IE Shines On Broken Code

IE Shines On Broken Code 900

Posted by timothy on Tuesday October 19, 2004 @07:24AM from the crashing-is-unsafe dept.

mschaef writes "While reading Larry Osterman'a blog (He's a long time Microsoftie, having worked on products dating back to DOS 4.0), I ran across this BugTraq entry on web browser security. Basically, the story is that Michael Zalewski started feeding randomly malformed HTML into Microsoft Internet Explorer, Mozilla, Opera, Lynx, and Links and watching what happened. Bottom line: 'All browsers but Microsoft Internet Explorer kept crashing on a regular basis due to NULL pointer references, memory corruption, buffer overflows, sometimes memory exhaustion; taking several minutes on average to encounter a tag they couldn't parse.' If you want to try this at home, he's also provided the tools he used in the BugTraq entry."

IE Shines On Broken Code

This discussion has been archived. No new comments can be posted.

Search 900 Comments Log In/Create an Account

Comments Filter:

Because it's used to it? (Score:5, Funny)

by ideatrack ( 702667 ) writes: on Tuesday October 19, 2004 @07:26AM (#10563397)

There's a good phrase I can use to explain this one:

If you work in a monkey house, you expect to be pelted with shit.

hmmm (Score:4, Funny)

by Anonymous Coward writes: on Tuesday October 19, 2004 @07:26AM (#10563400)

I'd love to read the article, but the page seems to contain malformed HTML...

What they didn't say (Score:5, Funny)

by Anonymous Coward writes: on Tuesday October 19, 2004 @07:27AM (#10563409)

They didn't say that IE also started randomly installing Bonzi Buddy et al during the test, the users' credit card numbers were automagically emailed to Romania, there was an sudden increase in outbound port 25 traffic from the system, and they ended the session with about 37 momre toolbars installed then they started with.

Security Issues (Score:2, Funny)

by PrivateDonut ( 802017 ) writes: <[moc.nacliam] [ta] [7735sirhc]> on Tuesday October 19, 2004 @07:27AM (#10563410)

Does the fact that most of the browsers crash mean that they are vunerable in some way? or does the fact that they do crash a good thing?

In a land of broken codes... (Score:2, Funny)

by kusanagi374 ( 776658 ) writes: on Tuesday October 19, 2004 @07:29AM (#10563420)

... the broken app is the king!

Finally... (Score:2, Funny)

by fredrikj ( 629833 ) * writes: on Tuesday October 19, 2004 @07:29AM (#10563425) Homepage

...a benchmark that actually measures real-world performance.

Re:so? (Score:1, Funny)

by Dante Shamest ( 813622 ) writes: on Tuesday October 19, 2004 @07:33AM (#10563453)

I have never had a problem with my Firefox crashing (ever). But now thanks to this article, I can correct that. =)

Great (Score:1, Funny)

by Nehle ( 784297 ) writes: on Tuesday October 19, 2004 @07:34AM (#10563457) Journal

When will it shine on working code?

Let me get this straight... (Score:2, Funny)

by jav1231 ( 539129 ) writes: on Tuesday October 19, 2004 @07:35AM (#10563459)

He starts sending bad data...data the program wasn't intended to read...it crashes...and this make them just as bad as IE? I tried to cat a binary once. My screen shat.

Re:An important security sidenote (Score:1, Funny)

by Anonymous Coward writes: on Tuesday October 19, 2004 @07:35AM (#10563463)

Perhaps it was written in Visual Basic and they just recompiled with VB.NET. :-D

Catch (Score:2, Funny)

by Quixote ( 154172 ) writes: on Tuesday October 19, 2004 @07:40AM (#10563489) Homepage Journal

All browsers but Microsoft Internet Explorer kept crashing
Catch is, IE did not crash; the machine crashed. So, technically, it's not an IE crash... ;-)

Re:Security Issues (Score:3, Funny)

by iamdrscience ( 541136 ) writes: on Tuesday October 19, 2004 @07:48AM (#10563537) Homepage

Speaking of best-guesses, I recall a problem I had in Debian once that resulted in an error message something to the effect of "XYZ not found. Trying to wing it..."

