<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_25_221236</id>
	<title>Insecure Plugins Ding IE, Safari, Chrome, Opera</title>
	<author>kdawson</author>
	<datestamp>1264419960000</datestamp>
	<htmltext>krebsonsecurity writes <i>"The Web browser wars often focus on which browser is more secure, but the dirty secret is that <a href="http://www.krebsonsecurity.com/2010/01/a-peek-inside-the-eleonore-browser-exploit-kit/">insecure plugins are a serious threat to all browsers</a>, from the perspectives of both stability and security. Krebsonsecurity.com features an informative look at the administration page for a popular browser exploit kit called Eleonora, which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer, but also with Google Chrome, Firefox, Safari, and Opera."</i></htmltext>
<tokenext>krebsonsecurity writes " The Web browser wars often focus on which browser is more secure , but the dirty secret is that insecure plugins are a serious threat to all browsers , from the perspectives of both stability and security .
Krebsonsecurity.com features an informative look at the administration page for a popular browser exploit kit called Eleonora , which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer , but also with Google Chrome , Firefox , Safari , and Opera .
"</tokentext>
<sentencetext>krebsonsecurity writes "The Web browser wars often focus on which browser is more secure, but the dirty secret is that insecure plugins are a serious threat to all browsers, from the perspectives of both stability and security.
Krebsonsecurity.com features an informative look at the administration page for a popular browser exploit kit called Eleonora, which suggests that plugins like Adobe Reader and Java are leading to successful compromises for users surfing not just with Internet Explorer, but also with Google Chrome, Firefox, Safari, and Opera.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899966</id>
	<title>wow</title>
	<author>Anonymous</author>
	<datestamp>1264438080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p> Insecure Plugins <b>DING</b> IE, Safari, Chrome, Opera</p></div><p><nobr> <wbr></nobr>... Grats!</p></div>
	</htmltext>
<tokenext>Insecure Plugins DING IE , Safari , Chrome , Opera ... Grats !</tokentext>
<sentencetext> Insecure Plugins DING IE, Safari, Chrome, Opera ... Grats!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900218</id>
	<title>Re:Apt-get upgrade</title>
	<author>hduff</author>
	<datestamp>1264440540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>So are there Flash plug-in exploits that target Linux? I understand that you could remotely execute code with the UID of the user, but are there exploits in the wild?</htmltext>
<tokenext>So are there Flash plug-in exploits that target Linux ?
I understand that you could remotely execute code with the UID of the user , but are there exploits in the wild ?</tokentext>
<sentencetext>So are there Flash plug-in exploits that target Linux?
I understand that you could remotely execute code with the UID of the user, but are there exploits in the wild?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898882</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899066</id>
	<title>Re:Headline?</title>
	<author>aldld</author>
	<datestamp>1264429800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Mine says "Shiretoko"</p><p> Slashdot IT Story | Insecure Plugins Ding IE, Safari, Chrome, Opera - Shiretoko </p></htmltext>
<tokenext>Mine says " Shiretoko " Slashdot IT Story | Insecure Plugins Ding IE , Safari , Chrome , Opera - Shiretoko</tokentext>
<sentencetext>Mine says "Shiretoko" Slashdot IT Story | Insecure Plugins Ding IE, Safari, Chrome, Opera - Shiretoko </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898162</id>
	<title>Re:Headline?</title>
	<author>maxwell demon</author>
	<datestamp>1264424520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>To provoke a comment which asks why the headline doesn't list Firefox.</p></htmltext>
<tokenext>To provoke a comment which asks why the headline does n't list Firefox .</tokentext>
<sentencetext>To provoke a comment which asks why the headline doesn't list Firefox.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898352</id>
	<title>Oh cmon, kdawson!</title>
	<author>Anonymous</author>
	<datestamp>1264425420000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why was firefox left out of the article name?</p></htmltext>
<tokenext>Why was firefox left out of the article name ?</tokentext>
<sentencetext>Why was firefox left out of the article name?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900106</id>
	<title>Re:Sandboxing?</title>
	<author>Foredecker</author>
	<datestamp>1264439400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I wish I had mod points for you.</htmltext>
<tokenext>I wish I had mod points for you .</tokentext>
<sentencetext>I wish I had mod points for you.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898852</id>
	<title>Re:The model</title>
	<author>rolfwind</author>
	<datestamp>1264428180000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>Insecure huh?</p><p>Is that why my browser kept asking if it looked fat maximized in my widescreen monitor.</p></htmltext>
<tokenext>Insecure huh ? Is that why my browser kept asking if it looked fat maximized in my widescreen monitor .</tokentext>
<sentencetext>Insecure huh?Is that why my browser kept asking if it looked fat maximized in my widescreen monitor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898432</id>
	<title>Re:In other news, water is wet.</title>
	<author>TheRealMindChild</author>
	<datestamp>1264425840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>If there was one unanimously labelled "BEST" browser, everyone would be using it.</i> <br> <br>Wait... you aren't using Netscape 4.7?!</htmltext>
<tokenext>If there was one unanimously labelled " BEST " browser , everyone would be using it .
Wait... you are n't using Netscape 4.7 ?
!</tokentext>
<sentencetext>If there was one unanimously labelled "BEST" browser, everyone would be using it.
Wait... you aren't using Netscape 4.7?
