Seeing the Apache vuln thread I wondered if others are also interested in security talk ?
I am deeply into the "reverse engineering with a goal" method of thinking, and generally that goal is to get visitors to a site to do something for me. The biggest hurdle to this is normally the cross domain policies that are in force for Ajax style comms.
On that note, and to start discussions off, I wonder if any of you have played with the old (partially patched) mhtml: flaw in IE and if so your thoughts with it ?
Ask one of your IE using visitors to get that page for you
And to keep Perk scared, IPhones' and other Safari based browsers aren't much better !