In October of 2006, a vulnerability in IE7 known as the “mhtml:” Redirection Information Disclosure was discovered.  RSnake wrote up a post about how nasty it was.  The basics: it took over the entire browser experience.
Fortunately, the bug was patched quickly, it required access to the web server/application (or HTTP header injection), and it only […]

Not to be outdone by Neohapsis Labs, NSS Labs also enters the fray with their blog, Security Product Testing.  Again, I think that NSS Labs (like Neohapsis Labs) has been blogging for awhile, but it has picked up more pace lately.
In the past, the TS/SCI Security blog staff were invited as guests by Martin McKeay […]

‘Lo and behold, CERT has an excellent document on Securing your web browser!  They cover IE, Firefox, and Safari — three secure references for the three most popular browsers.
The documentation and links provided are great.  I was actually surprised that they covered quite a bit of important topics and that the recommendations they gave are […]

The fine folks over at Neohapsis Labs appear to have a new blog focused on security related information.  Technically, I guess they’ve had it up since January, but the posts are more frequent now.  I just added them to my RSS feeds.
Both Mike Murray and Cris Neckar have posted some interested tidbits ranging from technical […]

In an article on the CNet Blogs, Chris Soghoian writes on Privacy: What should Google do?
Brilliant article.  A must read.
I have one question, one comment, and one look into the future.
Question: We might be able to trust Scroogle not to steal our search queries and tie them to an individual (i.e. an invasion of privacy), […]