» SFB says: Essentially, the site we used as an example has a Flash embed code (like YouTube might), but instead of linking directly to the Flash (the SWF file), because that would be really sketchy, it links to a bit.ly link that then to the sketchy site. Paulo Ordoveza, the guy who tipped us off to that, noted that he’s also seen iframe-based exploits, and the Flash one was new to him. Let’s hope Tumblr is reading. — Ernie @ SFB