Examples of how systems get compromised
Cracked, stollen and sniffed passwords
SSH client with a sniffer on a multi-user system:
reads user name, password and the destination host.
SSH brute force attack guesses user credentials.
Accounts with empty passwords and root privileges
World writable files and directories can be used for planting trojans.
SETUID and SETGID executables
Stack overflow attacks on vulnerable services