> I could only imagine. The other problem is that many people seem to think I'm saying something against
> the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call
> ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's
> network. It's the machines I'm concerned with the attacks coming from those machine. Just because the
> machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against
> the machines. However, that unfortunately comes across to those who choose not to think it through as me
> saying something against the Chinese themselves.
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational,
> and to have something to rail about. In the face of the reality of China's horribly infected network, when I
I was carried away because the author used scripts (in a global script tag)
in the PoC of the issue in question which made unconditional recursion
possible.
Without scripts enabled, if iframe's src property is set to itself(?), it is
parsed upto 1 level (i.e. not recursed). Hence it doesn't affect or DoS the
latest browsers (the best I can say...).
A few other points:
1. if a links/ads or any other content-syndication provider allow unverified
javascript to be served, DoS would be the least of the concern (read: it’s
On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about. In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
The Chinese network is indeed very infected, which in turn causes the
rest of the world great computerized harm. Nobody disputes this.
The solution of blocking China, however, is one which harms both people
outside of China, as well as those inside of China. Therefore, it
