These days, people tend to think of computer security in terms of network security. How strong are my firewall rules? Is the security good on my web application? Should I use this web site on an unsecured WiFi link? Etc. These are all valid concerns. As recent Anonymous and LulzSec efforts show, they are excellent concerns.
However, this does not mean one should ignore physical security concerns.
When hackers from penetration testing firm Netragard were hired to pierce the firewall of a customer, they knew they had their work cut out. The client specifically ruled out the use of social networks, telephones, and other social-engineering vectors, and gaining unauthorized physical access to computers was also off limits.
Deprived of the low-hanging fruit attackers typically rely on to get a toe-hold onto their target, Netragard CTO Adriel Desautels borrowed a technique straight out of a plot from Mission Impossible: He modified a popular, off-the-shelf computer mouse to include a flash drive and a powerful microcontroller that ran custom attack code that compromised whatever computer connected to it.
It's amazing what you can fit into the empty volume in an off-the-shelf rodent.
One might wonder why the client disallowed the more obvious attacks such as social engineering. Maybe the client thought those guards were really good. But that misses the point. Precisely because they are obvious they are guarded. This attack bypassed all those guards, however good they were. Or weren't.