I'm sure that MS wants the countries to both get tough on piracy, and sign onto ACTA, so throwing them a bone by giving them the source code access makes perfect sense.
Isn't it coincidental that the Chinese intelligence who received the source code suddenly had a lot of new Windows based 0-days and used them against US companies, Google mainly?
The blackhats have the source and can look for bugs and errors that they can exploit at will. The whitehats have to guess or blindly firewall, hope that there are no remote exploits, and put a lot of resources into perimeter security.
Maybe this is just another impetus for people and companies to move to UNIX based operating systems. Even a closed source offering like HP-UX or OS X (the pieces that are not open-sourced in Darwin or elsewhere) has been around such a long time that glaring show-stopper bugs are rare, and are usually limited to local exploits. This isn't to say things are perfect, but an exploit from remote like ssh is extremely rare on the UNIX side. To boot, UNIX variants have been getting a lot better at security, having ASLR, DEP, SELinux/AppArmor security policies, and other items to limit damage and spread of compromised code.
Titanium is pretty common. The hard part with it is getting it into alloy form because it has to be smelted without oxygen present or else you get a bunch of titanium dioxide, a lit fart or two, and not much else.
This is probably another quick and anonymous method of checking the validity of a stolen card. Before, credit card thieves would run cards through gas station card readers. This worked until the readers started prompting for the ZIP code of the cardholder.
My solution? Consider either using iTunes gift cards, or if that isn't an option, put the CC info in, make purchases, then remove the information.
You at least are able to understand the scammers, who pose what they want in intelligible communications without hanging up or transferring you to another department?
This is why I have a backup program that can do complete images to an external hard disk. If something odd happens and it can be traceable to an action after a specific point in time, I just save off any changed files I might have, throw in the recovery CD, restore to that PIT, then copy the changed files back. If I had the cash, I'd spring for a continuous backup program which can monitor some files and keep them synced almost in real time.
If it is an issue that is just odd and no real definite cause that I can pin a specific time on, I just copy all my files from my home directory to the data drive, unplug that, wipe the OS drive with dd, and reinstall cleanly, making sure to back up my EFS keys and deauthorize the machine in iTunes before the reinstall.
Keeping the OS and data on separate drives is a good idea, as well as keeping backups of both drives on a backup server (not a file share, a server that runs a utility which goes out and does remote backups) will save a lot of time and ripped out hair. If malware erased all drives, the data and OS drive would be toast, but the malware almost certainly wouldn't be able to jump past that to the stored media sets on the remote machine.
What I try to recommend to all users and tell them, "if not, why not?" (if they can afford it) is to buy an external drive and a backup program like TrueImage, Retrospect, or Time Machine. This, and also have a recovery CD that is put into a place they know where it is, and won't disappear like OS media tends to with novice computer users.
If a standard voltage can't be used, how about a sense pin so the PSU can send 5 volts, 12 volts, or another standard? If the sense pin receives no signal, then send the lowest voltage so it doesn't fry any components.
I agree on the knob. This would bring many incidents of Joe Sixpack thinking it is the volume control for Jane Wine Cooler's laptop, flip it to a higher voltage and fry the machine. The few things that a user has to fiddle with that might cause immediate electric over-voltage death of a device, the better.
I'm sure Apple would come out ahead if they licensed it, like they did with IEEE1394 for 3-5 bucks a connector. The precursor of a magnetically held connector was used in existing products (Japanese hot pots), but how Apple revised it for a laptop, it is very useful.
However, unlike IEEE1394, every MagSafe connector sold to a competitor may mean one less laptop sold to them, so I can see why Apple is not licensing it.
Depends on the ATM. Here in the US, a lot of ATMs don't capture the card, but allow someone to keep sliding it through a reader. I've not entered too many wrong PINs, so I'm guessing it would cause that card to be not valid at that ATM after a number of bad guesses.