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901672</id>
	<title>Re:Sandboxing?</title>
	<author>cyclomedia</author>
	<datestamp>1264501020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why (philosophically, rather than bounded by spaghetti-code-kernel-reality) should a plugin that would like full screen video output and audio/video input also be able to download executables and get the OS to run them on boot up with full system rights?</htmltext>
<tokenext>Why ( philosophically , rather than bounded by spaghetti-code-kernel-reality ) should a plugin that would like full screen video output and audio/video input also be able to download executables and get the OS to run them on boot up with full system rights ?</tokentext>
<sentencetext>Why (philosophically, rather than bounded by spaghetti-code-kernel-reality) should a plugin that would like full screen video output and audio/video input also be able to download executables and get the OS to run them on boot up with full system rights?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898296</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908994</id>
	<title>Re:easy solution</title>
	<author>cbhacking</author>
	<datestamp>1264496520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>While Foxit has been much less targeted than Acrobat, it has had security vulnerabilities in the past, and it does support at least some JavaScript (which seems to be a commonly vulnerable part of the viewer). I don't have the Foxit plugin disabled, but I do have it set to prompt me before loading, which is almost as good - among other things, if I deny the plugin permission to load, it goes to my download manager instead for offline viewing.</p></htmltext>
<tokenext>While Foxit has been much less targeted than Acrobat , it has had security vulnerabilities in the past , and it does support at least some JavaScript ( which seems to be a commonly vulnerable part of the viewer ) .
I do n't have the Foxit plugin disabled , but I do have it set to prompt me before loading , which is almost as good - among other things , if I deny the plugin permission to load , it goes to my download manager instead for offline viewing .</tokentext>
<sentencetext>While Foxit has been much less targeted than Acrobat, it has had security vulnerabilities in the past, and it does support at least some JavaScript (which seems to be a commonly vulnerable part of the viewer).
I don't have the Foxit plugin disabled, but I do have it set to prompt me before loading, which is almost as good - among other things, if I deny the plugin permission to load, it goes to my download manager instead for offline viewing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898772</id>
	<title>Re:The problem isn't browsers.</title>
	<author>shutdown -p now</author>
	<datestamp>1264427700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The problem isn't browsers, it's the operating system they're running on. Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken.</p></div><p>No modern desktop OS (with a very stretched definition of "modern" - e.g. WinXP and even 2K conforms, too) does not allow normal users to execute privileged code with no confirmation. The problem with XP and earlier was that the default user with a fresh install was admin - not exactly a "normal user". This is fixed in Vista and above.</p><p>The problem is that you don't need to run privileged code to do harm. Even trojaning the system is trivial without it, since the binary can simply be deployed in user's home directory. Not to mention that one doesn't need a trojan to simply steal user's files, which may include some interesting personal information, such as CC numbers...</p></div>
	</htmltext>
<tokenext>The problem is n't browsers , it 's the operating system they 're running on .
Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken.No modern desktop OS ( with a very stretched definition of " modern " - e.g .
WinXP and even 2K conforms , too ) does not allow normal users to execute privileged code with no confirmation .
The problem with XP and earlier was that the default user with a fresh install was admin - not exactly a " normal user " .
This is fixed in Vista and above.The problem is that you do n't need to run privileged code to do harm .
Even trojaning the system is trivial without it , since the binary can simply be deployed in user 's home directory .
Not to mention that one does n't need a trojan to simply steal user 's files , which may include some interesting personal information , such as CC numbers.. .</tokentext>
<sentencetext>The problem isn't browsers, it's the operating system they're running on.
Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken.No modern desktop OS (with a very stretched definition of "modern" - e.g.
WinXP and even 2K conforms, too) does not allow normal users to execute privileged code with no confirmation.
The problem with XP and earlier was that the default user with a fresh install was admin - not exactly a "normal user".
This is fixed in Vista and above.The problem is that you don't need to run privileged code to do harm.
Even trojaning the system is trivial without it, since the binary can simply be deployed in user's home directory.
Not to mention that one doesn't need a trojan to simply steal user's files, which may include some interesting personal information, such as CC numbers...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220</id>
	<title>Firefox?</title>
	<author>Anonymous</author>
	<datestamp>1264424760000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins.  I'm certain this problem applies to it as well (particularly since it gets mentioned in the summary below).  Innocent slip or ulterior motive of the anti-IE crowd?</htmltext>
<tokenext>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins .
I 'm certain this problem applies to it as well ( particularly since it gets mentioned in the summary below ) .
Innocent slip or ulterior motive of the anti-IE crowd ?</tokentext>
<sentencetext>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins.
I'm certain this problem applies to it as well (particularly since it gets mentioned in the summary below).
Innocent slip or ulterior motive of the anti-IE crowd?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899206</id>
	<title>Re:The model</title>
	<author>vtcodger</author>
	<datestamp>1264430940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>***Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.***</p><p>That'd be my opinion as well, but apparently you and I are Luddite idiots.</p><p>My guess is that if you are right, it will take at least two decades and perhaps one or more complete breakdowns of e-Commerce and/or web services to bring any significant number of folks around to your point of view.</p></htmltext>
<tokenext>* * * Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server , or a page that had an embedded link to your server .
* * * That 'd be my opinion as well , but apparently you and I are Luddite idiots.My guess is that if you are right , it will take at least two decades and perhaps one or more complete breakdowns of e-Commerce and/or web services to bring any significant number of folks around to your point of view .</tokentext>
<sentencetext>***Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.
***That'd be my opinion as well, but apparently you and I are Luddite idiots.My guess is that if you are right, it will take at least two decades and perhaps one or more complete breakdowns of e-Commerce and/or web services to bring any significant number of folks around to your point of view.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30902854</id>
	<title>Mandatory Access Control</title>
	<author>BlueParrot</author>
	<datestamp>1264514820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What I did was use AppArmor to basically restrict firefox from writing to anything but its own config files, as well as a single directory for downloads. It also can't read from any of my user files ( like my mail or documents). I even stopped it from executing external programs like PDF readers or OpenOffice seeing that I prefer to download the files and open them manually anyway.</p><p>I disabled Java, installed no-script (surfing slashdot is way smoother without javascript btw ) and set firefox to clear all cookies and other offline data when I close it down. It also doesn't have write permissions to the macromedia directories to stop flash from storing its offline objects nonsense there.</p><p>Basically what I figured is that ok maybe the Browser could get compromised, but this way it should not be able to cause much harm to other parts of my system.</p></htmltext>
<tokenext>What I did was use AppArmor to basically restrict firefox from writing to anything but its own config files , as well as a single directory for downloads .
