<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_20_217257</id>
	<title>Apple Patches Massive Holes In OS X</title>
	<author>timothy</author>
	<datestamp>1263979380000</datestamp>
	<htmltext>Trailrunner7 writes with this snippet from ThreatPost: <i>"Apple's <a href="http://threatpost.com/en\_us/blogs/apple-patches-12-serious-mac-os-x-vulnerabilities-011910?utm\_source=Threatpost&amp;utm\_medium=Tabs&amp;utm\_campaign=Today"> first Mac OS X security update for 2010 </a>is out, providing cover for at least 12 serious vulnerabilities. The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site."</i> Hit the link for a list of the highlights among these fixes.</htmltext>
<tokenext>Trailrunner7 writes with this snippet from ThreatPost : " Apple 's first Mac OS X security update for 2010 is out , providing cover for at least 12 serious vulnerabilities .
The update , rated critical , plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site .
" Hit the link for a list of the highlights among these fixes .</tokentext>
<sentencetext>Trailrunner7 writes with this snippet from ThreatPost: "Apple's  first Mac OS X security update for 2010 is out, providing cover for at least 12 serious vulnerabilities.
The update, rated critical, plugs security holes that could lead to code execution vulnerabilities if a Mac user is tricked into opening audio files or surfing to a rigged Web site.
" Hit the link for a list of the highlights among these fixes.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30842074</id>
	<title>Windows Security</title>
	<author>Dunge</author>
	<datestamp>1264007280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>How many times did I heard "I use Mac/Linux because there's no virus, no security problem and/or much safer". It's pretty much the same thing everywhere.</htmltext>
<tokenext>How many times did I heard " I use Mac/Linux because there 's no virus , no security problem and/or much safer " .
It 's pretty much the same thing everywhere .</tokentext>
<sentencetext>How many times did I heard "I use Mac/Linux because there's no virus, no security problem and/or much safer".
It's pretty much the same thing everywhere.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840652</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Monkeedude1212</author>
	<datestamp>1263995280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>So, yes, as a matter of fact, there are no viruses for Mac OS X. Not virtually none, not almost none. None.</p></div><p>As a matter of Fact, there ARE viruses for Mac OS X.</p><p>OS X uses various parts of the FreeBSD Security Framework and Filesystem.</p><p>They have viruses for FreeBSD that base their attacks on those parts, and it has been proven that they work just as well on a Mac as they do on that flavour of Linux.</p><p>Just because Mac users are not affected by the hordes of windows viruses that they catch (and yes, Macs catch the same viruses as Windows, they merely can't operate because they were designed to run on Windows) - doesn't mean that they are this completely immune and untouchable operating system. When OSX is suffering from a deluge of viruses from holes in it's architecture (if it ever comes to that), it will be too late to do anything about it. This news Article is merely trying to point out, that yes, these do exist, and Apple is working hard at closing them. The problem is whether they will be able to keep it up.</p><p>Next time, before hopping on your high horse about how completely virus free Macs are, do some research and learn the truth, don't spew the pamphlet Apple boxes with your machine. Because when you're wrong, you just look like an idiot fanboy.</p></div>
	</htmltext>
<tokenext>So , yes , as a matter of fact , there are no viruses for Mac OS X. Not virtually none , not almost none .
None.As a matter of Fact , there ARE viruses for Mac OS X.OS X uses various parts of the FreeBSD Security Framework and Filesystem.They have viruses for FreeBSD that base their attacks on those parts , and it has been proven that they work just as well on a Mac as they do on that flavour of Linux.Just because Mac users are not affected by the hordes of windows viruses that they catch ( and yes , Macs catch the same viruses as Windows , they merely ca n't operate because they were designed to run on Windows ) - does n't mean that they are this completely immune and untouchable operating system .
When OSX is suffering from a deluge of viruses from holes in it 's architecture ( if it ever comes to that ) , it will be too late to do anything about it .
This news Article is merely trying to point out , that yes , these do exist , and Apple is working hard at closing them .
The problem is whether they will be able to keep it up.Next time , before hopping on your high horse about how completely virus free Macs are , do some research and learn the truth , do n't spew the pamphlet Apple boxes with your machine .
Because when you 're wrong , you just look like an idiot fanboy .</tokentext>
<sentencetext>So, yes, as a matter of fact, there are no viruses for Mac OS X. Not virtually none, not almost none.
None.As a matter of Fact, there ARE viruses for Mac OS X.OS X uses various parts of the FreeBSD Security Framework and Filesystem.They have viruses for FreeBSD that base their attacks on those parts, and it has been proven that they work just as well on a Mac as they do on that flavour of Linux.Just because Mac users are not affected by the hordes of windows viruses that they catch (and yes, Macs catch the same viruses as Windows, they merely can't operate because they were designed to run on Windows) - doesn't mean that they are this completely immune and untouchable operating system.
When OSX is suffering from a deluge of viruses from holes in it's architecture (if it ever comes to that), it will be too late to do anything about it.
This news Article is merely trying to point out, that yes, these do exist, and Apple is working hard at closing them.
The problem is whether they will be able to keep it up.Next time, before hopping on your high horse about how completely virus free Macs are, do some research and learn the truth, don't spew the pamphlet Apple boxes with your machine.
Because when you're wrong, you just look like an idiot fanboy.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</id>
	<title>Different Day, Same Crap</title>
	<author>Anonymous</author>
	<datestamp>1263987540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Has anyone driven a truck thru these gaping holes? Anyone? Beuller? When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it's Architecture, please come back and let us know. Because while every operating system has vulnerabilities, only Microsoft was kind enough to make those vulnerabilities accessible by system wide scripting mechanisms that allowed millions of computer users the world over be the subject of attacks from the hundreds of thousands of pieces of malware constantly fighting to infect Windows PCs. The count (for those who think a security vulnerability makes Apple's points about viruses invalid) is about one hundred thousand to 0. This is being very generous. So, yes, as a matter of fact, there are no viruses for Mac OS X. Not virtually none, not almost none. None.</htmltext>
<tokenext>Has anyone driven a truck thru these gaping holes ?
Anyone ? Beuller ?
When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it 's Architecture , please come back and let us know .
Because while every operating system has vulnerabilities , only Microsoft was kind enough to make those vulnerabilities accessible by system wide scripting mechanisms that allowed millions of computer users the world over be the subject of attacks from the hundreds of thousands of pieces of malware constantly fighting to infect Windows PCs .
The count ( for those who think a security vulnerability makes Apple 's points about viruses invalid ) is about one hundred thousand to 0 .
This is being very generous .
So , yes , as a matter of fact , there are no viruses for Mac OS X. Not virtually none , not almost none .
None .</tokentext>
<sentencetext>Has anyone driven a truck thru these gaping holes?
Anyone? Beuller?
When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it's Architecture, please come back and let us know.
Because while every operating system has vulnerabilities, only Microsoft was kind enough to make those vulnerabilities accessible by system wide scripting mechanisms that allowed millions of computer users the world over be the subject of attacks from the hundreds of thousands of pieces of malware constantly fighting to infect Windows PCs.
The count (for those who think a security vulnerability makes Apple's points about viruses invalid) is about one hundred thousand to 0.
This is being very generous.
So, yes, as a matter of fact, there are no viruses for Mac OS X. Not virtually none, not almost none.
None.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838030</id>
	<title>Re:I just patched a massive hole</title>
	<author>Anonymous</author>
	<datestamp>1263983760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I just want to know when they're going to patch that damn hole in their logo. It's been there for decades!</htmltext>
<tokenext>I just want to know when they 're going to patch that damn hole in their logo .
It 's been there for decades !</tokentext>
<sentencetext>I just want to know when they're going to patch that damn hole in their logo.
It's been there for decades!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840616</id>
	<title>Re:Different Day, Same Crap</title>
	<author>smash</author>
	<datestamp>1263995040000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext>Whilst I'm a mac user/fanboi and agree with most of your post - I'm sure there must be some vulnerabilities being exploited for MacOS out there somewhere.  It ships with Apache, and a heap of BSD userland tools ffs.  I'd say there are no commonly encountered viruses on MacOS... not necessarily NONE.</htmltext>
<tokenext>Whilst I 'm a mac user/fanboi and agree with most of your post - I 'm sure there must be some vulnerabilities being exploited for MacOS out there somewhere .
