HTML5 Storage Bug Can Fill Your Hard Drive 199
Dystopian Rebel writes "A Stanford comp-sci student has found a serious bug in Chromium, Safari, Opera, and MSIE. Feross Aboukhadijeh has demonstrated that these browsers allow unbounded local storage. 'The HTML5 Web Storage standard was developed to allow sites to store larger amounts of data (like 5-10 MB) than was previously allowed by cookies (like 4KB). ... The current limits are: 2.5 MB per origin in Google Chrome, 5 MB per origin in Mozilla Firefox and Opera, 10 MB per origin in Internet Explorer. However, what if we get clever and make lots of subdomains like 1.filldisk.com, 2.filldisk.com, 3.filldisk.com, and so on? Should each subdomain get 5MB of space? The standard says no. ... However, Chrome, Safari, and IE currently do not implement any such "affiliated site" storage limit.' Aboukhadijeh has logged the bug with Chromium and Apple, but couldn't do so for MSIE because 'the page is broken" (see http://connect.microsoft.com/IE). Oops. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit."
So What's The Point (Score:2, Insightful)
This seems like mental masturbation to me. I see no point in initiating such an "attack".
If I understand correctly, you are going to expend great effort and possibly money on tens of thousands of subdomains, transfer a lot of data and incur bandwidth charges, in order to fill someone's hard drive? This is about the lamest DoS attack I have ever heard of. And the easy fix is to simply clear cookies?
Come on, this is a non-issue looking to be a problem.
Disable Javascript (Score:3, Insightful)
Also, you're not vulnerable if you have javascript enabled.
Such is life when your browser automatically downloads and runs arbitrary untrusted software.
Mobile devices? (Score:5, Insightful)
Re:So What's The Point (Score:5, Insightful)
Subdomains are free. With a wildcard DNS record, you have nearly an infinite supply of them.
wordpress.com? (Score:2, Insightful)
Re:I wonder how fast I can fill my harddisk... (Score:5, Insightful)
You're assuming that you have to download the files. It's highly likely the data could be generated locally in JavaScript.
Re:Bug, or exploit? (Score:4, Insightful)
Re:So What's The Point (Score:5, Insightful)
That's not true.
"Nearly infinite" means "it's not infinite, but it's large enough that it has most of the same practical effects as it would if it were infinite".
You seem to be interpreting the word "nearly" to mean "has a numerical value close to" rather than "has effects similar to". Obviously it is nonsensical for something to be nearly infinite using that first definition, but that should be a warning sign that you're not using the definition that people mean, not that everyone else is speaking nonsense.