Story image

How to bork your hard drive with HTML5

01 Mar 13

In a fascinating glimpse into how bugs are found and exploited (and reported to browser developers) an HTML5 fail is brought to our attention by Michael McKinnon, security advisor at AVG.

Take a peek at http://www.filldisk.com/ where you will find the HTML5 Hard Disk Filler™ (yes, TM) API. This tidbit of code, made available by Feross Aboukhadijeh, who describes himself as ‘a web developer, designer, and Stanford computer science student’, does just what it says it will: execute it, and your entire hard disk will soon be fill.

Even if it is more capacious than an elephant’s scrotum (we have Blackadder to thank for that colourful imagery).

On his site, Feross (there’s no way we’re typing out his surname) provides some advice on ‘how to troll’ using the exploit, which abuses the HTML5 web storage standard. However, he also points out that he has filed bug reports with the major browser vendors, exhorting them to do something about it.

The exploit will crash your HDD via Chrome, Safari, Opera, and of course, IE 10. However, he says it won’t work on Firefox, ‘since Firefox’s implementation of localStorage is smarter’. Yay Mozilla, etc.

Perhaps most insightful of all is this observation from ferocious Feross: “Creating stuff is hard. Breaking stuff is easy. Thus, I take frequent breaks from creating stuff in order to break stuff.”

And McKinnon? A new bug is no big surprise for him. “There are always risks with new technologies, and as they gain wider adoption inevitably bugs are discovered.  There will no doubt be other bugs discovered in the future in browsers that implement HTML5.”

Probably plenty of them, too.

HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.
Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Rimini Street hits NZ shores with new subsidiary
The third-party support provider for Oracle and SAP has opened a new Auckland-based office and appointed Sean Jones as NZ senior account executive.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.