As I traveled out to San Francisco for RSA 2007 I was again struck by how, in many ways, the "real world" could use a security refresher. There are a number of examples where security researchers have exposed flaws in physical systems simply because they applied the same critical eye that they're used to using in their electronic analysis. Matt Blaze's research on master keyed locks, is one example, along with the Princeton group who found both physical and software security flaws in Diebold voting machinery. To that end, I'd like to propose my list of obvious real world security flaws: * Airport security -- Ok, this one isn't new. Christopher Soghoian found out the hard way that demonstrating this flaw in airport security isn't a good idea. He may not have gone about showing it in the best manner, but the bigger problem is that the flaw he pointed out still remains--flying out of Orlando with my wife, I talked with her (quietly and after we were already through security) about how the current ID checks were still trivially evaded. * No bed, but still breakfast -- Save money by booking the hotel without free breakfast, and just stop in to the one that does in the morning. Nobody ever actually checks id. (Please note, I'm not actually advocating this, just pointing out the lack of security). * Free wifi -- the hotel we're staying in has free wifi -- just put in your last name and room number. Sound like quality security? Only if you've never happened to overhear someone else's room while checking in. * Hacking the con -- With a little google foo and the right search terms, you might be able to find a registration qualification code to attend the expo at RSA for free. Wish I would have known that before I bought one for my wife. Not quite as much savings as a free Macworld Platinum Pass, but free's hard to knock.