zbuffered writes: "Today, Mozilla made public bug #360493, which exposes Firefox's Password Manager on many public sites. The flaw derives from Firefox's willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a myspace user's site will be unhelpfully propagated with the visitor's myspace.com credentials. It was first discovered in the wild by Netcraft on 10-27-06. As this proof-of-concept illustrates, because the username/password fields need not be visible on the page, your password can be stolen in an almost completely transparent fashion. Stopgap solutions include avoiding using Password Manager and the Master Password Timeout Firefox extension, which will at least cause a prompt before the fields are filled. However, in the original case detailed in the bug report, the phish mimicked the http://login.myspace.com/ site almost perfectly, causing many users to believe they needed to log in.
zbuffered writes: "For awhile now I've wanted to start my own weblog, but as I have nary a marketing or promotional bone in my body, I wouldn't know how to start building an audience/community. I'd be using Slashcode for the moderation system, and I think that once such a site got on it's feet that it would take off, but how do I gain that initial momentum?"