<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_10_13_2344251</id>
	<title>Washington Post Says Use Linux To Avoid Bank Fraud</title>
	<author>kdawson</author>
	<datestamp>1255444020000</datestamp>
	<htmltext><a href="mailto:einfeldt@@@digitaltippingpoint...com" rel="nofollow">christian.einfeldt</a> writes <i>"Washington Post Security Fix columnist Brian Krebs recommends that banking customers <a href="http://voices.washingtonpost.com/securityfix/2009/10/avoid\_windows\_malware\_bank\_on.html">consider using a Linux LiveCD</a>, rather than Microsoft Windows, to access their on-line banking. He tells a story of two businesses that lost $100K and $447K, respectively, when thieves &mdash; armed with malware on the company controller's PC &mdash; were able to intercept one of the controller's log-in codes, and then delay the controller from logging in. Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of <a href="http://voices.washingtonpost.com/securityfix/2009/10/e-banking\_on\_a\_locked\_down\_non.html">booting a Linux LiveCD</a> to do their on-line banking."</i> <a href="http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-internet-banking.aspx">Police in Australia offer similar advice</a>, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."</htmltext>
<tokenext>christian.einfeldt writes " Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD , rather than Microsoft Windows , to access their on-line banking .
He tells a story of two businesses that lost $ 100K and $ 447K , respectively , when thieves    armed with malware on the company controller 's PC    were able to intercept one of the controller 's log-in codes , and then delay the controller from logging in .
Krebs notes that he is not alone in recommending the use of non-Windows machines for banking ; The Financial Services Information Sharing and Analysis Center , an industry group supported by some of the world 's largest banks , recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone , hardened , and completely locked down computer system from where regular e-mail and Web browsing [ are ] not possible .
' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking .
" Police in Australia offer similar advice , according to an item sent in by reader The Mad Hatterz : " Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online .
The first rule , he said , was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows .
"</tokentext>
<sentencetext>christian.einfeldt writes "Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD, rather than Microsoft Windows, to access their on-line banking.
He tells a story of two businesses that lost $100K and $447K, respectively, when thieves — armed with malware on the company controller's PC — were able to intercept one of the controller's log-in codes, and then delay the controller from logging in.
Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.
' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking.
" Police in Australia offer similar advice, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online.
The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29792633</id>
	<title>Hottest Selling Thousands Of Creative Recreation</title>
	<author>Anonymous</author>
	<datestamp>1255959960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Http://www.tntshoes.com</p><p>we are a prefession online store, you can see more photos and price in our website which is show in the photos.<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; All of our product is  best quality, but the price is so cheap, we are selling all  new nike shoes, t-shirt, handbag, hats<nobr> <wbr></nobr>,sunglass.<br>
&nbsp; &nbsp; we accept paypal as payment service , and offer  free shipping. T-shirt : A&amp;f polo lacoste coogi Bape evisu D&amp;g BBC LRG ed hardy JUICY etc $11-$17free shipping If you are interested please chat with me or email me by , we open a online shipping store, hellow our website is see our website in the photos attached, you will find all we have in our website and the price for them.</p><p>OUR WEBSITE:</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; YAHOO:shoppertrade@yahoo.com.cn</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MSN:shoppertrade@hotmail.com</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; HTTP://www.tntshoes.com</p></htmltext>
<tokenext>Http : //www.tntshoes.comwe are a prefession online store , you can see more photos and price in our website which is show in the photos .
          All of our product is best quality , but the price is so cheap , we are selling all new nike shoes , t-shirt , handbag , hats ,sunglass .
    we accept paypal as payment service , and offer free shipping .
T-shirt : A&amp;f polo lacoste coogi Bape evisu D&amp;g BBC LRG ed hardy JUICY etc $ 11- $ 17free shipping If you are interested please chat with me or email me by , we open a online shipping store , hellow our website is see our website in the photos attached , you will find all we have in our website and the price for them.OUR WEBSITE :                                                   YAHOO : shoppertrade @ yahoo.com.cn                                                                 MSN : shoppertrade @ hotmail.com                                                                           HTTP : //www.tntshoes.com</tokentext>
<sentencetext>Http://www.tntshoes.comwe are a prefession online store, you can see more photos and price in our website which is show in the photos.
          All of our product is  best quality, but the price is so cheap, we are selling all  new nike shoes, t-shirt, handbag, hats ,sunglass.
    we accept paypal as payment service , and offer  free shipping.
T-shirt : A&amp;f polo lacoste coogi Bape evisu D&amp;g BBC LRG ed hardy JUICY etc $11-$17free shipping If you are interested please chat with me or email me by , we open a online shipping store, hellow our website is see our website in the photos attached, you will find all we have in our website and the price for them.OUR WEBSITE:
                                                  YAHOO:shoppertrade@yahoo.com.cn
                                                                MSN:shoppertrade@hotmail.com
                                                                          HTTP://www.tntshoes.com</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457</id>
	<title>Its not just Linux, its trusted boot...</title>
	<author>Anonymous</author>
	<datestamp>1255448520000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Its not just "linux vs Windows" but "trusted boot":  All you need to rely on is that the live CD is OK and your BIOS is not corrupted and you can effectively safely connect to your bank.</p><p>I use it myself for my Schwab account, with the added bonus of there is enough math to show active traders lose big, so don't trade active, which goes into play here.</p></htmltext>
<tokenext>Its not just " linux vs Windows " but " trusted boot " : All you need to rely on is that the live CD is OK and your BIOS is not corrupted and you can effectively safely connect to your bank.I use it myself for my Schwab account , with the added bonus of there is enough math to show active traders lose big , so do n't trade active , which goes into play here .</tokentext>
<sentencetext>Its not just "linux vs Windows" but "trusted boot":  All you need to rely on is that the live CD is OK and your BIOS is not corrupted and you can effectively safely connect to your bank.I use it myself for my Schwab account, with the added bonus of there is enough math to show active traders lose big, so don't trade active, which goes into play here.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745253</id>
	<title>Now if only...</title>
	<author>SCHecklerX</author>
	<datestamp>1255537260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...we could get the <b>bank employees</b> to do that, so that I can be sure my money is safe.  I'm not worried about my own use, but those that control my information, that's downright frightening.</p></htmltext>
<tokenext>...we could get the bank employees to do that , so that I can be sure my money is safe .
I 'm not worried about my own use , but those that control my information , that 's downright frightening .</tokentext>
<sentencetext>...we could get the bank employees to do that, so that I can be sure my money is safe.
I'm not worried about my own use, but those that control my information, that's downright frightening.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747451</id>
	<title>What if my bank doesn't let me do it?</title>
	<author>GPLHost-Thomas</author>
	<datestamp>1255546860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Please tell this to my bank. The ONLY reason why I still have Windows running on my laptop is because this stupid bank needs me to use a USB device (from Gemplus) that is, by the way, recognized by Linux. The issue is that the site uses a stupid ActiveX to check for the internet token. What is my alternative here? Change bank? Thanks, but no thanks<nobr> <wbr></nobr>...</htmltext>
<tokenext>Please tell this to my bank .
The ONLY reason why I still have Windows running on my laptop is because this stupid bank needs me to use a USB device ( from Gemplus ) that is , by the way , recognized by Linux .
The issue is that the site uses a stupid ActiveX to check for the internet token .
What is my alternative here ?
Change bank ?
Thanks , but no thanks .. .</tokentext>
<sentencetext>Please tell this to my bank.
The ONLY reason why I still have Windows running on my laptop is because this stupid bank needs me to use a USB device (from Gemplus) that is, by the way, recognized by Linux.
The issue is that the site uses a stupid ActiveX to check for the internet token.
What is my alternative here?
Change bank?
Thanks, but no thanks ...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29761149</id>
	<title>Bootable click drive</title>
	<author>minstrelmike</author>
	<datestamp>1255638300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Make a bootable Ubuntu click drive and boot your windoze PC from it to do on-line banking.
If you dare.</htmltext>
<tokenext>Make a bootable Ubuntu click drive and boot your windoze PC from it to do on-line banking .
If you dare .</tokentext>
<sentencetext>Make a bootable Ubuntu click drive and boot your windoze PC from it to do on-line banking.
If you dare.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743295</id>
	<title>I use a Live CD</title>
	<author>rockbottoms</author>
	<datestamp>1255528260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I boot into my Linux Live CD, but then I don't have any of my favorites.  I just login to my email and use the link that my bank sent me</htmltext>
<tokenext>I boot into my Linux Live CD , but then I do n't have any of my favorites .
I just login to my email and use the link that my bank sent me</tokentext>
<sentencetext>I boot into my Linux Live CD, but then I don't have any of my favorites.
I just login to my email and use the link that my bank sent me</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742071</id>
	<title>Re:it's not a matter of Linux vs. Windows...</title>
	<author>Miner Willy</author>
	<datestamp>1255512240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why bother to find a perfect solution that will protect the masses for ever and always?

Surely if we're safe then that's good enough -- this Linux thing can just be our little secret (right guys and gals??)</htmltext>
<tokenext>Why bother to find a perfect solution that will protect the masses for ever and always ?
Surely if we 're safe then that 's good enough -- this Linux thing can just be our little secret ( right guys and gals ? ?
)</tokentext>
<sentencetext>Why bother to find a perfect solution that will protect the masses for ever and always?
Surely if we're safe then that's good enough -- this Linux thing can just be our little secret (right guys and gals??
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743285</id>
	<title>Re:Its not just Linux, its trusted boot...</title>
	<author>Anonymous</author>
	<datestamp>1255528200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Live CD for existing desktops perhaps, but this is a wicked application for those instant-on <a href="http://en.wikipedia.org/wiki/Splashtop" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Splashtop</a> [wikipedia.org] machines that we can buy nowadays?</p></htmltext>
<tokenext>Live CD for existing desktops perhaps , but this is a wicked application for those instant-on http : //en.wikipedia.org/wiki/Splashtop [ wikipedia.org ] machines that we can buy nowadays ?</tokentext>
<sentencetext>Live CD for existing desktops perhaps, but this is a wicked application for those instant-on http://en.wikipedia.org/wiki/Splashtop [wikipedia.org] machines that we can buy nowadays?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29744535</id>
	<title>BIOs level bare-metal virtualization</title>
	<author>marciot</author>
	<datestamp>1255534320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We need a bare-metal virtualization solution for computers, so we can easily switch from OS to OS without rebooting. I'm not talking about a guest OS running on another host OS, as others have already pointed out the flaws in that, but really something like ESX for desktop computers (ESX would itself be perfect, except that it does not have a usable console). I'ld say they should have this feature built in to the BIOS of every computer, that way malware can't infect the hypervisor.</p></htmltext>
<tokenext>We need a bare-metal virtualization solution for computers , so we can easily switch from OS to OS without rebooting .
I 'm not talking about a guest OS running on another host OS , as others have already pointed out the flaws in that , but really something like ESX for desktop computers ( ESX would itself be perfect , except that it does not have a usable console ) .
I'ld say they should have this feature built in to the BIOS of every computer , that way malware ca n't infect the hypervisor .</tokentext>
<sentencetext>We need a bare-metal virtualization solution for computers, so we can easily switch from OS to OS without rebooting.
I'm not talking about a guest OS running on another host OS, as others have already pointed out the flaws in that, but really something like ESX for desktop computers (ESX would itself be perfect, except that it does not have a usable console).
I'ld say they should have this feature built in to the BIOS of every computer, that way malware can't infect the hypervisor.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623</id>
	<title>Re:terrible advice</title>
	<author>QuantumG</author>
	<datestamp>1255449960000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>sigh.  Just off the top of my head I can think of about a dozen attacks one could direct against a bank user who thinks they're bulletproof because they're using a Linux LiveCD.  For example, booting off a LiveCD won't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that.  Encouraging people to use unpatched known-vulnerable software to do their banking just so they can avoid malware on their regularly patched machines makes no sense at all.  Of course, that's the extreme case.. suggesting people use a LiveCD of Linux instead of an unpatched copy of Windows XP SP1 is a different kettle of fish.</p></htmltext>
<tokenext>sigh .
