Blog Features Video BBS Twitter Facebook Tumblr

Blink tag considered harmful

Cory Doctorow at 5:20 am Thu, Apr 8, 2010

ADVERTISE AT BOING BOING!

SHARE TWEET STUMBLE COMMENTS
The blink tag will destroy your computer:
The specific flaw exists due to a failure to unregister a callback pointer during the destruction of a particular type of element when embedded inside a 'blink' container. The application dereferences the original resource which can can be leveraged by an attacker to execute arbitrary code under the context of the current user.
Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
Previously:
  • 3*TYPE text leaps out at you
Discuss

31 Responses to “Blink tag considered harmful”

  1. Stefan Jones says:
    April 8, 2010 at 9:59 am

    This is the second time this week I’ve seen the blink tag in use.

    The other was Sterling’s blog. The entry has since been deblinked.

    Reply
  2. Cowicide says:
    April 8, 2010 at 11:03 am

    Yawn… show me the exploits in the wild? SHOW ME.. By the way, I’m running Safari 4.0.5 so I’ll be glad to try it out and have it fail.

    In the meantime:
    http://www.theregister.co.uk/2010/03/09/internet_explorer_attacks/

    Reply
    • SamSam says:
      April 8, 2010 at 11:24 am

      Um, the point of trying to discover security exploits is to try and find them before the bad guys do.

      These kinds of exploits (assuming this is true) are at very deep levels, and most of them will never really be used. But you can bet your bottom dollar that there are people actively trying to find them. Remember the exploit posted a while back about freezing RAM in liquid nitrogen to recover their data? While no one is going to steal your grandma’s Amazon password using such a technique, undoubtedly there was suddenly a lot of scrambling at the NSA to see if they could reproduce it and if 1) they might be vulnerable to such an attack, and 2) if they could use it themselves.

      Reply
      • Cowicide says:
        April 10, 2010 at 3:21 pm

        Um, the point of trying to discover security exploits is to try and find them before the bad guys do.

        Um, Apple already patched this a while ago. (See Safari 4.0.5)

        I don’t have anything against discovering security expliots, by the way; you hallucinated that somehow.

        Reply
  3. SamSam says:
    April 8, 2010 at 11:17 am

    Rob: how about adding just a few lines of jQuery to help out those of us not running Firefox? This poor Chrome user was left out of the joke… It wouldn’t take more than maybe five lines…

    Reply
  4. weaponx says:
    April 8, 2010 at 5:27 am

    Seizure tag unavailable for comment

    Reply
  5. Anonymous says:
    April 8, 2010 at 11:19 am

    And now for: “Browser Wars- part 2,357″ in the comments.

    Can I call this an example of

    “Considered harmful essays considered harmful”

    http://meyerweb.com/eric/comment/chech.html

    Reply
  6. joelfinch says:
    April 8, 2010 at 5:38 am

    This is not a genuine vulnerability – no-one would dare defile a Mac by viewing a site that used the blink tag…

    Reply
    • Rob says:
      April 8, 2010 at 10:26 am

      Except that Mac isn’t the only thing that uses Webkit. Konqeuror and Chrome are the first two that come to mind, as well as Safari on Windows.

      Reply
  7. Anonymous says:
    April 8, 2010 at 11:32 am

    FYI:

    Open firefox –> in the address bar “about:config” –> search “browser.blink_allowed” –> change value to “false”

    Reply
  8. Anonymous says:
    April 9, 2010 at 6:36 am

    @SamSam Who needs Liquid Nitrogen? A Can of Spray “Air” Will do the Trick. (It’s having the bootloader on the USB that will pick out the Decryption key from Memory thats the the Trick!

    Reply
  9. dwdyer says:
    April 8, 2010 at 7:06 am

    Why do browsers support such near-universally loathed, obsolete, non-standard tags? (yeah, I know IE’s situation,there was at least a strategy there) Does Webkit also support marquee?

    Reply
  10. technogeek says:
    April 8, 2010 at 7:08 am

    Late April Fools?

