This is my PHP Suhosin decryption tool... handy for decrypting sensitive data stored in session files / cookies. http://www.idontplaydarts.com/2011/11/decrypting-suhosin-sessions-and-cookies/
Forum: News and Links

A nice bypass for PHPCaptcha and Securimage was posted to full disclosure a few hrs ago. http://seclists.org/fulldisclosure/2011/May/417 Proof of concept code can be downloaded from http://www.senseofsecurity.com.au/advisories/SOS-11-007.zip
Forum: Robots/Spiders/CAPTCHAs, oh my

There seem to be a lot more sites starting to use MongoDB - its got a nice PECL driver which enables you to link it into PHP quite easily. Quite misleadingly a page states on the offical mongoDB site says: "Generally, with MongoDB we are not building queries from strings, so traditional SQL Injection attacks are not a problem." In PHP queries are passed in as objects. eg. $db-&g
Forum: SQL and Code Injection