Information Week has an article this morning about a group of web pages in a server farm getting hacked via SQL Injection. I belive they were all Microsoft SQL Server boxes that got hacked. WTF Chuck? Protecting your site against SQL Injections is web site security 101. Now 70,000 pages is virtually zero when it comes to how many pages are on the web so the attack was relatively nothing (except to the people who own them I guess) but damn. Someone fell asleep at the wheel. If you aren't doing input validation - you're wrong. I would do a little run down of how to do input validation but the 41%43%45%20%54%65%61%6d from http://blogs.msdn.com/hackers/ have just finished a great series doing just that with .NET sites:
If you are doing ASP.NET development - check 'em out or you might find yourself in an obscure article linked to from a newsletter I subscribe to. 
web development