The last time you went to a computer industry trade show, you probably picked up a few trinkets handed out by vendors: pens, mugs, stress balls. What if a vendor offered you a handy little 1GB thumb drive if you agreed to watch a 10-minute demo? Would you take it home and use it? Heck, yeah!

What happens if that thumb drive isn't as innocent as it looks? Maybe it comes preinstalled with a Trojan horse that's going to infect your PC and send private information back to a hacker. Do you think this is far-fetched? Well, think again.

A recent article on the Dark Reading Web site discusses a situation in which a credit union asked an ethical hacking company to test its computer security practices. The consultant dropped a few USB thumb drives in conspicuous places around the building where employees would find them and access them to see what was on them.

Unknown to the employees, the security consultant had preinstalled Trojan software that would load onto the unsuspecting employees' PCs and send configuration data back to the consultant via e-mail. Of the 20 thumb drivers planted, 15 were used as intended, signaling a weak link in security practices.

The weak link, of course, is people. We're so darn trusting, naive and greedy. The bad guys know this and take advantage of it every way possible. It's called social engineering, and it's all about trust.

Social engineering is the principle behind phishing, pretexting, gimme schemes in which you seemingly get something for nothing and other methods that criminals use to gain your confidence before doing their dirty work. As technologies designed to prevent or at least detect miscreant activity improve, criminals tend to prey on the frailties of the human element.

The Art of Deception by criminal-turned-ethical-hacker Kevin Mitnick discusses how social engineering can be combined with computer hacking to wreak havoc on corporate, public and private networks. The lesson is that no matter how strong you build technology solutions to security issues, people can and do give up the keys to the kingdom without thinking about it.

Over the past year, I've looked at all kinds of security technologies - including those that block viruses, sniff packets, encrypt files, manage endpoints such as USB ports, monitor instant message discussions, test the content of data, detect malware on PCs, install patches, authenticate users, encrypt messaging sessions, analyze log files for forensic purposes, prevent zero-day exploits and create virtual spaces for browser sessions.