Re:So what is "random" here? (Score:5, Funny)

by Kick the Donkey ( 681009 ) writes: <kickthedonkey AT gmail DOT com> on Tuesday October 19, 2004 @08:01AM (#10563632) Homepage Journal

Thats the thing about randomness. You can never be sure.

Tell me, Mr. Anderson... (Score:3, Funny)

by b374 ( 799492 ) writes: on Tuesday October 19, 2004 @08:05AM (#10563659)

Tell me, Mr. Anderson, what good is a browser when you are unable to access the net?

Re:What they didn't say (Score:1, Funny)

by b374 ( 799492 ) writes: on Tuesday October 19, 2004 @08:08AM (#10563672)

hey... I'm from Romania... can you tell me where do I subscribe to that credit card numbers email list?

Borrring... (Score:1, Funny)

by PhraudulentOne ( 217867 ) writes: on Tuesday October 19, 2004 @08:34AM (#10563831) Homepage Journal

He should have randomly fed STABLE code into each of the browsers and saw IE continue to freeze and hang while the other browsers continued to present real data to the end user ;) Sure IE may not suck for bad code, but I like to look at real code with real information and I know that IE hasn't quite figured that one out yet ;)

Re:Tested Konqueror (Score:2, Funny)

by KjetilK ( 186133 ) writes: <kjetil@@@kjernsmo...net> on Tuesday October 19, 2004 @09:10AM (#10564103) Homepage Journal

Hehe. My Debian compiled one:
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040917 Firefox/0.9.3
...did go down in flames....
But I know it will raise from the flames like a, uh, fox!

Re:An important security sidenote (Score:5, Funny)

by bunratty ( 545641 ) writes: on Tuesday October 19, 2004 @09:28AM (#10564241)

Yep, the first mozilla_die entry crashes Mozilla 1.8a4 for me, too. Sounds like the tests are repeatable enough. Now quick, everybody rush to file bug reports and the winners can collect their $500 [mozilla.org]!

that's easy (Score:2, Funny)

by nazokoneko ( 664874 ) writes: <trajesty&gmail,com> on Tuesday October 19, 2004 @09:35AM (#10564304) Journal

$ badhtml.o | /dev/null hey, my script doesn't crash either, and it's only one line! of course, the caveat is that it only displays GOOD tags about as well as IE, too...

Re:An important security sidenote (Score:3, Funny)

by FooAtWFU ( 699187 ) writes: on Tuesday October 19, 2004 @10:04AM (#10564564) Homepage

As a web developer, I find it infuriating that users use a proprietary browser which takes standards-compliant code that results in perfectly good, beautiful pages in every other browser... and mangles it.

Re:An important security sidenote (Score:5, Funny)

by Old Wolf ( 56093 ) writes: on Tuesday October 19, 2004 @03:55PM (#10568625)

I have a worse CD.. if you put it in the drive then it starts to install Windows 98 :(

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

IE Shines On Broken Code 900

IE Shines On Broken Code More Login

IE Shines On Broken Code

Because it's used to it? (Score:5, Funny)

hmmm (Score:4, Funny)

What they didn't say (Score:5, Funny)

Security Issues (Score:2, Funny)

In a land of broken codes... (Score:2, Funny)

Finally... (Score:2, Funny)

Re:so? (Score:1, Funny)

Great (Score:1, Funny)

Let me get this straight... (Score:2, Funny)

Re:An important security sidenote (Score:1, Funny)

Catch (Score:2, Funny)

Re:Security Issues (Score:3, Funny)

Re:So what is "random" here? (Score:5, Funny)

Tell me, Mr. Anderson... (Score:3, Funny)

Re:What they didn't say (Score:1, Funny)

Borrring... (Score:1, Funny)

Re:Tested Konqueror (Score:2, Funny)

Re:An important security sidenote (Score:5, Funny)

that's easy (Score:2, Funny)

Re:An important security sidenote (Score:3, Funny)

Re:An important security sidenote (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot