Caution: Weakness of Web Codes causes Data Dumping onto Personal Computers
It is the HTML 5 feature which defines the making of a website and the loophole exploits this feature to dump the junk data.
Feross Aboukhadijeh is the web developer that has founded this bug and also gave Demo by setting up a page that filled its visitors’ hard drives with cartoon cat pictures.
In another demo, he even went onto successfully dump about 1 gigabyte data per 16 seconds on an assailable Macbook.
He also added that many well established browsers such as Chrome, Safari, Opera, and Internet Explorer showed vulnerability towards the bug.
Most website are being constructed presently using the version 4 of the HTML coding language, those codes are now being supplanted by the newer version which is 5.
A new enhancement or upgraded feature which HTML 5 has brought is that it enables websites to store in more data on the PCs of visitors. Provisions for safeguard that have been devised in the ‘Local Storage’ specification will now pose a limit or restriction on the amount of data that can be stored. Browsers under different names have devised their own limits of data storage but each allow at minimum 2.5 megabytes storage.
Even so, Mr. Aboukhadijeh has found a way out by creating numerous temporary WebPages which are linked to the website that the visitor visited. Through this method he founded that the sites which were associated with the visitors website managed to store data to the maximum limit. Reason being was that the browser developers have not incorporated any code for preventing it to happen. If one endlessly creates such linked or associated websites, then such bug can be utilized as a tube to pour in tons of Data into targeted PCs.
Well he also found out that it was only Mozilla Firefox that showed invulnerability and restricted data storage at 5 MB.
He mentioned in his recent blog related to the Bug that that only the websites which are coded cleverly have limitless storage space on the visitors’ PCs.
Mr. Aboukhadijeh has devised a code which can be used to exploit or tap the Bug, and he has also set up a website for this purpose which has been named as ‘Filldisk’ which dumps cartoon cat images onto vulnerable PCs. No misuse has yet been reported about the exploits.
As a step for resolution of this issue, bugs reports which relate to the exploit have been rendered to numerous well established browser makers.