
I had an older XP laptop computer come in today with a relatively small hard disk, (80GB) which ran out of hard disk space to the point where windows could no longer function. When I investigated it using a live-CD, I found the IE storage folders were crammed with junk, 32GB of junk !.

I didn't bother to see what it was, I just deleted it all, but I wonder if it might have been related to this?


Phil


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 22 February 10:14 PM EST

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.