Something the past few days that has been irking me and seems to be a growing trend in the security space are comments like this:
“This attack is irrelevant because doing Y is cheaper/easier”
You are right. If I were an attacker I would try the simplest method first. If that fails do I go home and watch My Little Pony reruns because I could not telnet to your server with a blank password? No, I try increasingly more complex attacks until I get in.
Security is Security. Just because someone can set the data center on fire does not mean you should not secure the machines within it.