Just off the top of my head I can think of about a dozen attacks one could direct against a bank user who thinks they 're bulletproof because they 're using a Linux LiveCD .
For example , booting off a LiveCD wo n't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that .
Encouraging people to use unpatched known-vulnerable software to do their banking just so they can avoid malware on their regularly patched machines makes no sense at all .
Of course , that 's the extreme case.. suggesting people use a LiveCD of Linux instead of an unpatched copy of Windows XP SP1 is a different kettle of fish .</tokentext>
<sentencetext>sigh.
Just off the top of my head I can think of about a dozen attacks one could direct against a bank user who thinks they're bulletproof because they're using a Linux LiveCD.
For example, booting off a LiveCD won't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that.
Encouraging people to use unpatched known-vulnerable software to do their banking just so they can avoid malware on their regularly patched machines makes no sense at all.
Of course, that's the extreme case.. suggesting people use a LiveCD of Linux instead of an unpatched copy of Windows XP SP1 is a different kettle of fish.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29754057</id>
	<title>Let the banks supply a disk</title>
	<author>DeBaas</author>
	<datestamp>1255636860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Like I suggested in August: <a href="http://slashdot.org/comments.pl?sid=1347481&amp;cid=29198657&amp;art\_pos=4" title="slashdot.org" rel="nofollow">http://slashdot.org/comments.pl?sid=1347481&amp;cid=29198657&amp;art\_pos=4</a> [slashdot.org]</p><p>The banks should distribute a locked down version themselves. Then they can even build in extra authentication in the browser and minimise other programms with possible weaknesses</p></htmltext>
<tokenext>Like I suggested in August : http : //slashdot.org/comments.pl ? sid = 1347481&amp;cid = 29198657&amp;art \ _pos = 4 [ slashdot.org ] The banks should distribute a locked down version themselves .
Then they can even build in extra authentication in the browser and minimise other programms with possible weaknesses</tokentext>
<sentencetext>Like I suggested in August: http://slashdot.org/comments.pl?sid=1347481&amp;cid=29198657&amp;art\_pos=4 [slashdot.org]The banks should distribute a locked down version themselves.
Then they can even build in extra authentication in the browser and minimise other programms with possible weaknesses</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740571</id>
	<title>Free Software not Linux</title>
	<author>Statecraftsman</author>
	<datestamp>1255449600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There is nothing special about a "Linux LiveCD" that ensures that the programs on it can be trusted. Most distributions still include binary blobs in their corresponding source code that can bring the kinds of problems for which Microsoft Windows is advocated against in the article. Thankfully at this point, you can get machines that run a free bios, support wireless, and run 100\% free software. Depending on the value of your target and the determination of your attacker there is a software solution for you.</htmltext>
<tokenext>There is nothing special about a " Linux LiveCD " that ensures that the programs on it can be trusted .
Most distributions still include binary blobs in their corresponding source code that can bring the kinds of problems for which Microsoft Windows is advocated against in the article .
Thankfully at this point , you can get machines that run a free bios , support wireless , and run 100 \ % free software .
Depending on the value of your target and the determination of your attacker there is a software solution for you .</tokentext>
<sentencetext>There is nothing special about a "Linux LiveCD" that ensures that the programs on it can be trusted.
Most distributions still include binary blobs in their corresponding source code that can bring the kinds of problems for which Microsoft Windows is advocated against in the article.
Thankfully at this point, you can get machines that run a free bios, support wireless, and run 100\% free software.
Depending on the value of your target and the determination of your attacker there is a software solution for you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741943</id>
	<title>Re:Its not just Linux, its trusted boot...</title>
	<author>houghi</author>
	<datestamp>1255510920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I was thinking that this was about the "live CD" part. What if there excisted a "Live Windows" Would that be OK to use? Would a "real Linux" so not via live CD be OK?</p></htmltext>
<tokenext>I was thinking that this was about the " live CD " part .
What if there excisted a " Live Windows " Would that be OK to use ?
Would a " real Linux " so not via live CD be OK ?</tokentext>
<sentencetext>I was thinking that this was about the "live CD" part.
What if there excisted a "Live Windows" Would that be OK to use?
Would a "real Linux" so not via live CD be OK?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747013</id>
	<title>You're being totally silly</title>
	<author>Anonymous</author>
	<datestamp>1255544940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Sure they exist. And none of the common attacks use them.</p><p>Oh, and using a standard PC (like people do now) is also vulnerable to hardware loggers, so this isn't a step back.</p><p>Get friggin real. One can always come up with a hypothetical attack on any security system. It doesn't mean that you've weakened your security or that it's a step backward.</p><p>This posing as semi-technoliterate doesn't move things forward, and that's where we need to be.</p></htmltext>
<tokenext>Sure they exist .
And none of the common attacks use them.Oh , and using a standard PC ( like people do now ) is also vulnerable to hardware loggers , so this is n't a step back.Get friggin real .
One can always come up with a hypothetical attack on any security system .
It does n't mean that you 've weakened your security or that it 's a step backward.This posing as semi-technoliterate does n't move things forward , and that 's where we need to be .</tokentext>
<sentencetext>Sure they exist.
And none of the common attacks use them.Oh, and using a standard PC (like people do now) is also vulnerable to hardware loggers, so this isn't a step back.Get friggin real.
One can always come up with a hypothetical attack on any security system.
It doesn't mean that you've weakened your security or that it's a step backward.This posing as semi-technoliterate doesn't move things forward, and that's where we need to be.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741433</id>
	<title>Re:A smart bank would be ALL over this...</title>
	<author>fluffy99</author>
	<datestamp>1255459560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I pity the person with the job of building a LiveCD that supports all permutations of hardware.  Hardware compatibility is still not perfect with Linux.</p></htmltext>
<tokenext>I pity the person with the job of building a LiveCD that supports all permutations of hardware .
Hardware compatibility is still not perfect with Linux .</tokentext>
<sentencetext>I pity the person with the job of building a LiveCD that supports all permutations of hardware.
Hardware compatibility is still not perfect with Linux.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29749705</id>
	<title>No you can't.</title>
	<author>Anonymous</author>
	<datestamp>1255513440000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'll be that you can't think of a single attack against a live-cd that isn't applicable to a normal PC.</p><p>So put up or shut up, dude.</p><p>On the other hand, I can think of a number of attacks which are prevented by this.</p><p>But the bottom line is that you're passing out extremely bad security advice.</p></htmltext>
<tokenext>I 'll be that you ca n't think of a single attack against a live-cd that is n't applicable to a normal PC.So put up or shut up , dude.On the other hand , I can think of a number of attacks which are prevented by this.But the bottom line is that you 're passing out extremely bad security advice .</tokentext>
<sentencetext>I'll be that you can't think of a single attack against a live-cd that isn't applicable to a normal PC.So put up or shut up, dude.On the other hand, I can think of a number of attacks which are prevented by this.But the bottom line is that you're passing out extremely bad security advice.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745365</id>
	<title>Two things to get to the root of the problem</title>
	<author>SCHecklerX</author>
	<datestamp>1255537740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>1) firefox + adblock plus<br>2) effective spam filtering</p><p>1 is in the user's control.  2, hopefully handled well by the mail provider.</p><p>Of course, it's all about education, but the above two things will stop a lot of the cruft coming in, regardless of being on windoze or linux.</p></htmltext>
<tokenext>1 ) firefox + adblock plus2 ) effective spam filtering1 is in the user 's control .
2 , hopefully handled well by the mail provider.Of course , it 's all about education , but the above two things will stop a lot of the cruft coming in , regardless of being on windoze or linux .</tokentext>
<sentencetext>1) firefox + adblock plus2) effective spam filtering1 is in the user's control.
2, hopefully handled well by the mail provider.Of course, it's all about education, but the above two things will stop a lot of the cruft coming in, regardless of being on windoze or linux.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</id>
	<title>terrible advice</title>
	<author>QuantumG</author>
	<datestamp>1255448460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Ya, it stops key loggers, and that's great, but it aint going to do much for your browser security unless you keep your LiveCD up to date, and hey, who says your CD burning software isn't infected - implications on trusting trust and all.</p></htmltext>
<tokenext>Ya , it stops key loggers , and that 's great , but it aint going to do much for your browser security unless you keep your LiveCD up to date , and hey , who says your CD burning software is n't infected - implications on trusting trust and all .</tokentext>
<sentencetext>Ya, it stops key loggers, and that's great, but it aint going to do much for your browser security unless you keep your LiveCD up to date, and hey, who says your CD burning software isn't infected - implications on trusting trust and all.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742819</id>
	<title>When you can get your hands on a Windows Live CD..</title>
	<author>Anonymous</author>
	<datestamp>1255523160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...you might have a point.</p><p>Live CD's only exist because of the open (with a capital "O") nature of Linux.</p><p>I haven't really been keeping score recently, but this is still very much a case of "Linux 1 : Windows 0"</p></htmltext>
<tokenext>...you might have a point.Live CD 's only exist because of the open ( with a capital " O " ) nature of Linux.I have n't really been keeping score recently , but this is still very much a case of " Linux 1 : Windows 0 "</tokentext>
<sentencetext>...you might have a point.Live CD's only exist because of the open (with a capital "O") nature of Linux.I haven't really been keeping score recently, but this is still very much a case of "Linux 1 : Windows 0"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742941</id>
	<title>Re:The browser may be out of date</title>
	<author>Anonymous</author>
	<datestamp>1255524720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The fact a liveCD cannot be updated is a plus here.  If anything can be changed by the good guys, it could be changed by the bad guys.  This is especially true if there is an exploit on the liveUSB - the attackers could attack before it gets patched and patch it themselves.</p><p>Not that this in any way changes the fact the liveCD could have exploits, and that regular replacements for the CD's could be intercepted and altered by the bad guys.</p><p>The only real solution to this that I am aware of is to actually teach people how to use computers properly.  Of course people are stupid and lazy, so that may be a bit impractical as well.</p></htmltext>
<tokenext>The fact a liveCD can not be updated is a plus here .
If anything can be changed by the good guys , it could be changed by the bad guys .
This is especially true if there is an exploit on the liveUSB - the attackers could attack before it gets patched and patch it themselves.Not that this in any way changes the fact the liveCD could have exploits , and that regular replacements for the CD 's could be intercepted and altered by the bad guys.The only real solution to this that I am aware of is to actually teach people how to use computers properly .
Of course people are stupid and lazy , so that may be a bit impractical as well .</tokentext>
<sentencetext>The fact a liveCD cannot be updated is a plus here.
If anything can be changed by the good guys, it could be changed by the bad guys.
This is especially true if there is an exploit on the liveUSB - the attackers could attack before it gets patched and patch it themselves.Not that this in any way changes the fact the liveCD could have exploits, and that regular replacements for the CD's could be intercepted and altered by the bad guys.The only real solution to this that I am aware of is to actually teach people how to use computers properly.
Of course people are stupid and lazy, so that may be a bit impractical as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740687</id>
	<title>Re:terrible advice</title>
	<author>grahamsz</author>
	<datestamp>1255450500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Honestly, you'd be as good if not better with a windows XP bootable PE disk. It's a factory minted CD that's been time tested.</p></htmltext>
<tokenext>Honestly , you 'd be as good if not better with a windows XP bootable PE disk .
It 's a factory minted CD that 's been time tested .</tokentext>
<sentencetext>Honestly, you'd be as good if not better with a windows XP bootable PE disk.
It's a factory minted CD that's been time tested.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743489</id>
	<title>Say what you like about the Germans...</title>
	<author>vorlich</author>
	<datestamp>1255529460000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>But the banking system here, requires the use of single use numbers for each online banking transaction. Your bank provides you with a unique sheet of them and if you lose it, you have to request a new one. Nor are credit cards popular with German consumers. Sites such as Amazon.de allow payment by bank transfer (Uberweisung). You can manually complete the transactions slip and give to your bank or do the same thing with your online banking. Any issue and the transfer has to be reversed. There are an awful lot more banks too - one just around the corner from me and at least three within a few minutes walk with real people working there and very, very friendly managers - if you're liquid!</htmltext>
<tokenext>But the banking system here , requires the use of single use numbers for each online banking transaction .
