Binary Options Strategies •

A trans person's measured take on the trans sports issue

So first of all this post was inspired by GGExMachina's brief statement on the issue:
For example, it is objectively the case that biological men have a physical advantage over women. Yet if someone points this out and suggests that transgender people shouldn’t be allowed to fight in women’s UFC, or women’s soccer or weightlifting competitions or whatever, suddenly you’re some kind of evil monster. Rather than saying that of course trans people shouldn’t be bullied and that we could perhaps have a trans olympics (like the Paralympics and Special Olympics), we are expected to lie.
I've found that this position is incredibly popular among liberals/left-leaning people, especially here on reddit. It seems like, once or twice a month, like clockwork, a thread stating more or less the same thing on /unpopularopinion or /offmychest will get thousands of upvotes. And while I completely understand the thought process that leads otherwise left-leaning people to come to such conclusions, I feel like the issue has been, broadly speaking, dishonestly presented to the general public by a mixture of bad-faith actors and people who have succumbed to the moral panic. And, as I've seen, there are plenty of people in this subreddit and elsewhere who are itching to be as supportive as they possibly can to the trans community but find themselves becoming very disillusioned by this particular issue. By making this post I hope to present a more nuanced take on the issue, not only in regards to my personal beliefs on what kinds of policies are best to preserve fairness in women's sports but also in regards to shining a light on how this issue is often times dishonestly presented in an attempt to impede the progression of pro-trans sentiments in the cultural zeitgeist.

Sex & Gender

The word "transgender" is an umbrella term that refers to people whose gender identities differ from those typically associated with the sex they were assigned at birth. According to the 2015 U.S. Transgender Survey, the approximate composition of "the trans community" in the United States is 29% Transgender men (Female-to-Male), 33% Transgender women (Male-to-Female), and 35% non-binary. (The remaining 3% were survey respondents who self-identified as "crossdressers", who were still included in the survey on the grounds of being gender non-conforming)
While non-binary people, as a group, are probably deserving of their own separate post. the focus of this post will be on trans men and trans women. I will also be primarily focusing on transgender people who pursue medical transition with Hormone-Replacement-Therapy, as they are most relevant to the issue of sports. (Mind that while the majority of binary trans people fit into this camp, there is a sizable minority of trans people who do not feel the need to medically transition.)
What do trans people believe about Gender?
The views of transgender people in regards to Gender are actually pretty varied, although the most prominent positions that I've personally seen are best summed up into two different camps:
  1. The "Trans-Medical" camp
Transgender people who fall into this camp usually consider Gender Dysphoria to be the defining factor of what makes somebody trans. The best way I can describe this camp is that they sort of view being transgender akin to being intersex. Only whereas an intersex person would be born with a disorder that affects the body, a trans person is born with a disorder that affects the brain. Trans people in this camp often times put an emphasis on a clinical course for treatment. For example, a person goes to a psychologist, gets diagnosed with gender dysphoria, starts hormone replacement therapy, pursues surgery, then emerges from this process of either cured of the gender dysphoria or, at the very least, treated to the fullest extent of medical intervention. This position is more or less the original position held by trans activists, back in the day when the word "transsexual" was used instead of "transgender". Though many younger trans people, notably YouTuber Blaire White, also hold this position. Under this position, sex and gender are still quite intertwined, but a trans man can still be considered a man, and a trans woman a woman, under the belief that sex/gender doesn't just refer to chromosomal sex and reproductive organs, but also to neurobiology, genitalia, and secondary sex characteristics. So someone who is transgender, according to this view, is born with the physical characteristics of one sex/gender but the neurobiology of another, and will change their physical characteristics, to the fullest extent medically possible, to match the neurobiology and therefore cure the individual of gender dysphoria.
Critics of this position argue that this mentality is problematic due to being inherently exclusive to transgender people who do not pursue medical transition, whom are often times deemed as "transtrenders" by people within this camp. Many people find it additionally problematic because it is also inherently exclusive to poorer trans people, particularly those in developing nations, who may not have access to trans-related medical care. Note that there are plenty of trans people who *do* have access to medical transition, but nevertheless feel as if the trans community shouldn't gatekeep people who cannot afford or do not desire medical transition, thus believing in the latter camp.
  1. The "Gender Identity" camp
I feel like this camp is the one most popularly criticized by people on the right, but is also probably the most mainstream. It is the viewpoint held by many more left-wing trans people, (Note that in the aforementioned 2015 survey, only 1% of trans respondents voted Republican, so trans people are largely a pretty left-wing group, therefore it makes sense that this position would be the most mainstream) but also notably held by American Psychological Association, the American Psychiatric Association, GLAAD, and other mainstream health organizations and activist groups.
While people in this camp still acknowledge that medical transition to treat gender dysphoria can still be a very important aspect of the transgender experience, it's believed that the *defining* experience is simply having a gender identity different from the one they were assigned at birth. "Gender identity" simply being the internal, personal sense of being a man, a woman, or outside the gender binary.
Many people in this camp, though, still often maintain that gender identity is (at least partially) neurobiological, but differ from the first camp in regards to acknowledging that the issue is less black & white than an individual simply having a "male brain" or a "female brain", but rather that the neurological characteristics associated with gender exist on more of a spectrum, thus leaving the door open to gender non-conforming people who do not identify as trans, as well as to non-binary people. This is where the "gender is a spectrum" phrase comes from.
"52 genders" is a popular right-wing meme that makes fun of this viewpoint, however it is important to note that many trans and non-binary people disagree with the idea of quantifying gender identity to such an absurd amount of individual genders, rather more simply maintaining that there are men, women, and a small portion of people in-between, with a few words such as "agender" or "genderqueer" being used to describe specific identities/presentations within this category.
It's also noteworthy that not all people in this camp believe that neurobiology is the be-all-end-all of gender identity, as many believe that the performativity of gender also plays an integral role in one's identity. (That gender identity is a mixture of neurobiology and performativity is a position held by YouTuber Contrapoints)
Trans people and biological sex
So while the aforementioned "Gender Identity" viewpoint has become quite popularized among liberals and leftists, I have noticed a certain rhetorical mentality/assumption become prevalent alongside it, especially among cisgender people who consider themselves trans-allies:
"Sex and Gender are different. A trans woman is a woman who is biologically male. A trans man is a man who is biologically female"
When "Sex" is defined by someone's chromosomes, or the sex organs they were born with, this is correct. However, there is a pretty good reason why the trans community tends to prefer terms like "Assigned Male at Birth" rather than "Biologically Male". This is done not only for the inclusion of people who are both intersex and transgender (For example, someone can be born intersex but assigned male based on the existence of a penis or micropenis), but also due to the aforementioned viewpoint on divergent neurobiology being the cause for gender dysphoria. Those reasons are why the word "Assigned" is used. But the reason why it's "Assigned Male/Female At Birth" instead of just "Assigned Male/Female" is because among the trans community there exists an understanding of the mutability of sexually dimorphic biology that the general population is often ignorant to. For example, often times people (especially older folks) don't even know of the existence of Hormone Replacement Therapy, and simply assume that trans people get a single "sex change operation" that, (for a trans woman) would just entail the removal of the penis and getting breast implants. Therefore they imagine the process to be "medically sculpting a male to look female" instead of a more natural biological process of switching the endocrine system form male to female or vice versa and letting the body change over the course of multiple years. It doesn't help that, for a lot of older trans people (namely Caitlyn Jenner, who is probably the most high profile trans person sadly), the body can be a lot more resistant to change even with hormones so they *do* need to rely on plastic surgery a lot more to get obvious results)
So what sexually dimorphic bodily characteristics can one expect to change from Hormone Replacement Therapy?
(Note that there is a surprising lack of studies done on some of the more intricate changes that HRT can, so I've put a "*" next to the changes that are anecdotal, but still commonly and universally observed enough among trans people [including myself for the MTF stuff] to consider factual. I've also put a "✝" next to the changes that only occur when people transition before or during puberty)
Male to Female:
Female to Male:
For the sake of visual representation, here are a couple of images from /transtimelines to demonstrate these changes in adult transitioners (I've specifically chosen athletic individuals to best demonstrate muscular changes)
https://preview.redd.it/ntw333p9sbty.jpg?width=640&crop=smart&auto=webp&s=5fe779757dfc4a5dc56566ff648d337c59fbe5cb
https://www.reddit.com/transtimelines/comments/dpca0f/3_years_on_vitamin_t/
Additionally, here's a picture of celebrity Kim Petras who transitioned before male puberty, in case you were wondering what "female pubescent skeletal development" looks like in a trans woman:
https://cdn2.thelineofbestfit.com/images/made/images/remote/https_cdn2.thelineofbestfit.com/portraits/kim_petras_burakcingi01_1107_1661_90.jpg

How does this relate to sports?

Often times, when the whole "transgender people in sports" discussion arises, a logical error is made when *all* transgender people are assumed to be "biologically" their birth sex. For example, when talking about trans women participating in female sports, these instances will be referred to as cases of "Biological males competing against females".
As mentioned before, calling a trans woman "biologically male" strictly in regards to chromosomes or sex organs at birth would be correct. However, not only can it be considered derogatory (the word "male" is colloquially a shorthand for "man", after all), but there are many instances where calling a post-HRT transgender person "biologically [sex assigned at birth]" is downright misleading.
For example, hospitals have, given transgender patients improper or erroneous medical care by assuming treatment based on birth sex where treatment based on their current endocrinological sex would have been more adequate.
Acute Clinical Care of Transgender Patients: A Review
Conclusions and relevance: Clinicians should learn how to engage with transgender patients, appreciate that unique anatomy or the use of gender-affirming hormones may affect the prevalence of certain disease (eg, cardiovascular disease, venous thromboembolism, and osteoporosis), and be prepared to manage specific issues, including those related to hormone therapy. Health care facilities should work toward providing inclusive systems of care that correctly identify and integrate information about transgender patients into the electronic health record, account for the unique needs of these patients within the facility, and through education and policy create a welcoming environment for their care.
Some hosptials have taken to labeling the biological sex of transgender patients as "MTF" (for post-HRT trans women) and "FTM" (for post-HRT trans men), which is a much more medically useful identifier compared to their sex assigned at birth.
In regards to the sports discussion, I've seen *multiple threads* where redditors have backed up their opinions on the subject of trans people in sports with studies demonstrating that cis men are, on average, more athletically capable than cis women. Which I personally find to be a pathetic misunderstanding of the entire issue.
Because we're not supposed to be comparing the athletic capabilities of natal males to natal females, here. We're supposed to comparing the athletic capabilities of *post-HRT male-to-females* to natal females. And, if we're going to really have a fact-based discussion on the matter, we need to have separate categories for pre-pubescent and post-pubescent transitioners. Since, as mentioned earlier, the former will likely have different skeletal characteristics compared to the latter.
The current International Olympic Committee (IOC) model for trans participation, and criticisms of said model
(I quoted the specific guidelines from the International Cycling Union, but similar guidelines exist for all Olympic sports)
Elite Competition
At elite competition levels, members may have the opportunity to represent the United States and participate in international competition. They may therefore be subject to the policies and regulations of the International Cycling Union (UCI) and International Olympic Committee (IOC). USA Cycling therefore follows the IOC guidelines on transgender athletes at these elite competition levels. For purposes of this policy, international competition means competition sanctioned by the UCI or competition taking place outside the United States in which USA Cycling’s competition rules do not apply.
The IOC revised its guidelines on transgender athlete participation in 2015, to focus on hormone levels and medical monitoring. The main points of the guidelines are:
Those who transition from female to male are eligible to compete in the male category without restriction. It is the responsibility of athletes to be aware of current WADA/USADA policies and file for appropriate therapeutic use exemptions.
Those who transition from male to female are eligible to compete in the female category under the following conditions:
The athlete has declared that her gender identity is female. The declaration cannot be changed, for sporting purposes, for a minimum of four years.
The athlete must demonstrate that her total testosterone level in serum has been below 10 nmol/L for at least 12 months prior to her first competition (with the requirement for any longer period to be based on a confidential case-by-case evaluation, considering whether or not 12 months is a sufficient length of time to minimize any advantage in women’s competition).
The athlete's total testosterone level in serum must remain below 10 nmol/L throughout the period of desired eligibility to compete in the female category.
Compliance with these conditions may be monitored by random or for-cause testing. In the event of non-compliance, the athlete’s eligibility for female competition will be suspended for 12 months.
Valid criticisms of the IOC model are usually based on the fact that, even though hormone replacement therapy provokes changes to muscle mass, it does *not* shrink the size of someone's skeleton or cardiovascular system. Therefore an adult-transitioned trans woman could, even after losing all levels of male-typical muscle mass, still have an advantage in certain sports if she had an excessively large skeletal frame, and was participating in a sport where such a thing would be advantageous.
Additionally, the guidelines only require that athletes be able to demonstrate having had female hormone levels for 12-24 months, which isn't necessarily long enough to completely lose musculature gained from training on testosterone (anecdotally it can take 2-4 years to completely lose male-typical muscle mass) So the IOC guidelines don't have any safeguard against, for example, a trans woman training with testosterone as the dominant hormone in her body, and then taking hormones for the bare minimum time period and still having some of the advantage left.
Note that, while lower level sports have had (to the glee of right-wing publications sensationalizing the issue) instances of this exact thing happening, in the 16 years since these IOC guidelines were established, not a single transgender individual has won an Olympic medal
Also note that none of the above criticisms of the IOC policy would apply in regards to the participation of pre-pubescent-transitioned trans women. After all, male-pubescent bone structure and cardiovascular size, and male-typical muscle levels, can't possibly exist if you never went through male puberty to begin with.
What could better guidelines entail, to best preserve fairness in female sports while avoiding succumbing to anti-trans moral panic?
In my personal opinion, sports leagues should pick one of the three above options depending on what best fits the nature of the sport and the eliteness of the competition. For example, extremely competitive contact sports might be better off going with the first option, but an aerobic sport such as marathon running would probably be fine with the third option.

