Hopefully MS does some dupe checking on their end, otherwise this could amount to a DoS attack. Imagine spamming out the victim's URL to hundreds of thousands of Skype users and then MS flooding that URL with requests.

Interesting. I'm a USAA customer and I just loaded up the app. For security-purposes, it seems that the application requires the phone's location before it will allow a user to deposit a check. Presumably this is to combat fraud, such as detect a user in Seattle depositing a check and then the same user in Vienna attempting to deposit a check 10 minutes later. When the window asking whether I wanted to let it use my location popped up, I hit cancel and it did not let me go any further with the deposit. Unfortunately, I don't have any checks handy that I need to deposit, but I can't wait to test this out.

Now it can do what my Nokia N95 (or nearly any S60 device) has been doing for ages through Walkinghotspot

You're right about the moving parts, however I disagree about the flash memory bit. Electrical utilities deploy systems to substations, which utilize flash-based storage systems and they are sold with a 10-year warranty. Having seen devices with rotating storage fail in those environments when flash-based systems have not, I think that it's fair to say that flash memory will definitely go a long way in the reliability department.

I've been thinking of maxing out my 8 Core Mac Pro with 32GB ram, gobs of disk space and installing XenServer or Vmware ESX server and boot via rEFit. Another option I'm considering is picking up a new box altogether. I have my eye on a Dell server with 2 4x core AMD CPUs. With a 300GB disk and 32GB ram, it goes for just over $3k. Add in a few SAS drives and you're around $4k, but you have a highly capable system capable of running more VMs than you probably need.

I know it's sometimes a pain and can take time, but you might want to consider putting out an RFP for an application test. Depending on the size of your company and procurement policies, you might be required to put the job out for bid anyway. It also gives you a good idea about what's out there. Let me warn you however, that if you're only looking to satisfy an audit requirement, you're probably wasting your time, as you'll probably be force to choose the lowest bid, which will most likely provide the least value in the long run, not to mention a false sense of security. There are many things to include in the RFP, but the major points that come to mind at the moment are as follows: - Company information (size, qualifications, location (important if testing is on-site), personnel bios, insurance, etc.) - Technical Methodology (as detailed as possible) - Tools used - Reporting (make them include a sample) - References (3 professional references seem to be the norm, which should be past clients) There are many places one can place the RFP, such as magazines (SC, Infosec.), listserves (e.g., securityfocus.com) and of course you can always pick the top-10 replies to your query on slashdot and send the RFP to them. You should get at least 5-6 responses.

TSA should be forced to implement a loss prevention program at each airport. Screeners would only be permitted to inspect checked luggage in a highly monitored area. Companies like SAIC could then sell them a centralized video monitoring service to oversee the inspections and report suspicious behavior. Corporate taxes should foot the bill and then make some money back on the service.