Your bank provides you with a unique sheet of them and if you lose it , you have to request a new one .
Nor are credit cards popular with German consumers .
Sites such as Amazon.de allow payment by bank transfer ( Uberweisung ) .
You can manually complete the transactions slip and give to your bank or do the same thing with your online banking .
Any issue and the transfer has to be reversed .
There are an awful lot more banks too - one just around the corner from me and at least three within a few minutes walk with real people working there and very , very friendly managers - if you 're liquid !</tokentext>
<sentencetext>But the banking system here, requires the use of single use numbers for each online banking transaction.
Your bank provides you with a unique sheet of them and if you lose it, you have to request a new one.
Nor are credit cards popular with German consumers.
Sites such as Amazon.de allow payment by bank transfer (Uberweisung).
You can manually complete the transactions slip and give to your bank or do the same thing with your online banking.
Any issue and the transfer has to be reversed.
There are an awful lot more banks too - one just around the corner from me and at least three within a few minutes walk with real people working there and very, very friendly managers - if you're liquid!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495</id>
	<title>To be safe...</title>
	<author>Anonymous</author>
	<datestamp>1255448880000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Well, don't do online banking.<br>Or, use a totally separate computer to do online banking. Only use the web browser to access one's bank account.<br>Or look for those "freeze" type software, which makes the harddrive essentially read only.<br>Also, it doesn't hurt to check which processes you are running, and whether any of those are unusual.</p></htmltext>
<tokenext>Well , do n't do online banking.Or , use a totally separate computer to do online banking .
Only use the web browser to access one 's bank account.Or look for those " freeze " type software , which makes the harddrive essentially read only.Also , it does n't hurt to check which processes you are running , and whether any of those are unusual .</tokentext>
<sentencetext>Well, don't do online banking.Or, use a totally separate computer to do online banking.
Only use the web browser to access one's bank account.Or look for those "freeze" type software, which makes the harddrive essentially read only.Also, it doesn't hurt to check which processes you are running, and whether any of those are unusual.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513</id>
	<title>Re:terrible advice</title>
	<author>Anonymous</author>
	<datestamp>1255449120000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext>Unless your browser is listening for incoming connections, or your bank is running third party banner ads(in which case, switch right the fuck yesterday), does a browser vulnerability really matter?<br> <br>

If you are using the LiveCD as a dedicated banking only environment, the only input your browser will see is your bank's website. If you can't trust user behavior, and want to really be sure, you could have it set to reject anything that doesn't have the bank's SSL cert. If your bank wants to 0wn you, you are already doomed. If no other site can reach your browser, your browser cannot be owned, no matter how buggy.</htmltext>
<tokenext>Unless your browser is listening for incoming connections , or your bank is running third party banner ads ( in which case , switch right the fuck yesterday ) , does a browser vulnerability really matter ?
If you are using the LiveCD as a dedicated banking only environment , the only input your browser will see is your bank 's website .
If you ca n't trust user behavior , and want to really be sure , you could have it set to reject anything that does n't have the bank 's SSL cert .
If your bank wants to 0wn you , you are already doomed .
If no other site can reach your browser , your browser can not be owned , no matter how buggy .</tokentext>
<sentencetext>Unless your browser is listening for incoming connections, or your bank is running third party banner ads(in which case, switch right the fuck yesterday), does a browser vulnerability really matter?
If you are using the LiveCD as a dedicated banking only environment, the only input your browser will see is your bank's website.
If you can't trust user behavior, and want to really be sure, you could have it set to reject anything that doesn't have the bank's SSL cert.
If your bank wants to 0wn you, you are already doomed.
If no other site can reach your browser, your browser cannot be owned, no matter how buggy.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740889</id>
	<title>Re:Alternate Headline</title>
	<author>mlts</author>
	<datestamp>1255452540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>That actually might be a viable attack vector.  I could imagine someone giving out ready to install media for popular distributions, except that a few key binaries would be modified (including gpg so it would say that things are signed when they really are not.)</p><p>The main defense to this is for Linux distribution makers to make media with anti-counterfeit features like holograms, or for a person to burn the media themselves after checking that the signatures match on a machine they know is not compromised.</p></htmltext>
<tokenext>That actually might be a viable attack vector .
I could imagine someone giving out ready to install media for popular distributions , except that a few key binaries would be modified ( including gpg so it would say that things are signed when they really are not .
) The main defense to this is for Linux distribution makers to make media with anti-counterfeit features like holograms , or for a person to burn the media themselves after checking that the signatures match on a machine they know is not compromised .</tokentext>
<sentencetext>That actually might be a viable attack vector.
I could imagine someone giving out ready to install media for popular distributions, except that a few key binaries would be modified (including gpg so it would say that things are signed when they really are not.
)The main defense to this is for Linux distribution makers to make media with anti-counterfeit features like holograms, or for a person to burn the media themselves after checking that the signatures match on a machine they know is not compromised.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741949</id>
	<title>Re:Its not just Linux, its trusted boot...</title>
	<author>Yvanhoe</author>
	<datestamp>1255510980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I say, banking institutions should provide some pocket money (like a few millions) to projects like Open BIOS. It is <b>their</b> security and a service to their customers to offer a solution to safely connect to them.</htmltext>
<tokenext>I say , banking institutions should provide some pocket money ( like a few millions ) to projects like Open BIOS .
It is their security and a service to their customers to offer a solution to safely connect to them .</tokentext>
<sentencetext>I say, banking institutions should provide some pocket money (like a few millions) to projects like Open BIOS.
It is their security and a service to their customers to offer a solution to safely connect to them.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467</id>
	<title>Alternate Headline</title>
	<author>Anonymous</author>
	<datestamp>1255448640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>"Washington Post Urges Thieves To Distribute Linux LiveCDs"
</p><p>A few racks full of CDs in a highly visible place, or even cheap preloaded USB drives delivered right to the mark's front door along with a friendly letter explaining how running Linux would help improve security and thwart The Bad Guys could make your job of stealing from the clueless even easier than before.</p></htmltext>
<tokenext>" Washington Post Urges Thieves To Distribute Linux LiveCDs " A few racks full of CDs in a highly visible place , or even cheap preloaded USB drives delivered right to the mark 's front door along with a friendly letter explaining how running Linux would help improve security and thwart The Bad Guys could make your job of stealing from the clueless even easier than before .</tokentext>
<sentencetext>"Washington Post Urges Thieves To Distribute Linux LiveCDs"
A few racks full of CDs in a highly visible place, or even cheap preloaded USB drives delivered right to the mark's front door along with a friendly letter explaining how running Linux would help improve security and thwart The Bad Guys could make your job of stealing from the clueless even easier than before.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741797</id>
	<title>Re:terrible advice</title>
	<author>rantingkitten</author>
	<datestamp>1255551600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There comes a point of diminishing returns.  I don't think anyone here is going to seriously suggest that using a drive-installed Windows is safer than a live-CD Linux. <br>
<br>
To be clear, this is not merely a Windows-vs-Linux thing.  It's also a function of the medium.  Exploits are often installed on a user's computer because some script kiddie was scanning large ranges, found some targets, and did his thing.  The keylogger or whatever could have been sitting there for days before the victim logged into his bank account.  Same deal with trojans.  <br>
<br>
With a live CD, of any type, this problem is virtually eliminated, assuming you only keep it booted for a short time to do your business and then remove it, which is not only what the guy is suggesting, but also how people actually use live CDs in the real world.<br>
<br>
As you and others have pointed out there are various vulnerabilities that can still be attacked but the CD itself removes a huge number of attack vectors, and what few remain are almost inconsequential.  At some point you have to say "This is as much precaution as can reasonably be taken."  <br>
<br>
You could design a 100\%, absolutely secure OS for accessing your bank, have it tested and verified by every security expert in the world, and be given all sorts of awards for your genius, and still die in a random earthquake.
<br> <br>
Total safety just isn't a part of this life.  Take the reasonable precautions and keep living.  Using a live CD fits that viewpoint.</htmltext>
<tokenext>There comes a point of diminishing returns .
I do n't think anyone here is going to seriously suggest that using a drive-installed Windows is safer than a live-CD Linux .
To be clear , this is not merely a Windows-vs-Linux thing .
It 's also a function of the medium .
Exploits are often installed on a user 's computer because some script kiddie was scanning large ranges , found some targets , and did his thing .
The keylogger or whatever could have been sitting there for days before the victim logged into his bank account .
Same deal with trojans .
With a live CD , of any type , this problem is virtually eliminated , assuming you only keep it booted for a short time to do your business and then remove it , which is not only what the guy is suggesting , but also how people actually use live CDs in the real world .
As you and others have pointed out there are various vulnerabilities that can still be attacked but the CD itself removes a huge number of attack vectors , and what few remain are almost inconsequential .
At some point you have to say " This is as much precaution as can reasonably be taken .
" You could design a 100 \ % , absolutely secure OS for accessing your bank , have it tested and verified by every security expert in the world , and be given all sorts of awards for your genius , and still die in a random earthquake .
Total safety just is n't a part of this life .
Take the reasonable precautions and keep living .
Using a live CD fits that viewpoint .</tokentext>
<sentencetext>There comes a point of diminishing returns.
I don't think anyone here is going to seriously suggest that using a drive-installed Windows is safer than a live-CD Linux.
To be clear, this is not merely a Windows-vs-Linux thing.
It's also a function of the medium.
Exploits are often installed on a user's computer because some script kiddie was scanning large ranges, found some targets, and did his thing.
The keylogger or whatever could have been sitting there for days before the victim logged into his bank account.
Same deal with trojans.
With a live CD, of any type, this problem is virtually eliminated, assuming you only keep it booted for a short time to do your business and then remove it, which is not only what the guy is suggesting, but also how people actually use live CDs in the real world.
As you and others have pointed out there are various vulnerabilities that can still be attacked but the CD itself removes a huge number of attack vectors, and what few remain are almost inconsequential.
At some point you have to say "This is as much precaution as can reasonably be taken.
"  

You could design a 100\%, absolutely secure OS for accessing your bank, have it tested and verified by every security expert in the world, and be given all sorts of awards for your genius, and still die in a random earthquake.
Total safety just isn't a part of this life.
Take the reasonable precautions and keep living.
Using a live CD fits that viewpoint.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743281</id>
	<title>Others need to use Linux, too</title>
	<author>apexwm</author>
	<datestamp>1255528140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This really isn't news, many companies, organizations, and even individual users are using Linux because of the slew of issues with Windows.  Just look at the huge list of 34 issues that came out this month from Microsoft.  Granted, there are many issues with Linux, too, but when you look at security issues with Windows/Linux, the number for Linux are far fewer.  Personally, I use Linux for both my personal business and at home for everything I do.  I only fire up my Windows XP VM in VirtualBox when I absolutely need to, which is hardly ever.  I've found an open source program for each and every proprietary Windows program I used to use, and I couldn't be happier.  Now, I can focus on using the computer instead of maintaining Windows and wasting time/money.

<a href="http://members.apex-internet.com/sa/windowslinux" title="apex-internet.com" rel="nofollow">http://members.apex-internet.com/sa/windowslinux</a> [apex-internet.com]</htmltext>
<tokenext>This really is n't news , many companies , organizations , and even individual users are using Linux because of the slew of issues with Windows .
Just look at the huge list of 34 issues that came out this month from Microsoft .
Granted , there are many issues with Linux , too , but when you look at security issues with Windows/Linux , the number for Linux are far fewer .
Personally , I use Linux for both my personal business and at home for everything I do .
I only fire up my Windows XP VM in VirtualBox when I absolutely need to , which is hardly ever .
I 've found an open source program for each and every proprietary Windows program I used to use , and I could n't be happier .
