,

HTML 5 bugs allows data dumps

HTML 5 Logo

With increasing problems of hacking showing up everywhere on the internet, it is a good move to protect yourself. When it comes to protecting one’s computer, the first thing that comes to mind is a good anti virus software. It is always good to buy a software which is capable of monitoring your ports and internet activity so that you could be aware of the activities that are going on on your computer. It is also wise to monitor the various processes that are running on your computer. But usually we do not have so much of time. We do not even know, sometimes, how much storage space is left on our hard drives.

And at such times, it becomes difficult to tell if a third party has stored some data on our computers without our knowledge. How is that possible, you ask? Well, a newly discovered bug in HTML 5 lets a cleverly coded web site store gigabytes of data on our computers, as uncovered by the developer, Feross Aboukhadijeh. This vulnerability of HTML 5 is present in almost all major web browsers, including Apple’s Safari, Google’s Chrome, Microsoft’s Internet Explorer, Opera, and others. But the only web browser which did not showcase this behavior is said to be Mozilla’s Firefox, which caps the data at 5 MB.

So basically the problem is that the bug lets website dump any amount of data on your hard drive, which is never a good thing. Even though the default limit given to a web site to store data on the local computer in 2.5 MB, the bug lets the web site create multiple web pages linked to it and these multiple web sites are given 2.5 MB each.

As Aboukhadijeh demonstrates with his test website Filldisk, he is able to dump 1 GB of data every 16 seconds. He tested this on his MacBook Pro with Retina display and SSD hard disk. He says that 32 bit browsers such as Chrome may even crash before the disk is full. I think this has to be fixed. More info at the source.

Source: Apple Insider