This is a very simple wrapper for bcrypt (see: http://codahale.com/how-to-safely-store-a-password/) -- sadly it requires PHP 5.3. Maybe not so sadly because this is one of those technology fundamentals that may force those on PHP 5.2 to move the needle up a little faster.

DOMCrypt is a Firefox extension that adds 'window.crypt' to each browser window. With 'crypt', you can generate a public and private key pair, encrypt data and decrypt data. All of the encryption operations are handled by low-level NSS libraries written in C. This is not a javascript-in-content solution. (NSS handles all of the SSL operations in many modern browsers.)

"SSH reverse tunnel daemon"

ahh, gimmicky test cases are fun. this kinda thing is a real problem though.

validation and filtering library

It was only a matter of time...

Facebook and Myspace hit by what I've always assumed is a totally misunderstood system.

Currently running into this as well...

Someone's already hacked around the hack Twitter put in place to prevent the "don't click" exploit. Fun!

"A quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. The tool is somewhat related to delta, a more featured general-purpose optimizer - but is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesse"

"This document describes the use of the Origin header for mitigating cross-site request forgery (CSRF) vulnerabilities in web sites. To help sites defend against CSRF attacks, user agents send a Origin header with HTTP requests that identifies the origin that initiated the request. If the user agent cannot determine the origin, the user agents sends the value null."

"This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities."

"you _must not_ use embedded rendering controls to present the OAuth process with Yahoo! and Fire Eagle."

"Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type."

For pesky shared hosts (not mine thankfully) that don't let you place files outside of the web root

Doesn't describe a backdoor to Google - but how masking yourself as "Googlebot" will give you access to a lot of registration-only content