SetUID: Get root access by “breaking suid programs, such as
passwd (local access required)
Passwords: Poor passwords can easily be compromised with
Permissions: Get root access by sending very large packet to
older imapd mail servers (Many)
Network: Too many services (inetd.conf), poor access control
Practices: Root to too many people. ‘Bad’ software undetected.