Now , I can focus on using the computer instead of maintaining Windows and wasting time/money .
http : //members.apex-internet.com/sa/windowslinux [ apex-internet.com ]</tokentext>
<sentencetext>This really isn't news, many companies, organizations, and even individual users are using Linux because of the slew of issues with Windows.
Just look at the huge list of 34 issues that came out this month from Microsoft.
Granted, there are many issues with Linux, too, but when you look at security issues with Windows/Linux, the number for Linux are far fewer.
Personally, I use Linux for both my personal business and at home for everything I do.
I only fire up my Windows XP VM in VirtualBox when I absolutely need to, which is hardly ever.
I've found an open source program for each and every proprietary Windows program I used to use, and I couldn't be happier.
Now, I can focus on using the computer instead of maintaining Windows and wasting time/money.
http://members.apex-internet.com/sa/windowslinux [apex-internet.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742841</id>
	<title>If done right - yes, absolutely.</title>
	<author>amn108</author>
	<datestamp>1255523520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If booted from a relatively modern (and hence a bit faster and bigger) USB stick, to a OpenBox-like lean&amp;mean window manager, no bells and whistles, right down to an open browser session window, that would do it. It will probably boot orders of magnitude faster than their crapware-ridden Windows box anyway. In fact I think that will turn heads faster than Steve Ballmer throwing chairs.</p></htmltext>
<tokenext>If booted from a relatively modern ( and hence a bit faster and bigger ) USB stick , to a OpenBox-like lean&amp;mean window manager , no bells and whistles , right down to an open browser session window , that would do it .
It will probably boot orders of magnitude faster than their crapware-ridden Windows box anyway .
In fact I think that will turn heads faster than Steve Ballmer throwing chairs .</tokentext>
<sentencetext>If booted from a relatively modern (and hence a bit faster and bigger) USB stick, to a OpenBox-like lean&amp;mean window manager, no bells and whistles, right down to an open browser session window, that would do it.
It will probably boot orders of magnitude faster than their crapware-ridden Windows box anyway.
In fact I think that will turn heads faster than Steve Ballmer throwing chairs.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740555</id>
	<title>Re:terrible advice</title>
	<author>black3d</author>
	<datestamp>1255449420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Browser security is only an issue if you're visiting other sites, in the same session, on the same boot, on your LiveCD. Browsers on LiveCDs don't magically download malware from the internet by themselves - you have to direct them to. And most conventional malware must install itself - which won't happen on a LiveCD. There are a very few flash/js based attacks that work live in the same session - but really, if your either (a) your bank has third-party inline flash ads or (b) you don't trust java content from your bank's own website, then why are you banking with them online?</p><p>And going as far as questioning whether your CD burning software is infected is ridiculous. You can't be any more certain that your mouse doesn't have imbedded circuitry tracing your movement pattens, or your keyboard doesn't have a keylogger built directly into it, or the aliens aren't tapping directly into your cablings electromagnetic intereference patterns to directly access your bank account as you do. You're going to extremes purely for the point of argument, but although it may have passed you by, it was established several thousands years ago that "nothing is certain".</p><p>If you can imagine up scenarios like malware built into your cd-burning software specifically to target LiveCDs being used for online banking, I can't fathom how you trust a banks own employees enough to actually keep your money with them instead of under the mattress.</p></htmltext>
<tokenext>Browser security is only an issue if you 're visiting other sites , in the same session , on the same boot , on your LiveCD .
Browsers on LiveCDs do n't magically download malware from the internet by themselves - you have to direct them to .
And most conventional malware must install itself - which wo n't happen on a LiveCD .
There are a very few flash/js based attacks that work live in the same session - but really , if your either ( a ) your bank has third-party inline flash ads or ( b ) you do n't trust java content from your bank 's own website , then why are you banking with them online ? And going as far as questioning whether your CD burning software is infected is ridiculous .
You ca n't be any more certain that your mouse does n't have imbedded circuitry tracing your movement pattens , or your keyboard does n't have a keylogger built directly into it , or the aliens are n't tapping directly into your cablings electromagnetic intereference patterns to directly access your bank account as you do .
You 're going to extremes purely for the point of argument , but although it may have passed you by , it was established several thousands years ago that " nothing is certain " .If you can imagine up scenarios like malware built into your cd-burning software specifically to target LiveCDs being used for online banking , I ca n't fathom how you trust a banks own employees enough to actually keep your money with them instead of under the mattress .</tokentext>
<sentencetext>Browser security is only an issue if you're visiting other sites, in the same session, on the same boot, on your LiveCD.
Browsers on LiveCDs don't magically download malware from the internet by themselves - you have to direct them to.
And most conventional malware must install itself - which won't happen on a LiveCD.
There are a very few flash/js based attacks that work live in the same session - but really, if your either (a) your bank has third-party inline flash ads or (b) you don't trust java content from your bank's own website, then why are you banking with them online?And going as far as questioning whether your CD burning software is infected is ridiculous.
You can't be any more certain that your mouse doesn't have imbedded circuitry tracing your movement pattens, or your keyboard doesn't have a keylogger built directly into it, or the aliens aren't tapping directly into your cablings electromagnetic intereference patterns to directly access your bank account as you do.
You're going to extremes purely for the point of argument, but although it may have passed you by, it was established several thousands years ago that "nothing is certain".If you can imagine up scenarios like malware built into your cd-burning software specifically to target LiveCDs being used for online banking, I can't fathom how you trust a banks own employees enough to actually keep your money with them instead of under the mattress.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742667</id>
	<title>Re:A smart bank would be ALL over this...</title>
	<author>davidshewitt</author>
	<datestamp>1255520340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Huntington was giving away free flash drives to new account holders.  It would be so easy for them to put a LiveUSB distro on these.</htmltext>
<tokenext>Huntington was giving away free flash drives to new account holders .
It would be so easy for them to put a LiveUSB distro on these .</tokentext>
<sentencetext>Huntington was giving away free flash drives to new account holders.
It would be so easy for them to put a LiveUSB distro on these.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29761929</id>
	<title>How about virtualization instead?</title>
	<author>Vrtigo1</author>
	<datestamp>1255599120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Instead of trying to get people to use a LiveCD, why not simply package a LiveCD as a VMware Player (or similar) appliance?  Speaking from a support perspective, I think the feasibility of getting your average user to comprehend downloading and burning an ISO, figuring out how to select the CD as the boot drive, getting networking up and running, and understanding that there's no "Big Blue E" to click on in Linux is significantly less than what the author of the article thinks it is.  An appliance with a hardened OS would eliminate three out of those four problems, and if banks would customize appliances for their users, then the operating system could be configured to automatically open Firefox and direct them to the online banking site.</htmltext>
<tokenext>Instead of trying to get people to use a LiveCD , why not simply package a LiveCD as a VMware Player ( or similar ) appliance ?
Speaking from a support perspective , I think the feasibility of getting your average user to comprehend downloading and burning an ISO , figuring out how to select the CD as the boot drive , getting networking up and running , and understanding that there 's no " Big Blue E " to click on in Linux is significantly less than what the author of the article thinks it is .
An appliance with a hardened OS would eliminate three out of those four problems , and if banks would customize appliances for their users , then the operating system could be configured to automatically open Firefox and direct them to the online banking site .</tokentext>
<sentencetext>Instead of trying to get people to use a LiveCD, why not simply package a LiveCD as a VMware Player (or similar) appliance?
Speaking from a support perspective, I think the feasibility of getting your average user to comprehend downloading and burning an ISO, figuring out how to select the CD as the boot drive, getting networking up and running, and understanding that there's no "Big Blue E" to click on in Linux is significantly less than what the author of the article thinks it is.
An appliance with a hardened OS would eliminate three out of those four problems, and if banks would customize appliances for their users, then the operating system could be configured to automatically open Firefox and direct them to the online banking site.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742755</id>
	<title>Re:A smart bank would be ALL over this...</title>
	<author>orange47</author>
	<datestamp>1255522320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>except that it would have to (sometimes) guess your ip address, DNS,  gateway, proxy..

I also wish it would save user/pass, yeah lazy..
so, liveUSB is better in my opinion even if somewhat less secure</htmltext>
<tokenext>except that it would have to ( sometimes ) guess your ip address , DNS , gateway , proxy. . I also wish it would save user/pass , yeah lazy. . so , liveUSB is better in my opinion even if somewhat less secure</tokentext>
<sentencetext>except that it would have to (sometimes) guess your ip address, DNS,  gateway, proxy..

I also wish it would save user/pass, yeah lazy..
so, liveUSB is better in my opinion even if somewhat less secure</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587</id>
	<title>The browser may be out of date</title>
	<author>Anonymous</author>
	<datestamp>1255449720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>The browser on a LiveCD may be out of date.  How about a USB flash drive that can save your ISP settings and can update the browser?  Banks could distribute them for the price of the flash drive as a safer option for online banking.</htmltext>
<tokenext>The browser on a LiveCD may be out of date .
How about a USB flash drive that can save your ISP settings and can update the browser ?
Banks could distribute them for the price of the flash drive as a safer option for online banking .</tokentext>
<sentencetext>The browser on a LiveCD may be out of date.
How about a USB flash drive that can save your ISP settings and can update the browser?
Banks could distribute them for the price of the flash drive as a safer option for online banking.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740641</id>
	<title>SecureID token</title>
	<author>Anonymous</author>
	<datestamp>1255450080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Out here in Singapore, DBS gives everyone a secure token. Its by far the safest way to bank online. No one save the most sophisticated of hackers could subvert a random number dependent login (definitely secure enough to keep away all the script kiddies).</p></htmltext>
<tokenext>Out here in Singapore , DBS gives everyone a secure token .
Its by far the safest way to bank online .
No one save the most sophisticated of hackers could subvert a random number dependent login ( definitely secure enough to keep away all the script kiddies ) .</tokentext>
<sentencetext>Out here in Singapore, DBS gives everyone a secure token.
Its by far the safest way to bank online.
No one save the most sophisticated of hackers could subvert a random number dependent login (definitely secure enough to keep away all the script kiddies).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29748423</id>
	<title>Re:Devil's advocate: Deepfreeze?</title>
	<author>cenc</author>
	<datestamp>1255550820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Let's see (even for the enterprise), $0.10 cent cd (max $50 deployment cost for stack of a thousand cds) vs thousands of dollars in hardware, software, and support. All that money and time, and it is not clear exactly how those solutions would still solve the security problem. I might go so far as to buy some sort of virtual machines with read only images, and the cost of just one machine in the office dedicated to being the secure machine.</p><p>I think I would rather be the guy in a board room pitching the $50 solution rather than the $1,000,000 solution.</p><p>Personally, I went with an all linux / opensource office from the start.</p></htmltext>
<tokenext>Let 's see ( even for the enterprise ) , $ 0.10 cent cd ( max $ 50 deployment cost for stack of a thousand cds ) vs thousands of dollars in hardware , software , and support .
All that money and time , and it is not clear exactly how those solutions would still solve the security problem .
I might go so far as to buy some sort of virtual machines with read only images , and the cost of just one machine in the office dedicated to being the secure machine.I think I would rather be the guy in a board room pitching the $ 50 solution rather than the $ 1,000,000 solution.Personally , I went with an all linux / opensource office from the start .</tokentext>
<sentencetext>Let's see (even for the enterprise), $0.10 cent cd (max $50 deployment cost for stack of a thousand cds) vs thousands of dollars in hardware, software, and support.
All that money and time, and it is not clear exactly how those solutions would still solve the security problem.
I might go so far as to buy some sort of virtual machines with read only images, and the cost of just one machine in the office dedicated to being the secure machine.I think I would rather be the guy in a board room pitching the $50 solution rather than the $1,000,000 solution.Personally, I went with an all linux / opensource office from the start.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740385</id>
	<title>What about the banks?</title>
	<author>Profane MuthaFucka</author>
	<datestamp>1255447980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>A little two factor authentication would be nice to see in American banks. Passwords just aren't adequate any more.</p></htmltext>
<tokenext>A little two factor authentication would be nice to see in American banks .