How this issue has been misrepresented by The Right

I'll use Joe Rogan as an example of this last thing:
She calls herself a woman but... I tend to disagree. And, uh, she, um... she used to be a man but now she has had, she's a transgender which is (the) official term that means you've gone through it, right? And she wants to be able to fight women in MMA. I say no f***ing way.
I say if you had a dick at one point in time, you also have all the bone structure that comes with having a dick. You have bigger hands, you have bigger shoulder joints. You're a f***ing man. That's a man, OK? You can't have... that's... I don't care if you don't have a dick any more...
If you want to be a woman in the bedroom and you know you want to play house and all of that other s*** and you feel like you have, your body is really a woman's body trapped inside a man's frame and so you got a operation, that's all good in the hood. But you can't fight chicks. Get the f*** out of here. You're out of your mind. You need to fight men, you know? Period. You need to fight men your size because you're a man. You're a man without a dick.
I'm not trying to discriminate against women in any way, shape, or form and I'm a big supporter of women's fighting. I loved watching that Ronda Rousey/Liz Carmouche fight. But those are actual women. Those are actual women. And as strong as Ronda Rousey looks, she's still looks to me like a pretty girl. She's a beautiful girl who happens to be strong. She's a girl! [Fallon Fox] is not a girl, OK? This is a [transgender] woman. It's a totally different specification.
Calling a trans woman a "man", and equating transitioning to merely removal of the dick, and equating trans women's experiences as women as "playing house" and "being a woman in the bedroom". These things are obviously pretty transphobic, and if Rogan had said these things about just any random trans woman his statements would have likely been more widely seen in that light. But when it's someone having an unfair advantage in sports, and the audience is supposed to be angry with you, it's much more socially acceptable thing to say such things. But the problem is, when you say these kinds of things about one trans woman, you're essentially saying those derogatory things about all trans women by extension. It's the equivalent of using an article about a black home invader who murdered a family as an excuse to use a racial slur.
Now, I'm not saying that Rogan necessarily did this on purpose, in fact I'm more inclined to believe that it was done moreso due to ignorance rather than having an actual ideological agenda. But since then, many right wing ideologues who do have an ideological agenda have used this issue as an excuse to voice their opinions on trans people while appearing to be less bigoted. Ie. "I'm not trying to be a bigot or anything and I accept people's rights to live their lives as they see fit, but we NEED to keep men out of women's sports", as a sly way to call trans women "men".
Additionally, doing this allows them to slip in untrue statements about the biology of trans women. I mean, first of all in regards to the statement "You have bigger hands, you have bigger shoulder joints", obviously even in regards to post-pubescent transitioners, not every trans woman is going to have bigger hands and shoulder joints than every cis woman (My hands are actually smaller than my aunt's!). It's just that people who go through male puberty on average tend to have bigger hands and shoulder joints compared to people who go through female puberty. But over-exaggerating the breadth of sexual dimorphism, as if males and females are entirely different species to each-other, helps to paint the idea of transitioning in a more nonsensical light.
I hope this thread has presented this issue in a better light for anyone reading it. Let me know if you have any thoughts/criticisms of my stances or the ways I went about this issue.
submitted by Rosa_Rojacr to samharris [link] [comments]

Everything You Always Wanted To Know About Swaps* (*But Were Afraid To Ask)

Hello, dummies
It's your old pal, Fuzzy.
As I'm sure you've all noticed, a lot of the stuff that gets posted here is - to put it delicately - fucking ridiculous. More backwards-ass shit gets posted to wallstreetbets than you'd see on a Westboro Baptist community message board. I mean, I had a look at the daily thread yesterday and..... yeesh. I know, I know. We all make like the divine Laura Dern circa 1992 on the daily and stick our hands deep into this steaming heap of shit to find the nuggets of valuable and/or hilarious information within (thanks for reading, BTW). I agree. I love it just the way it is too. That's what makes WSB great.
What I'm getting at is that a lot of the stuff that gets posted here - notwithstanding it being funny or interesting - is just... wrong. Like, fucking your cousin wrong. And to be clear, I mean the fucking your *first* cousin kinda wrong, before my Southerners in the back get all het up (simmer down, Billy Ray - I know Mabel's twice removed on your grand-sister's side). Truly, I try to let it slide. I do my bit to try and put you on the right path. Most of the time, I sleep easy no matter how badly I've seen someone explain what a bank liquidity crisis is. But out of all of those tens of thousands of misguided, autistic attempts at understanding the world of high finance, one thing gets so consistently - so *emphatically* - fucked up and misunderstood by you retards that last night I felt obligated at the end of a long work day to pull together this edition of Finance with Fuzzy just for you. It's so serious I'm not even going to make a u/pokimane gag. Have you guessed what it is yet? Here's a clue. It's in the title of the post.
That's right, friends. Today in the neighborhood we're going to talk all about hedging in financial markets - spots, swaps, collars, forwards, CDS, synthetic CDOs, all that fun shit. Don't worry; I'm going to explain what all the scary words mean and how they impact your OTM RH positions along the way.
We're going to break it down like this. (1) "What's a hedge, Fuzzy?" (2) Common Hedging Strategies and (3) All About ISDAs and Credit Default Swaps.
Before we begin. For the nerds and JV traders in the back (and anyone else who needs to hear this up front) - I am simplifying these descriptions for the purposes of this post. I am also obviously not going to try and cover every exotic form of hedge under the sun or give a detailed summation of what caused the financial crisis. If you are interested in something specific ask a question, but don't try and impress me with your Investopedia skills or technical points I didn't cover; I will just be forced to flex my years of IRL experience on you in the comments and you'll look like a big dummy.
TL;DR? Fuck you. There is no TL;DR. You've come this far already. What's a few more paragraphs? Put down the Cheetos and try to concentrate for the next 5-7 minutes. You'll learn something, and I promise I'll be gentle.
Ready? Let's get started.
1. The Tao of Risk: Hedging as a Way of Life
The simplest way to characterize what a hedge 'is' is to imagine every action having a binary outcome. One is bad, one is good. Red lines, green lines; uppie, downie. With me so far? Good. A 'hedge' is simply the employment of a strategy to mitigate the effect of your action having the wrong binary outcome. You wanted X, but you got Z! Frowny face. A hedge strategy introduces a third outcome. If you hedged against the possibility of Z happening, then you can wind up with Y instead. Not as good as X, but not as bad as Z. The technical definition I like to give my idiot juniors is as follows:
Utilization of a defensive strategy to mitigate risk, at a fraction of the cost to capital of the risk itself.
Congratulations. You just finished Hedging 101. "But Fuzzy, that's easy! I just sold a naked call against my 95% OTM put! I'm adequately hedged!". Spoiler alert: you're not (although good work on executing a collar, which I describe below). What I'm talking about here is what would be referred to as a 'perfect hedge'; a binary outcome where downside is totally mitigated by a risk management strategy. That's not how it works IRL. Pay attention; this is the tricky part.
You can't take a single position and conclude that you're adequately hedged because risks are fluid, not static. So you need to constantly adjust your position in order to maximize the value of the hedge and insure your position. You also need to consider exposure to more than one category of risk. There are micro (specific exposure) risks, and macro (trend exposure) risks, and both need to factor into the hedge calculus.
That's why, in the real world, the value of hedging depends entirely on the design of the hedging strategy itself. Here, when we say "value" of the hedge, we're not talking about cash money - we're talking about the intrinsic value of the hedge relative to the the risk profile of your underlying exposure. To achieve this, people hedge dynamically. In wallstreetbets terms, this means that as the value of your position changes, you need to change your hedges too. The idea is to efficiently and continuously distribute and rebalance risk across different states and periods, taking value from states in which the marginal cost of the hedge is low and putting it back into states where marginal cost of the hedge is high, until the shadow value of your underlying exposure is equalized across your positions. The punchline, I guess, is that one static position is a hedge in the same way that the finger paintings you make for your wife's boyfriend are art - it's technically correct, but you're only playing yourself by believing it.
Anyway. Obviously doing this as a small potatoes trader is hard but it's worth taking into account. Enough basic shit. So how does this work in markets?
2. A Hedging Taxonomy
The best place to start here is a practical question. What does a business need to hedge against? Think about the specific risk that an individual business faces. These are legion, so I'm just going to list a few of the key ones that apply to most corporates. (1) You have commodity risk for the shit you buy or the shit you use. (2) You have currency risk for the money you borrow. (3) You have rate risk on the debt you carry. (4) You have offtake risk for the shit you sell. Complicated, right? To help address the many and varied ways that shit can go wrong in a sophisticated market, smart operators like yours truly have devised a whole bundle of different instruments which can help you manage the risk. I might write about some of the more complicated ones in a later post if people are interested (CDO/CLOs, strip/stack hedges and bond swaps with option toggles come to mind) but let's stick to the basics for now.
(i) Swaps
A swap is one of the most common forms of hedge instrument, and they're used by pretty much everyone that can afford them. The language is complicated but the concept isn't, so pay attention and you'll be fine. This is the most important part of this section so it'll be the longest one.
Swaps are derivative contracts with two counterparties (before you ask, you can't trade 'em on an exchange - they're OTC instruments only). They're used to exchange one cash flow for another cash flow of equal expected value; doing this allows you to take speculative positions on certain financial prices or to alter the cash flows of existing assets or liabilities within a business. "Wait, Fuzz; slow down! What do you mean sets of cash flows?". Fear not, little autist. Ol' Fuzz has you covered.
The cash flows I'm talking about are referred to in swap-land as 'legs'. One leg is fixed - a set payment that's the same every time it gets paid - and the other is variable - it fluctuates (typically indexed off the price of the underlying risk that you are speculating on / protecting against). You set it up at the start so that they're notionally equal and the two legs net off; so at open, the swap is a zero NPV instrument. Here's where the fun starts. If the price that you based the variable leg of the swap on changes, the value of the swap will shift; the party on the wrong side of the move ponies up via the variable payment. It's a zero sum game.
I'll give you an example using the most vanilla swap around; an interest rate trade. Here's how it works. You borrow money from a bank, and they charge you a rate of interest. You lock the rate up front, because you're smart like that. But then - quelle surprise! - the rate gets better after you borrow. Now you're bagholding to the tune of, I don't know, 5 bps. Doesn't sound like much but on a billion dollar loan that's a lot of money (a classic example of the kind of 'small, deep hole' that's terrible for profits). Now, if you had a swap contract on the rate before you entered the trade, you're set; if the rate goes down, you get a payment under the swap. If it goes up, whatever payment you're making to the bank is netted off by the fact that you're borrowing at a sub-market rate. Win-win! Or, at least, Lose Less / Lose Less. That's the name of the game in hedging.
There are many different kinds of swaps, some of which are pretty exotic; but they're all different variations on the same theme. If your business has exposure to something which fluctuates in price, you trade swaps to hedge against the fluctuation. The valuation of swaps is also super interesting but I guarantee you that 99% of you won't understand it so I'm not going to try and explain it here although I encourage you to google it if you're interested.
Because they're OTC, none of them are filed publicly. Someeeeeetimes you see an ISDA (dsicussed below) but the confirms themselves (the individual swaps) are not filed. You can usually read about the hedging strategy in a 10-K, though. For what it's worth, most modern credit agreements ban speculative hedging. Top tip: This is occasionally something worth checking in credit agreements when you invest in businesses that are debt issuers - being able to do this increases the risk profile significantly and is particularly important in times of economic volatility (ctrl+f "non-speculative" in the credit agreement to be sure).
(ii) Forwards
A forward is a contract made today for the future delivery of an asset at a pre-agreed price. That's it. "But Fuzzy! That sounds just like a futures contract!". I know. Confusing, right? Just like a futures trade, forwards are generally used in commodity or forex land to protect against price fluctuations. The differences between forwards and futures are small but significant. I'm not going to go into super boring detail because I don't think many of you are commodities traders but it is still an important thing to understand even if you're just an RH jockey, so stick with me.
Just like swaps, forwards are OTC contracts - they're not publicly traded. This is distinct from futures, which are traded on exchanges (see The Ballad Of Big Dick Vick for some more color on this). In a forward, no money changes hands until the maturity date of the contract when delivery and receipt are carried out; price and quantity are locked in from day 1. As you now know having read about BDV, futures are marked to market daily, and normally people close them out with synthetic settlement using an inverse position. They're also liquid, and that makes them easier to unwind or close out in case shit goes sideways.
People use forwards when they absolutely have to get rid of the thing they made (or take delivery of the thing they need). If you're a miner, or a farmer, you use this shit to make sure that at the end of the production cycle, you can get rid of the shit you made (and you won't get fucked by someone taking cash settlement over delivery). If you're a buyer, you use them to guarantee that you'll get whatever the shit is that you'll need at a price agreed in advance. Because they're OTC, you can also exactly tailor them to the requirements of your particular circumstances.
These contracts are incredibly byzantine (and there are even crazier synthetic forwards you can see in money markets for the true degenerate fund managers). In my experience, only Texan oilfield magnates, commodities traders, and the weirdo forex crowd fuck with them. I (i) do not own a 10 gallon hat or a novelty size belt buckle (ii) do not wake up in the middle of the night freaking out about the price of pork fat and (iii) love greenbacks too much to care about other countries' monopoly money, so I don't fuck with them.
(iii) Collars
No, not the kind your wife is encouraging you to wear try out to 'spice things up' in the bedroom during quarantine. Collars are actually the hedging strategy most applicable to WSB. Collars deal with options! Hooray!
To execute a basic collar (also called a wrapper by tea-drinking Brits and people from the Antipodes), you buy an out of the money put while simultaneously writing a covered call on the same equity. The put protects your position against price drops and writing the call produces income that offsets the put premium. Doing this limits your tendies (you can only profit up to the strike price of the call) but also writes down your risk. If you screen large volume trades with a VOL/OI of more than 3 or 4x (and they're not bullshit biotech stocks), you can sometimes see these being constructed in real time as hedge funds protect themselves on their shorts.
(3) All About ISDAs, CDS and Synthetic CDOs
You may have heard about the mythical ISDA. Much like an indenture (discussed in my post on $F), it's a magic legal machine that lets you build swaps via trade confirms with a willing counterparty. They are very complicated legal documents and you need to be a true expert to fuck with them. Fortunately, I am, so I do. They're made of two parts; a Master (which is a form agreement that's always the same) and a Schedule (which amends the Master to include your specific terms). They are also the engine behind just about every major credit crunch of the last 10+ years.
First - a brief explainer. An ISDA is a not in and of itself a hedge - it's an umbrella contract that governs the terms of your swaps, which you use to construct your hedge position. You can trade commodities, forex, rates, whatever, all under the same ISDA.
Let me explain. Remember when we talked about swaps? Right. So. You can trade swaps on just about anything. In the late 90s and early 2000s, people had the smart idea of using other people's debt and or credit ratings as the variable leg of swap documentation. These are called credit default swaps. I was actually starting out at a bank during this time and, I gotta tell you, the only thing I can compare people's enthusiasm for this shit to was that moment in your early teens when you discover jerking off. Except, unlike your bathroom bound shame sessions to Mom's Sears catalogue, every single person you know felt that way too; and they're all doing it at once. It was a fiscal circlejerk of epic proportions, and the financial crisis was the inevitable bukkake finish. WSB autism is absolutely no comparison for the enthusiasm people had during this time for lighting each other's money on fire.
Here's how it works. You pick a company. Any company. Maybe even your own! And then you write a swap. In the swap, you define "Credit Event" with respect to that company's debt as the variable leg . And you write in... whatever you want. A ratings downgrade, default under the docs, failure to meet a leverage ratio or FCCR for a certain testing period... whatever. Now, this started out as a hedge position, just like we discussed above. The purest of intentions, of course. But then people realized - if bad shit happens, you make money. And banks... don't like calling in loans or forcing bankruptcies. Can you smell what the moral hazard is cooking?
Enter synthetic CDOs. CDOs are basically pools of asset backed securities that invest in debt (loans or bonds). They've been around for a minute but they got famous in the 2000s because a shitload of them containing subprime mortgage debt went belly up in 2008. This got a lot of publicity because a lot of sad looking rednecks got foreclosed on and were interviewed on CNBC. "OH!", the people cried. "Look at those big bad bankers buying up subprime loans! They caused this!". Wrong answer, America. The debt wasn't the problem. What a lot of people don't realize is that the real meat of the problem was not in regular way CDOs investing in bundles of shit mortgage debts in synthetic CDOs investing in CDS predicated on that debt. They're synthetic because they don't have a stake in the actual underlying debt; just the instruments riding on the coattails. The reason these are so popular (and remain so) is that smart structured attorneys and bankers like your faithful correspondent realized that an even more profitable and efficient way of building high yield products with limited downside was investing in instruments that profit from failure of debt and in instruments that rely on that debt and then hedging that exposure with other CDS instruments in paired trades, and on and on up the chain. The problem with doing this was that everyone wound up exposed to everybody else's books as a result, and when one went tits up, everybody did. Hence, recession, Basel III, etc. Thanks, Obama.
Heavy investment in CDS can also have a warping effect on the price of debt (something else that happened during the pre-financial crisis years and is starting to happen again now). This happens in three different ways. (1) Investors who previously were long on the debt hedge their position by selling CDS protection on the underlying, putting downward pressure on the debt price. (2) Investors who previously shorted the debt switch to buying CDS protection because the relatively illiquid debt (partic. when its a bond) trades at a discount below par compared to the CDS. The resulting reduction in short selling puts upward pressure on the bond price. (3) The delta in price and actual value of the debt tempts some investors to become NBTs (neg basis traders) who long the debt and purchase CDS protection. If traders can't take leverage, nothing happens to the price of the debt. If basis traders can take leverage (which is nearly always the case because they're holding a hedged position), they can push up or depress the debt price, goosing swap premiums etc. Anyway. Enough technical details.
I could keep going. This is a fascinating topic that is very poorly understood and explained, mainly because the people that caused it all still work on the street and use the same tactics today (it's also terribly taught at business schools because none of the teachers were actually around to see how this played out live). But it relates to the topic of today's lesson, so I thought I'd include it here.
Work depending, I'll be back next week with a covenant breakdown. Most upvoted ticker gets the post.
*EDIT 1\* In a total blowout, $PLAY won. So it's D&B time next week. Post will drop Monday at market open.
submitted by fuzzyblankeet to wallstreetbets [link] [comments]

