To gain root access at this company, all an intruder had to do was ask nicely

This article describes real-world social-engineering failures during penetration tests where helpdesk staff reset executive passwords and entered caller-supplied passwords, allowing account takeover; it calls out weak verification procedures and recommends challenge-response and stricter password reset workflows to mitigate human-targeted attacks.