It also ca n't read from any of my user files ( like my mail or documents ) .
I even stopped it from executing external programs like PDF readers or OpenOffice seeing that I prefer to download the files and open them manually anyway.I disabled Java , installed no-script ( surfing slashdot is way smoother without javascript btw ) and set firefox to clear all cookies and other offline data when I close it down .
It also does n't have write permissions to the macromedia directories to stop flash from storing its offline objects nonsense there.Basically what I figured is that ok maybe the Browser could get compromised , but this way it should not be able to cause much harm to other parts of my system .</tokentext>
<sentencetext>What I did was use AppArmor to basically restrict firefox from writing to anything but its own config files, as well as a single directory for downloads.
It also can't read from any of my user files ( like my mail or documents).
I even stopped it from executing external programs like PDF readers or OpenOffice seeing that I prefer to download the files and open them manually anyway.I disabled Java, installed no-script (surfing slashdot is way smoother without javascript btw ) and set firefox to clear all cookies and other offline data when I close it down.
It also doesn't have write permissions to the macromedia directories to stop flash from storing its offline objects nonsense there.Basically what I figured is that ok maybe the Browser could get compromised, but this way it should not be able to cause much harm to other parts of my system.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899708</id>
	<title>kdawson manipulated the title of the summary</title>
	<author>Anonymous</author>
	<datestamp>1264435860000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>It is fascinating that while in the summary krebsonsecurity (the same people that wrote the article) says that the article talks about compromises "<i>not just with Internet Explorer, but also with Google Chrome, <b>Firefox</b>, Safari, and Opera,</i>" kdawson chose to exclude Firefox from the title and even changed the order of the other browsers: IE, Safari, Chrome, Opera.</p><p>I'm not saying that the order in which the browsers are mentioned has any significance at all, but it is simply wrong to alter the title in such a way that the article seems to say something different from what it actually says.</p><p>kdawson strikes again...</p></htmltext>
<tokenext>It is fascinating that while in the summary krebsonsecurity ( the same people that wrote the article ) says that the article talks about compromises " not just with Internet Explorer , but also with Google Chrome , Firefox , Safari , and Opera , " kdawson chose to exclude Firefox from the title and even changed the order of the other browsers : IE , Safari , Chrome , Opera.I 'm not saying that the order in which the browsers are mentioned has any significance at all , but it is simply wrong to alter the title in such a way that the article seems to say something different from what it actually says.kdawson strikes again.. .</tokentext>
<sentencetext>It is fascinating that while in the summary krebsonsecurity (the same people that wrote the article) says that the article talks about compromises "not just with Internet Explorer, but also with Google Chrome, Firefox, Safari, and Opera," kdawson chose to exclude Firefox from the title and even changed the order of the other browsers: IE, Safari, Chrome, Opera.I'm not saying that the order in which the browsers are mentioned has any significance at all, but it is simply wrong to alter the title in such a way that the article seems to say something different from what it actually says.kdawson strikes again...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898064</id>
	<title>Re:Headline?</title>
	<author>Anonymusing</author>
	<datestamp>1264424100000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>You must be new here. We don't diss Firefox.
</p><p>&lt;/obligatory&gt;</p></htmltext>
<tokenext>You must be new here .
We do n't diss Firefox .</tokentext>
<sentencetext>You must be new here.
We don't diss Firefox.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898118</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264424280000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>From page 30 of the Chrome Comic (http://www.google.com/googlebooks/chrome/small\_30.html)</p><p>"Plugins have capabilities that aren't public standards, so we can't sandbox these yet."<br>"Though with some small changes on the part of the plugin makers, we can get them to run at a lower privilege which would be much safer."</p></htmltext>
<tokenext>From page 30 of the Chrome Comic ( http : //www.google.com/googlebooks/chrome/small \ _30.html ) " Plugins have capabilities that are n't public standards , so we ca n't sandbox these yet .
" " Though with some small changes on the part of the plugin makers , we can get them to run at a lower privilege which would be much safer .
"</tokentext>
<sentencetext>From page 30 of the Chrome Comic (http://www.google.com/googlebooks/chrome/small\_30.html)"Plugins have capabilities that aren't public standards, so we can't sandbox these yet.
""Though with some small changes on the part of the plugin makers, we can get them to run at a lower privilege which would be much safer.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899322</id>
	<title>Acrobat plugin has been my nemesis for years.</title>
	<author>argent</author>
	<datestamp>1264432140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I used to have to go through and find that damn plugin and actually remove the plugin dll every time I installed acrobat, because there was NO WAY to tell Adobe "no, thanks, I do NOT want to hang my computer for five minutes while your plugin munches on a huge PDF every time I forget to alt-click on a pdf link".</p></htmltext>
<tokenext>I used to have to go through and find that damn plugin and actually remove the plugin dll every time I installed acrobat , because there was NO WAY to tell Adobe " no , thanks , I do NOT want to hang my computer for five minutes while your plugin munches on a huge PDF every time I forget to alt-click on a pdf link " .</tokentext>
<sentencetext>I used to have to go through and find that damn plugin and actually remove the plugin dll every time I installed acrobat, because there was NO WAY to tell Adobe "no, thanks, I do NOT want to hang my computer for five minutes while your plugin munches on a huge PDF every time I forget to alt-click on a pdf link".</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899482</id>
	<title>And people WANT Flash on their phone...</title>
	<author>rinoid</author>
	<datestamp>1264433820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>My gosh, Apple has taken so much crap for not including Flash on the iPhone and not supporting Adobe in their desire to have the Flash plugin run on the iPhone (never mind most flash content already sucks, try it without a mouse(!) onHover event).

