He....Crashes Safari AND FIREFOX (PC)

What version of Firefox do you have? Could not personally reproduce the error on Firefox 2.0, but it does indeed crash Safari.

Dennis

Safari 3.1 rides right through it, no problem.

" alert(fuckbill);"

nice script, it includes FUCK BILL phrase :-)

Doesn't crash Safari just released today. Stay up to date guys :)

Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert

Didn't crash Safari for me on my Mac, but it sure froze up my iPhone.

Doesn't crash the new safari 3.1. It tried it's best but didn't do it. I have now tried it 3 times. Looks like the next iphone safari update might fix the issue.
It is a little bit irresponsible to release the source code of this exploit.
These things should be submitted to Apple but not the general public.

Didn't crash safari for me... Though I just downloaded 3.1, perhaps they fixed the issue with the new release?

The latest Safari 3.1 that came out today has no problem at all with this exploit... A page with some text appears, but that is all that happens. I merely closed the window and continued using Safari as before.

Crashed IE 7 on Windows XP

I'll happily defer to somebody who better understands Javascript -- so those of you more expert, dig in! But until then, may I offer... ?

1. The simple javascript asks for MORE MEMORY than ANY phone would have. My work PC (IE6?) locked up trying to execute this. I doubt ANY PC could actually "correctly" handle a page including this script. Some could _appear_ to freeze while correctly processing the script, due to the huge amount of data sloshed around. Reports of "crashes" might merely indicate that the browser was working its tail off, and not showing any progress.

2. Pushing the limits such as above is in the highest tradition of finding exploitable browser problems. However, it does NOT appear that the "exploit" is doing anything other than pushing the browser past its limits. Whatever state the iPhone (or my IE6!) is left in, quite possibly it's to trash the browser session, which would have the OS (X) recycle the used memory, leaving NO RISK of trying to execute code in the created garbage. Yes, it MIGHT, but I think not, and it's certainly not shown.

3. So this is not so much a Denial of Service -- by which, most people mean, asking a SERVER to do so much useless work that it can't do its intended work. Rather, it's more like a suicide loop -- if it actually locks up the browser, running some impossible requests, you might have to just turn off the phone. (You might have to just receive a call, which could suspend the browser, just as effectively. YAY for no multitasking! ;^> )

4. Let's call it a Hopeless Task -- legal, but beyond the capabilities of the nifty gizmo that some of us (not me, alas!) carry around. If this happens to you from visiting a web site, and you go back more than once, you're a Slow Learner. That self-realization might be a Good Thing; a couple of minutes appears to be the extent of the damage that this little gem can inflict.

5. My RAZR locks up ALL ON ITS OWN these days: I don't need no script kiddy's stuff.

6. Until somebody shows that a failure to deliver memory to Safari leaves the browser in an unstable state (not a "dead" state), this thing has not crossed the threshold of being even a POTENTIAL EXPLOIT. It indicates that no computer has infinite resources. Perhaps some users would be happier with a slower computer that checks whether each step of a webpage is possible before it carries them out. Personally, I'll risk having a faster browser which might require me to power-cycle my phone if I'm so unfortunate as to visit some page that wants to cause me a nuisance.

7. So, iPhoneWorld, what's the big deal? It's a practical joke on the level of setting a bag full of doggie poo on fire, then ringing somebody's doorbell. And it's being written up as Yeah Those iPhones are buggy and virus-prone. Is this what you want to sell? Need a few more thousand eyeballs who are likely to think your ads are more believable than your editorial?

I definitely agree Mr. Walt French. You guys really don't have to put much stock on this - causing people to panic (though i believe panic is just what you want to stir up so that people will come in and read your articles).

Im a blogger too, and I really hate posting negative comments about writers on blog sites, but this news really struck a nerve in me. don't you guys have any technical staff to confirm this news? if this is in fact what you call "remote execution DoS vulnerability"?

come on, you've got to be kidding me. read the code, you posted it yourself. all this code really does is loop a thousand times and uses most of the memory on your phone/machine.

yes, you do experience crashes, this is because, it hogs all the memory, it eats up a lot of it, faster than your machine can recycle/reuse it. but this is in no such way a DoS problem.

a DoS is much more complicated than this. all you even have to do if you encounter this is to reboot you phone or close your browser whereas if you do get a DoS problem, rebooting won't solve anything, in other words, you're f*cked up!

this is a prank, no other word for it. maybe that is why Apple didn't comment on it right away. maybe they tried to look at the code, saw it and laugh their asses of about how you people made it such a big deal.

Camino (10.4.10, v 1.5.5) has no problems.

Ends up with a popup that says "The page at www.iphoneworld.ca says: done generating" and then opens a new tab and displays this:

Copyright Georgi Guninski
Cannot be used in vulnerability databases
Especially securityfocus/mitre/cve/cert

Walt French / Frantz

Not sure if you're getting the point of this article. I won't address all your questions/assumptions since some are completely silly and I am simply not paid to be your tech instructor.

