Here is a link to the conference paper on MashupOS as discussed in class on Wednesday, which goes into more detail on the <sandbox> and <opensandbox> elements:
Protection and Communication Abstractions for Web Browsers in MashupOS
Helen J. Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson
In Proc. of the 21st ACM Symposium on Operating Systems Principles (SOSP 2007)
The HTTP origin header that was proposed as a defense to CSRF attack has now been submitted for review to the IETF. Here is an interesting criticism to the proposed method in the IETF discussion forum:
http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/0037.html
A critical buffer overflow vulnerability has been found in Adobe reader versions and acrobat professional.
Here is the link from Adobe
http://www.adobe.com/support/security/advisories/apsa09-01.html
The patch will be made available by march 18th. Enough time for the vulnerability to be expolited effectively ? (Given the percentage of users who use pdf files )
http://bits.blogs.nytimes.com/2009/02/24/viddyho-phishing-scam-hits-gmail/
This happened with me today!
I received a offline message from my friend who is on my chat list. It was suspicious since it as a “tinyurl” and I did click on it! [i know! 
]
Anyways, the site alerted me that it was a malicious content and hence I can view it at my risk, and I did not continue.
Interesting research and results on browser patches. Link.
Here is a good source of information on various browsers vulnerabilities.
http://secunia.com/advisories/search
you can search for terms and find vulnerabilities description
for eg.
for “firefox cross site” one of the results was
http://secunia.com/advisories/33799/
which gives description on how the attacks could be done, and provides solutions if any.
the secunia.com is a security website, which tests for diff vulnerabilities and their patches also. it provides description on the vulnerabilities, and has a reasearch team to do the scanning and verifying process.
i find this website to be good source of information to know about latest browser vulnerabilities and patch works
hope this helps u too.
Computer security researcher Ed Felton, author of the first paper we read for this class, is collecting browser configuration data for a research project. You can help him with only one click in your browser:
Read more at the Freedom To Tinker blog.
Actual data collection is 2 clicks deep, so it’s ok to click the link above before deciding to participate.
from the frontpage of slashdot.org:
While we talk about drive-by-downloads, it is also interesting to read about how users are tricked into downloading malware via social engineering methods. I found the following link on slashdot.org and thought it was not only interesting, but hilarious as well!
http://isc.sans.org/diary.html?storyid=5797
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Apr | ||||||
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||