Security-Protocols Details OS X Denial of Service Threat

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Dec 22, 2005.

  1. macrumors bot

    Joined:
    Jul 5, 2003
  2. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    Yep. Certainly "works" as advertised. Why is TextEdit rendering HTML though?
     
  3. macrumors 68000

    Joined:
    Aug 5, 2005
    #3
    I've never quite figured this out and it pisses me off. It meant that I had to write my own text editor if I wanted to continue work without using DreamWeaver (which I do a lot - I can't figure out frames in DW)
     
  4. Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    DW might as well be brain surgery for me.. I get all glossy eyed just thinking about it.
     
  5. macrumors regular

    Joined:
    May 6, 2003
    #5
    That is annoying, but there's an easier way around.

    Menu TextEdit->Preferences
    click on "Open and Save" tab
    check "Ignore rich text comments in HTML files"

    Certainly easier than writing your own editor! :)
     
  6. macrumors newbie

    Joined:
    May 19, 2004
    #6
    There are many free solutions
    a) SimpleText.app on the devloper cd of your OS.
    b) [my favorite] TextWrangler.app from the BBedit guys
    c) many more on macupdate and versiontracker
     
  7. macrumors member

    Joined:
    Dec 3, 2003
    Location:
    SEMI
    #7
    My hero!
     
  8. macrumors 6502

    Joined:
    Oct 15, 2003
    #8
    OK, educate me here — I thought "denial of service vulnerabilities" referred to vulnerabilities on the server side, e.g., swamping a vulnerable server OS or process with requests, seeks, queries, etc, that in some fashion it cannot handle, so as to shut the site or service down...?

    In light of that (mis?)understanding, I fail to see how a string of khtml code that crashes your browser would constitute a "denial of service". It's just a buggy browser.

    The Search function on this very website crashes Shiira 0.9.3 and/or Safari 1.2.4 running under 10.3.8 every time I click into the search-by-username and type a character there. (At least one other vBulletin-powered site has the same effect). That doesn't mean macrumors.com is mounting a denial-of-service attack against me, it means I've got a buggy browser or a sw conflict of some sort that makes my browser vulnerable to this code. Not only is it presumably not malicious in this case, I can't see how such a vulnerability could be maliciously exploited in any effective manner. (So you put the browser-killer code into a website's header or something. Unless you were a company that makes a competing browser, what do you gain by crashing some small percent of folks' browser sw? Not to mention TextEdit...)
     

Share This Page