Security Tools I Wish Existed
- A way to create strongly encrypted zip files the way we can now using a secret key. (For which, 7Zip rocks. In case you didn't know.) Only the difference is, these zips would be encrypted using a public key algorithm. This would remove the need to include the secret keys in the scripts that handle the zip files. (Yes, I know that you can awkwardly bolt together 7Zip with GPG... but see the next item.)
- Public-key infrastructure made smoothly-functioning enough for home users, with interfaces that include the top web-mail providers. People have insisted to me that this is fundamentally impossible, that PKI is for some reason theoretically required to be difficult to use. But I remember the blinking 12:00 VCRs, and I see TiVo now, so I call BS on that. If Facebook, Microsoft and Google decided to roll this out together, the matter would be settled in a month.
- Truly universal two-factor authentication based on smartphone apps or grid-cards for people who don't have smartphones -- or who just don't want the privacy complications of using a smartphone for 2FA. Again, if Facebook, Microsoft and Google decided to roll this out together, the matter would be settled in a month.
- A tool that would audit the root certificates and CA signatures on a given set of systems and cross-check them against the content of news feeds. This sounds like a relatively simple plugin for Nessus.
These make me almost (almost!) feel like knocking the rust off of my developer skills and getting to it. Which one would get you motivated?