Story image

How to bork your hard drive with HTML5

01 Mar 2013

In a fascinating glimpse into how bugs are found and exploited (and reported to browser developers) an HTML5 fail is brought to our attention by Michael McKinnon, security advisor at AVG.

Take a peek at http://www.filldisk.com/ where you will find the HTML5 Hard Disk Filler™ (yes, TM) API. This tidbit of code, made available by Feross Aboukhadijeh, who describes himself as ‘a web developer, designer, and Stanford computer science student’, does just what it says it will: execute it, and your entire hard disk will soon be fill.

Even if it is more capacious than an elephant’s scrotum (we have Blackadder to thank for that colourful imagery).

On his site, Feross (there’s no way we’re typing out his surname) provides some advice on ‘how to troll’ using the exploit, which abuses the HTML5 web storage standard. However, he also points out that he has filed bug reports with the major browser vendors, exhorting them to do something about it.

The exploit will crash your HDD via Chrome, Safari, Opera, and of course, IE 10. However, he says it won’t work on Firefox, ‘since Firefox’s implementation of localStorage is smarter’. Yay Mozilla, etc.

Perhaps most insightful of all is this observation from ferocious Feross: “Creating stuff is hard. Breaking stuff is easy. Thus, I take frequent breaks from creating stuff in order to break stuff.”

And McKinnon? A new bug is no big surprise for him. “There are always risks with new technologies, and as they gain wider adoption inevitably bugs are discovered.  There will no doubt be other bugs discovered in the future in browsers that implement HTML5.”

Probably plenty of them, too.

Yamaha unveils simplified UC deployments
"In this fast-paced world, meeting participants need to be able to feel comfortable and hear those on the far end clearly to brainstorm new ideas and accomplish goals."
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
Jobs of the future: Will humans outmatch AI co-workers
"Regardless of how the workforce changes, automation, data and algorithms will complement rather than replace human employees."
How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
Why NSP adoption of ECX Fabric is on the rise
ECX Fabric aims to enable networks to streamline their access to the world’s largest cloud providers.
Cloud data warehouse trends and best practices
"TDWI sees a wide range of data-driven IT systems moving to the cloud aggressively, and this includes the data warehouse."