Here's all I will say:

1) This is a remotely executed code that does not require user input.
2) It does not crash ONLY Safari, it completely locks up your iPhone INCLUDING all running and unsaved applications, forcing a reboot.
3) Combine #1 + #2 and bingo, remote denial of service.
4) Walt, this does NOT crash my machine which is an old one (only 1GB RAM, 2GHZ CPU) in *any* browser -- maximum that happens when it runs on my computer is Safari freezes -- FireFox and IE work just fine. I'd suggest you to troubleshoot your machine if IE freezes your computer. And I do sympathize with your RAZR crashing for no reason. Between the two, you might want to service your electronics better.
5) Frantz, you need to look up the Wikipedia definition of DoS before you go ahead and invent your own.

From Wikipedia, the free encyclopedia
(Redirected from Denial of service)
Jump to: navigation, search
"DoS" redirects here. For other uses, see DOS (disambiguation).

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by:

* forcing the targeted computer(s) to reset, or consume its resources so that it can no longer provide its intended service; or,
* obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

Denial-of-service attacks are considered violations of the IAB's Internet proper use policy. They also commonly constitute violations of the laws of individual nations.
(see FAQ[1])

Lastly, we have a resident security expert who first reported on this vulnerability to us, and we stand by these findings.

Now you can keep arguing and bringing up your own assumptions and self invented definitions that no one is familiar with, but it won't change a thing in the real world. Thanks for your time!

Dennis

Well, it sure crashed my Safari 3.1 on the MacBook Pro, or rather, it made it very unresponsive and very difficult to make a force quit.

However, in the iPod touch 1.1.4, nothing erroneous happened. Safari keeps trying to load it but it doesn't crash either the browser or the iPod touch. I can easily tell Safari to stop loading it. I can also use the home button.

Dennis,

Ahh.. why are you aiming at Walt/Frantz when you can't read the article you post/link to yourself?

DoS is aimed at SERVERS, not ONE User loading ONE page one their own computer!

It's a BUG - yes, but DoS means that one or more computers are aiming at YOUR computer in an attempt to take it's services down. And since there is NO HTTP server running on your iPhone/iTouch (unless you hacked it and started one yourself) it will not be possibe to make a DoS against the iPhone.

Only way I see it coming, is if you get bombed with SMS's that crash you iPhone.. now THAT would be a DoS attach!

mjc: I Googled the name Georgi Guninski in Firefox, and McAfee Site Advisor instantly flagged up his site(s) [titled "Georgi" and "Exploder"] in the "Use Caution" category, listing 1 RED download in each site, which were the first 2 results of a simple Google search.

Jakob,

Are you implying that DoS attacks cannot be executed against individual computers/other devices and by default have to be against servers?

I'll refer you to parts of the same Wikipedia article I've quoted from earlier, thanks.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
...
A DoS attack can be perpetrated in a number of ways. There are five basic types of attack:

1. consumption of computational resources, such as bandwidth, disk space, or CPU time;
2. disruption of configuration information, such as routing information;
3. disruption of state information, such as unsolicited resetting of TCP sessions;
4. disruption of physical network components.
5. obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
....
A DoS attack may include execution of malware intended to:

* max out the CPU's usage, preventing any work from occurring;
* trigger errors in the microcode of the machine;
* trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up;
* exploits errors in the operating system to cause resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished;
* crash the operating system itself;
* iFrame (D)DoS, in which an HTML document is made to visit a webpage with many KB's of information many times, until they achieve the amount of visits to where bandwidth limit is exceeded.
..
Various DoS-causing exploits such as buffer overflow can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.
...
In online gaming, nuking is used by spamming another user, or all other users, with random repeated messages in quick succession. Such techniques are also seen in instant messaging programs as repeatedly sending text can be assigned to a macro or AppleScript. Modern operating systems are usually resistant to these nuke attacks, and online games now have third party "Flood control."

In case you still want to argue more, read: http://en.wikipedia.org/wiki/Denial_of_service

I'm not going to respond anymore to people that don't know how to read/understand Wikipedia articles -- or until someone changes the Wikipedia entry, thanks :)

If someone has something constructive to say, you're quite welcome though:)

Dennis

It crashed my Safari 3.1 running on 10.5.2 and MacBook Pro 2.16 Intel Core Duo. I had to force quit, and it was not easy, the computer was responding very slowly. I would suggest to stay away from it.

Confirmed.

Safari 3.1 (Mac OS X 10.5.2, Intel) displayed the text and then hung. I was still able to force quit Safari quite easily, though.

iPhone 1.1.4 locked up. Hard. I had to do a hard reboot.

Congratulations, guys. Make sure you keep One Infinite Loop in the loop.

hey, when it locks up IE for 60 seconds before giving an out of memory error, why chastise a cell phone????

Sarari 3.1 beach-balled for me. While not technically a "crash," I would consider it effective in its result.

FireFox took a few seconds to load it just for some letters but didn't do anything but say Copyright: bla bla bla