A data what? Yep, you heard it right. There’s a new computer security threat afoot which can fill your hard drive in seconds.
This new threat was just reported in BBC News : Technology. According to the report, the vulnerability has been created by a loophole in the programming of HTML5. While most websites are currently built using version 4 of the Hyper Text Markup
Language (HTML). However, that code is gradually being upgraded by the newer version 5.
One big change brought in with HTML5 lets websites store more data locally on visitors’ PCs. Based on one’s browser, there is a limit of how much data can be placed on your PC. However, the loophole is enabled by a software routine which endlessly creates new, linked websites, enabling each to dump huge amounts of data onto a target PC. Oh, and did I mention that the actual creation of the linked websites, and data dumping takes place literally in seconds?
What data will it dump? Well, it could be pictures of cartoon cats, as done in the demo created by Developer Feross Aboukhadijeh, the discoverer of the loophole. According to the news report, In one demo, Mr Aboukhadijeh managed to dump one gigabyte of data every 16 seconds onto a vulnerable Macbook.
Most major browsers, including Chrome, Internet Explorer, Opera and Safari, were found to be vulnerable to the bug. Only Mozilla’s Firefox capped storage at 5MB and was not vulnerable.
What can / should you do? Well, this has been reported, and is being worked on. Your number one defense is to have a back-up emergency boot disk, so that if your hard drive is crammed with cr*p, you can still boot your computer. You also need to have a good solid back-up, so that you can restore your software and documents after you reboot.
If you use one of the impacted browsers on either MAC or PC platform, you may want to make sure that your anti-virus software is set to scan sites for malicious code before you actually connect. There is no mention in the report as to whether this is detectable, so I can’t say for sure it will protect you. But it’s worth a try, and it’s always a good idea anyway, since malicious code can be placed on just about any web site. Last, stay away from web sites which are known to harbor nasty stuff, like file and music sharing and game sites. At least until you’ve heard this problem is resolved.