ASIC Regulation Thread - Regarding the proposed changes ( Australians effected the most )

I'm hopeless at formatting text, so if you think you can structure this post better take everything i write and put it into an easy to digest way. I'm just going to type out everything i know in text as fast as possible. I'm not a legal expert, I'm not somehow who understands every bit of information in the PDF's below, but i know I'm a retail trader that uses leverage to make profit which is why I'm posting this, in the hope that someone who can run a charge better than me, will.
Some of you are already aware of what might be happening, this is just a post to educate retail traders on changes that might be coming to certain brokers. This effects Australian Customers the most, but also effects those living in other countries that use Australian brokers, such as Pepperstone and others.
Last year in August 2019, ASIC ( Australian Securities and Investments Commission ) was concerned about retail traders going into Forex and Binary options without understanding these instruments properly and started sticking their noses in for tough regulation.
ASIC asked brokers and anyone with interest in the industry to write to them and explain what should and should not change from the changes they proposed, some of the proposed changes are very misguided and come from a lack of understanding exactly how OTC derivatives actually work.
I will provide the link to the paper further down so you can read it yourself and i will provide a link to all the submission made by all parties that sent submissions to ASIC, however the 2 main points of debate are:
1, To reduce the overall leverage available to retail traders to either 20:1 or 30:1. This means people who currently use leverage such as 100:1 to 500:1 and everything in between will be effected the most, even more so are those traders with relatively small accounts, meaning in order to get your foot in the door to trading you will need more capital for it to be viable.
^^ This point above is very important.
2, The removing of Binary options trading, which basically includes products like "Bet if gold will rise to this price in the next 30 seconds" This sort of stuff. So far from all the submissions from brokers and individuals nobody really cares if this changes as far as i know, though if you have concerns about this i would start voicing your disapproval. Though i would not waste your time here, all is pointing to this being eradicated completely with brokers also supporting the changes, I've never used such a product and know very little about them.
^^ This point above isn't very important and will probably be enforced in the future.
Still to this day i see retail traders not understanding leverage, they think of it as "dangerous and scary", it's not, position size is the real danger, not leverage. So ASIC is aiming to limit retail traders access to high leverage, they are claiming it is a way to protect traders who don't really understand what they are getting into by attacking leverage and not the real problem which is position size relative to your capital.
If it was truly about protecting retail traders from blowing up their accounts, they would look for ways to educate traders on "understanding position sizes and why it's important" rather than attacking leverage, but their goal is misguided or has an ulterior motive . I will give you a small example below.
EXAMPLE - We will use 2 demo accounts for demonstration purposes. If you don't understand my example, i suggest you try it for yourself. - Skip if not interested in examples.
Lets say we open 2 demo accounts with $1000 in both, one with 20:1 leverage and one with 500:1 leverage and we open an identical position on both accounts ( say a micro lot '0.01' on EURUSD ). You are safer on the 500:1 account as you don't need to put up as much margin as collateral as you would on the 20:1. If the trade we just opened goes against us and continues against us, the account with 20:1 leverage will run out of free margin a lot faster than the 500:1 account. In this simple example is shows you that leverage is not dangerous but safer and gives you a lot more breathing room. This trade was a small micro lot, so it would take hundreds of pips movements to get margin called and blow up that $1000 on each account. Lets now use a different position size to truly understand why retail traders blow up accounts and is the reason why trading can be dangerous.
This time instead of opening a micro lot of '0.01' on our $1000 dollar demo accounts, lets open a position size much larger, 5 lots. Remember we only have $1000 and we are about to open a position much larger relative to our capital ( which we should never do because we can't afford to do that ) the 20:1 probably wont even let you place that trade if you don't have enough margin as collateral or if you could open the position you would have a very tiny amount of free margin left over, meaning a small pip movement against you will instantly blow up your $1000 account. On the 500:1 account you wouldn't need to put up as much margin as collateral with more free margin if the trade goes bad, but again a small movement could blow up your account. In this example, both accounts were dangerous because the lack of understanding position sizes, opening a position you can't afford to open. This is what the true danger is, not the leverage.
Even in the second example, the higher leverage would "margin call" you out later. So i would go as far to say that lower leverage is more dangerous for you because it margin calls you out faster and just by having a lower leverage doesn't stop you from opening big positions that can blow you up in a 5 pip movement anymore, any leverage size is dangerous if you're opening positions you can't afford to open. This is also taking into consideration that no risk management is being used, with risk management higher leverage is even more powerful.
ASIC believes lowering leverage will stop people opening positions that they can't afford. When the reality is no matter how much capital you have $500, $1000, $5000, $50,000, $500,000, $5,000,000. You don't open position sizes that will blow that capital up completely with small movements. The same thing can happen on a 20:1 or 500:1 account.
Leverage is a tool, use it, if your on a lower leverage already such as 20:1, 30:1 it means your country has been regulated and you already have harder trading conditions. Just remember higher leverage allows you to open larger position sizes in total for the amount of money you own, but the issue is NOT that your using the higher leverage but because you are opening positions you can't afford, for what ever reason that is, the only fix for this is education and will not be fixed by simply lowing leverage, since you can just as easy blow up your account on low leverage just as fast or if not faster.
So what is going on?
There might ( get your tinfoil hats on ) be more that is involved here, deeper than you think, other agendas to try and stop small time retail traders from making money via OTC products, theories such as governments not wanting their citizens to be traders, rather would prefer you to get out there and work a 9 to 5 instead. Effective ways to do this would be making conditions harder with a much larger barrier of entry and the best way to increase the barrier of entry for retail traders is to limit leverage, lower leverage means you need to put up more money, less breathing room for trades, lower potential. They are limiting your upside potential and the downside stays the same, a blown account is a blow account.
Think of leverage as a weapon, a person wielding a butchers knife can probably destroy a person wielding a steak knife, but both knifes can prove fatal. They want to make sure your holding the butter knife then tell you to butcher a cow with it. 30:1 leverage is still workable and can still be profitable, but not as profitable as 500:1 accounts. This is why they are allowing professionals to use high leverage, this gives them another edge over successful retail traders who will still be trying to butcher a cow with a butter knife, while they are slaying limbs off the cow with machetes.
It's a way to hamstring you and keep you away rather than trying to "protect" you. The real danger is not leverage, they are barking up the wrong tree, how convenient to be barking up the very tree most retail traders don't fully understand ( leverage) , pass legislation to make trading conditions harder and at the same time push the narrative that trading is dangerous by making it even harder. A full circle strategy to make your trading conditions worse, so you don't succeed.
Listen carefully especially if you trade with any of the brokers that have provided their submissions to ASIC. Brokers want to seem like they are on your side and so far some of the submissions ( i haven't read them all ) have brokers willing to drop their leverage down to 30:1 because they know by dropping the leverage down it will start margin calling out their clients at a much faster rate, causing more blown up accounts / abandoned accounts with residual margin called funds, but they also know that if they make trading environments too hard less people will trade or even worse move their funds elsewhere offshore to unregulated brokers that offer higher leverage.
Right now it's all just a proposal, but as governments expand and continue to gain more control over it's citizens, it's just a matter of time till it's law, it's up to you to be vocal about it, let your broker know that if they drop their leverage, you're out, force them to fight for you.
If you have any more information related to this, or have anything to add, post below. I'm not an expert at this technical law talk, i know that i do well with 500:1 leverage and turn profits with it, it would be harder for me to do on a lower leverage, this is the reason for my post.
All related documents HERE
CP-322 ( Consultation paper 322 ) & Submissions from brokers and others.
https://asic.gov.au/regulatory-resources/find-a-document/consultation-papers/cp-322-product-intervention-otc-binary-options-and-cfds/
submitted by southpaw_destroyer to Forex [link] [comments]

Student Loan Default: The Guide (reuploaded)

The original guide that was recently deleted here: https://www.reddit.com/studentloandefaulters/comments/cg1fd7/student_loan_default_a_guide/
I take no credit for this post, just happened to have it saved in a document and thought I'd be doing an injustice by not sharing this information once I saw the original post was missing! All credit goes to the original author, and without further ado...