Passwords just are n't adequate any more .</tokentext>
<sentencetext>A little two factor authentication would be nice to see in American banks.
Passwords just aren't adequate any more.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745357</id>
	<title>What is it that they do when they have your accnt?</title>
	<author>Fastfwd</author>
	<datestamp>1255537740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The very worse I can see from what my bank lets me do on the web would be to transfer money from one of my accounts to another or maybe pay a utility bill for an exceedingly big amount. There is no way they can steal any money unless they can register as a bank approved billing and then pay themselves like I would be for the utility company.</p></htmltext>
<tokenext>The very worse I can see from what my bank lets me do on the web would be to transfer money from one of my accounts to another or maybe pay a utility bill for an exceedingly big amount .
There is no way they can steal any money unless they can register as a bank approved billing and then pay themselves like I would be for the utility company .</tokentext>
<sentencetext>The very worse I can see from what my bank lets me do on the web would be to transfer money from one of my accounts to another or maybe pay a utility bill for an exceedingly big amount.
There is no way they can steal any money unless they can register as a bank approved billing and then pay themselves like I would be for the utility company.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741363</id>
	<title>Re:terrible advice</title>
	<author>SanityInAnarchy</author>
	<datestamp>1255458660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Unless your browser is listening for incoming connections,</p></div><p>Or it autoupdates itself, or its extensions, or its malware list, in an insecure way...</p><p>Or maybe something else is listening. While they have to compromise you quick (before your next reboot), most LiveCDs, out of convenience, provide a read/write filesystem.</p><p><div class="quote"><p>If you are using the LiveCD as a dedicated banking only environment, the only input your browser will see is your bank's website.</p></div><p>Unless you're MITM'd. Or unless the default homepage is something that could potentially be host to something malicious. Or unless the user visits other websites.</p><p><div class="quote"><p>If you can't trust user behavior, and want to really be sure, you could have it set to reject anything that doesn't have the bank's SSL cert.</p></div><p>That'll work right up until said cert expires. Or until there's an SSL vulnerability which requires browsers to be patched.</p><p><div class="quote"><p> <b>If no other site can reach your browser,</b> your browser cannot be owned,</p></div><p>I agree, but the statement in bold is a pretty big assumption. Remember: Never trust anything you don't have to.</p></div>
	</htmltext>
<tokenext>Unless your browser is listening for incoming connections,Or it autoupdates itself , or its extensions , or its malware list , in an insecure way...Or maybe something else is listening .
While they have to compromise you quick ( before your next reboot ) , most LiveCDs , out of convenience , provide a read/write filesystem.If you are using the LiveCD as a dedicated banking only environment , the only input your browser will see is your bank 's website.Unless you 're MITM 'd .
Or unless the default homepage is something that could potentially be host to something malicious .
Or unless the user visits other websites.If you ca n't trust user behavior , and want to really be sure , you could have it set to reject anything that does n't have the bank 's SSL cert.That 'll work right up until said cert expires .
Or until there 's an SSL vulnerability which requires browsers to be patched .
If no other site can reach your browser , your browser can not be owned,I agree , but the statement in bold is a pretty big assumption .
Remember : Never trust anything you do n't have to .</tokentext>
<sentencetext>Unless your browser is listening for incoming connections,Or it autoupdates itself, or its extensions, or its malware list, in an insecure way...Or maybe something else is listening.
While they have to compromise you quick (before your next reboot), most LiveCDs, out of convenience, provide a read/write filesystem.If you are using the LiveCD as a dedicated banking only environment, the only input your browser will see is your bank's website.Unless you're MITM'd.
Or unless the default homepage is something that could potentially be host to something malicious.
Or unless the user visits other websites.If you can't trust user behavior, and want to really be sure, you could have it set to reject anything that doesn't have the bank's SSL cert.That'll work right up until said cert expires.
Or until there's an SSL vulnerability which requires browsers to be patched.
If no other site can reach your browser, your browser cannot be owned,I agree, but the statement in bold is a pretty big assumption.
Remember: Never trust anything you don't have to.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746175</id>
	<title>Re:Devil's advocate: Deepfreeze?</title>
	<author>Anonymous</author>
	<datestamp>1255541040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?</p><p>Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps. Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.</p></div><p>Excellent idea. Once you have finished paying for all that, you might reflect you could have had as good or better security for the cost of a download and a CD, or alternatively just a single magazine purchase, most Linux friendly mags include a LiveCD of one sort or another.</p><p>I don't believe the article was aimed at enterprise level solution and costs, but rather how Joe Noob can access his online account safely.</p></div>
	</htmltext>
<tokenext>Of course , a diskless system running Linux would reduce the chance of malware on clients , but perhaps if a company is dependent on Windows , almost as good security ( and I state almost ) would be obtained from denying admin access and using something like DeepFreeze , Windows SteadyState , or similar ? Combine DeepFreeze with AppLocker , some decent enterprise antivirus utilities , BitLocker , and the usual physical and BIOS protection on a machine , and one can make a decently locked down terminal that can cleanly run Windows apps .
Should additional software be needed , no need to install it , just use something like VMWare ThinApp and have it runnable from a central location.Excellent idea .
Once you have finished paying for all that , you might reflect you could have had as good or better security for the cost of a download and a CD , or alternatively just a single magazine purchase , most Linux friendly mags include a LiveCD of one sort or another.I do n't believe the article was aimed at enterprise level solution and costs , but rather how Joe Noob can access his online account safely .</tokentext>
<sentencetext>Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps.
Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.Excellent idea.
Once you have finished paying for all that, you might reflect you could have had as good or better security for the cost of a download and a CD, or alternatively just a single magazine purchase, most Linux friendly mags include a LiveCD of one sort or another.I don't believe the article was aimed at enterprise level solution and costs, but rather how Joe Noob can access his online account safely.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29750315</id>
	<title>Regressive Argument. Re:terrible advice</title>
	<author>pyrr</author>
	<datestamp>1255516320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sure, your burning software may be infected. It could've been infected by malware on the intarwebs, the developers who coded it may have infused it with malware. Your BIOS EEPROM in your brand-new computer could've been corrupted with malware by a delivery guy, someone in the store, or even someone at the computer factory. Your imagination is the only limit as to the ways anything might be somehow corrupt and be a security risk. Regressive arguments, assumptions, and circular reasoning are the way with security, nothing illustrates the M&#252;nchhausen Trilemma better.
</p><p>So no, there's no way you can ever be 100\% confident you're secure. You simply have to take reasonable precautions, make reasonable assumptions, and hope you're not overlooking something that's reasonably possible.</p></htmltext>
<tokenext>Sure , your burning software may be infected .
It could 've been infected by malware on the intarwebs , the developers who coded it may have infused it with malware .
Your BIOS EEPROM in your brand-new computer could 've been corrupted with malware by a delivery guy , someone in the store , or even someone at the computer factory .
Your imagination is the only limit as to the ways anything might be somehow corrupt and be a security risk .
Regressive arguments , assumptions , and circular reasoning are the way with security , nothing illustrates the M   nchhausen Trilemma better .
So no , there 's no way you can ever be 100 \ % confident you 're secure .
You simply have to take reasonable precautions , make reasonable assumptions , and hope you 're not overlooking something that 's reasonably possible .</tokentext>
<sentencetext>Sure, your burning software may be infected.
It could've been infected by malware on the intarwebs, the developers who coded it may have infused it with malware.
Your BIOS EEPROM in your brand-new computer could've been corrupted with malware by a delivery guy, someone in the store, or even someone at the computer factory.
Your imagination is the only limit as to the ways anything might be somehow corrupt and be a security risk.
Regressive arguments, assumptions, and circular reasoning are the way with security, nothing illustrates the Münchhausen Trilemma better.
So no, there's no way you can ever be 100\% confident you're secure.
You simply have to take reasonable precautions, make reasonable assumptions, and hope you're not overlooking something that's reasonably possible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740473</id>
	<title>Or how about Websites being smart with NoScript?</title>
	<author>Anonymous</author>
	<datestamp>1255448700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It would be great if a Website would give it's IP Address on every login prompt and not direct to any other domains for it's login process.  Then with NoScript, allow what Applecodescript to execute and what domains may interoperate on the page.  Instead, Washington Post gives a false generalization that a Linux live CD will defeat all Phishing attempts.</p><p>Typical dead-beat wrong journalism.  The next thing you'll know, the New World Order crowd will arrive to demand everyone get a License to use a computer, and then I'll start the GNU World Oder crowd that will dispel the New World Order crowd's false legal representations of Statutory law.</p></htmltext>
<tokenext>It would be great if a Website would give it 's IP Address on every login prompt and not direct to any other domains for it 's login process .
Then with NoScript , allow what Applecodescript to execute and what domains may interoperate on the page .
Instead , Washington Post gives a false generalization that a Linux live CD will defeat all Phishing attempts.Typical dead-beat wrong journalism .
The next thing you 'll know , the New World Order crowd will arrive to demand everyone get a License to use a computer , and then I 'll start the GNU World Oder crowd that will dispel the New World Order crowd 's false legal representations of Statutory law .</tokentext>
<sentencetext>It would be great if a Website would give it's IP Address on every login prompt and not direct to any other domains for it's login process.
Then with NoScript, allow what Applecodescript to execute and what domains may interoperate on the page.
Instead, Washington Post gives a false generalization that a Linux live CD will defeat all Phishing attempts.Typical dead-beat wrong journalism.
The next thing you'll know, the New World Order crowd will arrive to demand everyone get a License to use a computer, and then I'll start the GNU World Oder crowd that will dispel the New World Order crowd's false legal representations of Statutory law.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742893</id>
	<title>A better solution:</title>
	<author>MtViewGuy</author>
	<datestamp>1255524180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Keep the security software on your Windows PC up to date.</p><p>That's why I have a subscription to Norton Internet Security, and I was able to download and install Norton Internet Security 2010 for <i>free</i>. NIS 2010 constantly tracks and stops all the major types of malware (viruses, worms, spyware and keyloggers) and also includes monitoring to stop you from entering known malware and phishing sites. And NIS 2010 constantly updates itself with the latest malware definitions if you're connected to the Internet.</p><p>Also, look at how you configure your home network router. It's possible that with proper configuration, you can stop a LOT of these malware attacks before it is stopped by a Internet security program.</p></htmltext>
<tokenext>Keep the security software on your Windows PC up to date.That 's why I have a subscription to Norton Internet Security , and I was able to download and install Norton Internet Security 2010 for free .
NIS 2010 constantly tracks and stops all the major types of malware ( viruses , worms , spyware and keyloggers ) and also includes monitoring to stop you from entering known malware and phishing sites .
And NIS 2010 constantly updates itself with the latest malware definitions if you 're connected to the Internet.Also , look at how you configure your home network router .
It 's possible that with proper configuration , you can stop a LOT of these malware attacks before it is stopped by a Internet security program .</tokentext>
<sentencetext>Keep the security software on your Windows PC up to date.That's why I have a subscription to Norton Internet Security, and I was able to download and install Norton Internet Security 2010 for free.
NIS 2010 constantly tracks and stops all the major types of malware (viruses, worms, spyware and keyloggers) and also includes monitoring to stop you from entering known malware and phishing sites.
And NIS 2010 constantly updates itself with the latest malware definitions if you're connected to the Internet.Also, look at how you configure your home network router.
It's possible that with proper configuration, you can stop a LOT of these malware attacks before it is stopped by a Internet security program.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742861</id>
	<title>IE</title>
	<author>bruthasj</author>
	<datestamp>1255523820000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>Beyond multi-factor authentication, there's another fundamental problem with many Bank websites. They only work in IE. It's difficult to convince non-power-users to drop a bank and go with another that works in Konqueror or even Firefox. This is especially a problem in a non-US country where every bank has the same problem.</htmltext>
<tokenext>Beyond multi-factor authentication , there 's another fundamental problem with many Bank websites .
They only work in IE .
It 's difficult to convince non-power-users to drop a bank and go with another that works in Konqueror or even Firefox .
