KeePass for your PC (runs fine with Mono under Fedora/RedHat-ish distros) + KeePassDroid for your Android device(s) + Rsync 4 Android to sync it (or just manually pop the memory card in to transfer it).

I have a different KeePass Database file for Personal (high-security items) and Work. I wouldn't trust Dropbox to move the file around as some propose. If you absolutely insist on using an insecure transport like Dropbox, at least add the Key File method when you generate your databases and transport the Key File OOB (not via Dropbox).

I hear from a co-worker that KeeFox is a nice Firefox + KeePass integration. I may move all my low-security sites' passwords to another KeePass database if this works well so that I could also have all of them available on my phone.

For now, I use SyncPlaces (stored to a local file) + Dropbox to keep my low-security sites' passwords and bookmarks synced (as they change and are added to very often).

Banks can be service providers as well. I know for a fact that Wells Fargo is. Perhaps a different unit of Wells Fargo from their core banking unit, but still Wells Fargo, a bank.

That is incorrect. With External Registrar (PIN) method nothing has to be done on the router and it is all done remote. Per the paper, External Registrar (PIN) is a required feature for all WPS-certified devices. (Note, it doesn't have to be enabled by default, but that wouldn't be user friendly, would it?).

Two flaws:
1. The WPS access point should not NACK the PIN before the entire PIN is transmitted. This cut the amount of guesses down from 100,000,000 (10^8) to 11,000 (10^4 + 10^3).
2. Most access points don't block further authentication after failures. Because of this you can test all 11,000 PINs in less than 4 hours on most models.

User fix:
Disable WPS External Registrar PIN. If that is not an option, demand your vendor release new firmware (see vendor fix below). If that is not an option, replace your wireless device.

Vendor fix:
Block further authentication for Z minutes after X attempts. The paper has a nice table showing the maximum attack time given different variables for Z and X.

This is incorrect. Look at the paper. It states WPS has three methods:
Push-button-connect
PIN - Internal Registrar (web interface)
PIN - External Registrar (PIN)

Default on the Buffalo WHR-HP-G300N I just reviewed is to have External Registrar (PIN) enabled.

The paper further states that if a device is WPS certified then it must have the External Registrar (PIN). To make it "user friendly" it will be enabled by default. Hopefully your devices have the ability to disable it.

Side note: trust no wireless. Best method is to put the wireless in a DMZ and VPN/encrypt all traffic, so even if the wireless is compromized you're still safe. If you restrict all traffic to just DNS and VPN to your device, then would-be freeloaders will just move on even if they found your PIN as they cannot get anywhere.

Hmm Radical Breeze's Illumination Software Creator seems to fit the bill pretty good. They even have a couple Hello World examples posted.

Hmm, how do you know and prove it is one nation vs. another or just some independent citizens? Take Stuxnet - was it Israel, the CIA, someone else? Is sabotage an act of war? Seems to me that cyberwarfare is in some ways like gorilla warfare with an unseen enemy. If I set up a remote system in Canada to route my control traffic through before hitting another system in the US and attack China from there, what then? Same with China - there are plenty of places one can get a legitimate and illegitimate account on a server and from there attack Japan, the US, etc.

If it's that critical anyway, why is it connected to the Internet in the first place? Why no air gap?

Except when your uber-important report or presentation or project or whatever is lost and when your laptop goes belly-up and you want to waste IT's time to try and recover it.

Yeah, the problem is these folks want all the freedom and none of the responsibility for maintaining their own gear.

How about when there is a lawsuit and all emails, IMs, etc., must be collected? Do you really want your personal laptop being inventoried for all of this? I think not. There is a good reason for a line between business and personal.

Some of the best ideas and designs start on napkins. Might have been research/think time.

If I'm solving a problem for a customer in the shower, should I not bill for that time if I'm getting results (especially when I'm holding down two jobs, and my personal time is where I fit my second job)? Granted, I shouldn't be able to bill for all my shower time, but time specifically devoted to a customer, sure, it's legit.

I do some of my best thinking while sleeping (and prepping before going to bed) and usually piece it together in the shower. I just can't get much think time once I'm taking the kids to school or getting interrupted at my day job or in the evening until the kids get to bed.