It ships with Apache , and a heap of BSD userland tools ffs .
I 'd say there are no commonly encountered viruses on MacOS... not necessarily NONE .</tokentext>
<sentencetext>Whilst I'm a mac user/fanboi and agree with most of your post - I'm sure there must be some vulnerabilities being exploited for MacOS out there somewhere.
It ships with Apache, and a heap of BSD userland tools ffs.
I'd say there are no commonly encountered viruses on MacOS... not necessarily NONE.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838160</id>
	<title>Re:Cover your eyes</title>
	<author>amicusNYCL</author>
	<datestamp>1263984120000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>You just couldn't wait to post that, could you?  FYI: every piece of software needs updates, and there is still always one piece of software that will be more secure than the others.  I don't know if OSX is more secure than Windows 7, but both of them will continue to receive updates, that fact doesn't make either of them less secure.</p></htmltext>
<tokenext>You just could n't wait to post that , could you ?
FYI : every piece of software needs updates , and there is still always one piece of software that will be more secure than the others .
I do n't know if OSX is more secure than Windows 7 , but both of them will continue to receive updates , that fact does n't make either of them less secure .</tokentext>
<sentencetext>You just couldn't wait to post that, could you?
FYI: every piece of software needs updates, and there is still always one piece of software that will be more secure than the others.
I don't know if OSX is more secure than Windows 7, but both of them will continue to receive updates, that fact doesn't make either of them less secure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838014</id>
	<title>Re:Twelve?</title>
	<author>Anonymous</author>
	<datestamp>1263983700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>From the article: "Flash Player plug-in (7 vulnerabilities)"</p><p>7 + 5 = 12</p></htmltext>
<tokenext>From the article : " Flash Player plug-in ( 7 vulnerabilities ) " 7 + 5 = 12</tokentext>
<sentencetext>From the article: "Flash Player plug-in (7 vulnerabilities)"7 + 5 = 12</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840404</id>
	<title>Re:image format bugs</title>
	<author>phantomfive</author>
	<datestamp>1263993780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Actually, if you are debugging an image parser library, I advocate commenting out all the obvious fails (like, this file doesn't have the right magic number, it's not a GIF) and then feeding the thing pure random data, seeing how it handles it.  You never know what kind of bug might turn up.  Of course you'll want the non-random random data as well, but the random random stuff is useful.</htmltext>
<tokenext>Actually , if you are debugging an image parser library , I advocate commenting out all the obvious fails ( like , this file does n't have the right magic number , it 's not a GIF ) and then feeding the thing pure random data , seeing how it handles it .
You never know what kind of bug might turn up .
Of course you 'll want the non-random random data as well , but the random random stuff is useful .</tokentext>
<sentencetext>Actually, if you are debugging an image parser library, I advocate commenting out all the obvious fails (like, this file doesn't have the right magic number, it's not a GIF) and then feeding the thing pure random data, seeing how it handles it.
You never know what kind of bug might turn up.
Of course you'll want the non-random random data as well, but the random random stuff is useful.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839082</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839118</id>
	<title>Re:Twelve?</title>
	<author>Anonymous</author>
	<datestamp>1263987720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The SSL vulnerability is somewhat disturbing.  Read the date on the linked article.</p></htmltext>
<tokenext>The SSL vulnerability is somewhat disturbing .
Read the date on the linked article .</tokentext>
<sentencetext>The SSL vulnerability is somewhat disturbing.
Read the date on the linked article.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841294</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Lars T.</author>
	<datestamp>1264000140000</datestamp>
	<modclass>Troll</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>You most have missed all the reports on the <a href="http://www.atomicsub.net/2009/01/apple-trojan-strikes-again/" title="atomicsub.net" rel="nofollow">virus spread through torrents for Photoshop CS4 and iLife.</a> [atomicsub.net]</p> </div><p>Ans you"most" have missed that a Trojan isn't a Virus.</p></div>
	</htmltext>
<tokenext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife .
[ atomicsub.net ] Ans you " most " have missed that a Trojan is n't a Virus .</tokentext>
<sentencetext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife.
[atomicsub.net] Ans you"most" have missed that a Trojan isn't a Virus.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840052</id>
	<title>Re:Twelve?</title>
	<author>ekhben</author>
	<datestamp>1263991920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>May all of OS X's "massive holes" be so insignificant to me.

</p><p>The most concerning is the TIFF vulnerability; fortunately that's a 10.5 issue, not a 10.6 issue.  The second most concerning is the SSL vulnerability, but I've not trusted SSL alone for a while now.  Still tossing up throwing out Firefox's trust anchor code and replacing it with an SSH style known-hosts setup... but the FF code is a total dog to work with.  And I don't care.  Mostly, I guess, I don't care.  Thank you, my bank, for two-factor authentication.</p></htmltext>
<tokenext>May all of OS X 's " massive holes " be so insignificant to me .
The most concerning is the TIFF vulnerability ; fortunately that 's a 10.5 issue , not a 10.6 issue .
The second most concerning is the SSL vulnerability , but I 've not trusted SSL alone for a while now .
Still tossing up throwing out Firefox 's trust anchor code and replacing it with an SSH style known-hosts setup... but the FF code is a total dog to work with .
And I do n't care .
Mostly , I guess , I do n't care .
Thank you , my bank , for two-factor authentication .</tokentext>
<sentencetext>May all of OS X's "massive holes" be so insignificant to me.
The most concerning is the TIFF vulnerability; fortunately that's a 10.5 issue, not a 10.6 issue.
The second most concerning is the SSL vulnerability, but I've not trusted SSL alone for a while now.
Still tossing up throwing out Firefox's trust anchor code and replacing it with an SSH style known-hosts setup... but the FF code is a total dog to work with.
And I don't care.
Mostly, I guess, I don't care.
Thank you, my bank, for two-factor authentication.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837844</id>
	<title>HAHA!</title>
	<author>Anonymous</author>
	<datestamp>1263983160000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>"if a Mac user is tricked into opening audio files or surfing to a rigged Web site."</p><p>I own a Mac G3, and STILL haven't been tricked into using OS X!</p></htmltext>
<tokenext>" if a Mac user is tricked into opening audio files or surfing to a rigged Web site .
" I own a Mac G3 , and STILL have n't been tricked into using OS X !</tokentext>
<sentencetext>"if a Mac user is tricked into opening audio files or surfing to a rigged Web site.
"I own a Mac G3, and STILL haven't been tricked into using OS X!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839124</id>
	<title>Huh? What? Erg?</title>
	<author>Anonymous</author>
	<datestamp>1263987720000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Why the need for patches? Didn't the Steve Jobs fanbois tell us over and over again OSX was secure, it can never be hacked? It was so well coded it never crashes? I don't understand how the MOST SECURE OS EVER needs patching.</p></htmltext>
<tokenext>Why the need for patches ?
Did n't the Steve Jobs fanbois tell us over and over again OSX was secure , it can never be hacked ?
It was so well coded it never crashes ?
I do n't understand how the MOST SECURE OS EVER needs patching .</tokentext>
<sentencetext>Why the need for patches?
Didn't the Steve Jobs fanbois tell us over and over again OSX was secure, it can never be hacked?
It was so well coded it never crashes?
