The Sacramento Credit Union's online banking service appears to have learned some hard lessons about SQL code-injection attacks as they apply to "secret questions":
The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words "insert," "delete," "drop," "update," "null," or "select."
My friend Danny O'Brien (or, as many services have it, Danny O\'\'\'\'\'\'\'Brien) has pointed out that millions of Irish people have a built-in PHP attack right there in their names. When I was a kid, I used to fantasize about changing my middle name to "+++ATH."
(via Making Light)