How does one protect themselves against such attacks?
Turning off such capabilities will render many, if not most, web sites unusable. Turning on and off as necessary will make your browsing unusable for even the most patient user.
If you're running Firefox, there's an add-on you can get called NoScript which makes it pretty easy to manage which sites are allowed to run scripts and which sites are not. I've been using this for a few weeks now and while it was a little tedious at first (each time I went to a new site that used such scripts they would start out blocked and I would have to enable them with a simple click on the notice bar). I could choose to enable all scripts on the page (if I was lazy) or just certain scripts from certain parties that I trusted. I could enable the scripts permanently for sites I visited often, or only enable them temporarily for a site that I was just visiting as the result of some search.
This model makes it much less likely that I'll be surprised by some hidden script on a page that I pull up as the result of a Google search.
A very positive side effect is that those flash adds that I hate so much, are also blocked! Yeah!
I definitely recommend NoScript and what's really cool is that it's free as well.