Student Loan Default: A Guide
I’ve been wanting to write this for a long time, and seeing that person be in $500,000 of debt and no one really helping him on studentloans, I felt it was time to summarize everything I’ve learned. While there is great information on this sub, it is not centralized. It requires some digging. I hope now to bring all of it to the surface.

Definitions:

Strategic Default: When a borrower realizes that he or she can spend less money by not paying a loan. The borrower waits out the statute of limitations and then either settles or waits the debt out.

Shills: People who are paid to prevent the spread of student loan default information

Statute of Limitations: The number of years your state requires before a debt can no longer be collected.

Cosigner: The poor person who is just as legally required to pay your loans as you are

Foreign Earned Income Tax Exclusion: A tax rule that states any US citizen can earn up to about $100,000 a year in another country and report their US taxes as 0.

Fraudulent Transfer: When a party tries to move assets to someone else in order to avoid a lien on their property.

Lien: Essentially when the government slaps a bill onto your property forcing you to pay off a debt before you can sell the property.

Income Based Repayment (IBR): Federal loans can be paid with 15% of your discretionary income (money earned after taxes) instead of a higher, unpayable amount

Aggregate Student Loan Limit: The total amount a student can take out before the federal government or a private lender stops authorizing new loans

Wage Garnishment: When a court forces your employer to take out a certain percentage of your paycheck to pay back a debt

Bank Levy: When the government or a court takes all of the money directly out of your bank account to pay a debt

Private Loans: Loans that originate from anyone but the federal government. These loans have a statute of limitations and less power but higher interest rates.

Federal Loans: These loans have no statute of limitations, the government can collect anything you earn to get these back, and they come with IBR which is manageable

Sallie Mae: The worst private lender on the market. They only offer deferment for four short years.

Forbearance: A period where you do not have to pay your student loans, but interest accrues.

Deferment: A period where you do not have to pay your student loans, but interest does not accrue.

Credit Score: A number that tells people how responsible of a borrower you are.

Student Loan Tax Bomb: After you have paid for 10 - 25 years on your federal loans, you are forgiven the rest. That is considered income by the IRS. You then add this “income” to your regular income for the year and pay the tax. It can be over $10,000.

Insolvency: When you are unable to pay your debts. This works well for defusing the student loan tax bomb.

Public Service Loan Forgiveness: If you work for 10 years at a government job, you can get your entire federal student loan balance forgiven. In 2019, the feds are making it near impossible to collect. This could change.

A note on cosigners before we begin: Look, your cosigner is probably going to be very mad at you. Prepare for your relationship to be strained. You need to try and get them on the same page as you, and I do offer a tactic here to at least shift all of the financial burden off of your cosigner below. If you decide to do any of these tactics without getting your cosigner off the hook, there could be more risk involved if you or your cosigners have a lot of assets.

Strategy

Student loan default is a strategy. And to have a good strategy, one must plan as much as possible. You have to know all of your options. While strategy is your overall game plan, tactics are the individual options you have to get your strategy accomplished. Below are the tactics that you can employ to beat the student loan companies.

Tactics

Paying Your Loans: [low risk] In the rare chance you have anywhere between $1,000 to $20,000 in federal student loans and you have completed your bachelor’s degree, you should probably just pay the damn loans. All you have to do is set up an auto debit and forget about it. It will be about 15% of your income. You really want to try and avoid consolidating if you can, because it will count against some of your IBR payments. You would also lose your grace period if you did this. At the end of 10 to 25 years, you will be forgiven all of the loan amount you did not pay. That forgiven amount is considered income by the IRS, so you will be put into a higher tax bracket. I would get an accountant when this comes. In your case, your tax bomb will be low enough where you could probably just pay it. If you want to really shake things up though, you are welcome to try either the Asset Creation Tactic or the Madlad Method below. Here is more information on Income Based Repayment: https://www.studentdebtrelief.us/repayment-plans/income-based-repayment-plan/

Default Private IBR Federal (Staying Put): [low risk] The standard strategy here on studentloandefaulters. As mentioned above, for the federal loans, it’s best to just IBR and automatically debit your bank account each month and forget about it. For the private loans, this is where the game begins. Your overall plan here is to default, wait out the statute of limitations in your home state, and either settle the debt for less than 30% or just hope they leave you alone and you don’t pay at all. From this moment on, whatever you would have paid for your private monthly bill, sock that money away. Once you go past 120 days of no payments, you are in default. This is where the phone calls come in. They will start to harass you. They will call your work, your cell phone, your cosigner, etc relentlessly. Most likely, they’ll start doing this before you get to default. As they call you, you can either just give them the cold shoulder or start immediately acting like you do not own the debt. Never admit that you own the debt. Tell them you think they are crazy and have the wrong person. Inform your cosigner to do the same. Once your loans are sold to a collection agency, wait until they call you and ask for verification of the debt. If they do not provide it, you won. Chances are, they will be able to verify it, so just make sure you never admit to the debt on the phone or make a payment. If you make a payment, you’ll reset the statute of limitations. Do not give them five dollars, two dollars, a penny. If they do sue you, show up for court. Get a lawyer if you can afford it. You have to show up to court, or they win automatically. Even if you don’t have a lawyer in court, you need to make them verify the debt. You could still lose here. If you do lose in court, go to my tactic of “The Cat and Mouse Game.” They are playing a numbers game, and if you are harder to sue than John Smith down the street, they may prey on him or her instead of you. Now, there are four states in the United States that do not have wage garnishment: Pennsylvania, North Carolina, South Carolina, and Texas. You could move there, and if you have barely any assets, you are considered judgement proof. This means you’re not worth the time to be sued, because you have nothing to take and cannot be garnished. Moving is hard, though, so that’s a personal decision. Also, from what I understand, if you do move to these states, you can switch your statute of limitations over to their states which may be less time until you cannot be sued anymore. If you do lose and just want to stop here, you could get your bank levied and you could be slapped with up to a 25% wage garnishment until paid in full Clarification: a lot of people do not ever get garnished, and bank levies are rare (they are non-existent on federal loans). Do not let this freak you out!. I repeat this is super rare and not likely to happen. Anyways, you have options at this point. If it does happen, try another tactic like leave the country or cat and mouse below.

Default Private Default Federal: [medium risk] Some of the wilder people have attempted to default on both federal and private loans in order to do a cash settlement. The same strategy above in Default Private IBR Federal applies, but realize that the US government could just step in and do an administrative garnish on you eventually. If you were living some sort of cash existence, you could potentially avoid them and then write them a money order and settle for 30% or something. This way, you avoid the tax bomb and would probably pay a lot less interest overall. If you do this and it works, I would love to hear about it.

Cat and Mouse: [medium risk] So, you want to avoid getting sued or you lost a judgement? You don’t have to sit back and take it. u/nowaysalliemae has successfully avoided being sued by essentially going on the run. You see, to be sued successfully, they need to know where you work. If you get sued, move to another state, and switch jobs, they have to do the entire process over again! This means find you, verify the debt, sue you, etc. You can essentially do this until your statute of limitations runs out. And then, you dispute the debt on your credit score. They take it off at that point, and you just saved a lot of money. I decided to put this as medium risk, because moving around a lot would require some luck. Especially since you would need to work wherever you go, there are a lot of moving parts here. I think it is totally doable, and if you are an adventurous personality type, it could be a lot of fun. This only works for the private student loan side, because the US government has a lot more power. You would still IBR your federal loans on this tactic. For more information, go through nowaysalliemae's post history.

Leave the Country: [medium risk] What if you want to avoid all of this altogether? Do you want a reset button on your life? You can just leave the country and start over. Seriously. Your credit score does not follow you across countries. The federal government cannot garnish your paycheck if you work internationally. You are not a criminal doing this. Furthermore, there is something called the Foreign Earned Income Tax Exclusion. Since you will still IBR your federal loans on this plan, as long as you make less than $100,000 in another country, your US income is zero. This means you just got a free education while you make money in another country. Once you pay zero for 25 years, you will have to defuse your student tax bomb. Tactic Below. Private companies do not stand a chance here. There are countries in the commonwealth such as Australia and Canada that are more willing to take you in if you meet certain requirements. You could teach English at a bunch of places. You could apply for residency at these places or be a perpetual tourist. A perpetual tourist is someone who essentially moves to a new country, goes to a neighboring country for a weekend, and then goes back to that new country they are trying to start a new life in*. This in no means you have to go back to the U.S. Ever. For example, you want to live in Panama forever, every 90 days, you take a weekend trip to Nicaragua. You come back to Panama after the weekend is over and get another 90 day pass. Rinse and repeat. This gives you another 90 days in your country of choice. If you make money on the internet, this strategy would work pretty well. You can just be a perpetual tourist or marry someone in another country and start a new life. This will not be a good fit for everyone, but there’s something exciting about this. If you are young, single, and restless, this could be the adventure of a lifetime. Here's more info on being a perpetual traveler and the FEIE: https://www.escapeartist.com/blog/perpetual-traveler-us-tax-code/

Suspend Payment Without More Debt: [low risk] So recently, it has been brought to my attention that there is a community college, Luna Community College (in Las Vegas, NM), that has tuition so low you could go half time all year for about 684 dollars. They have a small amount of associate's degrees. If you just want to stop paying without taking any more loans, this would be the way to do it. You could do this for many years. Luna Community College's tuition matrix: https://luna.edu/tuition_matrix

Convert Private Loans to Federal: [low risk] From this point on, these are my special tactics I’ve been thinking about. They might work really well for some people. So, you have a bunch of federal loans and a good amount of private loans. You don’t want to fight debt collectors or move around. Try this. This plan only works if you have a bachelor’s degree though. Anyways, there is a special loan offered by the US Federal Government called the Graduate Plus Loan. This loan is incredible, because there is no aggregate student loan limit. In other words, you can borrow as much money as you want here. Even a million dollars no questions asked. All you need is no delinquency or default on your credit report. If you do have these things, you can get a cosigner in on the plan. They won’t ever be responsible anyways because you will defuse the tax bomb at the end. This works to your advantage, because you could go back to school at the graduate level, get a diploma mill master’s degree online, use your room and board payment to start paying off your private loans ASAP. Just make sure you are doing whatever your school considers half time enrollment in order to avoid student loan payments while doing this. Once you’ve gone to school long enough and converted all of your private loans to grad plus loans, you could just go on an IBR plan. This will at least make your life manageable. You would have to defuse your student tax bomb once this is over. Tactic below.

Convert Federal Loans to Private: [medium risk] So, what if you wanted to go the opposite way? Maybe you want to convert all of your federal loans to private ones, default, and then leave the country? Hey, maybe there are reasons you want to hurry up the settlement process. You could essentially do the same strategy as above, but instead just borrow from Sallie Mae, Wells Fargo, etc until all of your federal loans are paid off. Then, either cat and mouse or leave the country. I don’t think a lot of people would find a use for this, but hey who knows?

Asset Creation Method: [high risk] What if you wanted to not just pay off your loans but get ahead in life? Maybe you feel like using your student loan debt to your advantage. Thanks to the work done by u/BinaryAlgorithm, you could really come out on top here. Remember those Grad Plus loans we were talking about? Well, there’s nothing stopping you from continually borrowing all year on these loans, investing the room and board, and acting as if you do not have the debt in the first place. While I had originally said that rental property does not count as income, I cannot find any documentation proving this. You can still invest this money however you want, and you just defuse the tax bomb at the end (if anyone can find that documentation, please let me know). I did find that rental properties offer a lot of ways to reduce your adjusted gross income (management fees, advertising, etc), and these could reduce your income closer to zero. We’re not done here. Moreover, you could get a job that qualifies for Public Student Loan Forgiveness, enjoy your investments, and then pay for the 10 years. Be sure to convert all loans to federal before starting this tactic. I only put this as high risk, because the whole plan falls apart if Grad Plus loans get capped. Will they? Probably not, because those are the loans doctors and lawyers take out to go to their professional schools. It would take an act of congress to change the way the law stands now, but still, you should know that. This plan spans decades, so a lot can change. Also, having this many installment loans may lower your credit score over a multitude of years, but based on what everyone has found out here, it's not by much. For more information, go to this subreddit's search bar and type in "aggregate" and go look at BinaryAlgorithm's two posts on the subject.

