ats:
Trendy security hole of the day: "Today, we are going to show you that UPnP can be exploited across the Web without the need of XSS."
I think it's been utterly mischaracterised, though -- the bug is not that you can do nasty stuff with UPnP requests, it's that Flash animations can make arbitrary HTTP requests.
There are far more unpleasant things you can do via HTTP on our local network than tweaking the router's firewall rules...
Yet another reason not to allow Flash anywhere near machines you care about.
(Or Javascript, or any other way of executing arbitrary code from untrusted sources...)
ats: "The recruitment and training of a London Underground Train Operator as written by a London Underground Train Operator for Tubeprune."
Remarkably interesting. I didn't realise how much the job entailed; it certainly makes sense of the common complaint that tube drivers aren't paid enough.