I’ve had some very interesting web security discussions recently: how many rounds of various hashing algorithms should be used for modern day password storage, if response header obfuscation is pointless in a world of easy HTTP fingerprinting and some of the deficiencies in the X-Frame-Options header, to name but a few. But every now and then I see something that brings me back down to earth and reminds me of the level that requires the most attention security wise.