Defusing the Student Tax Bomb: [low risk] So lucky for you, I talked to an actual lawyer and an actual IRS agent about this. This is completely legal and doable. Okay, so you were a good person and paid your IBR for 25-30 years. What now? Well, you’re about to be hit hard with a tax bomb. All of that money that is now forgiven counts as income on your taxes. This could mean a bill in the tens of thousands if you combined this with any of the other methods here—or just borrowed a lot to begin with. Luckily for us, there is something called insolvency. This means you are unable to pay your debts, and there is a really simple formula for whether or not you are insolvent. As long as you have more liabilities than assets at the time of student loan forgiveness, you are considered insolvent. In other words, right before you are about to be forgiven, like year 24 out of 25, you would take out a loan on something. All you would need to do is buy a house, buy a car, or buy something with a huge price tag. As long as your liabilities are way higher than your assets (like aim for 100K or something more), you are considered insolvent and you don’t have to pay any of the tax bomb. Boom. The IRS agent said this is fine. The lawyer said this is fine. I cannot believe this is fine. Where could you get the money to borrow for a house? Check Asset Creation method above. You could always sell the asset after the tax bomb is dealt with. For more information on defusing the student loan tax bomb: https://lawyerist.com/defusing-student-loan-interest-tax-bomb/

Getting Your Cosigner Off the Hook: So 90% of us have cosigners based on some statistic I read. These people are going to pissed at you, because they get harassed. If you have a lot of time to plan your strategy out, you can simply convert all of your private loans to federal ones. They are no longer responsible. The plan is above. Check out “Convert Private Loans to Federal.” Furthermore, if you are attempting to go the default route with private loans, you could potentially get your cosigner off the hook by refinancing your student loans without the cosigner. After you refinance, you could just default then. You would need good credit and meet certain requirements for this. Also, if you plan on defaulting, you might want to get your cosigner to transfer their assets to their spouse or someone trustworthy. Even though liens are rare, this could give you some peace of mind. As long as about 3-5 years go by, this is no longer considered a fraudulent transfer. Your state will have certain rules about this. If you are from Florida, apparently houses are untouchable there. You will need a lawyer to plan the asset transfer. At the same time, you may not be able to get your cosigner off the hook. Make peace with that. Student loans are brutal, so all you can really do is educate yourself and your cosigner and hope you come out on top.

Madlad Method: [high risk] Now, here comes my personal plan. This is what I’m doing, because I want to live a life on my terms and not really work for anyone my entire life. I’m also not a normal person, so this will probably appear crazy to some or most of you. So at this point, if you understand all of the methods before you, you are a powerful player in the student loan circus. You can do anything from fight the man to maliciously comply and bankrupt the system while becoming upper-middle class. I don’t really care for any of that. I want to go to a tropical paradise and make music for 20 years, so here is my interpretation of everything. I have some federal loans and private loans. I net about 25K a year through the Grad Plus loans, and I work about 4 hours a week in the online classroom. I take that federal loan money, and I sock away a few hundred every month to save up for my private loan settlement in about five years. Since I save 300 every month, I’ll have about 18K in 5 years when I go into default. I will settle ASAP. At the same time, I will continue to go to diploma mill universities, get master's degree after master’s degree, and move to a Latin American country where the cost of living is even lower. This way, my 25K a year puts me in the upper class of that country. I can live where I want and really do whatever I damn well please for as long as the Grad Plus loans are around. As an added bonus, I will already be starting a new life in another country where I can make connections and maybe even get married. I studied linguistics, so I know how to teach English. I can do that if I want a source of income anywhere. So there is my plan, and honestly, one day we might get someone in office who just wipes out all of this debt anyways. If that’s the case, I can just play the waiting game until all of this is over. Here are the rules on adverse credit history and Grad Plus loans: https://studentaid.ed.gov/sa/sites/default/files/plus-adverse-credit.pdf

Final Thoughts: Defaulting on student loans is not immoral or a sin. It is a business decision. Everyone else gets bailouts, why should student borrowers be any different? You’re going to have to ignore the people who tell you why they think you should be a good little slave and pay your loans. Those people are not your friends. Those people are not on your side. Some of the best advice I ever received in life was you have to do what’s best for you. Also, if you have anything you would like to add to this or would like to challenge, please let me know. I want this to be as accurate as possible. I will be looking at this perpetually to make sure there are no errors. Take care. Good luck. You can do this.
submitted by PlsvoteforBernie to studentloandefaulters [link] [comments]

ForexBit Review

Overview:

The name of this broker ForexBit suggests that the broker deals with the exchange of Forex, Cryptos and provides Contracts-for-Difference. The broker does not mention any account types on its website but shows some investment plans. The plans offered show growth in investments on an hourly basis. The website looks attractive but also seems misguiding. This ForexBit review will shed light on the characteristics and offerings of this broker. Don’t forget to follow this review completely for the sake of your investments.

About ForexBit:

The broker ForexBit offers trade-in FX and binary options. The assets provided by them are very broad. The assets consist of cryptos, indexes, lots of commodities, shares, bonds, and futures. The crypto-coin portfolio of this broker is also very wide and contains all major cryptos like Bitcoin, Ethereum, Ripple, Litecoin, Dash, and minor ones like IOTA, ZCash, Ada, NEO, Bitcoin Cash, Stellar Lumens, and several others. The official website claims that potential customers of ForexBit are provided with MetaTrader5 trading platform.
The domain of this broker does not furnish information about its owner or manager. But interestingly it provides a company number on the top side of the website. When clicked on it, it redirects to a pdf file that mentions the owner's name and other details. The name of the owner turns out to be Donald Brian and a UK based address. Not surprisingly enough, such documentation and information must be treated as scam and misleading. No genuine broker has such a witty information system. Furthermore, the Financial Conduct Authority in the UK has blacklisted this shady broker on its website. So, it is clear that the broker ForexBit is unlicensed and unregulated. And its potential clients are prone to scam and their funds are not in the safe hands.
The initial investment required starts from $20 to $2500 according to the plans. The level 1 plan offers a 10% growth in 8 hours with a referral of 5%. The level 2 plan offers a 15% growth in 8 hours with a referral of 5%. The level 3 plan offers a 30% growth in 7 hours with a referral of 7%. And the advance plan offers a 55% growth in investment in just 4 hours with a referral of 8%. But the question of how ForexBit will achieve such high profit in such a less time is unanswered.

Is ForexBit scam or legit?

The answer to this question is straight forward, the broker ForexBit is a scam. The information provided on the website does not fulfill any trading criteria. It only asks for the investments. Furthermore, the great strategy for gaining such a huge profit in very less time is also not mentioned anywhere. The provided information on its owner is as shady as it gets. The referral system present makes it clear that the broker is not genuine and trying to make money merely by trader's investments and their referrals. Stay away from this cryptocurrency scam.
submitted by fraudbrokers to u/fraudbrokers [link] [comments]

Part 2: Tools & Info for Sysadmins - Mega List of Tips, Tools, Books, Blogs & More

