Script kiddies hit a new low over Easter, when they hacked the forum of the nonprofit Epilepsy Foundation to trigger a Javascript trojan and flash images at visitors.
There is little point lambasting whatever attention-deprived individual perpetrated it (they were lucky the consequences were not more serious) or fanning the wild conspiracy theorising. There will always be people will to do this sort of thing, and me-too copycats won’t be far behind. The important thing is to learn from this. Sadly, there is very little in the way of clear advice - and it all involves tweaking specific animation and javascript preferences. This just isn’t something you can reasonably expect all users to be able to do… and if they did, then they would quickly find a lot of sites stopped working properly. Does anyone have any recommendations here? Perhaps browser plugins that offer whitelists of sites where security has been thoroughly evaluated?
There is a full writeup on Wired. You can see the technical overview by SecurityFocus and more general advice on photosensitivity on the Epilepsy Foundation website. I also recommend this opinionated, but highly informative, post on practical measures you can take.
(Incidentally, Opera seems to have trouble working out how to wrap lines in this edit window)