Discovered by: Dan Kaminsky
Dan Kaminsky discovered that many ISPs that hijack non-existent domains to serve ads are vulnerable to cross-site scripting attacks, allowing an attacker to compromise any website on the Internet. Dan gets bonus points for using a Rickroll to demonstrate the bug.