Web code weakness allows data dump on PCs
Just a heads up!
A developer has found that Gigabytes of junk data could be dumped onto PCs via a loophole in web code. The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.
Developer Feross Aboukhadijeh found the bug and set up a demo page that fills visitors’ hard drives with pictures of cartoon cats. In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.
Most major browsers, were found to be vulnerable to the bug. Only Mozilla’s Firefox capped storage at 5MB and was not vulnerable.
One big change brought in with HTML 5 lets websites store more data locally on visitors’ PCs. Safeguards built into the “local storage” specification should limit how much data can be stored. Different browsers allow different limits but all allow at least 2.5 megabytes to be stored.
Code to exploit the bug has been released by Mr Aboukhadijeh and he set up a website, called Filldisk that, on vulnerable PCs, dumps lots of images of cats on to the hard drive. So far, no malicious use of the exploits has been observed.
In a bid to solve the problem, bug reports about the exploit have been filed with major browser makers.