Picking locks is amateurish because a good burglar will avoid the strongest defense when breaking in. I especially love the story of the burglar who only broke into houses with alarm systems, figuring their owners would have the best stuff.

Network security is the same thing. It doesn't matter whether the vulnerability is just enough to squeeze a finger into or big enough to drive a freight train through, a good hacker will get in equally well.

So don't sweat your home lock. For the most part, criminals don't either.

While your home may be safe from lockpickers - your business, car, safe, filing cabinet may not. Mind you visible lock or structure damage is not wanted for items of real value.

Cars with busted windows, broken locks don't get good resale value. Businesses with good doors aren't going to be circumvented by a crowbar - but a competent lockpicker will do the job - AND MORE IMPORTANTLY the business won't know the job was done in the first place. If you don't know someone opened up your keyed safe and stole your identity you won't know to protect yourself, the list is endless.

Yes, a potsmoker looking for Doritos won't bother picking the lock - but someone with more nefarious plans will.

why stoke the flames of fear?

The article ends with:

But that doesn't tell you what to do if you've got a potentially vulnerable Medeco lock. Don't count on Medeco to replace it: "When you buy a lock, you don't buy a subscription," Roberson told me. Instead, he counseled, people should visit experts and determine their security needs. Locksport enthusiast Nekrep agreed—when you see on YouTube that your lock can be broken, you should do what you've always done. Call up your local locksmith.

Any honest "security expert" would tell you that all locks are valnurable to a dedicated, competent thief. At best, you could buy a little more time with a stronger lock.

As far as businesses go, I would wager most are more concerned with meeting insurance requirements than with actual break-ins. Everything valuable should be backed-up. You do the minimum to pass an insurance audit, and then don't sweat it.

Point being, the attackers will always win. You can't prevent attacks but you can make them effectively meaningless.

"As far as businesses go, I would wager most are more concerned with meeting insurance requirements than with actual break-ins. Everything valuable should be backed-up. You do the minimum to pass an insurance audit, and then don't sweat it."

Never did R&D I take it? Worked for a computing infrastructure group? Ever had to deal with the State Department or Commerce Department.

I do and insurance may be important to the pencil pushers in the Business and HR Departments, but execs, Chief Engineers, Program Managers, and research scientists are really more interested in corporate espionage. Try passing a SOX audit with your carefree attitude - won't happen.

Your last statement is utterly absurd - why have locks in the first place, after all attackers will always win. Well gee whiz, it makes me wonder why locks were invented in the first place - probably just to keep those honest people out. After all, the only people breaking into places are honest people - but just so that they can point out how insecure your security system is. REAL crooks just break the window or kick the door in. Geeze and here I am giving in to the scaremongers at Schlage and Brinks. I bet your car doesn't even have a door lock and the ignition is push button only. After all car thieves just smash the windows and hotwire the cars.

The notion that "everything of value should be backed up anyway" ignores the realities of corporate espionage. What exactly did you think a company was going to "back up"? And for that matter, how did you think the company was going to protect those "back ups"? What did you think those tapes and drives and servers sat in a magical world beyond the reach of criminals? What exactly do YOU do with your personal information - how do you secure it?

And just exactly how can you make identity theft meaningless - you know that smash and grab pot smoker who downloaded the instruction on how to break the lock on your filing cabinet. The filing cabinet you so carefully bolted to the wall/floor so that it couldn't be forced open or carted off during the theft.

This isn't scare-mongering, it's opening your eyes to the fact that the world isn't rosy and good and not all information should be freely available to anyone without question.

All those virus scans and updates that we had to do to Windows (and Unix in the 80's for that matter) were a DIRECT result of people sharing information on how to bypass security - all in the name of "showing people how insecure their system was". What do you think I did with my spare time in college? I broke into computer systems using stolen passwords and backdoors obtained from hacker sharing sites. Every single one of those sites had the same disclaimer - "This site is intended to be used to point out security flaws in a system administrator's computer system. We are not responsible for any unlawful use of this information by third parties." And what do you think I gave as a reason for doing this - "Just seeing if I could do it. I'm not stealing anything of value" You notice that caveat at the end right?

And you somehow think downloading lockpicking information is different?

the biggest threat of corporate espionage or fraud or whatever type of theft comes from insiders. The best corporate spy isn't hacking severs from halfway around the world. The best corporate spy gets a job at his target, preferably as a sys admin. It's the same with any crime really. Victims of murder are overwhelmingly killed by people they know.

That's not to say locks aren't important. They may discourage your casual criminal. But random crimes are proportionally rare. Again, if your house gets broken into, it's more likely somebody that knows you, or that's at least studied you.

Get a stronger lock if it makes you feel better. The reality, however, is that you home didn't get much more secure, if any.