PDA

View Full Version : Security-Protocols Details OS X Denial of Service Threat


MacBytes
Dec 22, 2005, 03:06 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Mac OS X
Link: Security-Protocols Details OS X Denial of Service Threat (http://www.macbytes.com/link.php?sid=20051222160643)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

yellow
Dec 22, 2005, 03:22 PM
Yep. Certainly "works" as advertised. Why is TextEdit rendering HTML though?

greatdevourer
Dec 22, 2005, 04:05 PM
Yep. Certainly "works" as advertised. Why is TextEdit rendering HTML though? I've never quite figured this out and it pisses me off. It meant that I had to write my own text editor if I wanted to continue work without using DreamWeaver (which I do a lot - I can't figure out frames in DW)

yellow
Dec 22, 2005, 04:08 PM
DW might as well be brain surgery for me.. I get all glossy eyed just thinking about it.

svenr
Dec 22, 2005, 04:38 PM
I've never quite figured this out and it pisses me off. It meant that I had to write my own text editor ...
That is annoying, but there's an easier way around.

Menu TextEdit->Preferences
click on "Open and Save" tab
check "Ignore rich text comments in HTML files"

Certainly easier than writing your own editor! :-)

tocoolcjs
Dec 22, 2005, 08:31 PM
There are many free solutions
a) SimpleText.app on the devloper cd of your OS.
b) [my favorite] TextWrangler.app from the BBedit guys
c) many more on macupdate and versiontracker

Essefgy
Dec 23, 2005, 12:27 AM
That is annoying, but there's an easier way around.

Menu TextEdit->Preferences
click on "Open and Save" tab
check "Ignore rich text comments in HTML files"

Certainly easier than writing your own editor! :-)

My hero!

ahunter3
Dec 23, 2005, 09:47 AM
OK, educate me here I thought "denial of service vulnerabilities" referred to vulnerabilities on the server side, e.g., swamping a vulnerable server OS or process with requests, seeks, queries, etc, that in some fashion it cannot handle, so as to shut the site or service down...?

In light of that (mis?)understanding, I fail to see how a string of khtml code that crashes your browser would constitute a "denial of service". It's just a buggy browser.

The Search function on this very website crashes Shiira 0.9.3 and/or Safari 1.2.4 running under 10.3.8 every time I click into the search-by-username and type a character there. (At least one other vBulletin-powered site has the same effect). That doesn't mean macrumors.com is mounting a denial-of-service attack against me, it means I've got a buggy browser or a sw conflict of some sort that makes my browser vulnerable to this code. Not only is it presumably not malicious in this case, I can't see how such a vulnerability could be maliciously exploited in any effective manner. (So you put the browser-killer code into a website's header or something. Unless you were a company that makes a competing browser, what do you gain by crashing some small percent of folks' browser sw? Not to mention TextEdit...)