Gregory's ServerSo for a remote attack, the attacker needs root/admin access on the system. While not fool proof, if you don't use an admin account as your regular account, you're a little bit better off now (and in general) than if you are always using root/admin.
Mind boggling and yet not surprising at all, given the state of ... well... just about everything and anything.