The current contents of the address bar are our only god.Really. There is nothing else: browsers do not have any other universal, reliable content origin indicator, and no way to predict where you will be taken next. People who do not understand this, or who do not understand the URL syntax, will suffer....
Vulnerability trading markets and you
There is something interesting going on in the security industry: we are witnessing the rapid emergence of vulnerability trading markets. Perhaps hundreds of security researchers now routinely sell exploits to intermediaries for an easy profit (anywhere from $1,000 to $50,000), instead of the more usual...
Responsibilities in vulnerability disclosure
The debate around responsible disclosure is as old as the security industry itself, and unlikely to be settled any time soon. Tellingly, both sides of the debate claim to be driven by the same motive - to keep users safe. Yet, both accuse the opponent of saying so under false pretenses: vendors and...