Did you know how easy it is for someone to obtain passwords and other sensitive information from your computers? All they have to do is gain physical access to your machines and run LSADump2 on them. And if your computer belongs to a domain then you’re domain is in trouble! Even passwords used by system services are accessible by dumping LSA secrets like this. Yikes!
What does this tell us? If you don’t have *physical* security for your machines, you don’t have *any* security. Sure, long passphrases will slow an attacker down, but if they can gain access to a domain machine and run a password cracking tool on it, you’re domain is 0wn3d and you better start updating your resume!
Review the physical security of your network today and make sure you’re doing everything you can to protect your information assets!