I use ClickToFlash for Safari, and, all my Firefoxen gets flashblock. I load Flash when I want to load it, not when some ad server or asswipe with an art degree (uh, that's me!) thinks their website menus would be really neato in Flash.</htmltext>
<tokenext>My gosh , Apple has taken so much crap for not including Flash on the iPhone and not supporting Adobe in their desire to have the Flash plugin run on the iPhone ( never mind most flash content already sucks , try it without a mouse ( !
) onHover event ) .
I use ClickToFlash for Safari , and , all my Firefoxen gets flashblock .
I load Flash when I want to load it , not when some ad server or asswipe with an art degree ( uh , that 's me !
) thinks their website menus would be really neato in Flash .</tokentext>
<sentencetext>My gosh, Apple has taken so much crap for not including Flash on the iPhone and not supporting Adobe in their desire to have the Flash plugin run on the iPhone (never mind most flash content already sucks, try it without a mouse(!
) onHover event).
I use ClickToFlash for Safari, and, all my Firefoxen gets flashblock.
I load Flash when I want to load it, not when some ad server or asswipe with an art degree (uh, that's me!
) thinks their website menus would be really neato in Flash.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30902088</id>
	<title>Debian and Ubuntu</title>
	<author>Yvanhoe</author>
	<datestamp>1264506780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>In the risk of appearing trollish, I would say that this is why "integrists" of FOSS like the debian group are useful even in a world where the Ubuntu compromise had such a success.</htmltext>
<tokenext>In the risk of appearing trollish , I would say that this is why " integrists " of FOSS like the debian group are useful even in a world where the Ubuntu compromise had such a success .</tokentext>
<sentencetext>In the risk of appearing trollish, I would say that this is why "integrists" of FOSS like the debian group are useful even in a world where the Ubuntu compromise had such a success.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898654</id>
	<title>Re:Headline?</title>
	<author>Anonymous</author>
	<datestamp>1264427040000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>Why doesn't the headline list Firefox, too?</p></div><p>But... when you're running Firefox, it reads:</p><p><b>Slashdot|Insecure Plugins Ding IE, Safari, Chrome, Opera - Mozilla Firefox</b></p><p>so Firefox <i>is</i> part of the headline!</p><p>Oh wait...</p></div>
	</htmltext>
<tokenext>Why does n't the headline list Firefox , too ? But... when you 're running Firefox , it reads : Slashdot | Insecure Plugins Ding IE , Safari , Chrome , Opera - Mozilla Firefoxso Firefox is part of the headline ! Oh wait.. .</tokentext>
<sentencetext>Why doesn't the headline list Firefox, too?But... when you're running Firefox, it reads:Slashdot|Insecure Plugins Ding IE, Safari, Chrome, Opera - Mozilla Firefoxso Firefox is part of the headline!Oh wait...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898460</id>
	<title>Re:Adobe reader plugin?</title>
	<author>Trepidity</author>
	<datestamp>1264425960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>If you're just reading the occasional journal article or something, that's reasonable, yeah. The original idea of the PDF plugin was that PDFs would be more widespread, as part of websites, so it'd be a hassle to download/view every time you ran across a PDF. That's thankfully not as common as Adobe had hoped, but for some kinds of sites it's still a bit of a hassle if you have no plugin--- restaurant sites that seem to find it necessary to put their lunch/dinner/drinks menus into three separate PDFs come to mind.</p></htmltext>
<tokenext>If you 're just reading the occasional journal article or something , that 's reasonable , yeah .
The original idea of the PDF plugin was that PDFs would be more widespread , as part of websites , so it 'd be a hassle to download/view every time you ran across a PDF .
That 's thankfully not as common as Adobe had hoped , but for some kinds of sites it 's still a bit of a hassle if you have no plugin--- restaurant sites that seem to find it necessary to put their lunch/dinner/drinks menus into three separate PDFs come to mind .</tokentext>
<sentencetext>If you're just reading the occasional journal article or something, that's reasonable, yeah.
The original idea of the PDF plugin was that PDFs would be more widespread, as part of websites, so it'd be a hassle to download/view every time you ran across a PDF.
That's thankfully not as common as Adobe had hoped, but for some kinds of sites it's still a bit of a hassle if you have no plugin--- restaurant sites that seem to find it necessary to put their lunch/dinner/drinks menus into three separate PDFs come to mind.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898130</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898314</id>
	<title>Re:The problem isn't browsers.</title>
	<author>GIL\_Dude</author>
	<datestamp>1264425240000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>That's absolutely correct and was solved back in Windows Vista / IE 7. As of then, "Internet zone" sites are automatically running with LESS privilege than a standard user. Bascially they can't write anything outside of temporary internet files and an untrusted "low" zone in the registry. Of course Windows 7 and IE 8 continues this. You can use Process Explorer to see the integrity level at which applications are running. Medium is standard user, Low is for things like the Internet Zone, and High is anything running with system or administrative privileges. This is one of the reasons that many of these exploits don't work correctly against anything but Windows XP.</htmltext>
<tokenext>That 's absolutely correct and was solved back in Windows Vista / IE 7 .
As of then , " Internet zone " sites are automatically running with LESS privilege than a standard user .
Bascially they ca n't write anything outside of temporary internet files and an untrusted " low " zone in the registry .
Of course Windows 7 and IE 8 continues this .
You can use Process Explorer to see the integrity level at which applications are running .
Medium is standard user , Low is for things like the Internet Zone , and High is anything running with system or administrative privileges .
