Here is another example of bad randomness practices that lead to pretty serious issues (something like $15000 stolen).
The interesting part, besides the bad programming practice of writing your own random function, is that the vulnerability is outside of the server. In a way, it’s similar to the “physical access” vulnerability. And even if your hoster does not have a “rescue boot” system, datacenters are not invulnerable to theft (it actually happened more than once). This is why you should use encrypted partitions for your important data, even on remote servers.
