Here's a paper from last year's Chaos Communication Congress called "17 Mistakes Microsoft Made in the Xbox Security System." The Xbox security was cracked, allowing hackers to install non-Microsoft OSes on the machine — which makes a pretty good PC — and undemine Microsoft's business-model of locking customers into buying licensed Xbox software for the subsidized hardware.
Be aware of the fact that a combination of security flaws can lead to a successful attack. Don't think that a possible security hole (or "only" a security risk) cannot be exploited because there are so many barriers in front of it. Attackers might break all the other barriers that block the vulnerability, and fixing that one hole would have stopped them.
MechInstaller is a great example for that. It was only possible because of the combination of several security weaknesses:
* The boot process was vulnerable, so we could use a modified kernel to analyze games.
* Some games are not careful enough with savegames, so that we can run our own code.
* Games run in kernel mode, so we have full control of the hardware.
* The Dashboard does not verify the integrity of the font files.
* The Dashboard has a vulnerability in the font code.If any of these weaknesses had not been there, then MechInstaller would not have been possible. Also note that hackers have enough fantasy to find out these combinations.
(via Schneier)