You can build PCs very inexpensively which can play games. I've also looked at PCs on special at Costco, Best Buy, even Wal-Mart. HP is good because I can pull the core specs of the machine like maximum RAM and other important things. Then, if I find a low end model which is good enough, I just max the machine's RAM, drop in a low to midrange video card, and wipe the OS (getting rid of the shovelware most PC vendors stick on.) This gets me a decent gaming box that can last a couple years without breaking the bank.
How about phones just print the dB signal loss and be done with it? A number should be far easier for someone to tell about signal strength than guessing by 0-5 bars.
To me, apps are modules of code you find on smartphones. Applets are Java based pieces of code. Applications are executables made for a general purpose computer like a Windows machine, Mac, or pSeries. Programs are a catch-all, but I tend to use the word programs for code written on a full computer OS, as opposed to a smartphone.
There is a balance between a walled garden and complete anarchy. Right now, Windows programs are such a poor quality level because they can get away with it. It is SOP in the Windows arena to ship alpha or beta code, call it a release, then fix it after launch, if ever. Most of the time, bugs end up given a "FNR", or fixed in next release status.
When Vista came out that added UAC for basic security, and the screaming of app developers whining about not being able to have all their code have Administrator privs by default, was unbelievable. In that time, Apple changed architectures and even though there was a tad of griping, it was not this hand-wringing that was observed from the Windows camp. Similar when something changes under Linux that forces program developers to change course. Similar with drivers in Vista. I know of more than one company which shipped broken drivers deliberately and pointed the finger at Microsoft when things crashed, as opposed to actually writing production quality code.
I'd like to see a compromise between the two extremes: First, applications that manage to pass a code quality review get a certificate. Second, have a rule that Authenticode-signed programs adhere to some code quality guidelines. Failure to do so gets the cert revoked. This way, programs install as normally. Finally, Other programs that don't do either of these wind up in a virtual machine, completely isolated from the main OS and the app windows they put up are clearly marked as coming from an untrusted application, similar to untrusted applets in Java's sandbox.
Microsoft has to both address being able to handle legacy code, and be able to keep a hand on lazy developers who will do the absolute minimum it takes to ship, even if means ignoring every security guideline out there. This is what virtualization is for -- Allow well behaved apps, and companies who agreed to code quality standards to install on the OS, while the legacy stuff can go play at the kiddie table in an encapsulated VM. Of course, if someone wants to drop a self signed cert in for their code as they are developing it, or a company wants to write code in-house and wants their CA to be trusted for code revisions, they can feel free to do so.
And the business of anonymous VPN providers suddenly started booming.
Already a lot of colleges do block BitTorrent or throttle it into nothingness. This isn't new. The only thing that colleges can really crack down on are two things:
1: Block all VPNs going out in dorm rooms. Of course, this will seriously tick off students who log into a remote VPN for their jobs.
2: Try to crack down on stuff like iTunes music sharing, open Web directories, and other stuff. Will the RIAA/MPAA/*AA offer to pay for the manpower to watch access logs and clamp down on people who might have an open SSL Web server? Prevent dorm room machines from communicating with each other completely? This would work, but that university better get some infrastructure improvements pronto-like, as well as start scanning constantly for wireless APs. If a college does go full police state with radio DF equipment to find ad hoc Wi-Fi cards and physical guards to search students for USB flash drives being passed around, it will drive away potential students. Is it worth it to the college to treat their students like convicted criminals and a dorm room like a min security prison?
A college doing either better be prepared for consequences, from students leaving to students finding more and more creative ways to buck the system.
First, apps, apps, apps. These make the iPhone worth getting. I want a burrito from Chipotle, I can use the app for this. I want a decent RPG to play while sitting on a bus, I grab one. I want to do some bank balances while waiting for the office vend a goat machine to cough up my order, I can download my bank's app. The apps that tie into websites I use all the time also are especially pertinent. If I played World of Warcraft, I can have a Blizzard Authenticator, and an app for buying and selling in the auction house when not online.