(continued from part 1)
Unlocker is a tool to help delete those irritating locked files that give you an error message like "cannot delete file" or "access is denied." It helps with killing processes, unloading DLLs, deleting index.dat files, as well as unlocking, deleting, renaming, and moving locked files—typically without requiring a reboot.
IIS Crypto's newest version adds advanced settings; registry backup; new, simpler templates; support for Windows Server 2019 and more. This tool lets you enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows and reorder SSL/TLS cipher suites from IIS, change advanced settings, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions.
RocketDock is an application launcher with a clean interface that lets you drag/drop shortcuts for easy access and minimize windows to the dock. Features running application indicators, multi-monitor support, alpha-blended PNG and ICO icons, auto-hide and popup on mouse over, positioning and layering options. Fully customizable, portable, and compatible with MobyDock, ObjectDock, RK Launcher and Y'z Dock skins. Works even on slower computers and is Unicode compliant. Suggested by lieutenantcigarette: "If you like the dock on MacOS but prefer to use Windows, RocketDock has you covered. A superb and highly customisable dock that you can add your favourites to for easy and elegant access."
Baby FTP Server offers only the basics, but with the power to serve as a foundation for a more-complex server. Features include multi-threading, a real-time server log, support for PASV and non-PASV mode, ability to set permissions for download/upload/rename/delete/create directory. Only allows anonymous connections. Our thanks to FatherPrax for suggesting this one.
Strace is a Linux diagnostic, debugging and instructional userspace tool with a traditional command-line interface. Uses the ptrace kernel feature to monitor and tamper with interactions between processes and the kernel, including system calls, signal deliveries and changes of process state.
exa is a small, fast replacement for ls with more features and better defaults. It uses colors to distinguish file types and metadata, and it recognizes symlinks, extended attributes and Git. All in one single binary. phils_lab describes it as "'ls' on steroids, written in Rust."
rsync is a faster file transfer program for Unix to bring remote files into sync. It sends just the differences in the files across the link, without requiring both sets of files to be present at one of the ends. Suggested by zorinlynx, who adds that "rsync is GODLY for moving data around efficiently. And if an rsync is interrupted, just run it again."
Matter Wiki is a simple WYSIWYG wiki that can help teams store and collaborate. Every article gets filed under a topic, transparently, so you can tell who made what changes to which document and when. Thanks to bciar-iwdc for the recommendation.
LockHunter is a file unlocking tool that enables you to delete files that are being blocked for unknown reasons. Can be useful for fighting malware and other programs that are causing trouble. Deletes files into the recycle bin so you can restore them if necessary. Chucky2401 finds it preferable to Unlocker, "since I am on Windows 7. There are no new updates since July 2017, but the last beta was in June of this year."
aria2 is a lightweight multi-source command-line download utility that supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. It can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Recommended by jftuga, who appreciates it as a "cross-platform command line downloader (similar to wget or curl), but with the -x option can run a segmented download of a single file to increase throughput."
Free Services
Temp-Mail allows you to receive email at a temporary address that self-destructs after a certain period of time. Outwit all the forums, Wi-Fi owners, websites and blogs that insist you register to use them. Petti-The-Yeti says, "I don't give any company my direct email anymore. If I want to trial something but they ask for an email signup, I just grab a temporary email from here, sign up with it, and wait for the trial link or license info to come through. Then, you just download the file and close the website."
Duck DNS will point a DNS (sub domains of duckdns.org) to an IP of your choice. DDNS is a handy way for you to refer to a serverouter with an easily rememberable name for situations when the server's ip address will likely change. Suggested by xgnarf, who finds it "so much better for the free tier of noip—no 30-day nag to keep your host up."
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed reports. The Community Edition of Joe Sandbox Cloud allows you to run a maximum of 6 analyses per month, 3 per day on Windows, Linux and Android with limited analysis output. This one is from dangibbons94, who wanted to "share this cool service ... for malware analysis. I usually use Virus total for URL scanning, but this goes a lot more in depth. I just used basic analysis, which is free and enough for my needs."
Hybrid Analysis is a malware analysis service that detects and analyzes unknown threats for the community. This one was suggested by compupheonix, who adds that it "gets you super detailed reports... it's about the most fleshed out and detailed one I can find."
JustBeamIt is a file-transfer service that allows you to send files of any size via a peer-to-peer streaming model. Simply drag and drop your file and specify the recipient's email address. They will then receive a link that will trigger the download directly from your computer, so the file does not have to be uploaded to the service itself. The link is good for one download and expires after 10 minutes. Thanks to cooljacob204sfw for the recommendation!
ShieldsUP is a quick but powerful internet security checkup and information service. It was created by security researcher Steve Gibson to scan ports and let you know which ones have been opened through your firewalls or NAT routers.
Firefox Send is an encrypted file transfer service that allows you to share files up to 2.5GB from any browser or an Android app. Uses end-to-end encryption to keep data secure and offers security controls you can set. You can determine when your file link expires, the number of downloads, and whether to add a password. Your recipient receives a link to download the file, and they don’t need a Firefox account. This one comes from DePingus, who appreciates the focus on privacy. "They have E2E, expiring links, and a clear privacy policy."
Free DNS is a service where programmers share domain names with one another at no cost. Offers free hosting as well as dynamic DNS, static DNS, subdomain and domain hosting. They can host your domain's DNS as well as allowing you to register hostnames from domains they're hosting already. If you don't have a domain, you can sign up for a free account and create up to 5 subdomains off the domains others have contributed and point these hosts anywhere on the Internet. Thanks to 0x000000000000004C (yes, that's a username) for the suggestion!
ANY.RUN is an interactive malware analysis service for dynamic and static research of the majority of threats in any environment. It can provide a convenient in-depth analysis of new, unidentified malicious objects and help with the investigation of incidents. ImAshtonTurner appreciates it as "a great sandbox tool for viewing malware, etc."
Plik is a scalable, temporary file upload system similar to wetransfer that is written in golang. Thanks go to I_eat_Narwhals for this one!
Free My IP offers free, dynamic DNS. This service comes with no login, no ads, no newsletters, no links to click and no hassle. Kindly suggested by Jack of All Trades.
Mailinator provides free, temporary email inboxes on a receive-only, attachment-free system that requires no sign-up. All @mailinator.com addresses are public, readable and discoverable by anyone at any time—but are automatically deleted after a few hours. Can be a nice option for times when you to give out an address that won't be accessible longterm. Recommended by nachomountain, who's been using it "for years."
Magic Wormhole is a service for sending files directly with no intermediate upload, no web interface and no login. When both parties are online you with the minimal software installed, the wormhole is invoked via command line identifying the file you want to send. The server then provides a speakable, one-time-use password that you give the recipient. When they enter that password in their wormhole console, key exchange occurs and the download begins directly between your computers. rjohnson99 explains, "Magic Wormhole is sort of like JustBeamIt but is open-source and is built on Python. I use it a lot on Linux servers."
EveryCloud's Free Phish is our own, new Phishing Simulator. Once you've filled in the form and logged in, you can choose from lots of email templates (many of which we've coped from what we see in our Email Security business) and landing pages. Run a one-off free phish, then see who clicked or submitted data so you can understand where your organization is vulnerable and act accordingly.
Hardening Guides
CIS Hardening Guides contain the system security benchmarks developed by a global community of cybersecurity experts. Over 140 configuration guidelines are provided to help safeguard systems against threats. Recommended by cyanghost109 "to get a start on looking at hardening your own systems."
Podcasts
Daily Tech News is Tom Merrit's show covering the latest tech issues with some of the top experts in the field. With the focus on daily tech news and analysis, it's a great way to stay current. Thanks to EmoPolarbear for drawing it to our attention.
This Week in Enterprise Tech is a podcast that features IT experts explaining the complicated details of cutting-edge enterprise technology. Join host Lou Maresca on this informative exploration of enterprise solutions, with new episodes recorded every Friday afternoon.
Security Weekly is a podcast where a "bunch of security nerds" get together and talk shop. Topics are greatly varied, and the atmosphere is relaxed and conversational. The show typically tops out at 2 hours, which is perfect for those with a long commute. If you’re fascinated by discussion of deep technical and security-related topics, this may be a nice addition to your podcast repertoire.
Grumpy Old Geeks—What Went Wrong on the Internet and Who's To Blame is a podcast about the internet, technology and geek culture—among other things. The hosts bring their grumpy brand of humor to the "state of the world as they see it" in these roughly hour-long weekly episodes. Recommended by mkaxsnyder, who enjoys it because, "They are a good team that talk about recent and relevant topics from an IT perspective."
The Social-Engineer Podcast is a monthly discussion among the hosts—a group of security experts from SEORG—and a diverse assortment of guests. Topics focus around human behavior and how it affects information security, with new episodes released on the second Monday of every month. Thanks to MrAshRhodes for the suggestion.
The CyberWire podcasts discuss what's happening in cyberspace, providing news and commentary from industry experts. This cyber security-focused news service delivers concise, accessible, and relevant content without the gossip, sensationalism, and the marketing buzz that often distract from the stories that really matter. Appreciation to supermicromainboard for the suggestion.
Malicious Life is a podcast that tells the fascinating—and often unknown—stories of the wildest hacks you can ever imagine. Host Ran Levi, a cybersecurity expert and author, talks with the people who were actually involved to reveal the history of each event in depth. Our appreciation goes to peraphon for the recommendation.
The Broadcast Storm is a podcast for Cisco networking professionals. BluePieceOfPaper suggests it "for people studying for their CCNA/NP. Kevin Wallace is a CCIE Collaboration so he knows his *ishk. Good format for learning too. Most podcasts are about 8-15 mins long and its 'usually' an exam topic. It will be something like "HSPR" but instead of just explaining it super boring like Ben Stein reading a powerpoint, he usually goes into a story about how (insert time in his career) HSPR would have been super useful..."
Software Engineering Radio is a podcast for developers who are looking for an educational resource with original content that isn't recycled from other venues. Consists of conversations on relevant topics with experts from the software engineering world, with new episodes released three to four times per month. a9JDvXLWHumjaC tells us this is "a solid podcast for devs."
Books
System Center 2012 Configuration Manager is a comprehensive technical guide designed to help you optimize Microsoft's Configuration Manager 2012 according to your requirements and then to deploy and use it successfully. This methodical, step-by-step reference covers: the intentions behind the product and its role in the broader System Center product suite; planning, design, and implementation; and details on each of the most-important feature sets. Learn how to leverage the user-centric capabilities to provide anytime/anywhere services & software, while strengthening control and improving compliance.
Network Warrior: Everything You Need to Know That Wasn’t on the CCNA Exam is a practical guide to network infrastructure. Provides an in-depth view of routers and routing, switching (with Cisco Catalyst and Nexus switches as examples), SOHO VoIP and SOHO wireless access point design and configuration, introduction to IPv6 with configuration examples, telecom technologies in the data-networking world (including T1, DS3, frame relay, and MPLS), security, firewall theory and configuration, ACL and authentication, Quality of Service (QoS), with an emphasis on low-latency queuing (LLQ), IP address allocation, Network Time Protocol (NTP) and device failures.
Beginning the Linux Command Line is your ally in mastering Linux from the keyboard. It is intended for system administrators, software developers, and enthusiastic users who want a guide that will be useful for most distributions—i.e., all items have been checked against Ubuntu, Red Hat and SUSE. Addresses administering users and security and deploying firewalls. Updated to the latest versions of Linux to cover files and directories, including the Btrfs file system and its management and systemd boot procedure and firewall management with firewalld.
Modern Operating Systems, 4th Ed. is written for students taking intro courses on Operating Systems and for those who want an OS reference guide for work. The author, an OS researcher, includes both the latest materials on relevant operating systems as well as current research. The previous edition of Modern Operating Systems received the 2010 McGuffey Longevity Award that recognizes textbooks for excellence over time.
Time Management for System Administrators is a guide for organizing your approach to this challenging role in a way that improves your results. Bestselling author Thomas Limoncelli offers a collection of tips and techniques for navigating the competing goals and concurrent responsibilities that go along with working on large projects while also taking care of individual user's needs. The book focuses on strategies to help with daily tasks that will also allow you to handle the critical situations that inevitably require your attention. You'll learn how to manage interruptions, eliminate time wasters, keep an effective calendar, develop routines and prioritize, stay focused on the task at hand and document/automate to speed processes.
The Practice of System and Network Administration, 3rd Edition introduces beginners to advanced frameworks while serving as a guide to best practices in system administration that is helpful for even the most advanced experts. Organized into four major sections that build from the foundational elements of system administration through improved techniques for upgrades and change management to exploring assorted management topics. Covers the basics and then moves onto the advanced things that can be built on top of those basics to wield real power and execute difficult projects.
Learn Windows PowerShell in a Month of Lunches, Third Edition is designed to teach you PowerShell in a month's worth of 1-hour lessons. This updated edition covers PowerShell features that run on Windows 7, Windows Server 2008 R2 and later, PowerShell v3 and later, and it includes v5 features like PowerShellGet. For PowerShell v3 and up, Windows 7 and Windows Server 2008 R2 and later.
Troubleshooting with the Windows Sysinternals Tools is a guide to the powerful Sysinternals tools for diagnosing and troubleshooting issues. Sysinternals creator Mark Russinovich and Windows expert Aaron Margosis provide a deep understanding of Windows core concepts that aren’t well-documented elsewhere along with details on how to use Sysinternals tools to optimize any Windows system’s reliability, efficiency, performance and security. Includes an explanation of Sysinternals capabilities, details on each major tool, and examples of how the tools can be used to solve real-world cases involving error messages, hangs, sluggishness, malware infections and more.
DNS and BIND, 5th Ed. explains how to work with the Internet's distributed host information database—which is responsible for translating names into addresses, routing mail to its proper destination, and listing phone numbers according to the ENUM standard. Covers BIND 9.3.2 & 8.4.7, the what/how/why of DNS, name servers, MX records, subdividing domains (parenting), DNSSEC, TSIG, troubleshooting and more. PEPCK tells us this is "generally considered the DNS reference book (aside from the RFCs of course!)"
Windows PowerShell in Action, 3rd Ed. is a comprehensive guide to PowerShell. Written by language designer Bruce Payette and MVP Richard Siddaway, this volume gives a great introduction to Powershell, including everyday use cases and detailed examples for more-advanced topics like performance and module architecture. Covers workflows and classes, writing modules and scripts, desired state configuration and programming APIs/pipelines.This edition has been updated for PowerShell v6.
Zero Trust Networks: Building Secure Systems in Untrusted Networks explains the principles behind zero trust architecture, along with what's needed to implement it. Covers the evolution of perimeter-based defenses and how they evolved into the current broken model, case studies of zero trust in production networks on both the client and server side, example configurations for open-source tools that are useful for building a zero trust network and how to migrate from a perimeter-based network to a zero trust network in production. Kindly recommended by jaginfosec.
Tips
Here are a couple handy Windows shortcuts:
Here's a shortcut for a 4-pane explorer in Windows without installing 3rd-party software:
(Keep the win key down for the arrows, and no pauses.) Appreciation goes to ZAFJB for this one.
Our recent tip for a shortcut to get a 4-pane explorer in Windows, triggered this suggestion from SevaraB: "You can do that for an even larger grid of Windows by right-clicking the clock in the taskbar, and clicking 'Show windows side by side' to arrange them neatly. Did this for 4 rows of 6 windows when I had to have a quick 'n' dirty "video wall" of windows monitoring servers at our branches." ZAFJB adds that it actually works when you right-click "anywhere on the taskbar, except application icons or start button."
This tip comes courtesy of shipsass: "When I need to use Windows Explorer but I don't want to take my hands off the keyboard, I press Windows-E to launch Explorer and then Ctrl-L to jump to the address line and type my path. The Ctrl-L trick also works with any web browser, and it's an efficient way of talking less-technical people through instructions when 'browse to [location]' stumps them."
Clear browser history/cookies by pressing CTRL-SHIFT-DELETE on most major browsers. Thanks go to synapticpanda, who adds that this "saves me so much time when troubleshooting web apps where I am playing with the cache and such."
To rename a file with F2, while still editing the name of that file: Hit TAB to tab into the renaming of the next file. Thanks to abeeftaco for this one!
Alt-D is a reliable alternative to Ctrl-L for jumping to the address line in a browser. Thanks for this one go to fencepost_ajm, who explains: "Ctrl-L comes from the browser side as a shortcut for Location, Alt-D from the Windows Explorer side for Directory."
Browser shortcut: When typing a URL that ends with dot com, Ctrl + Enter will place the ".com" and take you to the page. Thanks to wpierre for this one!
This tip comes from anynonus, as something that daily that saves a few clicks: "Running a program with ctrl + shift + enter from start menu will start it as administrator (alt + y will select YES to run as admin) ... my user account is local admin [so] I don't feel like that is unsafe"
Building on our PowerShell resources, we received the following suggestion from halbaradkenafin: aka.ms/pskoans is "a way to learn PowerShell using PowerShell (and Pester). It's really cool and a bunch of folks have high praise for it (including a few teams within MSFT)."
Keyboard shortcut: If you already have an application open, hold ctrl + shift and middle click on the application in your task bar to open another instance as admin. Thanks go to Polymira for this one.
Remote Server Tip: "Critical advice. When testing out network configuration changes, prior to restarting the networking service or rebooting, always create a cron job that will restore your original network configuration and then reboot/restart networking on the machine after 5 minutes. If your config worked, you have enough time to remove it. If it didn't, it will fix itself. This is a beautifully simple solution that I learned from my old mentor at my very first job. I've held on to it for a long time." Thanks go to FrigidNox for the tip!
Websites
Deployment Research is the website of Johan Arwidmark, MS MVP in System Center Cloud and Datacenter Management. It is dedicated to sharing information and guidance around System Center, OS deployment, migration and more. The author shares tips and tricks to help improve the quality of IT Pros’ daily work.
Next of Windows is a website on (mostly) Microsoft-related technology. It's the place where Kent Chen—a computer veteran with many years of field experience—and Jonathan Hu—a web/mobile app developer and self-described "cool geek"—share what they know, what they learn and what they find in the hope of helping others learn and benefit.
High Scalability brings together all the relevant information about building scalable websites in one place. Because building a website with confidence requires a body of knowledge that can be slow to develop, the site focuses on moving visitors along the learning curve at a faster pace.
Information Technology Research Library is a great resource for IT-related research, white papers, reports, case studies, magazines, and eBooks. This library is provided at no charge by TradePub.com. GullibleDetective tells us it offers "free PDF files from a WIIIIIIDE variety of topics, not even just IT. Only caveat: as its a vendor-supported publishing company, you will have to give them a bit of information such as name, email address and possibly a company name. You undoubtedly have the ability to create fake information on this, mind you. The articles range from Excel templates, learning python, powershell, nosql etc. to converged architecture."
SS64 is a web-based reference guide for syntax and examples of the most-common database and OS computing commands. Recommended by Petti-The-Yeti, who adds, "I use this site all the time to look up commands and find examples while I'm building CMD and PS1 scripts."
Phishing and Malware Reporting. This website helps you put a stop to scams by getting fraudulent pages blocked. Easily report phishing webpages so they can be added to blacklists in as little as 15 minutes of your report. "Player024 tells us, "I highly recommend anyone in the industry to bookmark this page...With an average of about 10 minutes of work, I'm usually able to take down the phishing pages we receive thanks to the links posted on that website."
A Slack Channel
Windows Admin Slack is a great drive-by resource for the Windows sysadmin. This team has 33 public channels in total that cover different areas of helpful content on Windows administration.
Blogs
KC's Blog is the place where Microsoft MVP and web developer Kent Chen shares his IT insights and discoveries. The rather large library of posts offer helpful hints, how-tos, resources and news of interest to those in the Windows world.
The Windows Server Daily is the ever-current blog of technologist Katherine Moss, VP of open source & community engagement for StormlightTech. Offers brief daily posts on topics related to Windows server, Windows 10 and Administration.
An Infosec Slideshow
This security training slideshow was created for use during a quarterly infosec class. The content is offered generously by shalafi71, who adds, "Take this as a skeleton and flesh it out on your own. Take an hour or two and research the things I talk about. Tailor this to your own environment and users. Make it relevant to your people. Include corporate stories, include your audience, exclude yourself. This ain't about how smart you are at infosec, and I can't stress this enough, talk about how people can defend themselves. Give them things to look for and action they can take. No one gives a shit about your firewall rules."
Tech Tutorials
Tutorialspoint Library. This large collection of tech tutorials is a great resource for online learning. You'll find nearly 150 high-quality tutorials covering a wide array of languages and topics—from fundamentals to cutting-edge technologies. For example, this Powershell tutorial is designed for those with practical experience handling Windows-based Servers who want to learn how to install and use Windows Server 2012.
The Python Tutorial is a nice introduction to many of Python’s best features, enabling you to read and write Python modules and programs. It offers an understanding of the language's style and prepares you to learn more about the various Python library modules described in 'The Python Standard Library.' Kindly suggested by sharjeelsayed.
SysAdmin Humor
Day in the Life of a SysAdmin Episode 5: Lunch Break is an amusing look at a SysAdmin's attempt to take a brief lunch break. We imagine many of you can relate!
Have a fantastic week and as usual, let me know any comments or suggestions.
u/crispyducks
submitted by crispyducks to sysadmin [link] [comments]