This is especially a problem in a non-US country where every bank has the same problem .</tokentext>
<sentencetext>Beyond multi-factor authentication, there's another fundamental problem with many Bank websites.
They only work in IE.
It's difficult to convince non-power-users to drop a bank and go with another that works in Konqueror or even Firefox.
This is especially a problem in a non-US country where every bank has the same problem.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740561</id>
	<title>Phishing already solved.</title>
	<author>Anonymous</author>
	<datestamp>1255449480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext>My bank implemented a system that asks you for three numbers from a physical card in addition to your regular password. This is so sucessful at blocking phishing attacks that such two-factor authentication has all but wiped out such security breaches to the point they now made it mandatory for all online banking. I have the inside word that they have not had a single case of sucessful (conventional) phishing since this has been introduced.</htmltext>
<tokenext>My bank implemented a system that asks you for three numbers from a physical card in addition to your regular password .
This is so sucessful at blocking phishing attacks that such two-factor authentication has all but wiped out such security breaches to the point they now made it mandatory for all online banking .
I have the inside word that they have not had a single case of sucessful ( conventional ) phishing since this has been introduced .</tokentext>
<sentencetext>My bank implemented a system that asks you for three numbers from a physical card in addition to your regular password.
This is so sucessful at blocking phishing attacks that such two-factor authentication has all but wiped out such security breaches to the point they now made it mandatory for all online banking.
I have the inside word that they have not had a single case of sucessful (conventional) phishing since this has been introduced.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741251</id>
	<title>Re:To be safe...</title>
	<author>al0ha</author>
	<datestamp>1255456980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If your box is rooted checking processes will do no good nor will antivirus alert you to the fact.
<br>
<br>
Better to create multiptle VMs, which do not share the host IP, to be used for different purposes.  1 VM used for only banking, 1 VM used for only web browsing...</htmltext>
<tokenext>If your box is rooted checking processes will do no good nor will antivirus alert you to the fact .
Better to create multiptle VMs , which do not share the host IP , to be used for different purposes .
1 VM used for only banking , 1 VM used for only web browsing.. .</tokentext>
<sentencetext>If your box is rooted checking processes will do no good nor will antivirus alert you to the fact.
Better to create multiptle VMs, which do not share the host IP, to be used for different purposes.
1 VM used for only banking, 1 VM used for only web browsing...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745677</id>
	<title>Re:Devil's advocate: Deepfreeze?</title>
	<author>mattb47</author>
	<datestamp>1255539000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And if you're using a Windows system (locked down and using SteadyState or DeepFreeze or something similar), you can then easily print statements and results, save them locally, etc.</p><p>You can't do that (well, easily) with a Linux LiveCD.</p><p>And yeah, this Windows system isn't useful except for those times you're banking, contacting ADP, or other high-risk online activities.  But it doesn't need to be anything high-horsepower.  Any 5 or 6 year old used/surplus system you picked up for $100 (or if you're an established business, any of your old systems) can handle this.  Add a $20-30 kvm to your main system.</p><p>For an individual, this setup is expensive or technically challenging.  For a business with at least a semi-decent IT department, it should be easy.</p><p>(But I'd still want to a *REAL* two factor password system to make it proper!)</p></htmltext>
<tokenext>And if you 're using a Windows system ( locked down and using SteadyState or DeepFreeze or something similar ) , you can then easily print statements and results , save them locally , etc.You ca n't do that ( well , easily ) with a Linux LiveCD.And yeah , this Windows system is n't useful except for those times you 're banking , contacting ADP , or other high-risk online activities .
But it does n't need to be anything high-horsepower .
Any 5 or 6 year old used/surplus system you picked up for $ 100 ( or if you 're an established business , any of your old systems ) can handle this .
Add a $ 20-30 kvm to your main system.For an individual , this setup is expensive or technically challenging .
For a business with at least a semi-decent IT department , it should be easy .
( But I 'd still want to a * REAL * two factor password system to make it proper !
)</tokentext>
<sentencetext>And if you're using a Windows system (locked down and using SteadyState or DeepFreeze or something similar), you can then easily print statements and results, save them locally, etc.You can't do that (well, easily) with a Linux LiveCD.And yeah, this Windows system isn't useful except for those times you're banking, contacting ADP, or other high-risk online activities.
But it doesn't need to be anything high-horsepower.
Any 5 or 6 year old used/surplus system you picked up for $100 (or if you're an established business, any of your old systems) can handle this.
Add a $20-30 kvm to your main system.For an individual, this setup is expensive or technically challenging.
For a business with at least a semi-decent IT department, it should be easy.
(But I'd still want to a *REAL* two factor password system to make it proper!
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740551</id>
	<title>Re:terrible advice</title>
	<author>Anonymous</author>
	<datestamp>1255449420000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>Ya, it stops key loggers, and that's great</p></div><p>Yeah, it is great, because a huge part of on-line fraud is from keyloggers.  Modern ones even record 'screencast' movies of you using your computer.</p><p><div class="quote"><p>but it aint going to do much for your browser security unless you keep your LiveCD up to date</p></div><p>Between booting up and getting a DNS record for your bank how are they going to exploit a browser security problem?  You could safely use unpatched IE5 to do online-banking.  There might be some null-prefix type problems, but in reality going directly to your bank's site is pretty hard to get in between.</p><p><div class="quote"><p>who says your CD burning software isn't infected - implications on trusting trust and all.</p></div><p>There are lots of different CD burning software, lots of different distributions, lots of AV software that might detect the modifications, and high risk of some paranoid geek with sha1 finding it out.  Compared to just setting up a 'enter your password and win a free chocolate bar' site, it's not cost effective to do this.</p></div>
	</htmltext>
<tokenext>Ya , it stops key loggers , and that 's greatYeah , it is great , because a huge part of on-line fraud is from keyloggers .
Modern ones even record 'screencast ' movies of you using your computer.but it aint going to do much for your browser security unless you keep your LiveCD up to dateBetween booting up and getting a DNS record for your bank how are they going to exploit a browser security problem ?
You could safely use unpatched IE5 to do online-banking .
There might be some null-prefix type problems , but in reality going directly to your bank 's site is pretty hard to get in between.who says your CD burning software is n't infected - implications on trusting trust and all.There are lots of different CD burning software , lots of different distributions , lots of AV software that might detect the modifications , and high risk of some paranoid geek with sha1 finding it out .
Compared to just setting up a 'enter your password and win a free chocolate bar ' site , it 's not cost effective to do this .</tokentext>
<sentencetext>Ya, it stops key loggers, and that's greatYeah, it is great, because a huge part of on-line fraud is from keyloggers.
Modern ones even record 'screencast' movies of you using your computer.but it aint going to do much for your browser security unless you keep your LiveCD up to dateBetween booting up and getting a DNS record for your bank how are they going to exploit a browser security problem?
You could safely use unpatched IE5 to do online-banking.
There might be some null-prefix type problems, but in reality going directly to your bank's site is pretty hard to get in between.who says your CD burning software isn't infected - implications on trusting trust and all.There are lots of different CD burning software, lots of different distributions, lots of AV software that might detect the modifications, and high risk of some paranoid geek with sha1 finding it out.
Compared to just setting up a 'enter your password and win a free chocolate bar' site, it's not cost effective to do this.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746365</id>
	<title>Re:it's not a matter of Linux vs. Windows...</title>
	<author>Anonymous</author>
	<datestamp>1255541760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Also, honestly, how many people do you think check the MD5 sum on an ISO?  Hell, I've never had a RedHat/Fedora disc that passed its self-check.  I gave up on that ages ago.</p></div><p>You are a lier. I've never got a wrong MD5 sum with a correct ISO.</p></div>
	</htmltext>
<tokenext>Also , honestly , how many people do you think check the MD5 sum on an ISO ?
Hell , I 've never had a RedHat/Fedora disc that passed its self-check .
I gave up on that ages ago.You are a lier .
I 've never got a wrong MD5 sum with a correct ISO .</tokentext>
<sentencetext>Also, honestly, how many people do you think check the MD5 sum on an ISO?
Hell, I've never had a RedHat/Fedora disc that passed its self-check.
I gave up on that ages ago.You are a lier.
I've never got a wrong MD5 sum with a correct ISO.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740745</id>
	<title>Re:terrible advice</title>
	<author>Amazing Quantum Man</author>
	<datestamp>1255450920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I thought the truncated SSL was only affecting those using the MS crypto library?</p></htmltext>
<tokenext>I thought the truncated SSL was only affecting those using the MS crypto library ?</tokentext>
<sentencetext>I thought the truncated SSL was only affecting those using the MS crypto library?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742459</id>
	<title>Re:terrible advice</title>
	<author>misnohmer</author>
	<datestamp>1255517460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And this is exactly why this advice of using a bootable live CD (Linux, Windows, Solarix, QNX or anything else) as a cure-all is so dangerous. People like yourself believe they are invincible, and therefore careless. Number of people mentioned in this thread that you can get compromised, even with LiveCD. Here is an example - SSL certificate NULL-prefix vulnerability - there was recently a slashdot article on that, but if you want to see yourself how it works, search for sslsniff tool - comes with a complete howto too. Unless you have the latest patched browser, you are open to this. There are other ways also - just read through this slashdot thread for some hints.</p></htmltext>
<tokenext>And this is exactly why this advice of using a bootable live CD ( Linux , Windows , Solarix , QNX or anything else ) as a cure-all is so dangerous .
People like yourself believe they are invincible , and therefore careless .
Number of people mentioned in this thread that you can get compromised , even with LiveCD .
Here is an example - SSL certificate NULL-prefix vulnerability - there was recently a slashdot article on that , but if you want to see yourself how it works , search for sslsniff tool - comes with a complete howto too .
Unless you have the latest patched browser , you are open to this .
There are other ways also - just read through this slashdot thread for some hints .</tokentext>
<sentencetext>And this is exactly why this advice of using a bootable live CD (Linux, Windows, Solarix, QNX or anything else) as a cure-all is so dangerous.
People like yourself believe they are invincible, and therefore careless.
Number of people mentioned in this thread that you can get compromised, even with LiveCD.
Here is an example - SSL certificate NULL-prefix vulnerability - there was recently a slashdot article on that, but if you want to see yourself how it works, search for sslsniff tool - comes with a complete howto too.
Unless you have the latest patched browser, you are open to this.
There are other ways also - just read through this slashdot thread for some hints.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740555</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29753749</id>
	<title>eCommerce == fail</title>
	<author>ToasterMonkey</author>
	<datestamp>1255546200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.'</p></div><p>This is not the success of Linux, but the utter failure of... I blame all involved... to deliver a secure eCommerce platform.</p><p>When yahoo will render a perfectly forged email from "ebay.com" in two thousand-fuckity NINE, you know the Internet is a joke.  SSL certificate policies are jokes.  Web apps are a huuuge joke.  Web browsers are a joke...   it's just a really big toy.   God I hope it dies.   How about some GD regulation instead of proving once more that left to itself, the 'market' is a nice word for lots of greedy people who don't give a fuck.</p><p>I hope my grandchildren can use computers for business and pleasure -safely- without needing to understand the technical underpinnings of the entire electronic ecosystem.  Usability needs to trump the desires of computer nerds.  When you ask, "What will this be used for?"     "Anything" is the wrong fucking answer, \_EVERY\_ \_TIME\_.</p></div>
	</htmltext>
<tokenext>The Financial Services Information Sharing and Analysis Center , an industry group supported by some of the world 's largest banks , recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone , hardened , and completely locked down computer system from where regular e-mail and Web browsing [ are ] not possible .
'This is not the success of Linux , but the utter failure of... I blame all involved... to deliver a secure eCommerce platform.When yahoo will render a perfectly forged email from " ebay.com " in two thousand-fuckity NINE , you know the Internet is a joke .
SSL certificate policies are jokes .
Web apps are a huuuge joke .
Web browsers are a joke... it 's just a really big toy .
God I hope it dies .