Second, Exchange support. iPhones can be remotely wiped, they support encryption (although it isn't perfect, it is better than nothing), and they support push E-mail. My Android phone, I had to download a third party app for so-so Exchange support, and no utility supports client certificates. Android 2.2 is better in this regard, but it would be nice to have some functionality for wiping the device if too many wrong passwords are entered.
Third, third party compatibility. An iPhone dock is available in cars, TVs, stereos, desks, computer cases, even toolchests. I can drop my device onto a new TV and happily control what is on it via a remote. Good luck finding something else for another phone or MP3 player, unless it is one of the rare units made for that model, which end up closed out fairly quickly, or have to be mail-ordered.
This isn't to say Android devices are any less functional. Android can do three things an iPhone 4 (well, until it gets jailbroken) can't. First, is run an emulator. Second, function for syncing without needing any additional software on Windows, Mac, Linux, or AIX. Third, backups are easy. The whole ROM image can be backed up using nandroid and apps can be backed up with their market data using Titanium Backup. There are even cloud backup services where if I'm really pressed, I can pull off the images to the SD card, then restore from there without ever needing to plug into a computer. Of course, being able to tether for 5 GB for free per month (until the provider clamps down to EDGE speed) doesn't hurt either.
That is an excellent solution, and arguably the best to the OP's problem printed. UDF works on Windows, OS X, Linux. Even AIX is happy with it and can write to it. So an external drive with this on it should definitely solve the problem.
TrueCrypt is probably the only block encryption system that is compatible with Mac, Linux, and Windows. I don't think it would work in the OP's case, but if I were moving sensitive data between these three platforms, I'd be using it, and a keyfile on a smart card. This way, if the drive and smart card were snatched, an attacker would have 3 guesses to guess the 20+ character on the smart card before it erased itself, then they would still have to brute force the main TC key to get access to the volume.
The funny thing is that I have had extremely good luck with HP/Compaq equipment, even their bottom end stuff. The support is "meh" at best, but if you find some of their items for a good price at Costco or another place, it might be worth getting, especially if it is DOA (or doesn't pass the burn-in test), you can return it without hassle.
These words are so true. I don't intend this to sound like Apple fanboi-ism, but there is irony that when you start looking at PCs that are workstation class machines (Dell Precision line), the Mac Pro soundly thrashes the other PC makers when it comes to price against similar models with the same specs. Try pricing a Dell, IBM, or HP with a dual core 2.26 quad-core Xeon, and the same specs that Apple ships with, and the difference is quite notable. You will also notice this with laptops, but to a lesser extent.
Its one of those strange Apple things, where at the low end, they are undercut, but when you start talking top of the line, workstation class machines, they become very competitive.
I have heard good things about that, and I think the last college I went to had that in use so the Windows boxes would be able to grok HFS+.
I say slap that on the Mac and call it done. Since it is a commercial product, if there any glitches, you can blame it on that product, so the $40 pays for some CYA.
Even that isn't really secure. If someone can spoof ANI requests, they can just keep calling until they go through all 4 digits, perhaps more digits if they feel like it. I don't think voice mail systems have a lockout/time delay if someone is trying to guess the PIN.
In reality, the best way a cellular provider could handle this would be to have the protocol (GSM, etc) have a private key on the SIM card, and when the VM system is called, do a challenge/response (signing a timestamp + nonce value for example) then allow or deny voicemail access on that. Since 4G systems are VoIP anyway, why not use SSL and client certificates and treat the SIM card as a smart card/cryptographic token, do the key exchange, then finish up with the voice based system. The authentication process would be transparent to the phone owner, but completely deny spoofing unless the attacker can factor RSA keys in real time.
Then it will just move offshore to sleazy sites in Elbonia offering to spoof IDs... then demanding more money or else they will text the spoofed ID about who was wanting to hack them.
What is needed is a two fold attack against this:
1: As the parent poster suggests, a law against spoofing caller ID to gain unauthorized access. This should fall under computer trespassing statutes.
2: A technological solution: ANI, checking ESN/IMEI codes, a private key stored on the SIM card. Perhaps the next generation of GSM should have the ability to have a RSA or ECC keypair on the SIM (or R/UIM) card and allow for signing on the card.