A Comprehensive Guide on Securing Your System, Archives and Documents

A Comprehensive Guide on Securing Your System, Archives and Documents
How can you make your system and documents secure? Today, 256-bit AES encryption is offered by everyone and their dog. However, AES encryption does not mean much (or anything at all) when it comes to the real security of your data. Implementing encryption at the right time and in the right spot is no less important than choosing strong encryption credentials and managing the encryption keys.
While the previous part may sound a bit complicated, it all comes down to much simpler things than choosing the strongest encryption algorithm or selecting the length of the encryption key. If you are a Windows user, it all comes down to choosing the optimal data protection strategy for your particular usage scenario; protecting your storage media and the data you keep on them.

Defining your goals

Before you start considering encrypting your hard drives and files, make sure to define your objectives. What information would you like to protect? What threats do you consider important, less important and quite improbable?

Full-disk encryption part I: protecting your boot device

A reliable system protection is impossible without protecting your boot device. An unencrypted boot device (disk C: on most systems) allows for way too many vectors of attack ranging from hibernation and page file analysis to instant extraction of stored passwords from your Web browser vault. In other words, securing your boot device with BitLocker is an absolutely mandatory preliminary step and the most important security layer.
  • Availability: Windows 10 Professional and higher with TPM2.0, Intel PTT or Group Policy edit; all Windows editions for device encryption in thin and light devices meeting minimum requirements.
    • Note: although Windows 10 Home cannot natively create new BitLocker volumes, it can unlock BitLocker encrypted drives with full read-write access
  • Physical access, hard drive only: strong protection
  • Physical access, entire computer: it’s complicated
  • Other users on the same computer: not applicable
  • Malware/ransomware: not applicable
  • Online attacks: not applicable
  • Usage cases: protect data against theft of computer or hard drive; protect data if hard drives are sold or RMA’d; protect data against physical extraction.
If your computer meets the requirements (namely, the presence of a hardware TPM2.0 module or software-based Intel Platform Trust Technology), enabling BitLocker on your computer can be as easy as opening the Control Panel and launching the BitLocker Drive Encryption applet. Note that not all editions of Windows 10 can use BitLocker protection.
We have a comprehensive article on BitLocker protection in our blog, which is highly recommended. Introduction to BitLocker: Protecting Your System Disk
What caveats are there when it comes to securing data against physical extraction? The thing is, while BitLocker is nearly a 100% effective solution for protecting the bare drive, it might not be as secure if the intruder has access to the entire computer with the hard drive installed. Even if your computer is equipped with a TPM2.0/Intel PTT module, Windows will still unlock the encrypted hard drive if Secure Boot conditions are met. This in turn opens numerous vectors of attack that may allow the intruder to intercept the on-the-fly BitLocker encryption key and decrypt the hard drive. These vectors of attack include:
  1. Making a RAM image of a running computer with BitLocker volume(s) mounted. This can be done via a Thunderbolt attack (Windows, by default, does not disable Thunderbolt DMA access when locked) or a cold boot attack.
  2. Breaking or extracting your Windows logon password (e.g. extracting from your Google account, your smartphone, or from another computer you have logged in and synced your data to).
  3. Obtaining your BitLocker Recovery Key from your Microsoft Account or Active Directory.
Advanced users and system administrators can read the following guide to secure their BitLocker volumes: BitLocker recovery guide

Full-disk encryption part II: protecting external storage devices

BitLocker is good not only for protecting your boot device, but for encrypting data on other volumes, built-in and removable. BitLocker protects external storage devices with BitLocker To Go, an encryption algorithm based on a password. In addition to passwords, external drives encrypted with BitLocker To Go have an option to unlock with a smart card on another computer by using BitLocker Drive Encryption in Control Panel. Finally, users can opt to make their encrypted external devices automatically unlock when connected to their (trusted) computer.
  • Availability:
    • Encrypt external devices: Windows 10 Professional and Enterprise
    • Access BitLocker encrypted devices: although Windows 10 Home cannot natively encrypt drives with BitLocker, it can access BitLocker encrypted drives with full read-write access
  • Physical access, device only: protection as strong as your password
  • Physical access, entire computer: it’s complicated (see previous chapter)
    • Note: if you enabled the option “Unlock automatically on this PC”, then effectively no protection
  • Other users on the same computer: strong protection if offline/not mounted
  • Malware/ransomware: strong protection if offline/not mounted
  • Online attacks: strong protection if offline/not mounted
  • Usage cases: protect data stored on external storage devices such as external drive enclosures, USB flash drives etc.
Unlike system drive encryption, BitLocker To Go does not support multifactor authentication. This means you cannot use TPM protection as an additional form of authentication. You can, however, make BitLocker To Go devices unlock automatically when they are inserted in your (trusted) computer, which carries obvious security implications.

Full-disk encryption part III: using third-party crypto containers

I put it here just for the sake of completeness. If you are considering using a crypto-container such as VeraCrypt or PGP, you probably know what it is good for and how to use it. I’ll just add several things that aren’t immediately obvious when you set up encryption. In fact, the two things are so non-obvious that many coach experts have it backwards. (The right way: Choosing the right hashing algorithm – it’s all about slowness).
  • Availability: VeraCrypt is available on most relevant platforms
  • Physical access, hard drive only: very strong protection unless misconfigured
    • Misconfiguration examples: volume stays mounted when computer sleeps or hibernates; volume stays mounted when computer is locked (matter of security vs. convenience); volume unlocked with security key (e.g. USB flash drive) and no password (if USB flash drive is discovered)
  • Physical access, entire computer:
    • volume not mounted at time of analysis: very strong protection
    • volume mounted: very little protection
  • Other users on the same computer
    • volume not mounted at time of analysis: very strong protection
    • volume mounted: very little protection
  • Malware/ransomware: same as above
  • Online attacks: same as above
  • Usage cases: protect data against theft of computer or hard drive; protect data if hard drives are sold or RMA’d; protect data against physical extraction.
The choice of encryption algorithm (spoiler: use AES)
Crypto containers such as VeraCrypt offer the choice of several (actually, multiple) encryption algorithms that range from the industry-standard AES to some quite exotic algorithms such as Serpent or Kuznyechik. For the paranoiacs among us, VeraCrypt offers stacked encryption (e.g. the Serpent(AES) option). The thing is, the choice of an encryption algorithm does not affect the security of your data (unless you pick an algorithm with known or suspected vulnerabilities; finger pointed to Kuznyechik).
The choice of encryption algorithm does not affect the security of your data. A single round AES-256 encryption will be exactly as secure as Serpent(AES) or Serpent(Twofish(AES)). Moreover, the choice of encryption does not even affect the recovery speed (the speed of brute-force attacks on your password)!
Considering that AES is the only hardware-accelerated encryption algorithm in all reasonably modern processors, choosing any encryption algorithm other than AES-256 will unnecessarily slow down your reads and writes (expect a difference of 2 to 3 orders of magnitude in theoretical RAM-to-RAM encryption speeds) without providing any additional security benefit.
If choosing an encryption algorithm other than AES does not affect security, then what does?
The choice of hashing algorithm
When VeraCrypt encrypts (or decrypts) your data, it is using a binary encryption key to perform symmetric cryptographic operations. This media encryption key (MEK) is stored along with the encrypted data. The Media Encryption Key (MEK) is encrypted with a Key Encryption Key (KEK), which, in turn, is the result of multiple (hundreds of thousands) iterative hash operations performed on the user’s password.
In other words, when you type a password, the crypto container will perform a calculation of a certain hash function, and repeat that a 100,000 times or more (in order to deliberately slow down brute-force attacks).
If you want to make your encrypted volume more secure, you can change one of the two things:
  1. Increase the number of hash iterations
  2. Don’t use defaults
  3. Choose a slower hash function
VeraCrypt allows modifying the number of hash iterations by adjusting the PIM (Personal Iterations Multiplier); here is the how-to. The PIM value controls the number of iterations that is used to derive the encryption key from the password that you type. This value can be specified through the password dialog or in the command line. If you don’t manually specify the PIM value, VeraCrypt will use the default number of iterations, which is bad because (2). For SHA-512 or Whirlpool (the two recommended choices), VeraCrypt defaults to Iterations = 15000 + (PIM x 1000).
Why would you want to change the number of hash iterations? Because an attacker will first try to break your password using the defaults. Most tools used by the attackers to brute-force your password will first run the attack using all-defaults: the default encryption algorithm (AES), hash function (SHA-512) and PIM. Changing the PIM value is an easy way to substantially increase security without making your password more complex. Changing the hashing algorithm from default (SHA-512) to Whirlpool also makes sense in this context.
Which brings us to the choice of a hashing algorithm. VeraCrypt offers the choice of SHA-512 (slow, good choice), Whirlpool (slower, even better choice), SHA-256 (slow, but not as slow as SHA-512, use other hash instead), and Streebog (untested). Choosing the right hashing algorithm – it’s all about slowness has some benchmarks and some good explanations; highly recommended. Selecting Whirlpool makes a lot of sense because a) it is slower than SHA-512 (thus will be significantly slower to attack), and b) it is a non-default selection, which significantly increases the complexity of the attack.

File system encryption: when and how to use EFS

If you read the Wikipedia article about Microsoft Encrypting File System (EFS), you’ll get that EFS has been introduced in NTFS 3.0 in order to provides file system level encryption. The article reads: “The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.”
While all of that is interesting, neither statement explains who and, most importantly, why should be using EFS, and what exactly the encrypting file system protects against.
  • Availability: all versions and all editions of Windows 10 (and most older versions of Windows)
  • Physical access, hard drive only: as strong as your Windows account password
  • Physical access, entire computer: same as above
  • Other users on the same computer: effective protection
  • Malware/ransomware: not applicable
  • Online attacks: not applicable
  • Usage cases: protect your documents from other users of your computer; an extra layer of security on BitLocker-protected drives; reasonably strong, very easy and fully transparent document encryption on computers where BitLocker is not supported.
What does EFS protect against, and who should be using it?
The purpose of Encrypting File System is protecting your data from users who share your computer. If you have a PC with several users, and each user has their own Windows login (as opposed to sharing a single Windows account), activating EFS encryption is the easiest way to protect your files from being accessed by those other users.
What is the relation between EFS and BitLocker, and which one should you use?
BitLocker protects your entire system volume. Any user who can log in to your computer will unlock the system volume. If a user has administrative privileges (or can escalate a non-admin account by using an exploit), he or she will also gain access to files and documents stored in other users’ accounts on that computer.
Encrypting File System, on the other hand, only protects selected folders. It won’t, for example, protect your instant messenger databases or encrypt your browsing history. It’s mostly just for documents, pictures and videos you keep in your account. However, EFS will effectively protect those files against other users who can log on to your computer, even if they have administrative privileges.
If an attacker got physical access to the computer, BitLocker is the first line of defence. Relying solely on EFS to secure the PC against attacks with physical access is not the best idea.
How does it all work? It’s actually quite simple. Right-click on a file or folder you’d like to encrypt, select Properties and click the Advanced button in the General tab. In the Advanced Attributes dialog select Encrypt contents to secure data and click OK.

https://preview.redd.it/742u0dpqdjc41.png?width=1019&format=png&auto=webp&s=26dcec93aba51d314531f65c6e68ac12302bc88f
This is it. Windows will now encrypt the selected file or folder with your Windows logon credentials. There are no passwords to type and no encryption keys to save.
There is a certain drawback to using EFS encryption. If you ever forget your Windows password and have to reset it from a separate Administrator account (or your domain administrator resets the password for you), the EFS encryption keys will be lost, and you will be unable to decrypt your data without going through the data recovery process with Elcomsoft Advanced EFS Data Recovery. Note that you must recover your Windows password in order to decrypt the files. However, if you simply change your Windows password by following the normal procedure (typing your old password followed by entering the new one), you will be fine.

