Pretty fascinating attack on a Time.com poll last spring.  Also includes some hacks against reCaptcha (now a Google company).

Google's OAuth documentation.

Quoted: Last Friday was a hot day in Sebastopol, California. Eran Hammer-Lahav rolled into town hours after finding out that there was a security hole in his pet project ...

Description of the Session Fixation attack on OAuth.

Quoted: There is a pretty good story behind this. That is, how we found and managed the OAuth protocol security threat identified last week. In many ways, the story is much more important and interesting than the actual technical details of...

Excellent article on Twitter security and scalability, with references to tools and libraries currently in use.

Use a cross-site json call to twitter to see if the current user is logged in to twitter.

http://twitter.com/statuses/user_timeline?count=1&callback=checkLoggedIn&suppress_response_codes

Result (for me) is:

checkLoggedIn([{"user":{"description":"Faves.com, StartPad.org","url":"http:\/\/Go2.me\/user\/mckoss","name":"Mike Koss","followers_count":129,"profile_image_url":"http:\/\/s3.amazonaws.com\/twitter_production\/profile_images\/67343605\/picture_full_normal.png","protected":false,"screen_name":"mckoss","location":"Seattle","id":1115651},"in_reply_to_status_id":1110427918,"in_reply_to_user_id":13540302,"truncated":false,"favorited":false,"created_at":"Sun Jan 11 05:33:53 +0000 2009","in_reply_to_screen_name":"satyenc","text":"@satyenc Well done!","id":1110476597,"source":"web"}]);

Just listened to the recent Security Now podcast with an interview of the (Israeli) Sandboxie developer. This sounds like an amazing security tool.

You can run any program in a sandbox. It will have full access to a snapshot of your current machine state, but CANNOT change it (all modifications are cached in a per-program sandbox).

So you can run programs that could potentially be malicious (or annoying), w/o compromising your system.

Throw IE or Firefox in a sandbox and you can download exe's and activeX controls w/o worrying if they can trash your system!

You can also inspect all the attempted modifcations that the sandboxed programs are trying to make - great for analyzing what program installations are attempting to do on your system before trusting them.

Licensed version is $30 (22 Euro) and can be used forever and on all machines you own.

Quoted: Sandboxie - Sandbox security software for Windows. Install and run programs in a virtual sandbox environment without writing to the hard drive.

Interesting one-time use password hardware device (from Security Now).

Quoted: Yubico, The makers of the YubiKey