As far as using smart cards for Two-Factor Authentication(TFA), unless the smart cards are being used for things like code-signing, X of Y authentication where a certain number of people have to be present to do something,  or encryption, I prefer the key-fob method.  RSA and a number of others implement token based authentication where you are required to enter both your pin and a token value which changes periodically in order to authenticate.    These types of technologies are implementable cross platform and can tie into things like VPN's and radius fairly easily. 

For things like file encryption, smart cards/USB Keys are really neat.  Combining with two factor authentication with certificates allows for the encryption/decryption keys for files/file systems to live with you.  I like the USB token idea better because if your company is devoted to the solution it's less likely to be left at the office because it's required to check email from home.  The only caveat is, make sure that your PKI implements a key recovery agent for EFS/Bitlocker if you use a solution like that because people will lose these things. 

From the standpoint of what seems to be catching the emerging threats, I'd have to go with AVG but for a slightly different reason.  When we've been seeing infections that occur within a few days of a 0-day, AVG has been what we've used to triage them.  Our major commercial anti-virus I've been less than pleased with lately as it hasn't detected many of the variants as they come out.  When I find new stuff, the first place I head to is virustotal.com and see what picks it up before I start submitting to our av vendors (we have a few levels of av), and AVG seems to almost always have defs out which detect it.  Clam seems to pick up less than AVG, but seems to have better integration with other products if you aren't using windows.  On a side note, if you think something is a virus, chuck it at virustotal.com and see what comes back.  Also, if you are having to deal with triage work, check out http://trinityhome.org/Home/blog.php?front_id=15 .  It's a neat distro with 3 different AV's on there including AVG free, and so far when we've had windows boxes that we've had a hard time cleaning, trinity kicked their butt.

You received a 450 error due to the fact that it appears to their mail server that you have sent too many emails to the same person in too short a time frame.  It's interesting that there were 2 RCPT To:'s  on there for the same person which sounds like you may have double sent it to the person, or possibly more than that.  Your AOL mail server will try to send the message again periodically until the message is delivered, or until 4 days have passed in which case you will get an email indicating that the mail was not deliverable.  No need to cancel your PayPal account unless you just really dislike it or there is something else going on you haven't mentioned.
 

The CISSP means a lot more to managers than it does to technical guys from what I've seen.  Executives and managers seem to see that certification as a balance between technical skills and policy, and with it you know enough to be able to work with the more technical people as well as executives to ensure that the goals of the corporation are met and that you are balancing the companies best interest with the technical constraints that should be in place to help protect the company.  One of the big focuses on the CISSP is that the right technical answer isn't always the right answer, if something means you never get hacked but costs 1 bazillion dollars, that may not be in your best interest if you are only protecting earthworm mating parameters or something like that.  As such, in my opinion, the CISSP tests 2 things, the first being basic security knowledge in a variety of areas, and secondly it tests if you can think in both the technical and managerial worlds.  I guess that was long winded, but short answer is, if you think that you want to be a team lead, a manager, or a consultant, it can do nothing but help.

As for studying, this exam is as much about how you think as what you know, so the knowledge without the practice won't necessarily help you a lot.  I got more benefit out of http://www.cccure.org/ doing practice tests to get into the right mindset than anything else.  Anyway, just my .02

You mention that you are at the beginner level for security things, so I will deviate a little bit and say that you should probably get certifications in the areas of security that you aren't as familiar with at first.  If you have 10 years with windows, start studying and working towards a certification in something you aren't as familiar with before going for CEH or any of the pen testing certifications.  Shoot for the RHCT or an LPI certification and get yourself more familiar with a *nix environment as a lot of the certifications ask you a lot of questions that you will mostly know the answers to if you are pretty comfortable in *nix.  From there, the Security+ is more heavily focused on the technical side of things and will get you a little deeper, once you are comfortable there, I'll again deviate and say that one of Ed Skoudis's SANS classes isn't a bad way to go.  I've taken 2 courses from him, and I felt like I definitely knew a lot more leaving than I did going in.  At that point, you should know enough to figure out what direction you want to take, whether it's going to be corporate security, pen testing, consulting or something completely different. 

Hope this helps.

