One of the mantras I can often be found muttering is one that warns against becoming too obsessed with highly complicated and involved breached of software or network security.

Yes, a sophisticated and highly technical attack can yield results, but also needs someone clever to orchestrate it, and someone like that can be difficult to get hold of, and will probably hack you too, and make off with your data as well as the actual target's - the attack can also take a long time to put in place.

Much better to make a low-level, simple incursion, reduce your exposure and keep it simple so that you are hard to notice, and avoid drawing attention to yourself.

I always recall one of the earliest stories showing this in action, where a company showed how tight its computer system security was - and was so busy patting itself on the back and congratulating itself because it believed it had thwarted a network attack intended to break into its system, that it failed to notice the expert hired to test the system had actually launched only a dummy attack on the network, and had actually stolen the required data simply by conning his way through the door and getting access to a desktop, where he download the data onto a floppy disk (it was a while ago, but still true).

The following two articles show how one of America's most sophisticated weapons in the conflicts in Iraq, Afghanistan and Pakistan, the unmanned drone, has been successfully penetrated by insurgents using software available on the internet for $26 (£16):

US drones hacked by Iraqi insurgents | World news | guardian.co.uk

SkyGrabber: the $26 software used by insurgents to hack into US drones | Technology | guardian.co.uk

They talk down the significance, and it is true that further info would be needed to make the feeds truly useful, but the moral of story is still that one should not forget the simple stuff when considering security.

After all, the simplest way to breach the most sophisticated security is simply to walk in through an open door someone has forgotten to close.

I used to work for IBM, and we sometimes had the problem that someone went off sick or on holiday and no-one could get into their files. A quick look on their desk usually got their password - often on a post-it note stuck to the top pull-out writing desk. Or it was their name, or employee number.

I've heard that the most common password is Fred - because it's very quick and easy to type one-handed.

Most hacking is like this - human hacknig, not computer hacking. Computer security systems, if set up properly, are basically impregnable - it's the humans who are always the weak link.