My TNG instance hasn't been hacked, although I also suspect it hasn't been targetted either as I had previously altered the search string we think the hackers have been using to find sites. It's in user test at www.maughan.ie/genealogy and is set to only allow registered users access. This version of TNG (7.x) has been pretty good so far at keeping out the mongol hordes, hence some of our concerns at this particular hackfest.
The author does know and is actively involved in looking for the root of the vulnerability, whether it be in TNG or in the sites upon which the hack targets are hosted.
"Ethically hacked" is not my choice of term (unprintable, as you would expect!) but is the term the hackers use to indicate they are not planting malware; hence my description of it as "online graffiti". I'm torn between being pleased to have a weakness identified (and hopefully soon to get it fixed) and pi$$ed off that some scrote is trying to despoil my stuff.
The hack seems to be part of a hackathon hosted out of a r a b i c DASH m DOT o r g; our particular scrote is known as s t a r 0 8 (my spaces).
The wider enquiry into hackability and pen testing is that we're wanting to extend the sites' capabilities to ecommerce, which tends to draw the scrotes like flies to poo. I've PM-ed pen tests for big ecommerce sites but don't have the budget or technical know-how to do what was done there in this instance. I know there are pen test tools out there, and I'm hoping someone will know a little more about them that I do.
Thanks for the pointer to php5; I think we are OK but I'll get onto checking it.