funsec mailing list archives
The Sitemeter DoS attack
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Sun, 3 Aug 2008 15:35:35 -0400
http://littlegreenfootballs.com/article/30832_Site_Meter_IE_Bug_Details Site Meter IE Bug Details Sun, Aug 3, 2008 at 11:25:13 am PDT SANS <http://isc.sans.org/diary.html?storyid=4819> has some details on the reason for that Site Meter problem that blocked out Internet Explorer from many sites: We received several reports (thanks Thanos and Jim) of sites which use the Sitemeter visitor counter that were no longer loading as of last night for users with Internet Explorer 7. It appears that during a development update of SiteMeter, their team did not take into account a known bug in this version of the browser which does not allow modification of a parent container using scripts in one of its childs (using either the innerHTML or appendChild method). This causes the browser to stop loading the site, returning an "Operation aborted" message. SiteMeter has now resolved the issue and published a blog entry explaining what happened. Just as with advertisement providers and the republishing of RSS feeds, it's an interesting example of how dependent our sites have become on third party code and the potential impact. And that's a big reason why you don't see a lot of those gimmicky widgets at LGF. I deliberately shun third party code because I don't want to rely on other people to keep their web servers online and their code compatible. (It helps that I programmed the entire LGF codebase, too.)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The Sitemeter DoS attack Richard M. Smith (Aug 03)