Fellow security blogger Brian Krebs posted today about how easy and inexpensive it is for hackers to find hacked servers at Fortune 500 companies. I don't know about the rest of you, but if I was running a fortune 500 company and learned about an exposed RDP server on my internal network with no intrusion prevention or even a secure password to protect it, I would fire the person responsible on the spot and seriously look at what processes needed to be changed.
Some of the comments there thought it was probably a honeypot, but what point does it serve to put a honeypot on the internet? You want honeypots to reveal hackers who got through your defenses, not hackers you already know exist everywhere. Come on Cisco, I have put a lot of faith in you in the past!
Anyway, for those of you who don't know, if you put a server on the Internet for even a moment without defenses in place, it'll be hacked in under 30 minutes. There's an astonishing amount of "ambient hacking" going on in the US at all times.