Issue 17 of (IN)SECURE magazine includes Russ's article Open redirect vulnerabilities: definition and prevention on page 43.  (IN)SECURE, if you haven't already discovered, is an excellent publication and is freely available online .

June's ISSA Jounal features Russ's article, Anatomy of an XSS Attack, as its title piece. This is a unique effort written in the 1st person, as a cybercriminal, to exemplify the grave harm that can come to users and consumers when cross-site scripting (XSS) vulnerabilities are left unmitigated. With kind permission from the ISSA Journal, holistiinfosec.org is able to bring non-members the pdf copy of Anatomy of an XSS Attack. Please consider joining the ISSA today.

Russ presented Malcode Analysis Techniques for Incident Handlers at the 20th Annual FIRST Conference in Vancouver, B.C. on June 25th, 2008.  Details here. Slides here .

While conducting Internet research, Russ found himself quickly immersed in a long standing debate over the merits of (or lack thereof) McAfee's Hacker Safe seal. See all the blog entries and each video of Hacker Safe branded sites showing all the benchmarks of XSS vulnerabilities.  The most recent press release on the issue is found at The Register . The original Information Week article that broke this discovery is here, as well as some additional insight from XSSed and WhiteHat Security's Jeremiah Grossman .

Update:
Further press on the issue, including the McAfee site itself being vulnerable , and much chuckling over the rebranding from Hacker Safe to McAfee Secure. There's also a great little piece from John Sawyer on Dark Reading. Finally, Dan Goodin at The Register also took Hacker Safe/McAfee's Brett Oliphant to task regarding the fraud charges he faces.