    Personally, if my firewall blocks any site that uses the blink tag, I’m OK with that…

    Reply
  11. rebdav says:
    April 8, 2010 at 7:24 am

    First they came for the blink tag, then they came for gopher, telnet. FTP, and port 25 were not far behind. By the time they went after hand written HTTP there were none of us left to stand up for it.

    Who misses the easy unsecure protocols of 1990 for DIY embedded gadgets and ten line programs that actually do useful stuff.

    Reply
  12. Anonymous says:
    April 8, 2010 at 7:27 am

    Safari 4.0.5, which fixes this, was released a few weeks ago: http://support.apple.com/kb/HT4070 (and search for CVE-2010-0050). If you’re like me and allow Software Update to do its thing, no action is required.

    Reply
  13. the_dannobot says:
    April 8, 2010 at 7:28 am

    haha this vulnerability doesn’t affect me, I’m using Internet Explorer. I’ve always wanted to say that :)

    Reply
  14. Rob Beschizza says:
    April 8, 2010 at 7:37 am

    As blink tag no longer works in anything except firefox, resisting temptation to edit post to include javascript solution to ensure everyone receives equal measure of pain.

    Reply
    • kaffeen says:
      April 8, 2010 at 8:51 am

      Ah…Javascript. HTML5’s little partner to remake the web. Be careful what you wish for, you may blink to regret it.

      Reply
  15. kaffeen says:
    April 8, 2010 at 7:39 am

    There is also the genetic “virus” that is activated via this mechanism; Photosensitive Epilepsy.

    Reply
  16. hicks says:
    April 8, 2010 at 7:50 am

    Rob: I have the misfortune of learning today that it also works in Opera, so you’re causing pain on at least 2 or 3 percent more people than you thought.

    Reply
  17. VagabondAstronomer says:
    April 8, 2010 at 7:52 am

    …can’t… stop… staring…

    Reply
  18. Revan343 says:
    April 8, 2010 at 4:06 pm

    I like the blink tag.

    Reply
  19. sparkdale says:
    April 8, 2010 at 8:12 am

    Man, this post makes me feel dumb. Should I be able to understand this?

    Reply
    • scifijazznik says:
      April 8, 2010 at 10:08 am

      I assure you that you are not alone. We may be alone, however. But it’s better to be dumb with someone than dumb by myself.

      Reply
  20. kaffeen says:
    April 8, 2010 at 8:15 am

    Cory is actually being very devious…there is a subliminal message in that blink that makes you hate iPads.

    Reply
  21. wemgadge says:
    April 8, 2010 at 8:35 am

    … but it has already been patched. http://support.apple.com/kb/HT4070

    Reply
  22. arkizzle / Moderator says:
    April 8, 2010 at 8:35 am

    Thank Safari, I went unaware of Cory’s dig until Rob’s comment.

    Yes, I opened up Firefox to witness your pain. Yes, I ran back to Safari immediately :)

    Reply
  23. Antinous / Moderator says:
    April 8, 2010 at 1:18 pm

    What’s wrong with the blink tag? Next you’ll be complaining about my mullet.

    Reply
    • Ipo says:
      March 13, 2011 at 6:29 am

      Mullets were used to sodomise adulterers as punishment in Ancient Greece.
      From Wikipedia.

      Reply
    • thebelgianpanda says:
      April 8, 2010 at 4:07 pm

      I hope others will join me in a pledge to never, ever complain about or mock your mullet.

      Reply
  24. netsharc says:
    April 8, 2010 at 8:39 am

    Wow, wasn’t the uPas (that’s the trendy spelling of “iPad”, according to iPhone’s autocorrect) recently jailbroken by an allegedly user-space exploit? Could this be it? It will be an example of… not irony… but… an ancient hideous design idea ending up being the one that destroys the protection built around a device which has one of its appeal, a beautiful modern design.

    Reply

Leave a Reply

Click here to cancel reply.

Read more at Boing Boing

Leonard Maltin's 151 Best Movies You've Never Seen

A multicellular organism that lives without oxygen

Evolutionary Psychology Bingo

ADVERTISEMENT
About Us Contact Advertise Privacy TOS • Facebook Twitter RSS Email