I'd like to see as part of the ATA spec encryption on the drive. Not just AES-256, but another algorithm like Serpent just in case AES has a weakness and gets depreciated. All SATA hard disks have the ability to set a drive password, so we should have it as part of the drive standard. Keys can be managed in a number of ways, either via a BIOS password, multiple keys (in case of enterprise recovery needs), or via a smart card/TPM chip. The upside of this method is that the encryption would then be not handled by the OS. This means Linux, Windows, BeOS, or anything on the machine would be secured regardless.
For external drives, ideally it would be nice to have a panel on the external enclosure for typing in one's PIN/passphrase. This way, should a computer be compromised and passwords obtained via a keylogger, the drive can still be secure. Or for even more security, have a USB port for smart cards. Fingerprint scanners are nice theater, but fingerprints are for usernames, not passwords. In combination with a PIN (with a system that erases the data after too many attempts) or passphrase, a fingerprint would provide decent security, but not just by itself.
What is so ironic is that smart cards can make a privacy ecosystem that is extremely useful. The core of this would be a key on the card. This would be signed with a CA from the government to "prove" it is associated with an individual.
Picture the usual age check. Except the one info on the card is "Cardholder is above age 21", and signed by the county courthouse, whose cert is signed by someone else, up the chain. This way, the club gets assurance that the user is legal to drink, but does not have to know their name, address, or birthday.
Same with needing a B. S. from an accredited university. The info can be passed, signed by the university. The university's key is signed by accrediting organizations, and those are signed by the DOE or relevant top key.
The one engineering problem:
A card by itself means you have to trust someone else's PINpad which may be logging everything. So, functionality needs to be put on the device to authorize transactions ZTIC style. How do you do that in a secure manner is going to be an issue. Fingerprint scanners might be useful, but also might be compromised by a Gummi bear. Typing a PIN might work, but someone else can see it, snatch the device.
I'm sure that MS wants the countries to both get tough on piracy, and sign onto ACTA, so throwing them a bone by giving them the source code access makes perfect sense.
Isn't it coincidental that the Chinese intelligence who received the source code suddenly had a lot of new Windows based 0-days and used them against US companies, Google mainly?
The blackhats have the source and can look for bugs and errors that they can exploit at will. The whitehats have to guess or blindly firewall, hope that there are no remote exploits, and put a lot of resources into perimeter security.
Maybe this is just another impetus for people and companies to move to UNIX based operating systems. Even a closed source offering like HP-UX or OS X (the pieces that are not open-sourced in Darwin or elsewhere) has been around such a long time that glaring show-stopper bugs are rare, and are usually limited to local exploits. This isn't to say things are perfect, but an exploit from remote like ssh is extremely rare on the UNIX side. To boot, UNIX variants have been getting a lot better at security, having ASLR, DEP, SELinux/AppArmor security policies, and other items to limit damage and spread of compromised code.
Titanium is pretty common. The hard part with it is getting it into alloy form because it has to be smelted without oxygen present or else you get a bunch of titanium dioxide, a lit fart or two, and not much else.
This is probably another quick and anonymous method of checking the validity of a stolen card. Before, credit card thieves would run cards through gas station card readers. This worked until the readers started prompting for the ZIP code of the cardholder.
My solution? Consider either using iTunes gift cards, or if that isn't an option, put the CC info in, make purchases, then remove the information.
You at least are able to understand the scammers, who pose what they want in intelligible communications without hanging up or transferring you to another department?
This is why I have a backup program that can do complete images to an external hard disk. If something odd happens and it can be traceable to an action after a specific point in time, I just save off any changed files I might have, throw in the recovery CD, restore to that PIT, then copy the changed files back. If I had the cash, I'd spring for a continuous backup program which can monitor some files and keep them synced almost in real time.
If it is an issue that is just odd and no real definite cause that I can pin a specific time on, I just copy all my files from my home directory to the data drive, unplug that, wipe the OS drive with dd, and reinstall cleanly, making sure to back up my EFS keys and deauthorize the machine in iTunes before the reinstall.
