Some things will never change. We won't renumber street addresses or move survey markers. Others things could change over night. If there was an additional 1% federal tax on gasoline sold by the gallon, people would be tripping over each other setting pumps to Liters. It's all about finding a reason for the average person to care.
Maybe it's time for the operators to be licensed with mandatory education (it is a transmitter after all). The device shouldn't operate unless the operator enters their license number and the court document number authorizing the interception. A third party should audit the operational log.
I had a high end system with lots of keypads and dimmer switches. I removed it after finding out that the dimmer switches didn't get along with any LED bulbs. The only feature I really was happy with was "all lights on" triggered by the fire alarm. The furnace blower rotor locked at 2AM on a cold New Years day. It was nice to have all the lights on when I started searching for the source of the smoke.
Mail servers can be configured to not offer login unless starttls is used. That should prevent a plain text connection. That still leaves open the issue of mitm with certificates that the client shouldn't trust. Are there any email clients that lock starttls to a specific certificate or warn that the certificate suddenly changed?
The chip and pin readers at Home Depot are not enabled. I had to swipe a card that had a chip. Maybe they will install the right software.
Watch out for Ethernet over HDMI bridging one device that has network access to another that you think doesn't have access.
Citi sent me a chip card on request. I don't know if it's configured for chip/pin or signature. I've tried readers that have chip slots but I have yet to find one in the US that works. One company asked their supplier and was told the card slots were disabled.
My laptop can read the chip id but I don't want to try anything else since it might lock the card.
I asked Chase and they didn't seem to know what I was talking about. Citi was able to replace my card with a chip/pin card. Get one before you travel or you might need to leave your stuff a a restaurant while going to an ATM.
I'm sure, due to their hard work, all new computer have hardware jumpers to write protect the BIOS....
It can be used for data logging and collecting stats. An old off-the-shelf method was to use an Ethernet to 15-pin AUI module and break off the transmit pin. Today it's easier to use port mirroring if you trust the hardware.
Also, assumes that the card generates good key pairs and doesn't use some secret process that allows private key recovery from the public key. This has been done by card suppliers in the past.
As a side questions: Does any CA have a process for signing S/MIME certificates that can be generated outside of a browser?