Just in case you weren't concerned enough about security with all this fancy Web 2.0 stuff. Short story, if there is an authenticated cookie on your machine for a site, it's pretty darn easy for a third party to send blind GET requests posing as you to various websites.
Mp3 of the podcast or text/pdf of the transcript here: http://www.grc.com/securitynow.htm#166 Moral of the story, manually log out of websites which you don't want people getting access to in your name (like banks, eBay, and Paypal). Adblockers that block images also provide some protection, but the CSRF Protector add-on for Firefox is a better solution: https://addons.mozilla.org/en-US/firefox/addon/8996 --------------------------- Brian Weeden Technical Consultant Secure World Foundation <http://www.secureworldfoundtion.org> +1 (514) 466-2756 Canada +1 (202) 683-8534 US