Keeping the OS and data on separate drives is a good idea, as well as keeping backups of both drives on a backup server (not a file share, a server that runs a utility which goes out and does remote backups) will save a lot of time and ripped out hair. If malware erased all drives, the data and OS drive would be toast, but the malware almost certainly wouldn't be able to jump past that to the stored media sets on the remote machine.
What I try to recommend to all users and tell them, "if not, why not?" (if they can afford it) is to buy an external drive and a backup program like TrueImage, Retrospect, or Time Machine. This, and also have a recovery CD that is put into a place they know where it is, and won't disappear like OS media tends to with novice computer users.
If a standard voltage can't be used, how about a sense pin so the PSU can send 5 volts, 12 volts, or another standard? If the sense pin receives no signal, then send the lowest voltage so it doesn't fry any components.
I agree on the knob. This would bring many incidents of Joe Sixpack thinking it is the volume control for Jane Wine Cooler's laptop, flip it to a higher voltage and fry the machine. The few things that a user has to fiddle with that might cause immediate electric over-voltage death of a device, the better.
I'm sure Apple would come out ahead if they licensed it, like they did with IEEE1394 for 3-5 bucks a connector. The precursor of a magnetically held connector was used in existing products (Japanese hot pots), but how Apple revised it for a laptop, it is very useful.
However, unlike IEEE1394, every MagSafe connector sold to a competitor may mean one less laptop sold to them, so I can see why Apple is not licensing it.
Depends on the ATM. Here in the US, a lot of ATMs don't capture the card, but allow someone to keep sliding it through a reader. I've not entered too many wrong PINs, so I'm guessing it would cause that card to be not valid at that ATM after a number of bad guesses.
You can build PCs very inexpensively which can play games. I've also looked at PCs on special at Costco, Best Buy, even Wal-Mart. HP is good because I can pull the core specs of the machine like maximum RAM and other important things. Then, if I find a low end model which is good enough, I just max the machine's RAM, drop in a low to midrange video card, and wipe the OS (getting rid of the shovelware most PC vendors stick on.) This gets me a decent gaming box that can last a couple years without breaking the bank.
How about phones just print the dB signal loss and be done with it? A number should be far easier for someone to tell about signal strength than guessing by 0-5 bars.
To me, apps are modules of code you find on smartphones. Applets are Java based pieces of code. Applications are executables made for a general purpose computer like a Windows machine, Mac, or pSeries. Programs are a catch-all, but I tend to use the word programs for code written on a full computer OS, as opposed to a smartphone.
There is a balance between a walled garden and complete anarchy. Right now, Windows programs are such a poor quality level because they can get away with it. It is SOP in the Windows arena to ship alpha or beta code, call it a release, then fix it after launch, if ever. Most of the time, bugs end up given a "FNR", or fixed in next release status.
When Vista came out that added UAC for basic security, and the screaming of app developers whining about not being able to have all their code have Administrator privs by default, was unbelievable. In that time, Apple changed architectures and even though there was a tad of griping, it was not this hand-wringing that was observed from the Windows camp. Similar when something changes under Linux that forces program developers to change course. Similar with drivers in Vista. I know of more than one company which shipped broken drivers deliberately and pointed the finger at Microsoft when things crashed, as opposed to actually writing production quality code.
I'd like to see a compromise between the two extremes: First, applications that manage to pass a code quality review get a certificate. Second, have a rule that Authenticode-signed programs adhere to some code quality guidelines. Failure to do so gets the cert revoked. This way, programs install as normally. Finally, Other programs that don't do either of these wind up in a virtual machine, completely isolated from the main OS and the app windows they put up are clearly marked as coming from an untrusted application, similar to untrusted applets in Java's sandbox.