This is one of the reasons that many of these exploits do n't work correctly against anything but Windows XP .</tokentext>
<sentencetext>That's absolutely correct and was solved back in Windows Vista / IE 7.
As of then, "Internet zone" sites are automatically running with LESS privilege than a standard user.
Bascially they can't write anything outside of temporary internet files and an untrusted "low" zone in the registry.
Of course Windows 7 and IE 8 continues this.
You can use Process Explorer to see the integrity level at which applications are running.
Medium is standard user, Low is for things like the Internet Zone, and High is anything running with system or administrative privileges.
This is one of the reasons that many of these exploits don't work correctly against anything but Windows XP.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899282</id>
	<title>Addons Modified Without Author Consent (Torbutton)</title>
	<author>Anonymous</author>
	<datestamp>1264431720000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>Especially when there's unauthorized modifications to addons/plugins BEHIND the backs of the addon authors!</p><p>Imagine.. you've gone through all the trouble to properly configure Tor and the Proxy of your choice, only to have the possibility of the plugin itself (Torbutton) modified by someone other than the author and such access could easily provide a vector of attack where a trojan can easily be inserted.</p><p>Torbutton is a very popular Firefox addon which makes Tor usage easy.</p><p>Read here where the Torbutton author mentions how his Torbutton<nobr> <wbr></nobr>.xpi release was modified without his consent (and you, the users, download what's been modified AFTER he last modified it!):</p><p><a href="http://archives.seul.org/or/talk/Jan-2010/msg00189.html" title="seul.org" rel="nofollow">http://archives.seul.org/or/talk/Jan-2010/msg00189.html</a> [seul.org]</p><p>"Thus spake Paolo Palmieri (palmaway@xxxxxx):</p><p>&gt; Sorry, but I have to point out that none of the proposed solution really<br>&gt; works, and both are actually quite bad from the security point of view.<br>&gt;<br>&gt; "Fetch it over SSL" doesn't give the user any guarantee about the<br>&gt; authenticity of the file. Actually it does little about security. It<br>&gt; only verifies that the user is connected to the real Tor website, but if<br>&gt; the file is corrupt or, worse, has been maliciously replaced by some<br>&gt; malware version of it, you have no means of finding out. Since we are<br>&gt; talking in this very thread about Tor servers being attacked, I consider<br>&gt; this as a serious threat.<br>&gt;<br>&gt; "Check the git/gpg sig" is a little better, but from a quick look at the<br>&gt; git repository I couldn't find the<nobr> <wbr></nobr>.xpi's on it (correct me if I'm wrong<br>&gt; here). This means that only the sources are signed, thus requiring the<br>&gt; user to recompile the package at every new release. This is time<br>&gt; consuming, but it also add some additional requirements on the user,<br>&gt; like having the right compilation environment on the box, having it<br>&gt; properly configured etc. All this for no security benefit. Finally,<br>&gt; checking the git's signature is not as easy as checking a simple<nobr> <wbr></nobr>.asc file.<br>&gt;<br>&gt; So, I have to join Jim's plea. Mike, could you please put the<nobr> <wbr></nobr>.xpi's<br>&gt;<nobr> <wbr></nobr>.asc signature files on the TorButton website?</p><p>You're right. I was considering addons.mozilla.org as the canonical<br>source of the xpi, but still, that can be owned too. In fact, I just<br>got a message from them informing me that they modified my torbutton<br>1.2.3 xpi to prevent it from being listed as compatible with FF3.6. So<br>they see fit to randomly modify the xpis too. Wonder what would happen<br>if I did have a code signing cert..</p><p>I've posted the gpg sigs for 1.2.2, 1.2.3 and 1.2.4 at:<br><a href="https://www.torproject.org/torbutton/releases/" title="torproject.org" rel="nofollow">https://www.torproject.org/torbutton/releases/</a> [torproject.org]</p><p>&gt; P.S. Are git connection to the Tor git's repository protected by TLS<br>&gt; against a valid certificate?</p><p>No. The git:// protocol is not protected. You need to rely on the tag<br>signatures.</p><p>--<br>Mike Perry<br>Mad Computer Scientist<br>fscked.org evil labs"</p></htmltext>
<tokenext>Especially when there 's unauthorized modifications to addons/plugins BEHIND the backs of the addon authors ! Imagine.. you 've gone through all the trouble to properly configure Tor and the Proxy of your choice , only to have the possibility of the plugin itself ( Torbutton ) modified by someone other than the author and such access could easily provide a vector of attack where a trojan can easily be inserted.Torbutton is a very popular Firefox addon which makes Tor usage easy.Read here where the Torbutton author mentions how his Torbutton .xpi release was modified without his consent ( and you , the users , download what 's been modified AFTER he last modified it !
) : http : //archives.seul.org/or/talk/Jan-2010/msg00189.html [ seul.org ] " Thus spake Paolo Palmieri ( palmaway @ xxxxxx ) : &gt; Sorry , but I have to point out that none of the proposed solution really &gt; works , and both are actually quite bad from the security point of view. &gt; &gt; " Fetch it over SSL " does n't give the user any guarantee about the &gt; authenticity of the file .
Actually it does little about security .
It &gt; only verifies that the user is connected to the real Tor website , but if &gt; the file is corrupt or , worse , has been maliciously replaced by some &gt; malware version of it , you have no means of finding out .
Since we are &gt; talking in this very thread about Tor servers being attacked , I consider &gt; this as a serious threat. &gt; &gt; " Check the git/gpg sig " is a little better , but from a quick look at the &gt; git repository I could n't find the .xpi 's on it ( correct me if I 'm wrong &gt; here ) .
This means that only the sources are signed , thus requiring the &gt; user to recompile the package at every new release .
