Microsoft DOES charge for extended support for old products. It's called a Custom Support Agreement (CSA). I believe it's expensive, but you CAN get support for really old products.

Here's the problem: When did you last perform this analysis? If you didn't do it, when did someone else last do it? How do you know you can trust the person who claims to have last done the analysis?

Ultimately you MUST trust someone. Because all modern systems are far too complex for any one person (or team of persons) to fully understand and analyze. It would NOT be unreasonable to spread a single backdoor across multiple components (especially if the implementation of those components isn't the best documented code). Such a backdoor would be extremely difficult to find even WITH assembly and source code auditing.

Interesting. I've always used "syntactic sugar" to mean language features that are fundamentally implemented in the front end. For example C++ lambdas are effectively syntactic sugar - it's a clean syntax that wraps an anonymous class declaration (with the lambda capture values being class members and the lambda body being an "operator()" method).

Another example is C++ reference parameters - under the cover most C++ compilers implement reference parameters as pointer to type parameters and the reference parameter access is syntactic sugar for pointer indirection.

These examples are simplifications but they serve to demonstrate my thinking.

Or right click in the bottom left corner of the screen and select "command prompt" or "command prompt (admin)" (you can replace command prompt with powershell if you're so inclined). Or "Win+R cmd".

Win+R cmd works fine on XP, Vista, Win7, Win8 and Win8.1, the right click thingy works on 8.0 and 8.1.

Funny, I've always used CTRL-ALT-DEL -S, uparrow once then enter. Or mouse up instead. It's way easier than the whole charms bar thingy.

You just pushed a major hot button. Where's the evidence of massive voting fraud? Please note: I don't mean voter registration fraud - the incentives that enable voter registration drives provide a significant incentive for voter registration fraud (cf: Acorn and the recent GOP sponsored voter fraud in the 2012 election).

However in a presidential election year, there are vanishingly small numbers of in-person voter fraud. In several elections where fraud was claimed (Washington's governors race in 2004, Minnesota's senatorial race in 2008), very few actual cases of fraud were uncovered.

In the US, there is almost no evidence of in-person voter fraud. If there were, I could see a need for voter ID laws. But there isn't. So what is the point of voter ID laws? Why would politicians be sponsoring legislation to address a non-existent problem?

One theory about why voter ID laws are proposed is that voter ID laws provide a barrier to people who don't have a government sponsored ID (since you need to have a government ID to vote and getting the ID can be difficult). It turns out that the set of people without government sponsored ID tend to live in urban areas (where the need for a drivers license is ameliorated by mass transit). And guess what: Urban voters tend to vote Democratic.

How exactly does this work? If we had a monoculture (like we had with IE6), people code to the monoculture, standards be damned. If WebKit implements a standard badly, no amount of complaining by Microsoft and Mozilla will cause the WebKit folks to change their browser rendering to be compliant. And just like what happened with IE6, web developers will ignore the standard in favor of the WebKit implementation. We're ALREADY seeing this happen - webkit has sufficient market share that sites don't bother building standards compliant version of their mobile site, they just write for webkit and consider their work done.

History has shown that if you have a monoculture, standards are irrelevant - the only thing that matters is the one implementation.

According to the article, at least in the US you're required to show up at a bank in-person to create the account, which means they have a picture of you from the security cameras creating the account. Oh and you need a bunch of forms of ID to create the account.

One of the key pieces of evidence they use is that banking passwords go for pennies - if it was as easy to get the money as you say it is, the account passwords would be worth more money.

How do you do that transfer without leaving an audit trail? That's the whole point of the article - the transfer is only interesting if they can somehow break the audit trail between your bank account and their bank account.

The common method for this is to use a money mule - the money mule wires the money from your bank account to the mule's bank account. The mule then sends a money wire to the bad guy keeping 10% for themselves.
Fast forward a couple of days when you find the theft. You report it to the bank, they trace the transfer to the mule's account and remove the money from the mules account. Now the bank's reimbursed you for your money (which the federal government requires them to do), , the mule's out the money they stole and the bad guy's got the money. Effectively the bad guy has stolen from the mule, not from you.