Microsoft has to both address being able to handle legacy code, and be able to keep a hand on lazy developers who will do the absolute minimum it takes to ship, even if means ignoring every security guideline out there. This is what virtualization is for -- Allow well behaved apps, and companies who agreed to code quality standards to install on the OS, while the legacy stuff can go play at the kiddie table in an encapsulated VM. Of course, if someone wants to drop a self signed cert in for their code as they are developing it, or a company wants to write code in-house and wants their CA to be trusted for code revisions, they can feel free to do so.
And the business of anonymous VPN providers suddenly started booming.
Already a lot of colleges do block BitTorrent or throttle it into nothingness. This isn't new. The only thing that colleges can really crack down on are two things:
1: Block all VPNs going out in dorm rooms. Of course, this will seriously tick off students who log into a remote VPN for their jobs.
2: Try to crack down on stuff like iTunes music sharing, open Web directories, and other stuff. Will the RIAA/MPAA/*AA offer to pay for the manpower to watch access logs and clamp down on people who might have an open SSL Web server? Prevent dorm room machines from communicating with each other completely? This would work, but that university better get some infrastructure improvements pronto-like, as well as start scanning constantly for wireless APs. If a college does go full police state with radio DF equipment to find ad hoc Wi-Fi cards and physical guards to search students for USB flash drives being passed around, it will drive away potential students. Is it worth it to the college to treat their students like convicted criminals and a dorm room like a min security prison?
A college doing either better be prepared for consequences, from students leaving to students finding more and more creative ways to buck the system.
Three things that have sold the iPhone to me:
First, apps, apps, apps. These make the iPhone worth getting. I want a burrito from Chipotle, I can use the app for this. I want a decent RPG to play while sitting on a bus, I grab one. I want to do some bank balances while waiting for the office vend a goat machine to cough up my order, I can download my bank's app. The apps that tie into websites I use all the time also are especially pertinent. If I played World of Warcraft, I can have a Blizzard Authenticator, and an app for buying and selling in the auction house when not online.
Second, Exchange support. iPhones can be remotely wiped, they support encryption (although it isn't perfect, it is better than nothing), and they support push E-mail. My Android phone, I had to download a third party app for so-so Exchange support, and no utility supports client certificates. Android 2.2 is better in this regard, but it would be nice to have some functionality for wiping the device if too many wrong passwords are entered.
Third, third party compatibility. An iPhone dock is available in cars, TVs, stereos, desks, computer cases, even toolchests. I can drop my device onto a new TV and happily control what is on it via a remote. Good luck finding something else for another phone or MP3 player, unless it is one of the rare units made for that model, which end up closed out fairly quickly, or have to be mail-ordered.
This isn't to say Android devices are any less functional. Android can do three things an iPhone 4 (well, until it gets jailbroken) can't. First, is run an emulator. Second, function for syncing without needing any additional software on Windows, Mac, Linux, or AIX. Third, backups are easy. The whole ROM image can be backed up using nandroid and apps can be backed up with their market data using Titanium Backup. There are even cloud backup services where if I'm really pressed, I can pull off the images to the SD card, then restore from there without ever needing to plug into a computer. Of course, being able to tether for 5 GB for free per month (until the provider clamps down to EDGE speed) doesn't hurt either.
That is an excellent solution, and arguably the best to the OP's problem printed. UDF works on Windows, OS X, Linux. Even AIX is happy with it and can write to it. So an external drive with this on it should definitely solve the problem.
TrueCrypt is probably the only block encryption system that is compatible with Mac, Linux, and Windows. I don't think it would work in the OP's case, but if I were moving sensitive data between these three platforms, I'd be using it, and a keyfile on a smart card. This way, if the drive and smart card were snatched, an attacker would have 3 guesses to guess the 20+ character on the smart card before it erased itself, then they would still have to brute force the main TC key to get access to the volume.
The funny thing is that I have had extremely good luck with HP/Compaq equipment, even their bottom end stuff. The support is "meh" at best, but if you find some of their items for a good price at Costco or another place, it might be worth getting, especially if it is DOA (or doesn't pass the burn-in test), you can return it without hassle.
