If someone was expecting one of two outcomes, they could have done the math on both of them. If I make this trade what can I win. They placed the trade not knowing the outcome. But they had a cancel order (or reverse order) ready to go. If the news was not what they expected, they could have canceled it with minimal losses. Buying a lot of gold and the market doing nothing on the FED's news would mean that they could sell it back without much market shift.

I know this is what happened because I did stay at a Holiday Inn Express last night.

If people are looking for pirating sites, I would expect them to show up at the top of the rankings. Because if I was searching for [artist] [track] download, I am not looking for amazon.com.

What Google has done is reduced when these sites would show up when you were looking for legitimate sites. Just like they reduced the adult content you see unless you are looking for adult content. It's not Google's job to police what people search for, just to make sure they find what they are looking for.

While I don't see MS porting full office to apple/android, I do see them building a very slick VDI client. Office on a tablet will end up as a vdi session to a private cloud server. It may sound crazy, but its the smart thing to do. It allows Microsoft to leverage all the existing tablets that everyone already has entering the corporate environment. They can support more devices quicker and extend the life of older tablets. The tablets 3 years from now will blow away today's tablets, but if its a VDI client then that wont matter.

Tablets are too personalized and a nightmare for IT security. But what if you could connect to a work desktop and get all your work apps in a way that makes IT feels good about it. Yet, allow the individual to keep personalized apps. I think this is why Windows 8 has such a tablet feel to it. Windows 7 already does a good job under VDI, and I expect Win8 to do so much better.

This would definitely be a corporate IT strategy that is in sync with the MS push of VDI and Private cloud that we see MS timing with the Win8 release. Home users are another story.

I would find that is a perfect opportunity for security to practice protocol. Do everything except report it to the authorities. Even do the data loss analysis.

In the case where the doors were locked, hunt everyone down that had a key and question them. Track each breach down.

I would love to attempt stuff like this at work.

I think its just the opposite. They didn't tell them to let the students steal the laptops, they let them know in advance that if they catch someone taking the laptop that it may be legit. Just by mentioning this would have made it harder because laptop theft would be on the security teams mind making it easier to spot.

I will gladly type the password if they provide me with the yellow sticky note that I wrote it down on. I have too many passwords to remember, why should this one be any different. Like anyone can actually remember a password.

Why, Why are laws a thing you can buy?

That's the most important rule of thumb. Don't even trust your own client code.

Make definite security boundaries. Draw a circle, label it data. Draw a circle around that circle, label it prepared statements. Keep drawing circle adding layers for each security boundary so you have something like this.

Data-> prepared statements -> firewall -> web server -> business logic -> user state management -> browser -> client side code -> user input

Each layer needs to validate everything. Let each layer assume that the protected layer in front of it is missing. It just does not exists. One common issue is having only the client side code validate the user input. I love to modify client side code to bypass validation just to see what breaks. If its HTML, there are so many ways to do that.

There is a huge difference though. It is true that you should not trust any clients. But many people make incorrect assumptions.

They think that when you are working internally, there is a very small number of clients that can possible connect to it. The odds of a hacker getting onto your network are small. So of course it's secure, it's on a server behind a firewall. Opening an application to the internet strips those security blankets away.

To be honest, I think we all do a little of that too. We do what we can to write secure code internally. But we hesitate a little every time we think it may end up open to the wile. I see it as a scary door to open. We can't be 100% confident that we thought of everything, just like we can't be 100% confident that its bug free. It never is. A good student in the art of code should always seek to find more ways to secure public facing applications.

Pick long words that are easy for you to remember.

Pick your state or town, full work phone, and favorite monopoly property(or first pet, author, or street).
Orlando5558242222NewYork

That phone number will feel a little awkward to type at first, but try using the number pad. Before you know it, you fingers will type it faster than you can say it. That number adds 10 extra characters that you can remember with out thinking about.

My method has slowly evolved over the years. I grew up on a crappy dial up connection out in the country. Our ISP gave us a generated strong password. Our connection would constantly drop and I would have to enter that password in several times a night. I kept that password and slowly morphed it over time. It kept getting stronger and stronger with every evolution. I did this with 2 passwords. One for secure stuff and one for everything else.

Then not too long ago, I discovered rainbow tables. Pre-generated LM password hashes. My passwords were not in the free tables, but they would be in one of the more detailed collections. Then I started doubling my short passwords by typing them twice. Instant 16 char passwords that were easy to remember and type. Sometimes I would mix it up and use 2 of my old 8 char passwords together. I would think password1 then password2 and type them just as fast.

More recently with smartphones and now tablets, my passwords were just a monster to enter in. One password was lnnLllnnlnnLllnn where l = lower, n = number, L = upper. A total pain when you also have to swap from numbers to letter on the key pad. My current passwords are much simpler, very fast and easy to enter, and even longer than before.

One of the passwords that I just cycled out contained 2 swype-able (dictionary) words and a full 10 digit phone number. My short one was 19 character, easy to remember, and super fast to type on my computer and moble device. Entering the password is much more natural. I can swype on my moble and bounce over to the number pad on my desktop. I work in IT constantly get comments of shock from users when they see me enter my long passwords on systems.

I do reuse passwords on sites more often then I would like to admit. I treat my email as the master password. With that, all other accounts can be reset. I have my financial password, my work password, my social password, and then everything else password. That everything else password is used on all accounts that I don't care about or don't impact me financially. The everything else password never gets changed. I will usually take 3 guesses at a password on a site. If its not my current one, previous one, or the everything password. I then request a password reset and set it to the everything password.

I never know what to put for a password hint on the sites that ask.