This is time &gt; consuming , but it also add some additional requirements on the user , &gt; like having the right compilation environment on the box , having it &gt; properly configured etc .
All this for no security benefit .
Finally , &gt; checking the git 's signature is not as easy as checking a simple .asc file. &gt; &gt; So , I have to join Jim 's plea .
Mike , could you please put the .xpi 's &gt; .asc signature files on the TorButton website ? You 're right .
I was considering addons.mozilla.org as the canonicalsource of the xpi , but still , that can be owned too .
In fact , I justgot a message from them informing me that they modified my torbutton1.2.3 xpi to prevent it from being listed as compatible with FF3.6 .
Sothey see fit to randomly modify the xpis too .
Wonder what would happenif I did have a code signing cert..I 've posted the gpg sigs for 1.2.2 , 1.2.3 and 1.2.4 at : https : //www.torproject.org/torbutton/releases/ [ torproject.org ] &gt; P.S .
Are git connection to the Tor git 's repository protected by TLS &gt; against a valid certificate ? No .
The git : // protocol is not protected .
You need to rely on the tagsignatures.--Mike PerryMad Computer Scientistfscked.org evil labs "</tokentext>
<sentencetext>Especially when there's unauthorized modifications to addons/plugins BEHIND the backs of the addon authors!Imagine.. you've gone through all the trouble to properly configure Tor and the Proxy of your choice, only to have the possibility of the plugin itself (Torbutton) modified by someone other than the author and such access could easily provide a vector of attack where a trojan can easily be inserted.Torbutton is a very popular Firefox addon which makes Tor usage easy.Read here where the Torbutton author mentions how his Torbutton .xpi release was modified without his consent (and you, the users, download what's been modified AFTER he last modified it!
):http://archives.seul.org/or/talk/Jan-2010/msg00189.html [seul.org]"Thus spake Paolo Palmieri (palmaway@xxxxxx):&gt; Sorry, but I have to point out that none of the proposed solution really&gt; works, and both are actually quite bad from the security point of view.&gt;&gt; "Fetch it over SSL" doesn't give the user any guarantee about the&gt; authenticity of the file.
Actually it does little about security.
It&gt; only verifies that the user is connected to the real Tor website, but if&gt; the file is corrupt or, worse, has been maliciously replaced by some&gt; malware version of it, you have no means of finding out.
Since we are&gt; talking in this very thread about Tor servers being attacked, I consider&gt; this as a serious threat.&gt;&gt; "Check the git/gpg sig" is a little better, but from a quick look at the&gt; git repository I couldn't find the .xpi's on it (correct me if I'm wrong&gt; here).
This means that only the sources are signed, thus requiring the&gt; user to recompile the package at every new release.
This is time&gt; consuming, but it also add some additional requirements on the user,&gt; like having the right compilation environment on the box, having it&gt; properly configured etc.
All this for no security benefit.
Finally,&gt; checking the git's signature is not as easy as checking a simple .asc file.&gt;&gt; So, I have to join Jim's plea.
Mike, could you please put the .xpi's&gt; .asc signature files on the TorButton website?You're right.
I was considering addons.mozilla.org as the canonicalsource of the xpi, but still, that can be owned too.
In fact, I justgot a message from them informing me that they modified my torbutton1.2.3 xpi to prevent it from being listed as compatible with FF3.6.
Sothey see fit to randomly modify the xpis too.
Wonder what would happenif I did have a code signing cert..I've posted the gpg sigs for 1.2.2, 1.2.3 and 1.2.4 at:https://www.torproject.org/torbutton/releases/ [torproject.org]&gt; P.S.
Are git connection to the Tor git's repository protected by TLS&gt; against a valid certificate?No.
The git:// protocol is not protected.
You need to rely on the tagsignatures.--Mike PerryMad Computer Scientistfscked.org evil labs"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898882</id>
	<title>Apt-get upgrade</title>
	<author>Anonymous</author>
	<datestamp>1264428360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>One reason for me to use linux on my computers is that i know that there is only one plugin which i need to take care about, and that is flash. the rest is updated automatically and that is reflected in the numbers in the article (Firefox  versions distributed with ubuntu having a lot of hits, but few exploits). So no, Linux is noch more secure technologically. But the fact that you pay somebody (in my case Dell payed somebody) for keeping *all* your software uppdated by less than a click a day *is* making the more secure. If i look at what windows used have to install manually before the system is approximately as usable as a freshly installed linux, i am scared. I am a lazy ass, and i know that the plugins, *required* for watching the crap (aka documentation) some companies deliver with their products, windows virtual machines i use (for CAD) are not updated frequently. Ah, and i use noscript. A webpage has to be important to get flash turned on.</p></htmltext>
<tokenext>One reason for me to use linux on my computers is that i know that there is only one plugin which i need to take care about , and that is flash .
the rest is updated automatically and that is reflected in the numbers in the article ( Firefox versions distributed with ubuntu having a lot of hits , but few exploits ) .
So no , Linux is noch more secure technologically .
But the fact that you pay somebody ( in my case Dell payed somebody ) for keeping * all * your software uppdated by less than a click a day * is * making the more secure .
If i look at what windows used have to install manually before the system is approximately as usable as a freshly installed linux , i am scared .
I am a lazy ass , and i know that the plugins , * required * for watching the crap ( aka documentation ) some companies deliver with their products , windows virtual machines i use ( for CAD ) are not updated frequently .
Ah , and i use noscript .
A webpage has to be important to get flash turned on .</tokentext>
<sentencetext>One reason for me to use linux on my computers is that i know that there is only one plugin which i need to take care about, and that is flash.
the rest is updated automatically and that is reflected in the numbers in the article (Firefox  versions distributed with ubuntu having a lot of hits, but few exploits).
So no, Linux is noch more secure technologically.
