[DallasMike]

He's call up a secretary and pose as a salespuke who needed access for something, and basically bullsh!t a password out of him/her. Social Engineering can be an art form all its own, but it is not really 'hacking' in the negative sense.

I used to code software for a IT security company. Despite all of the arguments about the quality of Windows versus Linux etc., most real security exploits have nothing to do with things like patches but rather with things like careless passwords and disgruntled employees. If I were the CIO for a big company with sensitive information, patching opersating systems would be way down on my list of how to protect the data.

[adam_az]

"If I were the CIO for a big company with sensitive information, patching opersating systems would be way down on my list of how to protect the data."

That's kinda silly. Platform bugs are the easiest to fix. Just get a decent multi platform patch management system in place and keep stuff up to daye.

Unpatched boxes are childs play to own. Literally. Go look at "Metasploit" to see why.

[N3WBI3]

If I were the CIO for a big company with sensitive information, patching opersating systems would be way down on my list of how to protect the data.

Except that patching is low hanging fruit..