So Medeco Locks, often cited as the unpickable-in-practice lock, can be picked. Not just picked, bump keyed. I guess that’s sad if you’re Medeco, though I suspect that in their heart of hearts, they know as well as I do that lockpicking thieves are rarely the high-probability threat.
I don’t know if there are vendors out there calling their solution the “Medeco of internet security” but I suppose they’ll want to stop, if so. The nice thing, though, is that the whole fracas is a delicious example of General Security Maxim #6:
If your product is unbreakable, you are wrong. Also, here comes the breaking.
If you suffer from this tendency to overstate security claims, I’ve created a motivational poster to help you remember.