As I was working out at the gym I had an epiphany. I work out at the gym everyday at the same time. I don’t even go to work as regularly as I go to the gym. It’s like clockwork.

Those of us that go to the gym usually go pretty regularly. I see the same people there on the same days, and at the same time. We fall into a groove. We set a pattern of working out. Patterns can be great for working out. They make sure we don’t slack off and get lazy one week.

However, can establishing patterns be bad for our own safety? What does this mean from a security standpoint? If someone followed us for a week, they could tell where we would be at a certain day and time. They would know exactly how long we would leave our home or belongings unattended.

If we always lock our work laptop or cell phone in the gym locker, this could be bad for business. An attacker would know exactly how long they had to pick the gym locker, break into our blackberry or laptop and put everything back in its place. The attacker could leave unnoticed and you would never have known you were compromised.

An attacker could wait outside your home, and wait for you to leave. They would know exactly how long they had to go through your file cabinets, home safe, desktop computers, etc. You may never even know you were compromised.

So, even us that are aware of our social patterns still put ourselves in a bad predicament. Why? Maybe the alternative is worse. Being a shut-in is not the answer either. I am not saying that you shouldn’t work out regularly. Maybe it is best to change it up a little bit though. Work out on lunch one Monday, but after work another Monday. Maybe lift and do some cardio one day, but just lift the same day the next week to make the times different. Breaking these patterns can only reduce security risks.

Now if you don’t work out, this can still affect you if you develop social patterns. For example, do you play role playing games? Do you go over to someone’s house to play these games? Do you do this on a regular schedule for several hours at a time? Is your home alone on a regular basis after dark, and for a set time period? Did your system just get owned?

Do you go to hacker meeting on a regular schedule? On the first Friday of the month at 5pm are you off at a 2600 meeting? Can an attacker count on you being there? Do they know how long you will be gone? These questions are serious safety concerns. They pose security threats to us.

You may currently feel that you are invulnerable. You may feel that no person, country, or government agency would possibly want anything to do with our information. Security by obscurity simply does not work. Any network administrator can tell you that. Physical attacks can happen in homes, and yes, ours and foreign governments do want your information. Simply by being on this forum you put yourself in the position of intriguing them. By being part of the hacker community, you open yourself to attacks because you are now known. By publishing research you make them wonder, “What is he working on that he isn’t publishing?”

You don’t need to become a wallflower and never leave the house. You will never have perfect security, and if someone really wanted your information they could send in an extraction team and you would be pretty helpless. I’m just saying to make things harder on a hostile party. Don’t give them the ability to set up anything in advance. Be a pain in the ass. Change things up. If there are things you do not wish to change, at least recognize your weaknesses in security and adjust other portions of your home security to compensate.