Dan Kaminsky's black hat presentation this year is downright scary, using well known 10 year old design oversights in browser security models he is able to get complete access through a firewall with a garden variety browser. No immediate cure in sight that doesn't break a lot of good stuff.