HTML5 Web bug allows data dump on PCs

See on Scoop.itHacking, Reverse Engineering, Software, Scripts, Coding, Guides

The loophole exploits a feature of HTML 5 which defines how websites are made and what they can do.

 

Developer Faross Aboukhadijeh found the bug and set up a demo page that fills visitors hard drives with pictures of cartoon cats.

In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.

Most major browsers, Chrome, Internet Explorer, Opera and Safari, were found to be vulnerable to the bug, said Mr Aboukhadijeh.

While most websites are currently built using version 4 of the Hyper Text Markup Language (HTML), that code is gradually being superseded by the newer version 5.

 

One big change brought in with HTML 5 lets websites store more data locally on visitors’ PCs. Safeguards built into the “local storage” specification should limit how much data can be stored. Different browsers allow different limits but all allow at least 2.5 megabytes to be stored.

 

 

ITGabs‘s insight:

One gigabyte of data every 16 seconds onto a vulnerable Macbook!!

See on www.bbc.co.uk

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s