Social Engineering Still Best Way to Crack Security

This was posted on Slashdot yesterday about how relaxed most users are about security:

http://www.theregister.co.uk/content/55/30324.html

But what I’ve seen in Japan might be wierder. People are quite paranoid about giving away personal information, like passwords, (even to the sysadmins who already have it all ;)) yet see nothing wrong with sending highly sensitive data over email or ftp.

The passwords used are also dead simple, even those belonging to otherwise competent people. Recently, I received a Win2k server which was previously being used as a security gateway of some sort (can you hear the alarm bells?). It took one guess for me to login as ‘Administrator’. password.