Black Hat 2007 has come and gone but ZDNet covers a highlight and sends a great warning.

Hamster plus Hotspot equals Web 2.0 meltdown! by ZDNet’s George Ou — Robert Graham (CEO Errata Security) gave his Web 2.0 hijacking presentation to a packed audience at Black Hat 2007 today. The audience erupted with applause and laughter when Graham used his tools to hijack someone’s Gmail account during an unscripted demo. The victim in this case was using a typical unprotected Wi-Fi Hotspot […]

A hot button item in web development the past couple of years has been security. Vendors seem to be implementing the network stack in a fairly secure manner these days, so the popular attack vector has been applications. If developers aren’t taught how to develop securely then it doesn’t matter how well they do the rest of their job.

If you don’t want your web site to involuntarily become an ad for <insert pharmaceutical here> then you want to make sure your web developers know how to code in a secure manner. If you think we are just being overly paranoid then check out this link that we found in a story over at the ISC (Internet Storm Center) . Remember, it’s only funny until it happens to you.

Use this Google Search for a list of vulnerable sites.