I don't understand how the MOST SECURE OS EVER needs patching.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</id>
	<title>Twelve?</title>
	<author>Anonymous</author>
	<datestamp>1263983520000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Apple's own security update page (http://support.apple.com/kb/HT4004) lists these six, where did Threatpost author get the number 12 from?:</p><p>Security Update 2010-001</p><p>
    *</p><p>
      CoreAudio</p><p>
      CVE-ID: CVE-2010-0036</p><p>
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2</p><p>
      Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution</p><p>
      Description: A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.</p><p>
    *</p><p>
      CUPS</p><p>
      CVE-ID: CVE-2009-3553</p><p>
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2</p><p>
      Impact: A remote attacker may cause an unexpected application termination of cupsd</p><p>
      Description: A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.</p><p>
    *</p><p>
      Flash Player plug-in</p><p>
      CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951</p><p>
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2</p><p>
      Impact: Multiple vulnerabilities in Adobe Flash Player plug-in</p><p>
      Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at <a href="http://www.adobe.com/support/security/bulletins/apsb09-19.html" title="adobe.com" rel="nofollow">http://www.adobe.com/support/security/bulletins/apsb09-19.html</a> [adobe.com] Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).</p><p>
    *</p><p>
      ImageIO</p><p>
      CVE-ID: CVE-2009-2285</p><p>
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8</p><p>
      Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution</p><p>
      Description: A buffer underflow exists in ImageIO's handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.</p><p>
    *</p><p>
      Image RAW</p><p>
      CVE-ID</p></htmltext>
<tokenext>Apple 's own security update page ( http : //support.apple.com/kb/HT4004 ) lists these six , where did Threatpost author get the number 12 from ?
: Security Update 2010-001 * CoreAudio CVE-ID : CVE-2010-0036 Available for : Mac OS X v10.5.8 , Mac OS X Server v10.5.8 , Mac OS X v10.6.2 , Mac OS X Server v10.6.2 Impact : Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution Description : A buffer overflow exists in the handling of mp4 audio files .
Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution .
This issue is addressed through improved bounds checking .
Credit to Tobias Klein of trapkit.de for reporting this issue .
* CUPS CVE-ID : CVE-2009-3553 Available for : Mac OS X v10.5.8 , Mac OS X Server v10.5.8 , Mac OS X v10.6.2 , Mac OS X Server v10.6.2 Impact : A remote attacker may cause an unexpected application termination of cupsd Description : A use-after-free issue exists in cupsd .
By issuing a maliciously crafted get-printer-jobs request , an attacker may cause a remote denial of service .
This is mitigated through the automatic restart of cupsd after its termination .
This issue is addressed through improved connection use tracking .
* Flash Player plug-in CVE-ID : CVE-2009-3794 , CVE-2009-3796 , CVE-2009-3797 , CVE-2009-3798 , CVE-2009-3799 , CVE-2009-3800 , CVE-2009-3951 Available for : Mac OS X v10.5.8 , Mac OS X Server v10.5.8 , Mac OS X v10.6.2 , Mac OS X Server v10.6.2 Impact : Multiple vulnerabilities in Adobe Flash Player plug-in Description : Multiple issues exist in the Adobe Flash Player plug-in , the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site .
The issues are addressed by updating the Flash Player plug-in to version 10.0.42 .
Further information is available via the Adobe web site at http : //www.adobe.com/support/security/bulletins/apsb09-19.html [ adobe.com ] Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative , Bing Liu of Fortinet 's FortiGuard Global Security Research Team , Will Dormann of CERT , Manuel Caballero and Microsoft Vulnerability Research ( MSVR ) .
* ImageIO CVE-ID : CVE-2009-2285 Available for : Mac OS X v10.5.8 , Mac OS X Server v10.5.8 Impact : Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description : A buffer underflow exists in ImageIO 's handling of TIFF images .
Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution .
This issue is addressed through improved bounds checking .
For Mac OS X v10.6 systems , this issue is addressed in Mac OS X v10.6.2 .
* Image RAW CVE-ID</tokentext>
<sentencetext>Apple's own security update page (http://support.apple.com/kb/HT4004) lists these six, where did Threatpost author get the number 12 from?
:Security Update 2010-001
    *
      CoreAudio
      CVE-ID: CVE-2010-0036
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2
      Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution
      Description: A buffer overflow exists in the handling of mp4 audio files.
Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved bounds checking.
Credit to Tobias Klein of trapkit.de for reporting this issue.
*
      CUPS
      CVE-ID: CVE-2009-3553
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2
      Impact: A remote attacker may cause an unexpected application termination of cupsd
      Description: A use-after-free issue exists in cupsd.
By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service.
This is mitigated through the automatic restart of cupsd after its termination.
This issue is addressed through improved connection use tracking.
*
      Flash Player plug-in
      CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2
      Impact: Multiple vulnerabilities in Adobe Flash Player plug-in
      Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site.
The issues are addressed by updating the Flash Player plug-in to version 10.0.42.
Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html [adobe.com] Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet's FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).
*
      ImageIO
      CVE-ID: CVE-2009-2285
      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
      Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
      Description: A buffer underflow exists in ImageIO's handling of TIFF images.
Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved bounds checking.
For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.
*
      Image RAW
      CVE-ID</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841196</id>
	<title>Re:image format bugs</title>
	<author>Lars T.</author>
	<datestamp>1263999300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Two bugs were found in their image libraries (arbitrary code execution bugs in TIFF and RAW-DMG).  Makes me wonder if they even tested their image libraries at all when they were being written, because that kind of bug can usually be found in an image library by feeding it random data.</p></div><p>Well, that's odd - one of those bugs is <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285" title="mitre.org" rel="nofollow">CVE-2009-2285</a> [mitre.org]: Buffer underflow in the LZWDecodeCompat function in <a href="http://en.wikipedia.org/wiki/Libtiff" title="wikipedia.org" rel="nofollow">libtiff</a> [wikipedia.org] 3.8.2</p></div>
	</htmltext>
<tokenext>Two bugs were found in their image libraries ( arbitrary code execution bugs in TIFF and RAW-DMG ) .
Makes me wonder if they even tested their image libraries at all when they were being written , because that kind of bug can usually be found in an image library by feeding it random data.Well , that 's odd - one of those bugs is CVE-2009-2285 [ mitre.org ] : Buffer underflow in the LZWDecodeCompat function in libtiff [ wikipedia.org ] 3.8.2</tokentext>
<sentencetext>Two bugs were found in their image libraries (arbitrary code execution bugs in TIFF and RAW-DMG).
Makes me wonder if they even tested their image libraries at all when they were being written, because that kind of bug can usually be found in an image library by feeding it random data.Well, that's odd - one of those bugs is CVE-2009-2285 [mitre.org]: Buffer underflow in the LZWDecodeCompat function in libtiff [wikipedia.org] 3.8.2
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844448</id>
	<title>When MacOS X gets enough users? Maybe then</title>
	<author>Anonymous</author>
	<datestamp>1264078980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><div class="quote"><p><b>" When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it's Architecture, please come back and let us know</b> - by His Shadow (689816) on Wednesday January 20, @05:39PM (#30839078) Homepage</p></div><p>LOL... well, tell you what:  <b>When MacOS X gets enough users to merit online criminals attacking it</b> (same with any *NIX variant out there for Personal Computers, &amp; yes, that includes LINUX, BSD's (like MacOS X), etc. et al)<b>? That's when it will happen.</b></p><p>Until then? "Stay tuned"...</p><p><b>The ONLY thing keeping MacOS X &amp;/or Linux for example, 'safe', is "Security-By-Obscurity", &amp; the fact that online criminals are just like ANY OTHER CRIMINALS:  They gather where the most OTHERS gather, to maximize their surface area of attack - &amp; guess where THAT is, online? Yes, that's right - Windows.</b></p><p>Windows has what? Roughly a 95\% share of market out there for personal computing approximately?</p><p>Well - that "all said &amp; aside", <b>what the hell do you think goes through the mind of those doing the attacking</b> (when they want to "hit" as many people as they can to victimize them, and maximize their criminal enterprise's profits)??</p><p>I.E.-&gt; <b>"LET'S ATTACK WINDOWS, IT IS THE MOST USED! WE WILL GET THE 'MOST MILEAGE OUT OF OUR ATTACK CODE' THAT WAY..."</b></p><p>So, they write their (for example) javascript code to attack Windows &amp; its surrounding apps...</p><p><b>The Apple commercials? THEY ARE COMPLETE BULLSHIT, &amp; ANYONE WITH ANY SENSE or KNOW-HOW IN THIS ART &amp; SCIENCE/FIELD OF COMPUTING, REALIZES IT... "Security by Obscurity" is MacOS X &amp; Linux's ally, &amp; that's about it...</b></p><p>(Now, don't get me wrong: I like MacOS X, &amp; Linux, as much as the next guy (they work, they are well-done by this point, &amp; in general are as much a pleasure to use as Windows is)... but, I don't like hearing a bunch of misinforming market-speak bullshit lies, either).</p><p>HOWEVER:</p><p><b>IF ANYONE HERE TRIES TO TELL MYSELF OR OTHERS THAT IT'S "IMPOSSIBLE TO WRITE A VIRUS/WORM/TROJAN/SPYWARE/MALWARE-IN-GENERAL FOR LINUX or MAC OS X, THEN I SUGGEST THEY REALIZE THAT JAVASCRIPT</b> (the main tool used to attack others online via webbrowsers &amp; email programs as of the past 5++ yrs. now) <b>RUNS ON THEIR OS' TOO... &amp; THUS, THEY ARE JUST AS ATTACKABLE AS WINDOWS IS... EASILY!</b></p><p>APK</p><p>P.S.=&gt; <b>"Security-By-Obscurity" is the only so-called "security-advantage" that the *NIX variants on PC's have, &amp; it's also their biggest enemy too</b> (sales &amp; market share, anyone?)... apk</p></div>
	</htmltext>
<tokenext>" When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it 's Architecture , please come back and let us know - by His Shadow ( 689816 ) on Wednesday January 20 , @ 05 : 39PM ( # 30839078 ) HomepageLOL... well , tell you what : When MacOS X gets enough users to merit online criminals attacking it ( same with any * NIX variant out there for Personal Computers , &amp; yes , that includes LINUX , BSD 's ( like MacOS X ) , etc .
