Security-Protocols Details OS X Denial of Service Threat

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Dec 22, 2005.

  1. MacBytes
    Expand Collapse
    macrumors bot

    Joined:
    Jul 5, 2003
  2. yellow
    Expand Collapse
    Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    Yep. Certainly "works" as advertised. Why is TextEdit rendering HTML though?
     
  3. greatdevourer
    Expand Collapse
    macrumors 68000

    Joined:
    Aug 5, 2005
    #3
    I've never quite figured this out and it pisses me off. It meant that I had to write my own text editor if I wanted to continue work without using DreamWeaver (which I do a lot - I can't figure out frames in DW)
     
  4. yellow
    Expand Collapse
    Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    DW might as well be brain surgery for me.. I get all glossy eyed just thinking about it.
     
  5. svenr
    Expand Collapse
    macrumors regular

    Joined:
    May 6, 2003
    #5
    That is annoying, but there's an easier way around.

    Menu TextEdit->Preferences
    click on "Open and Save" tab
    check "Ignore rich text comments in HTML files"

    Certainly easier than writing your own editor! :)
     
  6. tocoolcjs
    Expand Collapse
    macrumors newbie

    Joined:
    May 19, 2004
    #6
    There are many free solutions
    a) SimpleText.app on the devloper cd of your OS.
    b) [my favorite] TextWrangler.app from the BBedit guys
    c) many more on macupdate and versiontracker
     
  7. Essefgy
    Expand Collapse
    macrumors member

    Joined:
    Dec 3, 2003
    Location:
    SEMI
    #7
    My hero!
     
  8. ahunter3
    Expand Collapse
    macrumors 6502

    Joined:
    Oct 15, 2003
    #8
    OK, educate me here — I thought "denial of service vulnerabilities" referred to vulnerabilities on the server side, e.g., swamping a vulnerable server OS or process with requests, seeks, queries, etc, that in some fashion it cannot handle, so as to shut the site or service down...?

    In light of that (mis?)understanding, I fail to see how a string of khtml code that crashes your browser would constitute a "denial of service". It's just a buggy browser.

    The Search function on this very website crashes Shiira 0.9.3 and/or Safari 1.2.4 running under 10.3.8 every time I click into the search-by-username and type a character there. (At least one other vBulletin-powered site has the same effect). That doesn't mean macrumors.com is mounting a denial-of-service attack against me, it means I've got a buggy browser or a sw conflict of some sort that makes my browser vulnerable to this code. Not only is it presumably not malicious in this case, I can't see how such a vulnerability could be maliciously exploited in any effective manner. (So you put the browser-killer code into a website's header or something. Unless you were a company that makes a competing browser, what do you gain by crashing some small percent of folks' browser sw? Not to mention TextEdit...)
     

Share This Page