If I want to write it down while at lunch on a napkin, that's totally billable. Granted, I only do so in quarter hour chunks and I keep accurate time.

Further, there is nothing wrong with double or even triple billing (beyond that, and I think you're going to be kidding yourself at your multitasking skills). Take for instance patching VoIP servers back Cisco CallManagers ran on Windows 2000 and required tons of reboots for the OS, SQL, CCM app, Security Agent, etc. Say I know it is going to take 1 hour to do the patching, and another 15 minutes prior going through my check lists, and 15 minutes post to verify everything is good. So if I have 3 customers that I'm going to patch in one night, so I do it serially or in parallel? I'm going to do it in parallel and triple bill some of that time. I start first pre-patching checklist, then patching. Then I do the second per-patching check-list, and patching. Finally I start the third pre-patching checklist, and patching. Time for a quick bathroom break and then time to start the post-patching check of customer 1, then 2, then 3. Sure, if I run into a snag with one customer I have to pause all the billing for the other customers, but that's on me, and it's also why we have redundant systems.

Yeah, that's how to do it. Customers each get billed 1.5 hours. Takes me 2 hours to do it total, I bill 4.5. Everyone gets what they asked for, I'm efficient with my time, win win.

Now, billing >24 hours in a day, that would take some gravitational time dilation, and even then I think it's only on the order of seconds, not hours more per day.

"[T]he company noted that Adobe Reader X Protected Mode and Acrobat X Protected View offer some mitigation against the exploit."

I'm guessing that while the bug exists in X, it is not exploitable, or at least there is no code in the wild that is able to exploit it.

Ditto to what another commented regarding a work connection not being for your own personal amusement. As one of those IT Department folks, I tell folks so surf from their phone and/or tether and bring their own personal laptop to surf from. I don't care how you use your time, that's not my job, and you could just as easily be reading a book or on the phone all day taking bets. From a security standpoint, where staff surf with work PCs exposes my network, which is why I'm strict. Yes, we've got many layers of security (blacklists, botnet lists, malware lists, dns filters, url filters, ids, anti-virus/malware), but I still see stuff hitting the 3rd and 4th layers, and it is rather disconcerting.

Further, some of it has to do with a finite amount of bandwidth. While we have a large amount of bandwidth, it's not for unlimited personal surfing. Folks were peeved and complaining to the Help Desk today (cyber Monday) when they were getting blocked constantly from personal sites - see we limit bandwidth when we're near 75% utilization, because there are people actually trying to get work done (who are happy that we do this). An increase in personal surfing with video or large-content-heavy stuff shouldn't cause my Internet pipes to need to be upgraded.

They can challenge it in court, but I'm doubt there will be any such challenge as they know it's a slam dunk with the domain caught red-handed selling counterfeit goods but passing them off as real.

Newsflash, most (all?) of the gTLDs are run by US countries. Therefore they are under US jurisdiction.

Speaking of NAS - dedupe is a great benefit. Previously one would use NFS to mount common binaries and libraries between systems from a common server. Now, with a NAS, instead of having to maintain an identical binary/library to use on all these systems, the NAS can dedupe where ever all the identical blocks (especially when a file only changes say 1%), and great storage savings can be found.

Don't buy support, just buy timely updates.

Self-support Subscription (1 year) $349

Although, I would suggest buying support for at least one set of systems in your test environment. That way you can get RH support and resolve any issues there.

Not disagreeing, but I would point out that the CentOS CR repo has been pushing security updates found in EL6.1. So while CentOS 6.1 as a full release is behind 250 days, the updates are still flowing, just delayed. For instance, Firefox 3.6.23, shipped for RHN 28 Sep 2011 vs. CentOS CR repo on 06 Oct 2011. 8 day delay - much better than CentOS had been at for a while.

On the other hand the Apache webserver, httpd, was delayed a far longer amount:
06 Oct 2011 vs 21 Oct 2011 - ouch.

To me, a 1-3 week delay for an internal-only server/service is acceptable. For something Internet-facing, totally unacceptable.