et al ) ?
That 's when it will happen.Until then ?
" Stay tuned " ...The ONLY thing keeping MacOS X &amp;/or Linux for example , 'safe ' , is " Security-By-Obscurity " , &amp; the fact that online criminals are just like ANY OTHER CRIMINALS : They gather where the most OTHERS gather , to maximize their surface area of attack - &amp; guess where THAT is , online ?
Yes , that 's right - Windows.Windows has what ?
Roughly a 95 \ % share of market out there for personal computing approximately ? Well - that " all said &amp; aside " , what the hell do you think goes through the mind of those doing the attacking ( when they want to " hit " as many people as they can to victimize them , and maximize their criminal enterprise 's profits ) ?
? I.E.- &gt; " LET 'S ATTACK WINDOWS , IT IS THE MOST USED !
WE WILL GET THE 'MOST MILEAGE OUT OF OUR ATTACK CODE ' THAT WAY... " So , they write their ( for example ) javascript code to attack Windows &amp; its surrounding apps...The Apple commercials ?
THEY ARE COMPLETE BULLSHIT , &amp; ANYONE WITH ANY SENSE or KNOW-HOW IN THIS ART &amp; SCIENCE/FIELD OF COMPUTING , REALIZES IT... " Security by Obscurity " is MacOS X &amp; Linux 's ally , &amp; that 's about it... ( Now , do n't get me wrong : I like MacOS X , &amp; Linux , as much as the next guy ( they work , they are well-done by this point , &amp; in general are as much a pleasure to use as Windows is ) ... but , I do n't like hearing a bunch of misinforming market-speak bullshit lies , either ) .HOWEVER : IF ANYONE HERE TRIES TO TELL MYSELF OR OTHERS THAT IT 'S " IMPOSSIBLE TO WRITE A VIRUS/WORM/TROJAN/SPYWARE/MALWARE-IN-GENERAL FOR LINUX or MAC OS X , THEN I SUGGEST THEY REALIZE THAT JAVASCRIPT ( the main tool used to attack others online via webbrowsers &amp; email programs as of the past 5 + + yrs .
now ) RUNS ON THEIR OS ' TOO... &amp; THUS , THEY ARE JUST AS ATTACKABLE AS WINDOWS IS... EASILY ! APKP.S. = &gt; " Security-By-Obscurity " is the only so-called " security-advantage " that the * NIX variants on PC 's have , &amp; it 's also their biggest enemy too ( sales &amp; market share , anyone ? ) .. .
apk</tokentext>
<sentencetext>" When OSX is suffering from a deluge of viruses from all these supposed gaping holes in it's Architecture, please come back and let us know - by His Shadow (689816) on Wednesday January 20, @05:39PM (#30839078) HomepageLOL... well, tell you what:  When MacOS X gets enough users to merit online criminals attacking it (same with any *NIX variant out there for Personal Computers, &amp; yes, that includes LINUX, BSD's (like MacOS X), etc.
et al)?
That's when it will happen.Until then?
"Stay tuned"...The ONLY thing keeping MacOS X &amp;/or Linux for example, 'safe', is "Security-By-Obscurity", &amp; the fact that online criminals are just like ANY OTHER CRIMINALS:  They gather where the most OTHERS gather, to maximize their surface area of attack - &amp; guess where THAT is, online?
Yes, that's right - Windows.Windows has what?
Roughly a 95\% share of market out there for personal computing approximately?Well - that "all said &amp; aside", what the hell do you think goes through the mind of those doing the attacking (when they want to "hit" as many people as they can to victimize them, and maximize their criminal enterprise's profits)?
?I.E.-&gt; "LET'S ATTACK WINDOWS, IT IS THE MOST USED!
WE WILL GET THE 'MOST MILEAGE OUT OF OUR ATTACK CODE' THAT WAY..."So, they write their (for example) javascript code to attack Windows &amp; its surrounding apps...The Apple commercials?
THEY ARE COMPLETE BULLSHIT, &amp; ANYONE WITH ANY SENSE or KNOW-HOW IN THIS ART &amp; SCIENCE/FIELD OF COMPUTING, REALIZES IT... "Security by Obscurity" is MacOS X &amp; Linux's ally, &amp; that's about it...(Now, don't get me wrong: I like MacOS X, &amp; Linux, as much as the next guy (they work, they are well-done by this point, &amp; in general are as much a pleasure to use as Windows is)... but, I don't like hearing a bunch of misinforming market-speak bullshit lies, either).HOWEVER:IF ANYONE HERE TRIES TO TELL MYSELF OR OTHERS THAT IT'S "IMPOSSIBLE TO WRITE A VIRUS/WORM/TROJAN/SPYWARE/MALWARE-IN-GENERAL FOR LINUX or MAC OS X, THEN I SUGGEST THEY REALIZE THAT JAVASCRIPT (the main tool used to attack others online via webbrowsers &amp; email programs as of the past 5++ yrs.
now) RUNS ON THEIR OS' TOO... &amp; THUS, THEY ARE JUST AS ATTACKABLE AS WINDOWS IS... EASILY!APKP.S.=&gt; "Security-By-Obscurity" is the only so-called "security-advantage" that the *NIX variants on PC's have, &amp; it's also their biggest enemy too (sales &amp; market share, anyone?)...
apk
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902</id>
	<title>Cover your eyes</title>
	<author>Anonymous</author>
	<datestamp>1263983340000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Quick Apple fan-boys, cover your eyes and do not read any further.<br>It's the only way you can continue claiming OS-X is soooooo much more safe and secure than that certain other OS.</p></htmltext>
<tokenext>Quick Apple fan-boys , cover your eyes and do not read any further.It 's the only way you can continue claiming OS-X is soooooo much more safe and secure than that certain other OS .</tokentext>
<sentencetext>Quick Apple fan-boys, cover your eyes and do not read any further.It's the only way you can continue claiming OS-X is soooooo much more safe and secure than that certain other OS.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30848046</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Sorny</author>
	<datestamp>1264098540000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext>You must not know the difference between a Trojan and a Virus.</htmltext>
<tokenext>You must not know the difference between a Trojan and a Virus .</tokentext>
<sentencetext>You must not know the difference between a Trojan and a Virus.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841204</id>
	<title>Re:image format bugs</title>
	<author>Anonymous</author>
	<datestamp>1263999420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sure you're not thinking of the WMF exploit? <a href="http://en.wikipedia.org/wiki/Windows\_Metafile\_vulnerability" title="wikipedia.org">http://en.wikipedia.org/wiki/Windows\_Metafile\_vulnerability</a> [wikipedia.org]</p></htmltext>
<tokenext>Sure you 're not thinking of the WMF exploit ?
http : //en.wikipedia.org/wiki/Windows \ _Metafile \ _vulnerability [ wikipedia.org ]</tokentext>
<sentencetext>Sure you're not thinking of the WMF exploit?
http://en.wikipedia.org/wiki/Windows\_Metafile\_vulnerability [wikipedia.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838934</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840158</id>
	<title>OS distribution</title>
	<author>Anonymous</author>
	<datestamp>1263992460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Anyone out there know what the numbers are for mac osx and windows 7?  How many users?  Is it a comparable base, or has windows 7 already outstripped the number of mac osx users?</p></htmltext>
<tokenext>Anyone out there know what the numbers are for mac osx and windows 7 ?
