Loading ...
Sorry, an error occurred while loading the content.

MSIE crash

Expand Messages
  • Alon Altman
    Hi, I would like to make my site visitable to any browser but MSIE. To do that I need to add an MSIE-only feature that will either crash the browser(best),
    Message 1 of 4 , Nov 2, 2001
    • 0 Attachment
      Hi,
      I would like to make my site visitable to any browser but MSIE. To do that
      I need to add an MSIE-only feature that will either crash the browser(best),
      display a blank page (not that good), or annoy the user via lots of popups,
      annoying sound, etc...
      Is there any way to do this *without* depending on the user-agent field.
      Many browsers spoof their user-agent, so I don't want to block them by
      mistake.
      Please don't preach me about why browser blocking is wrong...

      Alon

      --
      This message was sent by Alon Altman (Psycho99@...) ICQ:1366540
      The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
      --------------------------------------------------------------------------
      Events are not affected, they develop.
      -- Sri Aurobindo
    • Tzafrir Cohen
      ... One thing that is probably very legitimate of you to do is to use some known weaknesses of MSIE that allow execusion of arbitrary (?) code: * write a small
      Message 2 of 4 , Nov 3, 2001
      • 0 Attachment
        On Fri, 2 Nov 2001, Alon Altman wrote:

        > Hi,
        > I would like to make my site visitable to any browser but MSIE. To do that
        > I need to add an MSIE-only feature that will either crash the browser(best),
        > display a blank page (not that good), or annoy the user via lots of popups,
        > annoying sound, etc...

        One thing that is probably very legitimate of you to do is to use some
        known weaknesses of MSIE that allow execusion of arbitrary (?) code:

        * write a small activex componnent that issues a scary "now formatting
        your hard-disk" message
        * Use the hole that is used by the worm nimda. It was patched by MS, by I
        figure that most users never botherd updating

        > Is there any way to do this *without* depending on the user-agent field.
        > Many browsers spoof their user-agent, so I don't want to block them by
        > mistake.

        DHTML is said to be one aera where MSIE is setting its own standards. It
        is also one place where 100% CPU utilization is not a hard target.

        I saw one such annoying example recently, but I don't remember where.

        --
        Tzafrir Cohen
        mailto:tzafrir@...
        http://www.technion.ac.il/~tzafrir
      • mulix
        ... i am curious, alon, why? feel free to respond in private if you d like. ... how is this legitimate tzafrir? it s technically feasible, but does that make
        Message 3 of 4 , Nov 3, 2001
        • 0 Attachment
          On Sat, 3 Nov 2001, Tzafrir Cohen wrote:

          > On Fri, 2 Nov 2001, Alon Altman wrote:
          >
          > > Hi,
          > > I would like to make my site visitable to any browser but MSIE. To do that
          > > I need to add an MSIE-only feature that will either crash the browser(best),
          > > display a blank page (not that good), or annoy the user via lots of popups,
          > > annoying sound, etc...

          i am curious, alon, why?
          feel free to respond in private if you'd like.

          > One thing that is probably very legitimate of you to do is to use some
          > known weaknesses of MSIE that allow execusion of arbitrary (?) code:

          how is this legitimate tzafrir? it's technically feasible, but does that
          make it legitimate?

          > * write a small activex componnent that issues a scary "now formatting
          > your hard-disk" message
          > * Use the hole that is used by the worm nimda. It was patched by MS, by I
          > figure that most users never botherd updating
          >
          > > Is there any way to do this *without* depending on the user-agent field.
          > > Many browsers spoof their user-agent, so I don't want to block them by
          > > mistake.

          it can be argued that anyone who *wants* to be treated as MSIE *should*
          be treated as MSIE. unless MSIE users can also spoof their user-agent
          field, which i doubt.
          --
          mulix

          http://www.pointer.co.il/~mulix/
          http://syscalltrack.sf.net/
        • Tzafrir Cohen
          ... Note that for many people this means unaccessible . ... It is legitimate IMHO if the code itself is harmless and gives a scary warning. I consider this a
          Message 4 of 4 , Nov 3, 2001
          • 0 Attachment
            On Sat, 3 Nov 2001, mulix wrote:

            > On Sat, 3 Nov 2001, Tzafrir Cohen wrote:
            >
            > > On Fri, 2 Nov 2001, Alon Altman wrote:
            > >
            > > > Hi,
            > > > I would like to make my site visitable to any browser but MSIE.

            Note that for many people this means "unaccessible".

            > > One thing that is probably very legitimate of you to do is to use some
            > > known weaknesses of MSIE that allow execusion of arbitrary (?) code:
            >
            > how is this legitimate tzafrir? it's technically feasible, but does that
            > make it legitimate?

            It is legitimate IMHO if the code itself is harmless and gives a scary
            warning.

            I consider this a service to the user.

            --
            Tzafrir Cohen
            mailto:tzafrir@...
            http://www.technion.ac.il/~tzafrir
          Your message has been successfully submitted and would be delivered to recipients shortly.