How about some GD regulation instead of proving once more that left to itself , the 'market ' is a nice word for lots of greedy people who do n't give a fuck.I hope my grandchildren can use computers for business and pleasure -safely- without needing to understand the technical underpinnings of the entire electronic ecosystem .
Usability needs to trump the desires of computer nerds .
When you ask , " What will this be used for ?
" " Anything " is the wrong fucking answer , \ _EVERY \ _ \ _TIME \ _ .</tokentext>
<sentencetext>The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.
'This is not the success of Linux, but the utter failure of... I blame all involved... to deliver a secure eCommerce platform.When yahoo will render a perfectly forged email from "ebay.com" in two thousand-fuckity NINE, you know the Internet is a joke.
SSL certificate policies are jokes.
Web apps are a huuuge joke.
Web browsers are a joke...   it's just a really big toy.
God I hope it dies.
How about some GD regulation instead of proving once more that left to itself, the 'market' is a nice word for lots of greedy people who don't give a fuck.I hope my grandchildren can use computers for business and pleasure -safely- without needing to understand the technical underpinnings of the entire electronic ecosystem.
Usability needs to trump the desires of computer nerds.
When you ask, "What will this be used for?
"     "Anything" is the wrong fucking answer, \_EVERY\_ \_TIME\_.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29748611</id>
	<title>Replace os or replace computation device</title>
	<author>DRACO-</author>
	<datestamp>1255551780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well if a linux live cd works, why not have each bank build their own live cd and certified application?  Add in a required token as well while you are at it.  Drop the web browser completely.  Only give the discs out through the bank teller visit, never by mail and iterate that fact.</p><p>Even better, completely eliminate the disc (to keep random thieves from mailing random cds to random people for phishing) and make a secure boot from usb iron key type system with it's own processor that can verify upgrades and a separate authentication dongle.  Since the iron-key can be securely writable, have it written at the bank teller a user id that has no use but for authentication internet banking already entered.</p><p>Much better, develop a bank pad.. Like a crunch pad but does nothing but banking.  Require a usb dongle to plug in to authenticate.  Export data by email if needed but otherwise offer no other way to access.</p><p>We mostly dont want to trust the operating system that can be compromised.</p></htmltext>
<tokenext>Well if a linux live cd works , why not have each bank build their own live cd and certified application ?
Add in a required token as well while you are at it .
Drop the web browser completely .
Only give the discs out through the bank teller visit , never by mail and iterate that fact.Even better , completely eliminate the disc ( to keep random thieves from mailing random cds to random people for phishing ) and make a secure boot from usb iron key type system with it 's own processor that can verify upgrades and a separate authentication dongle .
Since the iron-key can be securely writable , have it written at the bank teller a user id that has no use but for authentication internet banking already entered.Much better , develop a bank pad.. Like a crunch pad but does nothing but banking .
Require a usb dongle to plug in to authenticate .
Export data by email if needed but otherwise offer no other way to access.We mostly dont want to trust the operating system that can be compromised .</tokentext>
<sentencetext>Well if a linux live cd works, why not have each bank build their own live cd and certified application?
Add in a required token as well while you are at it.
Drop the web browser completely.
Only give the discs out through the bank teller visit, never by mail and iterate that fact.Even better, completely eliminate the disc (to keep random thieves from mailing random cds to random people for phishing) and make a secure boot from usb iron key type system with it's own processor that can verify upgrades and a separate authentication dongle.
Since the iron-key can be securely writable, have it written at the bank teller a user id that has no use but for authentication internet banking already entered.Much better, develop a bank pad.. Like a crunch pad but does nothing but banking.
Require a usb dongle to plug in to authenticate.
Export data by email if needed but otherwise offer no other way to access.We mostly dont want to trust the operating system that can be compromised.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741315</id>
	<title>Re:To be safe...</title>
	<author>antdude</author>
	<datestamp>1255458000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I don't bank or do anything involving with $$ online.</p></htmltext>
<tokenext>I do n't bank or do anything involving with $ $ online .</tokentext>
<sentencetext>I don't bank or do anything involving with $$ online.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741283</id>
	<title>Too late</title>
	<author>Anonymous</author>
	<datestamp>1255457520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>China is already doing this. Nearly all of the hardware arrives with spyware.</htmltext>
<tokenext>China is already doing this .
Nearly all of the hardware arrives with spyware .</tokentext>
<sentencetext>China is already doing this.
Nearly all of the hardware arrives with spyware.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747067</id>
	<title>Re:The browser may be out of date</title>
	<author>thePowerOfGrayskull</author>
	<datestamp>1255545120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>First, what if it is? You're not going ANYWHERE but your bank's web site with that browser. Whether or not it's up to date only matters if your bank desupports an older browser.  Second: a USB flash drive is changeable - so if the user gets stupid and does something<nobr> <wbr></nobr>/other/ than go to their bank site, any change is persisted for all future reboots. I suppose a "ro" mount option could take care of that- but then you're not saving your ISP info either, defeating the purpose.</htmltext>
<tokenext>First , what if it is ?
You 're not going ANYWHERE but your bank 's web site with that browser .
Whether or not it 's up to date only matters if your bank desupports an older browser .
Second : a USB flash drive is changeable - so if the user gets stupid and does something /other/ than go to their bank site , any change is persisted for all future reboots .
I suppose a " ro " mount option could take care of that- but then you 're not saving your ISP info either , defeating the purpose .</tokentext>
<sentencetext>First, what if it is?
You're not going ANYWHERE but your bank's web site with that browser.
Whether or not it's up to date only matters if your bank desupports an older browser.
Second: a USB flash drive is changeable - so if the user gets stupid and does something /other/ than go to their bank site, any change is persisted for all future reboots.
I suppose a "ro" mount option could take care of that- but then you're not saving your ISP info either, defeating the purpose.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740773</id>
	<title>Re:terrible advice</title>
	<author>Draek</author>
	<datestamp>1255451160000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>hey, who says your CD burning software isn't infected - implications on trusting trust and all.</p></div><p>I understand there's only a fine line between safety and paranoia, but the idea of a CD burning software having been compromised to detect Linux LiveCD ISOs and add a software keylogger to the system included therein is so far up in 'paranoia' territory it already got full citizenship and is considering running for president against <i>"Elvis is hidden in Area 51"</i> and <i>"9/11 was planned by Israel to draw the US into the middle east"</i>.</p></div>
	</htmltext>
<tokenext>hey , who says your CD burning software is n't infected - implications on trusting trust and all.I understand there 's only a fine line between safety and paranoia , but the idea of a CD burning software having been compromised to detect Linux LiveCD ISOs and add a software keylogger to the system included therein is so far up in 'paranoia ' territory it already got full citizenship and is considering running for president against " Elvis is hidden in Area 51 " and " 9/11 was planned by Israel to draw the US into the middle east " .</tokentext>
<sentencetext>hey, who says your CD burning software isn't infected - implications on trusting trust and all.I understand there's only a fine line between safety and paranoia, but the idea of a CD burning software having been compromised to detect Linux LiveCD ISOs and add a software keylogger to the system included therein is so far up in 'paranoia' territory it already got full citizenship and is considering running for president against "Elvis is hidden in Area 51" and "9/11 was planned by Israel to draw the US into the middle east".
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746781</id>
	<title>Note that a security token alone is not enough...</title>
	<author>Anonymous</author>
	<datestamp>1255543800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You must use a security token and you MUST make the bank account number of the recipient (say for any transaction bigger than 'x', and put a limit on the number of transactions per day, etc.) part of the cryptographic challenge the security token answers.</p><p>Do that, and it's good-game lowlifes.</p><p>There are banks in western Europe doing that as of today.</p><p>If it's done correctly, good luck hacking that.  Basically you need to break cryptography as we know it today to defeat that scheme.</p><p>How retarded are the developers/managers/etc. in all the banks that do not have that implemented yet?</p></htmltext>
<tokenext>You must use a security token and you MUST make the bank account number of the recipient ( say for any transaction bigger than 'x ' , and put a limit on the number of transactions per day , etc .
) part of the cryptographic challenge the security token answers.Do that , and it 's good-game lowlifes.There are banks in western Europe doing that as of today.If it 's done correctly , good luck hacking that .
Basically you need to break cryptography as we know it today to defeat that scheme.How retarded are the developers/managers/etc .
in all the banks that do not have that implemented yet ?</tokentext>
<sentencetext>You must use a security token and you MUST make the bank account number of the recipient (say for any transaction bigger than 'x', and put a limit on the number of transactions per day, etc.
) part of the cryptographic challenge the security token answers.Do that, and it's good-game lowlifes.There are banks in western Europe doing that as of today.If it's done correctly, good luck hacking that.
Basically you need to break cryptography as we know it today to defeat that scheme.How retarded are the developers/managers/etc.
in all the banks that do not have that implemented yet?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613</id>
	<title>it's not a matter of Linux vs. Windows...</title>
	<author>SuperBanana</author>
	<datestamp>1255449900000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>...it's more a matter of a read-only medium.  If people start doing this is greater numbers, all the evil people will do is start distributing hacked ISOs pretending they're legitimate.  This also doesn't do much for machines which have been hacked at a BIOS/bootloader level.  In fact, if the PC is set to boot to the hard drive and the trojan supervisor is smart and puts up a boot menu that looks bios-ish (ie, allowing you to select the boot device), 95\% of users would never notice.  So unless Linux LiveCDs start running checks to see if they're being virtualized, this isn't a very good safety net.

<p>Also, honestly, how many people do you think check the MD5 sum on an ISO?  Hell, I've never had a RedHat/Fedora disc that passed its self-check.  I gave up on that ages ago.</p></htmltext>
<tokenext>...it 's more a matter of a read-only medium .
If people start doing this is greater numbers , all the evil people will do is start distributing hacked ISOs pretending they 're legitimate .
This also does n't do much for machines which have been hacked at a BIOS/bootloader level .
In fact , if the PC is set to boot to the hard drive and the trojan supervisor is smart and puts up a boot menu that looks bios-ish ( ie , allowing you to select the boot device ) , 95 \ % of users would never notice .
So unless Linux LiveCDs start running checks to see if they 're being virtualized , this is n't a very good safety net .
Also , honestly , how many people do you think check the MD5 sum on an ISO ?
Hell , I 've never had a RedHat/Fedora disc that passed its self-check .
I gave up on that ages ago .</tokentext>
<sentencetext>...it's more a matter of a read-only medium.
If people start doing this is greater numbers, all the evil people will do is start distributing hacked ISOs pretending they're legitimate.
This also doesn't do much for machines which have been hacked at a BIOS/bootloader level.
In fact, if the PC is set to boot to the hard drive and the trojan supervisor is smart and puts up a boot menu that looks bios-ish (ie, allowing you to select the boot device), 95\% of users would never notice.
So unless Linux LiveCDs start running checks to see if they're being virtualized, this isn't a very good safety net.
Also, honestly, how many people do you think check the MD5 sum on an ISO?
Hell, I've never had a RedHat/Fedora disc that passed its self-check.
I gave up on that ages ago.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29797381</id>
	<title>Re:Alternate Headline</title>
	<author>Anonymous</author>
	<datestamp>1255980120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Anybody who gets a boot-able CD or USB drive from an anonymous character along with a letter on how to use it to do on-line banking and uses it is probably too dumb to have anything worth stealing.</p></htmltext>
<tokenext>Anybody who gets a boot-able CD or USB drive from an anonymous character along with a letter on how to use it to do on-line banking and uses it is probably too dumb to have anything worth stealing .</tokentext>
<sentencetext>Anybody who gets a boot-able CD or USB drive from an anonymous character along with a letter on how to use it to do on-line banking and uses it is probably too dumb to have anything worth stealing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741859</id>
	<title>Banks Should get involved</title>
	<author>fwarren</author>
	<datestamp>1255552560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>All a bank would need to do is set up their own live CD. All ACPI type stuff disabled and a boot menu that makes it easy to try normal video or framebuffer. Use a lite desktop like xfce, icewm or lxde  and configure it to look as much like XP as possible. They could even use a custom firefox skin, have firefox autorun and the banking site set as the homepage. They can set custom DNS servers. Have a 2nd tab on the browser set up for "Help, with videos that show how to log into the bank, how to set up a printer if they want to print. How to save a printout as a pdf and save it to a drive or email it.  The bank can keep them behind the counter where folks can't put altered CD's. Run a few Ads on the radio, have a few banners hung up in the bank. The CD should make note that there is NO SUPPORT if it works for you it is safer than windows and use it, if it does not work for you then don't use it. The CD jacket should also recommend a few CURRENT usb wireless adapters that will just plug-and-play with the LiveCD.</p></htmltext>
<tokenext>All a bank would need to do is set up their own live CD .
