Ssl

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html explains Marsh Ray’s attack in details, pls patch to fix the TLS protocol

http://fscked.org/blog/fully-automated-active-https-cookie-hijacking a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as “secure” so they only delivered via https. Otherwise bad ppl can hijack them.

http://research.swtch.com/2008/05/lessons-from-debianopenssl-fiasco.html good explanation of debian openssl bug. worth reading if programming is what u do for a living