The Sitemeter DoS attack

["Richard M. Smith" <rms () computerbytesman com>]

http://littlegreenfootballs.com/article/30832_Site_Meter_IE_Bug_Details


Site Meter IE Bug Details


Sun, Aug 3, 2008 at 11:25:13 am PDT

SANS <http://isc.sans.org/diary.html?storyid=4819>  has some details on the
reason for that Site Meter problem that blocked out Internet Explorer from
many sites:

We received several reports (thanks Thanos and Jim) of sites which use the
Sitemeter visitor counter that were no longer loading as of last night for
users with Internet Explorer 7.

It appears that during a development update of SiteMeter, their team did not
take into account a known bug in this version of the browser which does not
allow modification of a parent container using scripts in one of its childs
(using either the innerHTML or appendChild method). This causes the browser
to stop loading the site, returning an "Operation aborted" message.

SiteMeter has now resolved the issue and published a blog entry explaining
what happened. Just as with advertisement providers and the republishing of
RSS feeds, it's an interesting example of how dependent our sites have
become on third party code and the potential impact.

And that's a big reason why you don't see a lot of those gimmicky widgets at
LGF. I deliberately shun third party code because I don't want to rely on
other people to keep their web servers online and their code compatible. (It
helps that I programmed the entire LGF codebase, too.)

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.