All ACPI type stuff disabled and a boot menu that makes it easy to try normal video or framebuffer .
Use a lite desktop like xfce , icewm or lxde and configure it to look as much like XP as possible .
They could even use a custom firefox skin , have firefox autorun and the banking site set as the homepage .
They can set custom DNS servers .
Have a 2nd tab on the browser set up for " Help , with videos that show how to log into the bank , how to set up a printer if they want to print .
How to save a printout as a pdf and save it to a drive or email it .
The bank can keep them behind the counter where folks ca n't put altered CD 's .
Run a few Ads on the radio , have a few banners hung up in the bank .
The CD should make note that there is NO SUPPORT if it works for you it is safer than windows and use it , if it does not work for you then do n't use it .
The CD jacket should also recommend a few CURRENT usb wireless adapters that will just plug-and-play with the LiveCD .</tokentext>
<sentencetext>All a bank would need to do is set up their own live CD.
All ACPI type stuff disabled and a boot menu that makes it easy to try normal video or framebuffer.
Use a lite desktop like xfce, icewm or lxde  and configure it to look as much like XP as possible.
They could even use a custom firefox skin, have firefox autorun and the banking site set as the homepage.
They can set custom DNS servers.
Have a 2nd tab on the browser set up for "Help, with videos that show how to log into the bank, how to set up a printer if they want to print.
How to save a printout as a pdf and save it to a drive or email it.
The bank can keep them behind the counter where folks can't put altered CD's.
Run a few Ads on the radio, have a few banners hung up in the bank.
The CD should make note that there is NO SUPPORT if it works for you it is safer than windows and use it, if it does not work for you then don't use it.
The CD jacket should also recommend a few CURRENT usb wireless adapters that will just plug-and-play with the LiveCD.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740551</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741435</id>
	<title>Genuine Linux CD?</title>
	<author>Anonymous</author>
	<datestamp>1255459620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Here comes the issue of trusting the code that is distributed. Obviously, any program included onto the CD itself won't help.</p></htmltext>
<tokenext>Here comes the issue of trusting the code that is distributed .
Obviously , any program included onto the CD itself wo n't help .</tokentext>
<sentencetext>Here comes the issue of trusting the code that is distributed.
Obviously, any program included onto the CD itself won't help.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667</id>
	<title>A smart bank would be ALL over this...</title>
	<author>Anonymous</author>
	<datestamp>1255450320000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>A bank with any technical savvy would be immediately preparing a LiveCD/USB distro that boots as quickly as possible into a browser pre-configured with the bank's portal page set as the home page.  The distro would contain nothing extraneous -- just enough for fast, safe banking.  It would, of course, be thoroughly branded, but completely legit vis a vis source code and license notices.  Give them away in the mail, or even sell USB drives.</p></htmltext>
<tokenext>A bank with any technical savvy would be immediately preparing a LiveCD/USB distro that boots as quickly as possible into a browser pre-configured with the bank 's portal page set as the home page .
The distro would contain nothing extraneous -- just enough for fast , safe banking .
It would , of course , be thoroughly branded , but completely legit vis a vis source code and license notices .
Give them away in the mail , or even sell USB drives .</tokentext>
<sentencetext>A bank with any technical savvy would be immediately preparing a LiveCD/USB distro that boots as quickly as possible into a browser pre-configured with the bank's portal page set as the home page.
The distro would contain nothing extraneous -- just enough for fast, safe banking.
It would, of course, be thoroughly branded, but completely legit vis a vis source code and license notices.
Give them away in the mail, or even sell USB drives.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29744175</id>
	<title>Re:terrible advice</title>
	<author>b0bby</author>
	<datestamp>1255532820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>booting off a LiveCD won't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that.</p> </div><p>I fail to see how that attack would affect me if I boot to my vulnerable browser and go straight to my banks website. Yes, If I typed the wrong address I might happen onto a cleverly constructed duplicate of my bank's site, but otherwise I'm safe. If you're careful enough to go to the trouble of booting into the live cd, you'd hope that you could type bankofamerica.com correctly. It's really moot anyway, because the people who most need to do it are the least likely to.</p></div>
	</htmltext>
<tokenext>booting off a LiveCD wo n't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that .
I fail to see how that attack would affect me if I boot to my vulnerable browser and go straight to my banks website .
Yes , If I typed the wrong address I might happen onto a cleverly constructed duplicate of my bank 's site , but otherwise I 'm safe .
If you 're careful enough to go to the trouble of booting into the live cd , you 'd hope that you could type bankofamerica.com correctly .
It 's really moot anyway , because the people who most need to do it are the least likely to .</tokentext>
<sentencetext>booting off a LiveCD won't save you from the truncated SSL cert attack that was demonstrated in the direction of PayPal the other day.. only having an up-to-date browser will do that.
I fail to see how that attack would affect me if I boot to my vulnerable browser and go straight to my banks website.
Yes, If I typed the wrong address I might happen onto a cleverly constructed duplicate of my bank's site, but otherwise I'm safe.
If you're careful enough to go to the trouble of booting into the live cd, you'd hope that you could type bankofamerica.com correctly.
It's really moot anyway, because the people who most need to do it are the least likely to.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747103</id>
	<title>Re:Devil's advocate: Deepfreeze?</title>
	<author>thePowerOfGrayskull</author>
	<datestamp>1255545300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I thought the target audience of the article was small businesses and consumers running Windows who need something simple. For many medium and large businesses, the things that you describe are becoming common practice anyway.</htmltext>
<tokenext>I thought the target audience of the article was small businesses and consumers running Windows who need something simple .
For many medium and large businesses , the things that you describe are becoming common practice anyway .</tokentext>
<sentencetext>I thought the target audience of the article was small businesses and consumers running Windows who need something simple.
For many medium and large businesses, the things that you describe are becoming common practice anyway.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603</id>
	<title>Devil's advocate:  Deepfreeze?</title>
	<author>Anonymous</author>
	<datestamp>1255449780000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Devil's advocate here:</p><p>Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?</p><p>Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps.  Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.</p><p>There is nothing wrong with a diskless system and booting from a CD-ROM.  However, unless one creates a custom image with reliable enterprise level auditing tools, it becomes difficult to extract data from a group of PCs (and this is important for larger businesses come tax season, or regulatory compliance), and it is definitely an issue to add or update software without a reboot, unless it is a precompiled binary on a central server that people run.</p><p>Also, instead of running live CDs, why not consider going to a vendor like Wyse and going with truly thin technology?  This way, there is little to no fiddling with the client side.  If a thin terminal has a problem, just swap it out for another one, chuck the old one in the RMA box and be done with it.  This is arguably a lot easier than the cost for maintaining standard PCs [1].</p><p>[1]:  I'm primarily intending enterprise level here.  For some SMBs, it is a lot cheaper to go with a boot CD and a generic PC, but for larger companies, it may mean more futzing around with stuff for their IT staff, especially on the scale of thousands of endpoints.  If I had a startup with a call center of 5 people, PCs are a lot more economical.  However, 500 to 1000 people in a non-technical call center, then I'd take a serious look at thin terminals and a beefy internal network fabric.</p></htmltext>
<tokenext>Devil 's advocate here : Of course , a diskless system running Linux would reduce the chance of malware on clients , but perhaps if a company is dependent on Windows , almost as good security ( and I state almost ) would be obtained from denying admin access and using something like DeepFreeze , Windows SteadyState , or similar ? Combine DeepFreeze with AppLocker , some decent enterprise antivirus utilities , BitLocker , and the usual physical and BIOS protection on a machine , and one can make a decently locked down terminal that can cleanly run Windows apps .
Should additional software be needed , no need to install it , just use something like VMWare ThinApp and have it runnable from a central location.There is nothing wrong with a diskless system and booting from a CD-ROM .
However , unless one creates a custom image with reliable enterprise level auditing tools , it becomes difficult to extract data from a group of PCs ( and this is important for larger businesses come tax season , or regulatory compliance ) , and it is definitely an issue to add or update software without a reboot , unless it is a precompiled binary on a central server that people run.Also , instead of running live CDs , why not consider going to a vendor like Wyse and going with truly thin technology ?
This way , there is little to no fiddling with the client side .
If a thin terminal has a problem , just swap it out for another one , chuck the old one in the RMA box and be done with it .
This is arguably a lot easier than the cost for maintaining standard PCs [ 1 ] .
[ 1 ] : I 'm primarily intending enterprise level here .
For some SMBs , it is a lot cheaper to go with a boot CD and a generic PC , but for larger companies , it may mean more futzing around with stuff for their IT staff , especially on the scale of thousands of endpoints .
If I had a startup with a call center of 5 people , PCs are a lot more economical .
However , 500 to 1000 people in a non-technical call center , then I 'd take a serious look at thin terminals and a beefy internal network fabric .</tokentext>
<sentencetext>Devil's advocate here:Of course, a diskless system running Linux would reduce the chance of malware on clients, but perhaps if a company is dependent on Windows, almost as good security (and I state almost) would be obtained from denying admin access and using something like DeepFreeze, Windows SteadyState, or similar?Combine DeepFreeze with AppLocker, some decent enterprise antivirus utilities, BitLocker, and the usual physical and BIOS protection on a machine, and one can make a decently locked down terminal that can cleanly run Windows apps.
Should additional software be needed, no need to install it, just use something like VMWare ThinApp and have it runnable from a central location.There is nothing wrong with a diskless system and booting from a CD-ROM.
However, unless one creates a custom image with reliable enterprise level auditing tools, it becomes difficult to extract data from a group of PCs (and this is important for larger businesses come tax season, or regulatory compliance), and it is definitely an issue to add or update software without a reboot, unless it is a precompiled binary on a central server that people run.Also, instead of running live CDs, why not consider going to a vendor like Wyse and going with truly thin technology?
This way, there is little to no fiddling with the client side.
If a thin terminal has a problem, just swap it out for another one, chuck the old one in the RMA box and be done with it.
This is arguably a lot easier than the cost for maintaining standard PCs [1].
[1]:  I'm primarily intending enterprise level here.
For some SMBs, it is a lot cheaper to go with a boot CD and a generic PC, but for larger companies, it may mean more futzing around with stuff for their IT staff, especially on the scale of thousands of endpoints.
If I had a startup with a call center of 5 people, PCs are a lot more economical.
However, 500 to 1000 people in a non-technical call center, then I'd take a serious look at thin terminals and a beefy internal network fabric.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746175
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741797
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741435
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741433
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29748423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741859
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740551
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29797381
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740889
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29750315
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743285
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741283
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29744175
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745677
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29749705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741363
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741943
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741949
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742071
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741315
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740773
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747103
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742667
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742941
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740745
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740687
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742459
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740555
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746365
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741251
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_13_2344251_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742755
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740667
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741433
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742755
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742667
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740495
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741251
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741315
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742893
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740467
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741435
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741283
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29797381
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740889
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742861
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740613
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746365
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742819
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742071
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740385
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740587
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742941
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747067
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740641
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740457
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29743285
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741943
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741949
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740473
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742841
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740455
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740687
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740555
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29742459
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740551
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741859
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741797
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740773
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29750315
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740513
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29741363
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740623
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740745
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29749705
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29744175
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740561
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740603
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29745677
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29748423
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29747103
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29746175
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_13_2344251.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_13_2344251.29740571
</commentlist>
</conversation>