Document encryption

Encrypting individual documents is an important part of multi-layer security. Microsoft Office apps can use passwords to encrypt the documents’ content. No one without a password should be able to decrypt the document.
  • Availability: all versions of Microsoft Office
  • Security: depends on the version of Microsoft Office, the file format you’re using to save the files and the strength of your password.
  • Physical access, hard drive only: strong protection (with caveats)
  • Physical access, entire computer: strong protection (with caveats)
  • Other users on the same computer: strong protection (with caveats)
  • Other users on your Local Area Network: strong protection (with caveats)
  • Malware/ransomware: content protection. Malware won’t be able to decrypt your files and read your data. However, malware/ransomware can still encrypt your files, effectively locking you out.
  • Online attacks: content protection. Strong protection against unauthorized data access; no protection against unauthorized deletion
  • Usage cases: protect the content of your documents against anyone who does not know the encryption password.
  • How to: Protect a document with a password
A million dollar question: if you are on a local area network, should you use EFS or document encryption to protect documents against other users on the same LAN? In this case, it’s better to use both. EFS will make it impossible to gain access to encrypted files and folders without knowing your Windows account/domain credentials. Password protection of individual documents will make documents difficult to break even if the attacker knows your logon credentials.
The caveats of document encryption
So what exactly does “strong protection (with caveats)” mean? The thing is, your documents are just as secure as the password you use to protect them. If you re-use a password you already stored in your browser cache or in the keychain, extracting that password and decrypting the documents will be a matter of minutes in many types of attacks.
What if you use a cryptographically strong and truly unique password to encrypt documents? Are these documents secure? The thing is, they will be just as secure as the office app permits them to be. In Microsoft Office encryption evolution: from Office 97 to Office 2019 I discussed the encryption algorithms and protection strength of Microsoft Office apps from the early days to the most current release.
Generally speaking, everything before Office 2000 was insecure (no protection). Office 2000, XP and Office 2003 had very weak encryption that can be usually broken in under a day.
Since Office 2007, Microsoft started taking encryption seriously. Office 2010, 2013, 2016, 2019 brought security to the new level, making encrypted documents very secure.
Okay, so you are using the latest Office and selected a strong password; are we secure now? The thing is, you’ll be just as secure as the document format allows. If you are using the newer DOCX/XLSX format (files with .docx / .xlsx extensions), you’re good. If, however, you are saving your documents in “compatibility” mode, you are sacrificing encryption and make your documents as vulnerable as if they were saved by an Office 2003 app.
Best practices:
  1. Use the latest version of Microsoft Office to save documents. If the latest version is not available, use at least Office 2013 (the newer the better).
  2. Never save documents in “compatibility” mode. Make sure that the files are DOCX/XLSX as opposed to DOC/XLS.
  3. Use a unique, cryptographically strong password to encrypt documents. Remember: if the password is broken once (e.g. pulled from your Google account or recovered from a document you accidentally saved in the “compatible” format), it will be used to break everything else, including documents with strong encryption.
  4. If you email an encrypted document, do use a unique, one-time password for that document, and never send both the document and the password in the same email. In fact, you should never send the password by email since that would allow an attacker who gained access to your email account to decrypt the document. Send the document and the password via separate communication channels (e.g. email / text message, chat or phone call).

Protecting backups and archives

Making regular backups is a common wisdom. Protecting those backups is a wisdom much less common. Once you make a backup, make sure to give it as strong a protection as your boot drive.
  1. Store backups on BitLocker-protected media. Even if your backup tool (e.g. the one built into Windows) does not support encryption, at very least your storage media is protected with full-disk encryption. Note: Windows 10 does support the recovery from BitLocker-protected disks. Just create a bootable install image from Microsoft Web site (use “Create Windows 10 installation media”).
  2. If your backup tool supports encryption, it may be a good idea to encrypt your backups (AND store them on a BitLocker-protected media). Note, however, that a backup tool will probably cache (store) your backup password on your computer to automatically encrypt new and incremental backups. For this reason, make sure to have a truly unique, never reused password for encrypting backups.
Individual folders are frequently backed up using common archive tools such as WinZip, 7Zip or WinRar. All of these tools offer the ability to encrypt archives with a password. While the encryption strength is different among the three formats (ZIP, 7Z and RAR), an up to date version of each tool provides adequate protection if you choose a reasonably complex password (e.g. 8 characters or more, combining small and capital letters with numbers and special characters). To achieve the best level of protection, do keep those archives on BitLocker-protected media.
Note that password recovery tools work significantly faster on ZIP/7Z/RAR compared to attacking BitLocker encryption or Office 2013 (and newer) documents. For this reason, never reuse your password, and make sure that your BitLocker media, your documents and your backups/archives use very different passwords (ideally, not based on the same pattern).
More information:

Cloud security: OneDrive Personal Vault

Microsoft started offering an extra layer of security to all users of its cloud storage service in the form of a Personal Vault. OneDrive Personal Vault helps secure your files both on your computer and in the cloud in the event that someone gains access to your account or your device.
Unlike ransomware protection, Personal Vault is available to all users of Microsoft OneDrive and not just to Office 365 subscribers. Technically speaking, Personal Vault is an area in the OneDrive folder on your computer and in the OneDrive cloud storage that features additional protection. You can only access this protected area after passing a strong authentication. If your Microsoft Account is protected with two-factor authentication, you will have to pass the second step of identity verification in addition to typing your Microsoft Account password.
Once configured, Personal Vault must be manually unlocked every time you need access to secured data. To unlock, you must type in your Microsoft Account password and pass the second authentication step if your account has two-factor authentication. Once you’ve finished accessing the data, Personal Vault will automatically relock after a short period of inactivity. Once locked, any files you were using will also lock and require re-authentication to access.
Setting up Personal Vault only takes a few clicks as outlined in Protect your OneDrive files in Personal Vault.
OneDrive Personal Vault is still new; no independent security analysis has been performed until today. In our view, Personal Vault is worth consideration as an extra security layer for some of the most private but rarely accessed types of data. Examples of such data may include BitLocker escrow keys and binary encryption keys, or the list of passwords some users store in encrypted Excel spreadsheets. I personally keep my two-factor authentication secrets (scanned QR codes to initialize the Authenticator app) in the Vault as well.
  • Physical access: unknown (not yet analyzed)
  • Other users on the same computer: strong protection
  • Malware/ransomware: strong protection (unless Personal Vault is unlocked at the time malware is running)
  • Online attacks: as strong as your Microsoft Account security
  • Usage cases: activate to add an extra layer of security for a handful of personal documents, encryption keys, 2fa secrets etc.

Ransomware protection

One of the most important threats not covered by any encryption is the type of malware called ransomware. Ransomware is a type of malware that threatens to either publish the data stolen from the victim or perpetually block access to the victim’s files by encrypting them with a key that is only known to the attacker. The term ‘ransomware’ has emerged from the fact that, on many cases, attackers demand a ransom payment to decrypt data.
Protecting your data against ransomware is a complex topic in itself. However, computer users can choose one or both of the following two defences when it comes to ransomware protection.
Ransomware protection is effective against the following threats.
  • Physical access: no protection
  • Other users on the same computer: no protection
  • Malware/ransomware: effective protection
  • Online attacks: as strong as your cloud account security
  • Usage cases: available automatically to Office 365 subscribers. Available to paid Dropbox users. Automatically protects files stored in OneDrive/Dropbox. Automatic alerts (OneDrive only). Automatic restore (OneDrive only); manual restore (Dropbox).
Use cloud storage with automatic ransomware protection
If you are using Windows 10, most likely you already have a Microsoft Account. The Microsoft Account gives you access to OneDrive, Microsoft’s cloud storage solution. The free tier includes 5 to 15 GB of online storage, while Office 365 subscribers receive the whole terabyte of cloud storage.
Microsoft actively promotes OneDrive Ransomware Protection. OneDrive automatically detects when the files are mass-deleted or mass-edited (such as when ransomware encrypts the entire Documents folder), alerts the user and prompts to restore the known-good snapshot. The File Restore feature is only available to Office 365 subscribers (Home and Personal levels are enough to receive protection).
More information at Ransomware detection and recovering your files.
If you prefer Dropbox to Microsoft OneDrive, Dropbox gets you covered against ransomware attacks, but mostly for higher-level paid tiers. Users of the free Basic tier as well as Plus subscribers can roll back individual encrypted files during the first 30 days after the attack (there will be no warning of mass-deletion of mass-encryption of files coming from the Dropbox app). If you want to roll back the entire Documents folder with Dropbox Rewind, you’ll need to be a paid Plus or Professional tier subscriber.
More information:
Make backup snapshots. Keep backup media offline
Once ransomware is installed on your computer, it will try to encrypt every document that is accessible. The obvious solution is making documents inaccessible by physically disconnecting backup media (such as using 2.5” portable USB drives to back up). In this scenario, you would only connect backup media to your computer when you actually want to make the backup, disconnecting the disk after the backup tool finishes its job. With this approach, even if your computer is attacked by ransomware, your offline backups will not be affected (unless you connected the external drive to the computer at the time the ransomware was installed).
In addition, configure your backup tool to keep snapshots of your data going back as long as permitted by available storage. In our office, an affordable 4TB USB hard drive can keep approximately 30 to 40 full snapshots of the Documents folder; this number becomes significantly larger if you enable incremental backups, with each snapshot saving only
More information:
submitted by Elcomsoft to computerforensics [link] [comments]

Simple 1 Minute Time Frame Trading Strategy - YouTube 2 Minutes Strategy Binary Options 2020 (IQ Options) - YouTube Binary Options Strategy 2018 - 99% WIN GUARANTEED - How to ... The Binary Options Strategy PDF – Free Price Action ... 60 Seconds binary options strategy 99 - 100% Winning (100% ...

All successful binary options traders use a strategy. Those strategies are carefully developed and then constantly assessed, improved, and updated over time. You will also need a strategy to profitably trade binary options as you can’t make money regularly by adopting a haphazard approach. The assets you trade, how you trade, and when you trade advantage of the Forex market, binary options strategy pdf, binary options trading pdf, binary options trading strategies, binary options trading strategy pdf, Do you know Forex loss is normal?, Forex profit every month, investment portfolio in the Forex business, Practice Forex Trading with a Demo Account, Real Trading Will Teach You More than ... A Basic Binary Options Strategy. Here is an example of some basic rules for a binary options strategy. The trend is your friend, only take trend following entries. In an uptrend only enter when prices are near support, in a downtrend only enter when prices are near resistance. The Best Binary Options Strategy. Our team at Trading Strategy Guides is ready to share with our beloved trading community our 60-second binary options strategy. We don’t just hope this strategy will make you money, we’re certain it will. The mathematical model behind this binary options trading strategy has a proven market edge. Binary Options Price Action Strategy PDF. To get my Binary Options price action Strategy, including lot of tips and my proven strategy or binary options, you just need to choose one of the Options below: Follow my Fanpage on Facebook and message me there to get your Strategy PDF file send directly! Click here to follow!

[index] [5312] [1968] [3397] [1160] [3160] [2792] [4937] [2596] [925] [944]

Simple 1 Minute Time Frame Trading Strategy - YouTube

IQ Option (Free Demo) http://www.cryptobinarylivingway.com/IQOption1 💰💲FULL BEGINNER? Join My PERSONAL TRAINING!💴💵 BLW Trading Academy: http://www ... Check Out This Site: https://bit.ly/3gzspsU - Binary Option Trading Strategies Pdf - ERT Lighting & Sales Inc. for Dummies The Single Many Vital Aspect to Bi... Look Here: https://bit.ly/30H77Uv - The Binary Options Strategy PDF – Free Price Action Strategy Diaries 26 Pages 2013 1.06 MB 10,492 Downloads English" The ... Sign up here - https://bit.ly/2QeuwYO IQ Option Strategy for 90% Winning Trades. Try NOW!! This Strategy is for 60 seconds timeframe. Watch carefully video t... 60 Seconds binary options strategy 99 - 100% Winning (100% profit guaranteed) 90 - 95% Winning Binary Options Strategy in case of correct prediction - 1 to 5...

#