Windows domain accounts — insecure by default?

Today, I was working on an issue at a client site. I was given a Windows domain account and a personal certificate to login to their VPN. I don’t know how the Windows domain account was created, but I’m assuming that it was nothing special.

Once I connected to VPN, I Remote Desktop’ed into the […]