How many users ?
Is it a comparable base , or has windows 7 already outstripped the number of mac osx users ?</tokentext>
<sentencetext>Anyone out there know what the numbers are for mac osx and windows 7?
How many users?
Is it a comparable base, or has windows 7 already outstripped the number of mac osx users?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838058</id>
	<title>Re:Twelve?</title>
	<author>Anonymous</author>
	<datestamp>1263983820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There are 12 different CVE's, representing 12 unique vulnerabilities.</p><p>Therefore, there are 7 unique vulns fixed in the one Flash Advisory</p></htmltext>
<tokenext>There are 12 different CVE 's , representing 12 unique vulnerabilities.Therefore , there are 7 unique vulns fixed in the one Flash Advisory</tokentext>
<sentencetext>There are 12 different CVE's, representing 12 unique vulnerabilities.Therefore, there are 7 unique vulns fixed in the one Flash Advisory</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839952</id>
	<title>Re:Cover your eyes</title>
	<author>Anonymous</author>
	<datestamp>1263991560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It's only secure until its cracked.</p></htmltext>
<tokenext>It 's only secure until its cracked .</tokentext>
<sentencetext>It's only secure until its cracked.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838160</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30845438</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Anonymous</author>
	<datestamp>1264087380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>You most have missed all the reports on the <a href="http://www.atomicsub.net/2009/01/apple-trojan-strikes-again/" title="atomicsub.net" rel="nofollow">virus spread through torrents for Photoshop CS4 and iLife.</a> [atomicsub.net]</p> </div><p>Those were trojans hidden in installers (requiring admin-level password be entered) and one had to be downloading pirated software to be affected--so it's your own fault.</p></div>
	</htmltext>
<tokenext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife .
[ atomicsub.net ] Those were trojans hidden in installers ( requiring admin-level password be entered ) and one had to be downloading pirated software to be affected--so it 's your own fault .</tokentext>
<sentencetext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife.
[atomicsub.net] Those were trojans hidden in installers (requiring admin-level password be entered) and one had to be downloading pirated software to be affected--so it's your own fault.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839082</id>
	<title>Re:image format bugs</title>
	<author>DJCouchyCouch</author>
	<datestamp>1263987540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Using random data doesn't work if some structured data needs to be read first.</p><p>So you need non-random random data.<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Using random data does n't work if some structured data needs to be read first.So you need non-random random data .
: )</tokentext>
<sentencetext>Using random data doesn't work if some structured data needs to be read first.So you need non-random random data.
:)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30842976</id>
	<title>Re:image format bugs</title>
	<author>mr\_da3m0n</author>
	<datestamp>1264015860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No no, I'm fairly certain he is reffering to the BMP handling exploit, which was refered to in one of the Stealing The Network series, I think it was "How to own the box". Not sure.</p><p>But I remember this clearly as well.</p></htmltext>
<tokenext>No no , I 'm fairly certain he is reffering to the BMP handling exploit , which was refered to in one of the Stealing The Network series , I think it was " How to own the box " .
Not sure.But I remember this clearly as well .</tokentext>
<sentencetext>No no, I'm fairly certain he is reffering to the BMP handling exploit, which was refered to in one of the Stealing The Network series, I think it was "How to own the box".
Not sure.But I remember this clearly as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841204</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841762</id>
	<title>Re:"MASSIVE"?</title>
	<author>Doctor\_Jest</author>
	<datestamp>1264004400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I thought the same thing when I read the headline vs. summary.<nobr> <wbr></nobr>:)  Still, they are serious bugs, and I applaud Apple for patching them.  Some feel they didn't do it in a timely manner, but I think I'd rather have a working patch than a quick "panic" patch like we have seen from other vendors.  And since there are no recorded exploits in the wild, at least none that I've heard of, the timing of the security update isn't an issue with me.  There is no perfect OS.  But some are made better than others.  I'll leave that to others to decide which. Actually there is a perfect OS.  AmigaOS 1.3. Can't get much better than that on cheap, yet capable for its time, hardware. There, my Amiga bias is showing!<nobr> <wbr></nobr>:-)</htmltext>
<tokenext>I thought the same thing when I read the headline vs. summary. : ) Still , they are serious bugs , and I applaud Apple for patching them .
Some feel they did n't do it in a timely manner , but I think I 'd rather have a working patch than a quick " panic " patch like we have seen from other vendors .
And since there are no recorded exploits in the wild , at least none that I 've heard of , the timing of the security update is n't an issue with me .
There is no perfect OS .
But some are made better than others .
I 'll leave that to others to decide which .
Actually there is a perfect OS .
AmigaOS 1.3 .
Ca n't get much better than that on cheap , yet capable for its time , hardware .
There , my Amiga bias is showing !
: - )</tokentext>
<sentencetext>I thought the same thing when I read the headline vs. summary. :)  Still, they are serious bugs, and I applaud Apple for patching them.
Some feel they didn't do it in a timely manner, but I think I'd rather have a working patch than a quick "panic" patch like we have seen from other vendors.
And since there are no recorded exploits in the wild, at least none that I've heard of, the timing of the security update isn't an issue with me.
There is no perfect OS.
But some are made better than others.
I'll leave that to others to decide which.
Actually there is a perfect OS.
AmigaOS 1.3.
Can't get much better than that on cheap, yet capable for its time, hardware.
There, my Amiga bias is showing!
:-)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840108</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838004</id>
	<title>Re:I just patched a massive hole</title>
	<author>tiberus</author>
	<datestamp>1263983640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>More like you fell in...</p><p>(Well, like exley said...)</p></htmltext>
<tokenext>More like you fell in... ( Well , like exley said... )</tokentext>
<sentencetext>More like you fell in...(Well, like exley said...)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841752</id>
	<title>LOL, I'm reading this Mac/Windows security debate</title>
	<author>Anonymous</author>
	<datestamp>1264004340000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>...from my Ubuntu laptop. How nice it is to have an OS that doesn't even need antivirus, which is still recommended for Mac.</p></htmltext>
<tokenext>...from my Ubuntu laptop .
How nice it is to have an OS that does n't even need antivirus , which is still recommended for Mac .</tokentext>
<sentencetext>...from my Ubuntu laptop.
How nice it is to have an OS that doesn't even need antivirus, which is still recommended for Mac.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Anonymous</author>
	<datestamp>1263996360000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext>You most have missed all the reports on the <a href="http://www.atomicsub.net/2009/01/apple-trojan-strikes-again/" title="atomicsub.net">virus spread through torrents for Photoshop CS4 and iLife.</a> [atomicsub.net]</htmltext>
<tokenext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife .
[ atomicsub.net ]</tokentext>
<sentencetext>You most have missed all the reports on the virus spread through torrents for Photoshop CS4 and iLife.
[atomicsub.net]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</id>
	<title>image format bugs</title>
	<author>phantomfive</author>
	<datestamp>1263984600000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>Two bugs were found in their image libraries (arbitrary code execution bugs in TIFF and RAW-DMG).  Makes me wonder if they even tested their image libraries at all when they were being written, because that kind of bug can usually be found in an image library by feeding it random data.</htmltext>
<tokenext>Two bugs were found in their image libraries ( arbitrary code execution bugs in TIFF and RAW-DMG ) .
