When security improvements backfire

Recently, when conducting an (authorized) security review at a small web hosting provider, I ended up as "root" on all their Unix systems within a matter of hours, and did not even need any l33t buffer overflow or the like. Well-meaning system administrators had tried to improve security of their servers, and had unwittingly ended up making life much easier for the bad guys.

Read the article HERE.