The Security+ is a lot deeper in certain areas than the CISSP.  I used the Security+ in order to work on my MCSE: Security, and I got it during the time I was studying for the CISSP.  I found that some of the stuff on the CISSP helped however the Security+ certification seems to almost assume that you have the knowledge of the Network+ stuff because all of the review material was much more focused on the technical side of life rather than the policy side of life like the CISSP.  While I know that folks will probably frown on this, I studied for the Security+ using the Exam Cram book because I'd already been doing this stuff for a while and I wanted to figure out where I was lacking knowledge and fill in the gaps.  If you are studying for the CISSP and have some real world experience, that may not be a bad way to go, and then the areas that you are missing you can probably find good references on the internet to augment your knowledge. 

Bonjour is a protocol that Apple products use to communicate.  You can find out more about it here: http://en.wikipedia.org/wiki/Bonjour_(software) .  It is used by iTunes and others, so if it associated with those applications then it is likely normal, otherwise, you may want to further investigate.

I know you have already bought the books, but I figured I'd share anyway.  I have looked over Hacking: The art of Exploitation and it looked good.  I've had some other people recommend it to me as well.  I just got the Shell Coders Handbook and have made it through the first 2 chapters.  It is incredibly in depth, with great examples that you can follow along with.  It is however, one of those "makes your brain hurt" books if you haven't done assembly and OS stuff in a while.  I'm really glad that I have it.. and I'm also really glad that I don't have time to sit down and read it for long periods of time, otherwise I might pull something   Other stuff that has helped me a lot lately that are more free resources, are http://www.darkreading.com and looking at some of the code to metasploit.  I "borrowed" the shell code from metasploit for use in another languages exploit and their method of putting forth the exploit itself and the stuff you're going to be injecting is really informative.   Also sans has some great webcasts that are archived, for instance after https://www.sans.org/webcasts/show.php?webcastid=90649 you'll be all "I know kung-fu" and someone else will be all "show me".  Anyway, hope this helps someone

I am not sure that you should start at an either/or place regarding learning operating systems and programming.  In order to figure out how things work together, it helps to pick a task that you want to accomplish, and then work towards writing something that will accomplish it.  An example might be figuring out how to write a perl script that will determine if logins are working on your web page.  To do this, you might start out by figuring out enough sys admin to install apache, configure it along with php and from there write a simple script that  will load a password file from a directory and allow login attempts based off of that information.  Once you have that working, break out some perl and start off with hello world and then work towards creating a perl LWP page that will log into the page and then send an email if you can't login.  Figure out how to add that script to cron to run automatically.  Once you've got a feeling for how some of this stuff works, and have gotten some basic scripting down, then there are plenty of games to play online.  A while back, I played around at http://www.hackthissite.org/ to get a feeling for what types of things you might encounter, and they have forums that will help you through it if you have trouble.  Figure out what is broken, but more importantly, figure out how you might fix it if it were you.  As far as Pen Testing goes, if you can't tell people how to fix the things that are broken, then you won't be nearly as useful.  As you start exploring, you will start running into tools to figure out how to diagnose problems, like using nmap to figure out what services your box has exposed to the outside, and then when you find ports that you aren't sure why they are there, figuring out how to use netstat to determine why they are there, and then digging further.  Now that VM's are so prevalent, play as much as you can, if you break it no big deal, figure out how to fix it, you'll learn a lot more that way anyway.  As far as I'm concerned, programming languages, applications, and operating systems are all tools that you use to get your job done.  Pick tasks that you want to accomplish to get to know your environment, and once you have a feeling for your environment then you can start figuring out how to make that environment do things that it may not have been intended to do, and that's when the fun starts   Anyway, just my opinion, but I hope that this at least gives you some ideas if it doesn't give you a good starting point.

People may be able to give you some more information if you can describe what you want to do with the packets between the client and the server.  If you are trying to get the server to do something it isn't supposed to, if you can determine the protocol that is being used, it may be easier to write your own basic client outside of flash.  If you are needing to only change one type of packet, you may be able to do a man-in-the-middle type attack where you intercept the whole conversation and act as a relay between the client and server, and write automated modifications of the packets that you specifically want modified. 

Since you already have access to Cisco equipment for the CCNA, you may want to work on your CCSP.  Make sure when you hit college for your Computer Science degree, that you pay attention in assembly class, I wish that I had paid more attention there.  If any scripting languages are taught, that will be helpful for you to pick up either there or on your own.  As far as certs go, I wouldn't go and get a lot of certs before you get experience in the workplace.  They may get you in the door some places, but if you load up on certs now, they will be a pain to maintain later.  It sounds like you already have some strong certs, with CISSP being a good one to come later, but you can use the certs in the future to potentially leverage more pay in jobs once you start.  If you are interested in SANS classes, the 504 class isn't a bad start, I really enjoyed it.