Makes me wonder if they even tested their image libraries at all when they were being written , because that kind of bug can usually be found in an image library by feeding it random data .</tokentext>
<sentencetext>Two bugs were found in their image libraries (arbitrary code execution bugs in TIFF and RAW-DMG).
Makes me wonder if they even tested their image libraries at all when they were being written, because that kind of bug can usually be found in an image library by feeding it random data.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839768</id>
	<title>Re:Twelve?</title>
	<author>CaptDeuce</author>
	<datestamp>1263990720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Apple's own security update page (http://support.apple.com/kb/HT4004) lists these six, where did Threatpost author get the number 12 from?:</p></div><p>
"Massive security holes" or "serious vulnerabilities" are worth two "ordinary" vulnerabilities.
</p></div>
	</htmltext>
<tokenext>Apple 's own security update page ( http : //support.apple.com/kb/HT4004 ) lists these six , where did Threatpost author get the number 12 from ?
: " Massive security holes " or " serious vulnerabilities " are worth two " ordinary " vulnerabilities .</tokentext>
<sentencetext>Apple's own security update page (http://support.apple.com/kb/HT4004) lists these six, where did Threatpost author get the number 12 from?
:
"Massive security holes" or "serious vulnerabilities" are worth two "ordinary" vulnerabilities.

	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844420</id>
	<title>Re:Cover your eyes</title>
	<author>mdwh2</author>
	<datestamp>1264078800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Brilliant. Just brilliant. I always marvel at how Apple PC fans can twist and spin a bad point into a good point, even when the same argument is used as a bad point against PCs.</p><p>Next time there's an article about patches for Windows, and Apple fans are falling over themselves to get first post with the "Look how insecure it is" comments, I'll be sure to post your comment, and get +4 informative too.</p><p>Consider, Windows seems to have had far more patches than OS X, or so Apple fans tell us - so by your logic, it must be far more secure, right?</p></htmltext>
<tokenext>Brilliant .
Just brilliant .
I always marvel at how Apple PC fans can twist and spin a bad point into a good point , even when the same argument is used as a bad point against PCs.Next time there 's an article about patches for Windows , and Apple fans are falling over themselves to get first post with the " Look how insecure it is " comments , I 'll be sure to post your comment , and get + 4 informative too.Consider , Windows seems to have had far more patches than OS X , or so Apple fans tell us - so by your logic , it must be far more secure , right ?</tokentext>
<sentencetext>Brilliant.
Just brilliant.
I always marvel at how Apple PC fans can twist and spin a bad point into a good point, even when the same argument is used as a bad point against PCs.Next time there's an article about patches for Windows, and Apple fans are falling over themselves to get first post with the "Look how insecure it is" comments, I'll be sure to post your comment, and get +4 informative too.Consider, Windows seems to have had far more patches than OS X, or so Apple fans tell us - so by your logic, it must be far more secure, right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838786</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840994</id>
	<title>Re:Different Day, Same Crap</title>
	<author>Anonymous</author>
	<datestamp>1263997560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Please stop perpetuating the myth that there are no viruses for macs.</p><p>At last count, there were under a hundred. They are extremely rare, but please stop saying they don't exist. It just makes mac people look even more clueless to windows users. Apple even recommends people run antivirus software in several places:</p><p>Mac OS X 10.6 Help - <a href="http://docs.info.apple.com/article.html?path=Mac/10.6/en/11389.html" title="apple.com" rel="nofollow">http://docs.info.apple.com/article.html?path=Mac/10.6/en/11389.html</a> [apple.com]<br>Run an antivirus program if you find any suspicious files or applications, or if you notice any suspicious behavior on your computer.</p><p><a href="https://support.apple.com/kb/HT2128" title="apple.com" rel="nofollow">https://support.apple.com/kb/HT2128</a> [apple.com] - Safety tips for handling email attachments and content downloaded from the Internet<br>Distinguishing legitimate and malicious applications<br>Where you got the file is the most important indicator. Only download and install applications from trusted sources, such as well-known application publishers, authorized resellers, or other well-known distributors. It is also advisable to use antivirus software to scan any files before installation. A selection of third-party products may be found at the Macintosh Products Guide.</p></htmltext>
<tokenext>Please stop perpetuating the myth that there are no viruses for macs.At last count , there were under a hundred .
They are extremely rare , but please stop saying they do n't exist .
It just makes mac people look even more clueless to windows users .
Apple even recommends people run antivirus software in several places : Mac OS X 10.6 Help - http : //docs.info.apple.com/article.html ? path = Mac/10.6/en/11389.html [ apple.com ] Run an antivirus program if you find any suspicious files or applications , or if you notice any suspicious behavior on your computer.https : //support.apple.com/kb/HT2128 [ apple.com ] - Safety tips for handling email attachments and content downloaded from the InternetDistinguishing legitimate and malicious applicationsWhere you got the file is the most important indicator .
Only download and install applications from trusted sources , such as well-known application publishers , authorized resellers , or other well-known distributors .
It is also advisable to use antivirus software to scan any files before installation .
A selection of third-party products may be found at the Macintosh Products Guide .</tokentext>
<sentencetext>Please stop perpetuating the myth that there are no viruses for macs.At last count, there were under a hundred.
They are extremely rare, but please stop saying they don't exist.
It just makes mac people look even more clueless to windows users.
Apple even recommends people run antivirus software in several places:Mac OS X 10.6 Help - http://docs.info.apple.com/article.html?path=Mac/10.6/en/11389.html [apple.com]Run an antivirus program if you find any suspicious files or applications, or if you notice any suspicious behavior on your computer.https://support.apple.com/kb/HT2128 [apple.com] - Safety tips for handling email attachments and content downloaded from the InternetDistinguishing legitimate and malicious applicationsWhere you got the file is the most important indicator.
Only download and install applications from trusted sources, such as well-known application publishers, authorized resellers, or other well-known distributors.
It is also advisable to use antivirus software to scan any files before installation.
A selection of third-party products may be found at the Macintosh Products Guide.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840150</id>
	<title>Re:image format bugs</title>
	<author>drinkypoo</author>
	<datestamp>1263992400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>These sophomoric no-input-sanitization errors are the most common kind. didn't apple make one before with the iPhone and SMS or something? We've seen cellphones that don't check to make sure bluetooth data is valid. Firewire is a big mess because the hardware permits access to things it shouldn't.</p></htmltext>
<tokenext>These sophomoric no-input-sanitization errors are the most common kind .
did n't apple make one before with the iPhone and SMS or something ?
We 've seen cellphones that do n't check to make sure bluetooth data is valid .
Firewire is a big mess because the hardware permits access to things it should n't .</tokentext>
<sentencetext>These sophomoric no-input-sanitization errors are the most common kind.
didn't apple make one before with the iPhone and SMS or something?
We've seen cellphones that don't check to make sure bluetooth data is valid.
Firewire is a big mess because the hardware permits access to things it shouldn't.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839596</id>
	<title>Re:Twelve?</title>
	<author>Anonymous</author>
	<datestamp>1263989940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I was really hoping someone on here would have commented on the OpenSSL renegotiation blocking breaking Vidalia / Tor connectivity. Tor relies on OpenSSL, and can't complete a handshake after the update. Anybody know a workaround?</p></htmltext>
<tokenext>I was really hoping someone on here would have commented on the OpenSSL renegotiation blocking breaking Vidalia / Tor connectivity .
Tor relies on OpenSSL , and ca n't complete a handshake after the update .
Anybody know a workaround ?</tokentext>
<sentencetext>I was really hoping someone on here would have commented on the OpenSSL renegotiation blocking breaking Vidalia / Tor connectivity.
Tor relies on OpenSSL, and can't complete a handshake after the update.