But the fact that you pay somebody (in my case Dell payed somebody) for keeping *all* your software uppdated by less than a click a day *is* making the more secure.
If i look at what windows used have to install manually before the system is approximately as usable as a freshly installed linux, i am scared.
I am a lazy ass, and i know that the plugins, *required* for watching the crap (aka documentation) some companies deliver with their products, windows virtual machines i use (for CAD) are not updated frequently.
Ah, and i use noscript.
A webpage has to be important to get flash turned on.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908272</id>
	<title>Re:Headline?</title>
	<author>Anonymous</author>
	<datestamp>1264536360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>That was my thought, too.  But looking at the article, it seems that this headline is more accurate than the summary.  For this exploit software, the statistics show Firefox with practically no successful exploits compared to the other browsers.  The comments there were dubious that Firefox is actually that much more secure (or whether this exploit pack just has a Firefox bug in execution or statistics gathering), but the data presented was strongly in Firefox's favor.</p></htmltext>
<tokenext>That was my thought , too .
But looking at the article , it seems that this headline is more accurate than the summary .
For this exploit software , the statistics show Firefox with practically no successful exploits compared to the other browsers .
The comments there were dubious that Firefox is actually that much more secure ( or whether this exploit pack just has a Firefox bug in execution or statistics gathering ) , but the data presented was strongly in Firefox 's favor .</tokentext>
<sentencetext>That was my thought, too.
But looking at the article, it seems that this headline is more accurate than the summary.
For this exploit software, the statistics show Firefox with practically no successful exploits compared to the other browsers.
The comments there were dubious that Firefox is actually that much more secure (or whether this exploit pack just has a Firefox bug in execution or statistics gathering), but the data presented was strongly in Firefox's favor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032</id>
	<title>In other news, water is wet.</title>
	<author>Anonymous</author>
	<datestamp>1264423980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>It's kind of common sense that having plugins with various amounts of access to their installed browser(s) can compromise its entire security model. For the Slashdot crowd, it's kind of like having an aftermarket ECU on an auto's engine which, if programmed incorrectly, can cause great harm to it.</p><p>Additionally, I think browser wars are quite insipid the amount of variety we have now. Most of the browser is in its renderer, and the pros and cons of each kind is public information. Furthermore, the pros and cons of the browsers that constitute the heaping majority of the market (IE, Firefox, Opera, Safari and Chrome) are also fairly well-known (i.e. one wouldn't put Safari on Windows because its performance is known to be subpar, and a user with more rigid browsing habits won't use IE given the amount of malicious attention it gets). If there was one unanimously labelled "BEST" browser, everyone would be using it.</p></htmltext>
<tokenext>It 's kind of common sense that having plugins with various amounts of access to their installed browser ( s ) can compromise its entire security model .
For the Slashdot crowd , it 's kind of like having an aftermarket ECU on an auto 's engine which , if programmed incorrectly , can cause great harm to it.Additionally , I think browser wars are quite insipid the amount of variety we have now .
Most of the browser is in its renderer , and the pros and cons of each kind is public information .
Furthermore , the pros and cons of the browsers that constitute the heaping majority of the market ( IE , Firefox , Opera , Safari and Chrome ) are also fairly well-known ( i.e .
one would n't put Safari on Windows because its performance is known to be subpar , and a user with more rigid browsing habits wo n't use IE given the amount of malicious attention it gets ) .
If there was one unanimously labelled " BEST " browser , everyone would be using it .</tokentext>
<sentencetext>It's kind of common sense that having plugins with various amounts of access to their installed browser(s) can compromise its entire security model.
For the Slashdot crowd, it's kind of like having an aftermarket ECU on an auto's engine which, if programmed incorrectly, can cause great harm to it.Additionally, I think browser wars are quite insipid the amount of variety we have now.
Most of the browser is in its renderer, and the pros and cons of each kind is public information.
Furthermore, the pros and cons of the browsers that constitute the heaping majority of the market (IE, Firefox, Opera, Safari and Chrome) are also fairly well-known (i.e.
one wouldn't put Safari on Windows because its performance is known to be subpar, and a user with more rigid browsing habits won't use IE given the amount of malicious attention it gets).
If there was one unanimously labelled "BEST" browser, everyone would be using it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262</id>
	<title>easy solution</title>
	<author>Tumbleweed</author>
	<datestamp>1264424880000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Replace Adobe Acrobat Reader with Foxit Reader, and turn off Java. Yay. Hopefully you don't need Java (most people really don't).</p></htmltext>
<tokenext>Replace Adobe Acrobat Reader with Foxit Reader , and turn off Java .
Yay. Hopefully you do n't need Java ( most people really do n't ) .</tokentext>
<sentencetext>Replace Adobe Acrobat Reader with Foxit Reader, and turn off Java.
Yay. Hopefully you don't need Java (most people really don't).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899384</id>
	<title>Re:The problem isn't browsers.</title>
	<author>Anonymous</author>
	<datestamp>1264432740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>And if an OS DOS ask for that authentication it gets slammed as inconveniant. Sorry, Windows. You can't win.</htmltext>
<tokenext>And if an OS DOS ask for that authentication it gets slammed as inconveniant .
Sorry , Windows .
You ca n't win .</tokentext>
<sentencetext>And if an OS DOS ask for that authentication it gets slammed as inconveniant.
Sorry, Windows.
You can't win.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899358</id>
	<title>Mod parent down</title>
	<author>argent</author>
	<datestamp>1264432440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You don't need to run *privileged* code to exploit a vulnerability in an application. A normal user or even a browser running in a chrooted jail can still be used to launch attacks on other computers, take part in a botnet, and so on. Not to mentioon that if your browser's compromised it's sitting there waiting to steal your passwords and attack your bank accounts.</p><p>And "let me do something stupid" dialogs are little protection, because if they're used often enough to be effective they just train people to let the computer do something stupid.</p><p>No, once you're penetrated, you're ****ed.</p></htmltext>
<tokenext>You do n't need to run * privileged * code to exploit a vulnerability in an application .
