While looking to grab some podcasts for my commute to DC this morning, I went to check out the website for WYPR. The following image is currently their homepage:
I do not know if it will be there by the time you read this, but I find it pretty entertaining. Of course, website defacement these days is trivial, but someone forgot to patch something or shutdown an unneeded service. 
My guess would be they got in via FTP:
ftp 207.114.6.197
Connected to http://www.wypr.org.
220 vwww3 Microsoft FTP Service (Version 5.0).
and excuse me but why, why do they have FTP open to the world?!?!?!
Heh. And it looks like the anonymous account is enabled on IIS 5. Someone is going to get in a shitstorm of trouble about this.
And, really, why would you have FTP open? Close it. If you need it, put it on a separate box.
Thats whats happens when somebody brings in their nephew who ‘knows all about computers’ to set up the web site.
psychophil: So true. “I know how to setup a server. How hard is it? It looks just like Windows 95.”