Security-Protocols Details OS X Denial of Service Threat

Discussion in ' News Discussion' started by MacBytes, Dec 22, 2005.

  1. yellow Moderator emeritus


    Oct 21, 2003
    Portland, OR
    Yep. Certainly "works" as advertised. Why is TextEdit rendering HTML though?
  2. greatdevourer macrumors 68000

    Aug 5, 2005
    I've never quite figured this out and it pisses me off. It meant that I had to write my own text editor if I wanted to continue work without using DreamWeaver (which I do a lot - I can't figure out frames in DW)
  3. yellow Moderator emeritus


    Oct 21, 2003
    Portland, OR
    DW might as well be brain surgery for me.. I get all glossy eyed just thinking about it.
  4. svenr macrumors regular

    May 6, 2003
    That is annoying, but there's an easier way around.

    Menu TextEdit->Preferences
    click on "Open and Save" tab
    check "Ignore rich text comments in HTML files"

    Certainly easier than writing your own editor! :)
  5. tocoolcjs macrumors newbie

    May 19, 2004
    There are many free solutions
    a) on the devloper cd of your OS.
    b) [my favorite] from the BBedit guys
    c) many more on macupdate and versiontracker
  6. Essefgy macrumors member

    Dec 3, 2003
    My hero!
  7. ahunter3 macrumors 6502

    Oct 15, 2003
    OK, educate me here — I thought "denial of service vulnerabilities" referred to vulnerabilities on the server side, e.g., swamping a vulnerable server OS or process with requests, seeks, queries, etc, that in some fashion it cannot handle, so as to shut the site or service down...?

    In light of that (mis?)understanding, I fail to see how a string of khtml code that crashes your browser would constitute a "denial of service". It's just a buggy browser.

    The Search function on this very website crashes Shiira 0.9.3 and/or Safari 1.2.4 running under 10.3.8 every time I click into the search-by-username and type a character there. (At least one other vBulletin-powered site has the same effect). That doesn't mean is mounting a denial-of-service attack against me, it means I've got a buggy browser or a sw conflict of some sort that makes my browser vulnerable to this code. Not only is it presumably not malicious in this case, I can't see how such a vulnerability could be maliciously exploited in any effective manner. (So you put the browser-killer code into a website's header or something. Unless you were a company that makes a competing browser, what do you gain by crashing some small percent of folks' browser sw? Not to mention TextEdit...)

Share This Page