A company can spend hundreds of thousands of dollars on firewalls, intrusion detection systems and encryption and other security technologies, but if an attacker can call one trusted person within the company, and that person complies, and if the attacker gets in, then all that money spent on technology is essentially wasted.

Should we fear hackers? Intention is at the heart of this discussion.

Social engineers veil themselves in a cloak of believability.

You can't go to Windows Update and get a patch for stupidity.

Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.

New security loopholes are constantly popping up because of wireless networking. The cat-and-mouse game between hackers and system administrators is still in full swing.

You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.