Exploit lets websites bombard visitors’ PCs with gigabytes of data

A Web developer has demonstrated a simple-to-execute exploit that allows websites to surreptitiously bombard visitors' storage devices with gigabytes of junk data.

As its name suggests, FillDisk.com loads an almost unlimited amount of data onto hard drives of people who access the site. It requires no user interaction and works with the Google Chrome, Microsoft Internet Explorer, and Apple Safari browsers. It adds 1GB of data every 16 seconds on a MacBook Pro Retina equipped with a solid state drive, according to Feross Aboukhadijeh, the Web developer and computer science grad student who created the proof-of-concept site.

FillDisk.com manipulates the Web Storage standard included in the HTML5 specification. This standard is designed to make websites easier to use by allowing them to store data on visitors' hard drives. The functionality can be useful when end users are filling out long forms; if the browser crashes before the form has been completed, the data that's already been entered will be available when the person visits the site later. The creators of the standard specifically warn that browser developers should take steps to ensure websites can't abuse the feature by writing unlimited amounts of data.

Read 3 remaining paragraphs | Comments

Oakland mayor apologizes for promoting local lockpicking class

The City of Oakland is both wonderful and problematic, as Ars editor Joe Mullin and I can attest, given that we're both denizens of this fine city. It has incredible natural beauty and vibrant culture, but also a notoriously mismanaged police department and a climbing crime rate.

It’s understandable, then, that some Oakland residents would be slightly annoyed at an upcoming workshop entitled “Introduction to Lockpicking,” which was mentioned in Mayor Jean Quan’s weekly newsletter (PDF) this week. The class is one of a larger "Workshop Weekend," to be held at Tech Liminal, an Oakland co-working space, and Sudoroom, a relatively new hackerspace in downtown Oakland. (Disclosure: I am a paying member at Sudoroom.)

According to the Oakland Tribune, some Oaklanders are miffed that the city would seem to endorse such a practice—the mayor has subsequently apologized.

Read 5 remaining paragraphs | Comments