Anybody know a workaround?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838178</id>
	<title>Re:I just patched a massive hole</title>
	<author>e2d2</author>
	<datestamp>1263984240000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>0</modscore>
	<htmltext><p>I noticed. But where on earth did you find that helmet shaped like a wookie head from?<nobr> <wbr></nobr>..Oh snap, that's not a helmet. My bad!</p><p>Also dude, the preferred nomenclature is vaginal-space challenged.</p></htmltext>
<tokenext>I noticed .
But where on earth did you find that helmet shaped like a wookie head from ?
..Oh snap , that 's not a helmet .
My bad ! Also dude , the preferred nomenclature is vaginal-space challenged .</tokentext>
<sentencetext>I noticed.
But where on earth did you find that helmet shaped like a wookie head from?
..Oh snap, that's not a helmet.
My bad!Also dude, the preferred nomenclature is vaginal-space challenged.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</id>
	<title>I just patched a massive hole</title>
	<author>Anonymous</author>
	<datestamp>1263983280000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>in your mom.</p><p>(May as well just get that one out of the way)</p></htmltext>
<tokenext>in your mom .
( May as well just get that one out of the way )</tokentext>
<sentencetext>in your mom.
(May as well just get that one out of the way)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839254</id>
	<title>Re:I just patched a massive hole</title>
	<author>Anonymous</author>
	<datestamp>1263988380000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>in your mom.</p><p>(May as well just get that one out of the way)</p></div><p>This is Apple we're talking about.  Mac users have no interest in that type of hole...</p></div>
	</htmltext>
<tokenext>in your mom .
( May as well just get that one out of the way ) This is Apple we 're talking about .
Mac users have no interest in that type of hole.. .</tokentext>
<sentencetext>in your mom.
(May as well just get that one out of the way)This is Apple we're talking about.
Mac users have no interest in that type of hole...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844586</id>
	<title>Re:</title>
	<author>clint999</author>
	<datestamp>1264080660000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><strong>If a computer is secure - as you claim - it shouldn't matter what most people try to hack.</strong></htmltext>
<tokenext>If a computer is secure - as you claim - it should n't matter what most people try to hack .</tokentext>
<sentencetext>If a computer is secure - as you claim - it shouldn't matter what most people try to hack.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841186</id>
	<title>Re:image format bugs</title>
	<author>Archaemic</author>
	<datestamp>1263999180000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>Actually, I personally found and patched the TIFF bug. In January. Of last year. <a href="http://bugzilla.maptools.org/show\_bug.cgi?id=1985" title="maptools.org">http://bugzilla.maptools.org/show\_bug.cgi?id=1985</a> [maptools.org]<br>Feeding random data (aka fuzzing) might work, but 99\% of the time, I'd imagine it'd just give you a corrupted image and bail out. You have to be clever about how you search for it. I found a known vulnerability patch posted by, of all people, an Apple employee, and tried to reverse engineer what he'd fixed. I found that the patch hadn't been applied on old version of the PSP system software, which is what I was targeting. After messing with this specific attack vector, I noticed that I could still crash system software version that did have the patch. After reading up on LZW compression (which is what part of LibTIFF had the vulnerability) and the TIFF specification of how they implemented LZW, I realized that the Apple patch was incomplete--it only tested for one value you could give it that was erroneous. By simply changing the equality they used (in two places) to an inequality, I tested for all erroneous values. Meanwhile, I tried to exploit the new unpatched vector on the PSP so that I could inject code. Failing this, I decided the best course of action was to submit a bug report to LibTIFF. It might seem a tad unethical to try and exploit the bug before reporting it, but I wasn't trying to exploit in for malicious purposes, and not on a desktop operating system. Regardless, I failed to make it do more than crash the PSP. Surely the best course of action here would be to patch it upstream before anyone else found it. (Incidentally, this "arbitrary execution" this is blown out of proportion. In its current state, it is extremely unlikely that it could provide ANY code execution. Just crashing. Although I don't know if it's IMPOSSIBLE for it to execute code with this vulnerability, it would take a lot of work to get anything valuable out of this. Mostly it's a DoS. They usually just attach "arbitrary execution" when there's even the vaguest possibility for code to be executed, regardless of whether or not such an exploit has been demonstrated.)</p><p>It, um, took a while for anyone to notice the patch. In fact, the only reason anyone did notice was because someone found some of the fruit of my research into this bug and then posted a link to the research in a new bug report. Funnily, they created a different patch, which, instead of preventing the infinite loop caused by the erroneous data, just tested to see if the loop was writing out of bounds. Perhaps both approaches should be used together. Defensive programming and all that. Regardless, I noticed this new bug report shortly afterward it was posted and pointed them back to the inexplicably ignored old bug report. Most Linux vendors applied the patch shortly after the new bug report was filed, but Apple lagged by a number of months, until 10.6.2 came out. This update backports the fix into 10.5.x. However, I've found that some projects (such as Qt) are still using ancient versions of LibTIFF that have had numerous bug and security fixes since they were last updated in the projects' trees. While Qt does try to use the system's version of Qt if it can, it's still kind of scary to think about what could happen if it falls back on its own version, as I've seen it do before when I try my "corrupted" TIFF on things like Arora.</p><p>Incidentally, I am TAing a computer security course this semester. I guess previous experience helps.</p></htmltext>
<tokenext>Actually , I personally found and patched the TIFF bug .
In January .
Of last year .
http : //bugzilla.maptools.org/show \ _bug.cgi ? id = 1985 [ maptools.org ] Feeding random data ( aka fuzzing ) might work , but 99 \ % of the time , I 'd imagine it 'd just give you a corrupted image and bail out .
You have to be clever about how you search for it .
I found a known vulnerability patch posted by , of all people , an Apple employee , and tried to reverse engineer what he 'd fixed .
I found that the patch had n't been applied on old version of the PSP system software , which is what I was targeting .
After messing with this specific attack vector , I noticed that I could still crash system software version that did have the patch .
After reading up on LZW compression ( which is what part of LibTIFF had the vulnerability ) and the TIFF specification of how they implemented LZW , I realized that the Apple patch was incomplete--it only tested for one value you could give it that was erroneous .
By simply changing the equality they used ( in two places ) to an inequality , I tested for all erroneous values .
Meanwhile , I tried to exploit the new unpatched vector on the PSP so that I could inject code .
Failing this , I decided the best course of action was to submit a bug report to LibTIFF .
It might seem a tad unethical to try and exploit the bug before reporting it , but I was n't trying to exploit in for malicious purposes , and not on a desktop operating system .
Regardless , I failed to make it do more than crash the PSP .
Surely the best course of action here would be to patch it upstream before anyone else found it .
( Incidentally , this " arbitrary execution " this is blown out of proportion .
In its current state , it is extremely unlikely that it could provide ANY code execution .
Just crashing .
Although I do n't know if it 's IMPOSSIBLE for it to execute code with this vulnerability , it would take a lot of work to get anything valuable out of this .
Mostly it 's a DoS .
They usually just attach " arbitrary execution " when there 's even the vaguest possibility for code to be executed , regardless of whether or not such an exploit has been demonstrated .
) It , um , took a while for anyone to notice the patch .
In fact , the only reason anyone did notice was because someone found some of the fruit of my research into this bug and then posted a link to the research in a new bug report .
Funnily , they created a different patch , which , instead of preventing the infinite loop caused by the erroneous data , just tested to see if the loop was writing out of bounds .
Perhaps both approaches should be used together .
Defensive programming and all that .
Regardless , I noticed this new bug report shortly afterward it was posted and pointed them back to the inexplicably ignored old bug report .
Most Linux vendors applied the patch shortly after the new bug report was filed , but Apple lagged by a number of months , until 10.6.2 came out .
This update backports the fix into 10.5.x .
However , I 've found that some projects ( such as Qt ) are still using ancient versions of LibTIFF that have had numerous bug and security fixes since they were last updated in the projects ' trees .
While Qt does try to use the system 's version of Qt if it can , it 's still kind of scary to think about what could happen if it falls back on its own version , as I 've seen it do before when I try my " corrupted " TIFF on things like Arora.Incidentally , I am TAing a computer security course this semester .
