I can't get people to shut the dinky windows when I try to sleep on flights now. I hate those sleep masks. I hate flying and I am afraid of heights. For a few years now I joked about how they should make glass-bottom airplanes. I joked because it is ridiculous, just as this is.

Port 465 is for encrypted SMTP, and port 587 is for message submission. Port 25 is for server communications. No consumer grade line should allow outgoing port 25 unless you request to be white-listed and pass a technical competence test, you know, like knowing that non-business customers should not be using SMTP over port 25.

Uh, why not just block outgoing port 25? Do you have a reason for leaving it open to non-business customers?

As an IT security guy, I don't used my credit card at Target, Sears, Kmart, Walmart, Home Depot, or any of the large targets (no pun intended). I use cash at those places (and gas stations) because it is obvious they were employing on the cheap. Low paid employees+massive transactions=easy target. They are the low hanging fruit. I use my credit card at Newegg and my favorite small restaurant where I know the owner. At least if they get hacked I will get an apology. When I setup my customers/clients to accept credit cards, I fill out the mandatory PCI compliance form for them. What a joke! Half the time the never follow up, like they say they have to, and the form basically asks if you have antivirus on the computer. Can I get an audit please? Where does the tax money go?

Use fiber for everything, setup a pfsense box, set the switches to unmanaged, and use one collision domain. I suggest 10.0.0.0/8.

Not good enough. There are many:
0.0.0.0 ad.doubleclick.net
0.0.0.0 ad.uk.doubleclick.net
0.0.0.0 ad.n2434.doubleclick.net
0.0.0.0 doubleclick.net
0.0.0.0 a.doubleclick.net
0.0.0.0 b.doubleclick.net
0.0.0.0 c.doubleclick.net
0.0.0.0 d.doubleclick.net
0.0.0.0 e.doubleclick.net
0.0.0.0 h.doubleclick.net
0.0.0.0 i.doubleclick.net
0.0.0.0 j.doubleclick.net
0.0.0.0 k.doubleclick.net
0.0.0.0 l.doubleclick.net
0.0.0.0 m.doubleclick.net
0.0.0.0 n.doubleclick.net
0.0.0.0 o.doubleclick.net
0.0.0.0 p.doubleclick.net
0.0.0.0 q.doubleclick.net
0.0.0.0 r.doubleclick.net
0.0.0.0 s.doubleclick.net
0.0.0.0 ad.ar.doubleclick.net
etc...

I have been blocking doubleclick on the corporate firewall for years, and in every hosts file I come in contact with. No one ever complained, but now if they do, I have ammunition. If you serve up a web site, you should personally vouch for not only the product you are advertising, but the source of the advert as well. I blame Google for placing advertising dollars above their users (I know, they don't have users, they have sheep for fleecing).

Does EMET stop Tinba?

Why is anyone surprised about this? I've been reading articles for over a year about No-IP and the abuse that they seemingly allow. They say they are working hard to stop the malicious software plowing through their service, but obviously they are not working hard enough. No one contacted No-IP to tell them that their service was being used to spread malware?

Bullshit.

April 2013: http://labs.opendns.com/2013/0...

Sept 2013: No-IP is a preferred choice for other similar attacks for command and control infrastructure: http://threatpost.com/njw0rm-a...

Feb 2014: Even Cisco said their domains were being abusive and they posted to complain that Cisco didn't contact them. http://www.noip.com/blog/2014/...

Looks to me like they should have contacted Microsoft and asked them for help. I guess they waited too long.

For a site where I imagine everyone uses Bash to complain about a start menu missing is comical. I hated the start menu and I'm glad it's gone. I've replaced all my systems with Windows 8 ever since they added boot to desktop so I could run appliance systems. The improvements they made under the hood make my systems fly. Same with 2012. I suffer at work with multiple monitors on Windows 7 and lack of PowerShell options on Server 2008 R2. I guess I'm the only one who notices the improvements.

The police will find you guilty of something. It is their job to find you guilty of something. Do you really think anything you "DON''T" say would help a criminal get away? Again, the police will find you guilty of something.

Average Annual Pension For Cops: $58,563. They retire after 20 years.

You are oversimplifying it just a bit. It's not just small vs. big. I stopped hosting my personal web site years ago simply because it wasn't critical. That's why most companies have also done so. Providers are getting better as the market expands, but businesses will move to hosted services accordingly, not because some VP of cloud operations says so. Hell, the salesman at the BMW dealership thinks I should drive nothing else, and that I need a new one every six months! You have to consider ROI. Trading a capital expenditure for reoccurring costs can end up costing you more than you bargained for. You also have to consider that moving to the cloud while everyone else is doing it is mob mentality. If you put your ERP in the cloud and it goes down for one single day, how much do you have to pay in overtime for those employees to record everything in Excel only to have to enter it into the ERP system after hours? How does that affect moral? What if they have a VDI. Will they even have Excel? How much does the extra bandwidth cost? Did you go over the SLA with a lawyer? What if your payment is delivered 20 minutes late? Even the electric company doesn't shut you out right away. Will they raise prices? If you crunch the numbers and it works for you, great. I actually get work from companies moving from the cloud because they had no idea it would suck so bad, mostly due to bandwidth costs.

You, sir (Ol Olseoc), are what makes forums suck, as not only did you not answer the question, but you inserted you own perverted solution. That said, on an XP system you should install EMET 4.1 (http://www.microsoft.com/en-us/download/details.aspx?id=41138) for Windows XP. It will mitigate this and many other issues. You should not be running Windows XP without it, now that XP is EOL. Also, use a third party Antivirus solution like Kaspersky or NO32. And for the love of Dog, do not use Java, flash, or Adobe %products%.

That is all fine and I did purchase my Asus router (third one, among others) with Tomato or DD-WRT in mind, but free DDNS providers drop like flies and Asus' DDNS is free and reliable as long as I am using their firmware. My last DD-WRT lasted many years, but a worry-free DDNS is nice also.