In this issue they owned quite a few hacking and information security websites:
mitnicksecurity.com (Kevin Mitnick)
0×000000.com (Ronald van den Heetkamp)
doxpara.com (Dan Kaminsky)
perlmonks.org (Perl Monks)
elitehackers.com/info (EliteHackers)
binrev.com (Binary revolution)
invisiblethingslab.com (Joanna Rutkowska)
and more…

Also in this issue, ZF0 version of the Pwnie awards, which is quite funny. Congratulation to xorl, one of my favorite security blogs for winning the best blog category, read his speech on Full-Disclosure.

I’d like to clarify that I don’t support this group or their actions what so ever, they got really nasty is this one. But still, I recommend you read it.

It wasn’t that hard :P

This is the mail I got from them:

Hello,

While going through our records recently, we found that your AdSense
account has posed a significant risk to our AdWords advertisers. Since
keeping your account in our publisher network may financially damage our
advertisers in the future, we’ve decided to disable your account.

Please understand that we consider this a necessary step to protect the
interests of both our advertisers and our other AdSense publishers. We
realize the inconvenience this may cause you, and we thank you in advance
for your understanding and cooperation.

If you have any questions about your account or the actions we’ve taken,
please do not reply to this email. You can find more information by
visiting
https://www.google.com/adsense/support/bin/answer.py?answer=57153.

Sincerely,

The Google AdSense Team

Sincerely my ass, that’s just fucked up! I wish you all drop dead :-)

Update: they’ve fixed the XSS vulnerability. You know I tried notifying them in advance, but after about 15 minutes searching for an email address for bug reporting with no luck, I’ve decided to publish it here.
Make your homework Twitter guys.

Dear attendee,

First of all thanks for attending Google Developer Day yesterday, we hope you found it useful. Unfortunately, we need to let you know about an incident which took place during the conference which you may need to take precautionary action on.

We identified unauthorised activity on the public wired Ethernet network which was provided by the convention centre for conference attendees to access the Internet. This may have affected a limited number of attendees accessing websites and online applications through the wired Ethernet connection. We have no evidence so far to suggest that the wireless network also provided at the event, and which was used by most attendees, was affected.

Due to the unauthorised activity, there is a chance that if you used the wired network, any user name and password entered to access a website may have been put at risk. When trying to access a secure website (a website using https), you may have received an alert indicating that the page had an invalid security certificate. In any case, we advise users as a precaution to change the passwords for any websites or services they accessed through the wired connection during the conference.

We’re really sorry that this has happened but we believe that the vast majority of attendees won’t have been affected by this incident. In the meantime, we look forward to seeing you at future events very soon.

The Google Developer Day Team

Sounds like a typical man-in-the-middle using ARP poisoning technique.
In my opinion, that’s really irresponsible from Google, risking their event visitors with unsecured LANs. There was tons of developers at the convention and the information at stake here is sensitive.
Hope they do good next year, I also strongly recommend changing routers and switches default passwords when setting up a network for the convention ;-)

See also an article at Calcalist web site (Hebrew).