User Unaware as Web Page Fills Disk

Monday, March 4, 2013 @ 06:03 PM gHale


There is a technique available the bad guys understand that allows a web page to fill up a hard disk without any action on the user’s part, one developer said.

To do so, this technique uses the Web Storage technology in HTML5, which is in all popular browsers. Web Storage provides a separate data storage area for each domain: In Chrome and Safari, the default is 2.5MB, in Firefox and Opera it’s 5MB, and in Internet Explorer, 10MB.

RELATED STORIES
Hacks Hit Big Firms
Worm Elevates Detection Techniques
Data Breaches Take Months to Find
Security Firm Hacked

Developer Feross Aboukhadijeh, who discovered the issue, uses innumerable subdomains, none of which exceed the browser’s set quota, to accumulate huge total amounts. There are rules against this type of storage as stipulated in the W3C specification that says “User agents should limit the total amount of space allowed for storage areas.”

Not all browsers end up fooled by the Hard Disk Filler: Firefox will abort the script without comment once the limit for a domain has been reached, while Opera will ask users whether they want to release unlimited storage when a limit defined in opera:config (Global Quota For Databases) ended up reached.

However, Chrome, Safari and Internet Explorer aren’t as clever. Aboukhadijeh said he has already reported the bug to Google and Apple.



Leave a Reply

You must be logged in to post a comment.