So, this is my first column for EthicalHacker.net.  I'm quite excited, as I have spent a whole lot of years exploring penetration testing, vulnerability research and exploit writing, and most of the past couple of years working on exploiting people.

When I use that term, I'm not talking about how to open a third-world sweat shop.  While "human exploitation" tends to fall under the traditional heading of "social engineering," that term has been beaten to death of late. For example, the top five articles in my "social engineering" Google News RSS feed as I write this refer to phishing, social network sites, and three different products claiming to protect against all manner of malware.

Unfortunately, this isn't the type of social engineering I'm going to write about in most of these columns.  And I'm not going to talk about lock-picking, breaking into buildings, or any of the other "No Tech Hacking" type of stuff that Johnny Long and others have made famous over the past couple of years. Nope - this is going to be all about dealing face-to-face (or voice-to-voice or text-to-text) with real live people and exploiting the natural tendency to trust.