HTML5 Websites Could Fill Your Hard Drive Up At The Rate Of 1GB Every 16 Seconds

A web developer has demonstrated a proof of concept exploit that allows websites to bombard visitors’ computer with masses of data and it works with the Internet Explorer, Chrome and Safari browsers.

FillDisk

Computer science graduate Feross Aboukhadijeh has demonstrated his work on Filldisk.com where his proof of concept can download up to 1GB of data every sixteen seconds! (of course this is subject to your maximum internet download speed).

Interestingly, it requires absolutely no user interaction in order to work – merely visiting the site will kick the process off.

But this isn’t some strange new flaw that has been discovered here – its actually part of the Web Storage Standard of HTML5 that purposely allows large amounts of data to be stored for development purposes and also for recovery purposes should the browser crash.

“Indeed, Chrome, IE, and Safari limit the amount of data that can be downloaded, but the restriction is placed on subdomains rather than the upper-level domain to which they belong. FillDisk.com works by directing subdomains such as 1.filldisk.com, 2.filldisk.com, and so on to each send the maximum amount allowed.”
Ars Technica

Of the major browsers only Firefox is immune to this particular exploit as it caps the amount of data that can be downloaded.

In the grand scheme of things this isn’t the most devilish exploit you’ll ever hear about of course but I can still imagine a few people having ‘fun’ with this. Can you?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*