n. An online attack that attempts to disable a website by sending a specially formatted sequence of characters such as "lol" and "ha".
2011
Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data.
2009
This is called the "Billion Laughs" attack—without going too far into the nuances of XML trickery, you can see that this file has a series of ENTITY entries, each of which references and expands to the ones above it. So the file grows exponentially in memory when it is parsed, consumes CPU cycles, and mushrooms in size to eat up the memory space of its host computer.
2002 (earliest)
You can easily construct a few entities that expand to a huge result.
Depending on how your parser returns things, this may use lots of
memory or merely use up lots of cpu time. There is an example at
http://www.cogsci.ed.ac.uk/~richard/billion-laughs.xml
I don't recommend loading this file into a browser.
Depending on how your parser returns things, this may use lots of
memory or merely use up lots of cpu time. There is an example at
http://www.cogsci.ed.ac.uk/~richard/billion-laughs.xml
I don't recommend loading this file into a browser.
Two thumbs pointing skyward to Grant Barrett and Paul Ford for uncovering this term.