You are the weakest Link... goodbye!

It's pretty apparent that no matter how well you patch a system, or how well you think you've patched a system, passwords are the weakest link for the most part. Also it's interesting how there always seems to be that ONE host that is left sitting on in the darkest corners of the epic corporate empire, which is still vulnerable to that 1999 exploit lovin.

What I find truly interesting is the number of "security" professionals I run across who have some of the lamest passwords I've ever seen. While I understand how much of a pain the arse it can be to remember complex passwords, to simply use the name of your company followed by a number is irresponsible.

there is no real point to this point other than the griping you're reading, it's just something humorous I seem to run across time and time again as I am called in to assess the security posture of different organizations.

*NOTE* I know it's incredibly easy to use rainbowcrack and/or other tools of the trade, but this is made so much easier when accessing the box to pwdump or cachedumpe is made 10x easier by a weak passwords or some 1999 exploit lovin