I guess previous experience helps .</tokentext>
<sentencetext>Actually, I personally found and patched the TIFF bug.
In January.
Of last year.
http://bugzilla.maptools.org/show\_bug.cgi?id=1985 [maptools.org]Feeding random data (aka fuzzing) might work, but 99\% of the time, I'd imagine it'd just give you a corrupted image and bail out.
You have to be clever about how you search for it.
I found a known vulnerability patch posted by, of all people, an Apple employee, and tried to reverse engineer what he'd fixed.
I found that the patch hadn't been applied on old version of the PSP system software, which is what I was targeting.
After messing with this specific attack vector, I noticed that I could still crash system software version that did have the patch.
After reading up on LZW compression (which is what part of LibTIFF had the vulnerability) and the TIFF specification of how they implemented LZW, I realized that the Apple patch was incomplete--it only tested for one value you could give it that was erroneous.
By simply changing the equality they used (in two places) to an inequality, I tested for all erroneous values.
Meanwhile, I tried to exploit the new unpatched vector on the PSP so that I could inject code.
Failing this, I decided the best course of action was to submit a bug report to LibTIFF.
It might seem a tad unethical to try and exploit the bug before reporting it, but I wasn't trying to exploit in for malicious purposes, and not on a desktop operating system.
Regardless, I failed to make it do more than crash the PSP.
Surely the best course of action here would be to patch it upstream before anyone else found it.
(Incidentally, this "arbitrary execution" this is blown out of proportion.
In its current state, it is extremely unlikely that it could provide ANY code execution.
Just crashing.
Although I don't know if it's IMPOSSIBLE for it to execute code with this vulnerability, it would take a lot of work to get anything valuable out of this.
Mostly it's a DoS.
They usually just attach "arbitrary execution" when there's even the vaguest possibility for code to be executed, regardless of whether or not such an exploit has been demonstrated.
)It, um, took a while for anyone to notice the patch.
In fact, the only reason anyone did notice was because someone found some of the fruit of my research into this bug and then posted a link to the research in a new bug report.
Funnily, they created a different patch, which, instead of preventing the infinite loop caused by the erroneous data, just tested to see if the loop was writing out of bounds.
Perhaps both approaches should be used together.
Defensive programming and all that.
Regardless, I noticed this new bug report shortly afterward it was posted and pointed them back to the inexplicably ignored old bug report.
Most Linux vendors applied the patch shortly after the new bug report was filed, but Apple lagged by a number of months, until 10.6.2 came out.
This update backports the fix into 10.5.x.
However, I've found that some projects (such as Qt) are still using ancient versions of LibTIFF that have had numerous bug and security fixes since they were last updated in the projects' trees.
While Qt does try to use the system's version of Qt if it can, it's still kind of scary to think about what could happen if it falls back on its own version, as I've seen it do before when I try my "corrupted" TIFF on things like Arora.Incidentally, I am TAing a computer security course this semester.
I guess previous experience helps.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840108</id>
	<title>"MASSIVE"?</title>
	<author>jjoelc</author>
	<datestamp>1263992220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>I just wonder why the summary title says "MASSIVE holes..." when the original article "serious".. a bit of bias, perhaps??</p><p>More realistically, this is just another security update. Find me an OS that doesn't have them, and for similarly "obvious" or "easily found/fixed" (hindsight and armchair hacking being perfect of course) and I'll either switch right away, or dust off the old TRS-80 from my closet to run it on.</p><p>The way I see it, if you have a brain and use it while browsing, you are generally fine. But people are stupid. And if you are going to market your product to stupid people,  you need to make sure you do everything you can to minimize the damage stupid people can do to others. (Stupid people generally deserve their own damages...)</p><p>Now to start the debate over which company is more in the business of marketing to stupid people...</p></htmltext>
<tokenext>I just wonder why the summary title says " MASSIVE holes... " when the original article " serious " .. a bit of bias , perhaps ?
? More realistically , this is just another security update .
Find me an OS that does n't have them , and for similarly " obvious " or " easily found/fixed " ( hindsight and armchair hacking being perfect of course ) and I 'll either switch right away , or dust off the old TRS-80 from my closet to run it on.The way I see it , if you have a brain and use it while browsing , you are generally fine .
But people are stupid .
And if you are going to market your product to stupid people , you need to make sure you do everything you can to minimize the damage stupid people can do to others .
( Stupid people generally deserve their own damages... ) Now to start the debate over which company is more in the business of marketing to stupid people.. .</tokentext>
<sentencetext>I just wonder why the summary title says "MASSIVE holes..." when the original article "serious".. a bit of bias, perhaps?
?More realistically, this is just another security update.
Find me an OS that doesn't have them, and for similarly "obvious" or "easily found/fixed" (hindsight and armchair hacking being perfect of course) and I'll either switch right away, or dust off the old TRS-80 from my closet to run it on.The way I see it, if you have a brain and use it while browsing, you are generally fine.
But people are stupid.
And if you are going to market your product to stupid people,  you need to make sure you do everything you can to minimize the damage stupid people can do to others.
(Stupid people generally deserve their own damages...)Now to start the debate over which company is more in the business of marketing to stupid people...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838786</id>
	<title>Re:Cover your eyes</title>
	<author>jo\_ham</author>
	<datestamp>1263986340000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>But it is.</p><p>And patching vulnerabilities that are found just makes it more so.</p><p>Sorry, what was your point again?</p></htmltext>
<tokenext>But it is.And patching vulnerabilities that are found just makes it more so.Sorry , what was your point again ?</tokentext>
<sentencetext>But it is.And patching vulnerabilities that are found just makes it more so.Sorry, what was your point again?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838934</id>
	<title>Re:image format bugs</title>
	<author>eulernet</author>
	<datestamp>1263986940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A few years ago, when Microsoft's Windows source code was leaked, a hacker found a problem in the handling of the standard BMP format (IIRC, it was an integer that was not considered signed, and it contained the size of the picture), which could allow arbitrary code execution.</p><p>What bothers me is that Apple's developers don't check if they have the same problems as their direct competitor.</p></htmltext>
<tokenext>A few years ago , when Microsoft 's Windows source code was leaked , a hacker found a problem in the handling of the standard BMP format ( IIRC , it was an integer that was not considered signed , and it contained the size of the picture ) , which could allow arbitrary code execution.What bothers me is that Apple 's developers do n't check if they have the same problems as their direct competitor .</tokentext>
<sentencetext>A few years ago, when Microsoft's Windows source code was leaked, a hacker found a problem in the handling of the standard BMP format (IIRC, it was an integer that was not considered signed, and it contained the size of the picture), which could allow arbitrary code execution.What bothers me is that Apple's developers don't check if they have the same problems as their direct competitor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838002</id>
	<title>Re:I just patched a massive hole</title>
	<author>maxume</author>
	<datestamp>1263983640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A lot of the people that read the site are in their 40s, 50s and 60s (I'm not). That makes their moms mostly 60+.</p><p>Go dude, go.</p></htmltext>
<tokenext>A lot of the people that read the site are in their 40s , 50s and 60s ( I 'm not ) .
That makes their moms mostly 60 + .Go dude , go .</tokentext>
<sentencetext>A lot of the people that read the site are in their 40s, 50s and 60s (I'm not).
That makes their moms mostly 60+.Go dude, go.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838004
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839768
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838002
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844420
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838786
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838058
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840616
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839596
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841762
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840108
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840994
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839952
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838160
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840052
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840652
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844448
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30848046
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839254
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838014
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840404
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839082
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841196
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30842976
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841204
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838934
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838030
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841186
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30845438
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841294
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838178
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_20_217257_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839118
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839124
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841752
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837956
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839596
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838058
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839768
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838014
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839118
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840052
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837898
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838030
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839254
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838002
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838178
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838004
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839078
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840994
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840652
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840828
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30848046
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841294
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30845438
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844448
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840616
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838290
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838934
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841204
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30842976
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840150
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841186
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841196
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839082
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840404
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30837902
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838786
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30844420
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30838160
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30839952
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_20_217257.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30840108
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_20_217257.30841762
</commentlist>
</conversation>