These words are so true. I don't intend this to sound like Apple fanboi-ism, but there is irony that when you start looking at PCs that are workstation class machines (Dell Precision line), the Mac Pro soundly thrashes the other PC makers when it comes to price against similar models with the same specs. Try pricing a Dell, IBM, or HP with a dual core 2.26 quad-core Xeon, and the same specs that Apple ships with, and the difference is quite notable. You will also notice this with laptops, but to a lesser extent.
Its one of those strange Apple things, where at the low end, they are undercut, but when you start talking top of the line, workstation class machines, they become very competitive.
I have heard good things about that, and I think the last college I went to had that in use so the Windows boxes would be able to grok HFS+.
I say slap that on the Mac and call it done. Since it is a commercial product, if there any glitches, you can blame it on that product, so the $40 pays for some CYA.
T-Mobile forces you to set a PIN, but leaves it up to you if you want it enabled when calling in on your own phone.
Even that isn't really secure. If someone can spoof ANI requests, they can just keep calling until they go through all 4 digits, perhaps more digits if they feel like it. I don't think voice mail systems have a lockout/time delay if someone is trying to guess the PIN.
In reality, the best way a cellular provider could handle this would be to have the protocol (GSM, etc) have a private key on the SIM card, and when the VM system is called, do a challenge/response (signing a timestamp + nonce value for example) then allow or deny voicemail access on that. Since 4G systems are VoIP anyway, why not use SSL and client certificates and treat the SIM card as a smart card/cryptographic token, do the key exchange, then finish up with the voice based system. The authentication process would be transparent to the phone owner, but completely deny spoofing unless the attacker can factor RSA keys in real time.
Then it will just move offshore to sleazy sites in Elbonia offering to spoof IDs... then demanding more money or else they will text the spoofed ID about who was wanting to hack them.
What is needed is a two fold attack against this:
1: As the parent poster suggests, a law against spoofing caller ID to gain unauthorized access. This should fall under computer trespassing statutes.
2: A technological solution: ANI, checking ESN/IMEI codes, a private key stored on the SIM card. Perhaps the next generation of GSM should have the ability to have a RSA or ECC keypair on the SIM (or R/UIM) card and allow for signing on the card.
I'd like to see as part of the ATA spec encryption on the drive. Not just AES-256, but another algorithm like Serpent just in case AES has a weakness and gets depreciated. All SATA hard disks have the ability to set a drive password, so we should have it as part of the drive standard. Keys can be managed in a number of ways, either via a BIOS password, multiple keys (in case of enterprise recovery needs), or via a smart card/TPM chip. The upside of this method is that the encryption would then be not handled by the OS. This means Linux, Windows, BeOS, or anything on the machine would be secured regardless.
For external drives, ideally it would be nice to have a panel on the external enclosure for typing in one's PIN/passphrase. This way, should a computer be compromised and passwords obtained via a keylogger, the drive can still be secure. Or for even more security, have a USB port for smart cards. Fingerprint scanners are nice theater, but fingerprints are for usernames, not passwords. In combination with a PIN (with a system that erases the data after too many attempts) or passphrase, a fingerprint would provide decent security, but not just by itself.
What is so ironic is that smart cards can make a privacy ecosystem that is extremely useful. The core of this would be a key on the card. This would be signed with a CA from the government to "prove" it is associated with an individual.
Picture the usual age check. Except the one info on the card is "Cardholder is above age 21", and signed by the county courthouse, whose cert is signed by someone else, up the chain. This way, the club gets assurance that the user is legal to drink, but does not have to know their name, address, or birthday.
Same with needing a B. S. from an accredited university. The info can be passed, signed by the university. The university's key is signed by accrediting organizations, and those are signed by the DOE or relevant top key.
The one engineering problem:
A card by itself means you have to trust someone else's PINpad which may be logging everything. So, functionality needs to be put on the device to authorize transactions ZTIC style. How do you do that in a secure manner is going to be an issue. Fingerprint scanners might be useful, but also might be compromised by a Gummi bear. Typing a PIN might work, but someone else can see it, snatch the device.