Claiming “vanity” addresses?

I've seen a few cases where a dApp's contracts all begin with the same prefix. The last example is BitBank where all the addresses start with 0xbb . There's others but I can't recall them at the moment. But clearly there's a way to generate a private key to a somewhat predetermined address. Does anyone know how this is done? How secure is this? So say for example I want an address that starts with 0xdeadbeef. I assume that should be a lot harder than an address that's just 0xdb?