Today Ed Felten and I (Bill Zeller) are announcing four previously unpublished Cross-Site Request Forgery (CSRF) vulnerabilities. We've described these attacks in detail in a technical report titled Cross-Site Request Forgeries: Exploitation and Prevention.

(tags: xss xsrf security web request papers paper)

Bill Zeller and Ed Felten have an interesting paper, "Cross-Site Request Forgeries: Exploitation and Prevention" (PDF), that looks at exploiting the implicit authentication in browsers to take actions on the user's behalf using img tags or Javascript.

(tags: paper security web csrf)

How can you make your users feel like they’re kicking ass? That’s the secret behind many great products. In this presentation, Kathy outlines how you can get there.

(tags: community presentation fowa 2008 web best-practices)

I started writing some Erlang recently. The vast majority of data I need to access from Erlang resides in cached, serialized php objects. Here’s what I came up with to turn a serialized php object into a sort of nested Erlang proplist thing.

(tags: php erlang article cache)

In this series I will detail what I found out empirically about how mochiweb performs with lots of open connections, and show how to build a comet application using mochiweb, where each mochiweb connection is registered with a router which dispatches messages to various users.

(tags: tutorial server scaling scalability mochiweb erlang performance comet)