Blink tag considered harmful


31 Responses to “Blink tag considered harmful”

  1. Stefan Jones says:

    This is the second time this week I’ve seen the blink tag in use.

    The other was Sterling’s blog. The entry has since been deblinked.

  2. Cowicide says:

    Yawn… show me the exploits in the wild? SHOW ME.. By the way, I’m running Safari 4.0.5 so I’ll be glad to try it out and have it fail.

    In the meantime:

    • SamSam says:

      Um, the point of trying to discover security exploits is to try and find them before the bad guys do.

      These kinds of exploits (assuming this is true) are at very deep levels, and most of them will never really be used. But you can bet your bottom dollar that there are people actively trying to find them. Remember the exploit posted a while back about freezing RAM in liquid nitrogen to recover their data? While no one is going to steal your grandma’s Amazon password using such a technique, undoubtedly there was suddenly a lot of scrambling at the NSA to see if they could reproduce it and if 1) they might be vulnerable to such an attack, and 2) if they could use it themselves.

      • Cowicide says:

        Um, the point of trying to discover security exploits is to try and find them before the bad guys do.

        Um, Apple already patched this a while ago. (See Safari 4.0.5)

        I don’t have anything against discovering security expliots, by the way; you hallucinated that somehow.

  3. SamSam says:

    Rob: how about adding just a few lines of jQuery to help out those of us not running Firefox? This poor Chrome user was left out of the joke… It wouldn’t take more than maybe five lines…

  4. weaponx says:

    Seizure tag unavailable for comment

  5. Anonymous says:

    And now for: “Browser Wars- part 2,357″ in the comments.

    Can I call this an example of

    “Considered harmful essays considered harmful”

  6. joelfinch says:

    This is not a genuine vulnerability – no-one would dare defile a Mac by viewing a site that used the blink tag…

    • Rob says:

      Except that Mac isn’t the only thing that uses Webkit. Konqeuror and Chrome are the first two that come to mind, as well as Safari on Windows.

  7. Anonymous says:


    Open firefox –> in the address bar “about:config” –> search “browser.blink_allowed” –> change value to “false”

  8. Anonymous says:

    @SamSam Who needs Liquid Nitrogen? A Can of Spray “Air” Will do the Trick. (It’s having the bootloader on the USB that will pick out the Decryption key from Memory thats the the Trick!

  9. dwdyer says:

    Why do browsers support such near-universally loathed, obsolete, non-standard tags? (yeah, I know IE’s situation,there was at least a strategy there) Does Webkit also support marquee?

  10. technogeek says:

    Late April Fools?

    Personally, if my firewall blocks any site that uses the blink tag, I’m OK with that…

  11. rebdav says:

    First they came for the blink tag, then they came for gopher, telnet. FTP, and port 25 were not far behind. By the time they went after hand written HTTP there were none of us left to stand up for it.

    Who misses the easy unsecure protocols of 1990 for DIY embedded gadgets and ten line programs that actually do useful stuff.

  12. Anonymous says:

    Safari 4.0.5, which fixes this, was released a few weeks ago: (and search for CVE-2010-0050). If you’re like me and allow Software Update to do its thing, no action is required.

  13. the_dannobot says:

    haha this vulnerability doesn’t affect me, I’m using Internet Explorer. I’ve always wanted to say that :)

  14. Rob Beschizza says:

    As blink tag no longer works in anything except firefox, resisting temptation to edit post to include javascript solution to ensure everyone receives equal measure of pain.

    • kaffeen says:

      Ah…Javascript. HTML5′s little partner to remake the web. Be careful what you wish for, you may blink to regret it.

  15. kaffeen says:

    There is also the genetic “virus” that is activated via this mechanism; Photosensitive Epilepsy.

  16. hicks says:

    Rob: I have the misfortune of learning today that it also works in Opera, so you’re causing pain on at least 2 or 3 percent more people than you thought.

  17. VagabondAstronomer says:

    …can’t… stop… staring…

  18. Revan343 says:

    I like the blink tag.

  19. sparkdale says:

    Man, this post makes me feel dumb. Should I be able to understand this?

    • scifijazznik says:

      I assure you that you are not alone. We may be alone, however. But it’s better to be dumb with someone than dumb by myself.

  20. kaffeen says:

    Cory is actually being very devious…there is a subliminal message in that blink that makes you hate iPads.

  21. wemgadge says:

    … but it has already been patched.

  22. arkizzle / Moderator says:

    Thank Safari, I went unaware of Cory’s dig until Rob’s comment.

    Yes, I opened up Firefox to witness your pain. Yes, I ran back to Safari immediately :)

  23. Antinous / Moderator says:

    What’s wrong with the blink tag? Next you’ll be complaining about my mullet.

  24. netsharc says:

    Wow, wasn’t the uPas (that’s the trendy spelling of “iPad”, according to iPhone’s autocorrect) recently jailbroken by an allegedly user-space exploit? Could this be it? It will be an example of… not irony… but… an ancient hideous design idea ending up being the one that destroys the protection built around a device which has one of its appeal, a beautiful modern design.

Leave a Reply