Best of Application Security (Friday, Dec. 18)

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

• Cross-domain search timing
• HPP -- What is it, and what types of attacks does it augment?
• RockYou Hack: From Bad To Worse
• Attention security researchers! Submit your new 2009 Web Hacking Techniques
• Data collector threatens scribe who reported breach
• Akamai Implements WAF
• Why Microsoft should consider retroactively installing AdBlocking software by default
• XSS Embedded iFrames
• Testing for SSL renegotiation
• DefendTheApp - An OWASP AppSensor Project
• Easily View Hidden Facebook Photo Albums