The whole Web seems like it's disintegrating, securitywise.
Heartbleed Ebay Avast Office Gameover Zeus Eset
Of course we don't know the full lowdown on most of these yet, but we do know that Heartbleed is a buffer over-read, basically a C programming language weakness, and Gameover Zeus is basically propagated by user spoofing. It's my guess that most of the others were either SQL code injections (highly likely) or Javascript XSS.
It strikes me that there is a need for a drastic overhaul of the whole software coding scene; If Windows XP is frowned on as insecure, then so should be SQL, in fact it is far older and has infinitely worse security issues than WinXP. Likewise, application programmers should be discouraged from using C or C++ with their inherent buffer overflow vulns. Until we get these two sorted out, the hackings will continue.
The irony of it is that even before the Internet era there were plenty application and database languages that didn't have these issues. It seems like the choices made in the early days were the absolute worst ones possible from a security standpoint. The choice of C for early 8086 machines is understandable in that its poor security was unimportant on a standalone PC, and it gave the fastest perfromance bar assembly code. But, the choice of SQL for content-managed websites was totally inexcusable. By that era the need for security was apparent, and the unsuitability of a language which doesn't understand variables and thus has to take its input as mixed commands and literals (where the literals may themselves be malicious commands) should have been obvious.
Dropping these two flawed coding tools will be a painful process with the amount of library code based on them, but IMHO it has to be done if users are ever to have confidence in online apps.