Story image

How to bork your hard drive with HTML5

01 Mar 2013

In a fascinating glimpse into how bugs are found and exploited (and reported to browser developers) an HTML5 fail is brought to our attention by Michael McKinnon, security advisor at AVG.

Take a peek at http://www.filldisk.com/ where you will find the HTML5 Hard Disk Filler™ (yes, TM) API. This tidbit of code, made available by Feross Aboukhadijeh, who describes himself as ‘a web developer, designer, and Stanford computer science student’, does just what it says it will: execute it, and your entire hard disk will soon be fill.

Even if it is more capacious than an elephant’s scrotum (we have Blackadder to thank for that colourful imagery).

On his site, Feross (there’s no way we’re typing out his surname) provides some advice on ‘how to troll’ using the exploit, which abuses the HTML5 web storage standard. However, he also points out that he has filed bug reports with the major browser vendors, exhorting them to do something about it.

The exploit will crash your HDD via Chrome, Safari, Opera, and of course, IE 10. However, he says it won’t work on Firefox, ‘since Firefox’s implementation of localStorage is smarter’. Yay Mozilla, etc.

Perhaps most insightful of all is this observation from ferocious Feross: “Creating stuff is hard. Breaking stuff is easy. Thus, I take frequent breaks from creating stuff in order to break stuff.”

And McKinnon? A new bug is no big surprise for him. “There are always risks with new technologies, and as they gain wider adoption inevitably bugs are discovered.  There will no doubt be other bugs discovered in the future in browsers that implement HTML5.”

Probably plenty of them, too.

Atos develops edge server with security in mind
The BullSequana Edge server is able to securely manage and process IoT data close to the source of data generation so that it is treated immediately.
Vocus slams ComCom mobile review as “disgraceful”
The Commission says there is no need for measures to improve competition in the NZ mobile market. Vocus says this decision will be “crippling.”
Virtustream launches new services for cloud applications
The new suite of professional and managed services expands Virtustream’s enterprise application and services solutions.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Sony and Microsoft to explore strategic partnership
“Our partnership brings the power of Azure and Azure AI to Sony."
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Fujitsu and Veeam partner to offer simplified backup and recovery
This new partnership promises the increased availability of data and faster recovery from disasters and unplanned system downtime.
New Zealand Govt announces cloud framework agreement with SAP
“Data-driven solutions are the most powerful way to solve some of society’s most pressing problems."