Re: These hackers are monsters!!
"...it didn't matter if his code was vulnerable to it because the browser would protect him."
A classic case of Douglas Adams's Someone Else's Problem Field:
The Somebody Else's Problem field is much simpler and more effective, and what's more can be run for over a hundred years on a single torch battery. This is because it relies on people's natural disposition not to see anything they don't want to, weren't expecting, or can't explain.
1) They don't want to see it, because it would involve more work, time, expense, etc., and it would probably need to be justified to the PHB & co.
2) They weren't expecting it, because they were relying on the browser (which was likely coded with similar SEP attributes).
3) They can't explain it, because of 1 and 2 ....
Sometimes I think it's an insidious plot to keep maintenance programmers and security/AV firms in business, and growing....
On the other hand, if companies can spend so much time and $$ on trainings for SOX (Sarbanes-Oxley) and "keeping company infos secret", they can certainly (or at least SHOULD) be able to afford a class or two on information security (for the users) and safe coding practices ("hey, where are you going with that buffer")...hmm...combine the two....safe SOX for programmers....might at least improve signup rates...
It would be nice to have an updated version of "The Elements of Programming Style" (by Kernighan and Plauger) for all developers (and their managers) to study. "The Elements of Style" (Strunk and White) would also be useful, especially for those tasked with documenting said programs/code/what-have-you.
Do it right; don't do it twice....