Here’s a fun story. Police in Australia thought they were being mighty clever when they took over an “underground hacking forum.” (The forum is r00t-y0u.org, though it seems to be down right now.) One of the hackers on the forum then retaliated by breaking into police computers using a simple SQL injection. Security fail.
The police computer that the hacker broke into was supposed to be a honeypot, something put there so police could “trick” the hackers into exposing themselves. Unfortunately for the police, the PC ran Windows, and the hacker was able to rock a SQL injection. The police “left the MYSQL password blank.” Smart.
Of course, the police say that no “real” data was compromised in the hack.
The lesson is, of course, not to mess with script kiddies and their message boards. Or, maybe, to at least set a password every once in a while.