Many a times we talk about vulnerabilities, exploitations and other specific issues that cause an would be attacker to be successful in breaking into systems. But looking at the different varieties of attacks and other specific payloads used for the break in at the end of the day, it has always been a brute force or a social engineering attack that benefits the maximum, at least from the attackers point of view. All the recent XSS attacks like the one against Apache, JIRA are all because of the fundamental weakness - Humans - As long as we have people handling certain activities and ways of doing things, these kind of breaks would continue and go on for a long time. Many say two factor solves the issue, but have in my experience found so many two factor fobs having their primary username password scribbled or hanging on the fob. How useful that is. The purpose of the two factor can be easily defeated and again it is the indefat...
Ramble on everything and anything that fancies my imagination