Matt Blaze, a security researcher with AT&T Labs, has found an exploit that enables almost anyone to reverse-engineer a copy of the "master key" used to unlock every door in a building. The technique has been understood within the locksmith community for years, but has been kept on the hush-hush, in a classic example of security-through-obscurity.
The technique itself is quite elegant. Armed with a key that works and a smallish supply of blank keys, an attacker modifies the original key, step-by-step, trying each "new" key against the lock. The lock bcomes an "oracle," telling the attacker whether the modified bump or notch matches the master key. While it's no surprise that master keys are insecure (one key to unlock an entire building? Hello!); Blaze's technique means that it's not necessary to steal the master key itself in order to exploit the insecurity.
The paper (eminently readable, entirely non-technical, and quite scary) is available here. A New York Times story, complete with quotes indicating that the ostrich approach to security is just as prevalent offline as on, is here.