Re: Innocent Code Prize for Best Post on WebAppSec

["Sverre H. Huseby" <shh () thathost com>]

This is a reply to Mark Curphey's post [1] on 2004-02-16.  In case you
didn't see it: For a few (semi-) weeks I give a copy of my book [2] to
authors of webappsec-posts I like (not that I think they need it, but
anyway... :) ).

Karmendra Kohli has written a nice text called "Stealing passwords via
browser refresh" [3], which was announced [4] to this mailing list on
2004-03-15.  I like the paper, because it gives a good description of
an often-seen problem.

A book will be sent as soon as I get Karmendra's address.


Sverre.


1 <200402161618.LAA20125 () arkroyal cnchost com>
  http://www.securityfocus.com/archive/107/353996/2004-02-12/2004-02-18/0

2 http://innocentcode.thathost.com/

3 http://www.paladion.net/papers/Stealing_passwords_via_browser_refresh.pdf

4 <612icoFDn7200S03.1079327019 () uwdvg003 cms usa net>
  http://www.securityfocus.com/archive/107/357433/2004-03-15/2004-03-21/0

-- 
shh () thathost com               My web security book: Innocent Code
http://shh.thathost.com/       http://innocentcode.thathost.com/