Give us all your money
Phishers just aren’t trying as hard as they used to: check out giveusallyourmoney.com (via Security Curve weblog)
Though the site is (I hope) a joke, when you press the submit button it takes you to a page “taketheirmoney.php” which right now spits out a nice PHP error message about not being able to open file “creditcards.txt”.
Oops… a security issue! Now we know the web server is running PHP and, since the PHP setting display_errors was left enabled, we can see physical directories on the server and what may be the username of the site owner. Very helpful to an attacker. If this site really was phishing for card numbers mistakes like this could lead to a breach! 
(There are at least four other security issues with the site, but I’m not about to list them here. See how many problems you can spot!)
And speaking of security flaws, I think fixavote is brilliant (via Schneier on Security)