A normal user or even a browser running in a chrooted jail can still be used to launch attacks on other computers , take part in a botnet , and so on .
Not to mentioon that if your browser 's compromised it 's sitting there waiting to steal your passwords and attack your bank accounts.And " let me do something stupid " dialogs are little protection , because if they 're used often enough to be effective they just train people to let the computer do something stupid.No , once you 're penetrated , you 're * * * * ed .</tokentext>
<sentencetext>You don't need to run *privileged* code to exploit a vulnerability in an application.
A normal user or even a browser running in a chrooted jail can still be used to launch attacks on other computers, take part in a botnet, and so on.
Not to mentioon that if your browser's compromised it's sitting there waiting to steal your passwords and attack your bank accounts.And "let me do something stupid" dialogs are little protection, because if they're used often enough to be effective they just train people to let the computer do something stupid.No, once you're penetrated, you're ****ed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898416</id>
	<title>Cooperation and Sandboxing</title>
	<author>Anonymous</author>
	<datestamp>1264425780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It has been my opinion since I heard of the work being done by Microsoft in Internet Explorer 8.0 and Google in Chrome that the browser companies need to come together and come up with an official set of specifications for loading and hosting plug-ins out of process and under a constrained execution context.  The problem is that none of the current plug-ins are designed to function as such and either will not work or require special consideration in the browser to function.  The only way to mitigate these issues is to sandbox the plug-ins, but the only way to do that in a manner that doesn't break everything is to make sandboxed plug-ins the norm.</p></htmltext>
<tokenext>It has been my opinion since I heard of the work being done by Microsoft in Internet Explorer 8.0 and Google in Chrome that the browser companies need to come together and come up with an official set of specifications for loading and hosting plug-ins out of process and under a constrained execution context .
The problem is that none of the current plug-ins are designed to function as such and either will not work or require special consideration in the browser to function .
The only way to mitigate these issues is to sandbox the plug-ins , but the only way to do that in a manner that does n't break everything is to make sandboxed plug-ins the norm .</tokentext>
<sentencetext>It has been my opinion since I heard of the work being done by Microsoft in Internet Explorer 8.0 and Google in Chrome that the browser companies need to come together and come up with an official set of specifications for loading and hosting plug-ins out of process and under a constrained execution context.
The problem is that none of the current plug-ins are designed to function as such and either will not work or require special consideration in the browser to function.
The only way to mitigate these issues is to sandbox the plug-ins, but the only way to do that in a manner that doesn't break everything is to make sandboxed plug-ins the norm.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899198</id>
	<title>No Firefox?</title>
	<author>zaivala</author>
	<datestamp>1264430940000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext>I hope I'm not the only one who noticed that the headline neglected to include Firefox, but that the article makes it clear they are equally at risk.</htmltext>
<tokenext>I hope I 'm not the only one who noticed that the headline neglected to include Firefox , but that the article makes it clear they are equally at risk .</tokentext>
<sentencetext>I hope I'm not the only one who noticed that the headline neglected to include Firefox, but that the article makes it clear they are equally at risk.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899564</id>
	<title>Two Browsers?</title>
	<author>KibibyteBrain</author>
	<datestamp>1264434540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I sort of have to agree that the browser as a one stop shop is getting sort of untenable. Frankly, I have no desire to do my online banking with the same piece of software I explore random information on all day with computers around the world run by people I don't even know. But whats the solution, two browsers? Were things any better in the 90s when I would download random exe's to do small little tasks now handled by rich web apps? At some level the only solution to this is to use separate, incompatible systems to do different levels of tasks(even if they reside in the same case). And even then, spoofing for secrets would still be a problem.</htmltext>
<tokenext>I sort of have to agree that the browser as a one stop shop is getting sort of untenable .
Frankly , I have no desire to do my online banking with the same piece of software I explore random information on all day with computers around the world run by people I do n't even know .
But whats the solution , two browsers ?
Were things any better in the 90s when I would download random exe 's to do small little tasks now handled by rich web apps ?
At some level the only solution to this is to use separate , incompatible systems to do different levels of tasks ( even if they reside in the same case ) .
And even then , spoofing for secrets would still be a problem .</tokentext>
<sentencetext>I sort of have to agree that the browser as a one stop shop is getting sort of untenable.
Frankly, I have no desire to do my online banking with the same piece of software I explore random information on all day with computers around the world run by people I don't even know.
But whats the solution, two browsers?
Were things any better in the 90s when I would download random exe's to do small little tasks now handled by rich web apps?
At some level the only solution to this is to use separate, incompatible systems to do different levels of tasks(even if they reside in the same case).
And even then, spoofing for secrets would still be a problem.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898264</id>
	<title>Re:The problem isn't browsers.</title>
	<author>MrEricSir</author>
	<datestamp>1264424880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Unfortunately, every OS that I'm aware of allows a browser plugin to download and execute arbitrary code.</p><p>Whether it can run as root or not isn't really relevant, since even running as a normal user it can access the entire user's home folder.</p></htmltext>
<tokenext>Unfortunately , every OS that I 'm aware of allows a browser plugin to download and execute arbitrary code.Whether it can run as root or not is n't really relevant , since even running as a normal user it can access the entire user 's home folder .</tokentext>
<sentencetext>Unfortunately, every OS that I'm aware of allows a browser plugin to download and execute arbitrary code.Whether it can run as root or not isn't really relevant, since even running as a normal user it can access the entire user's home folder.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899790</id>
	<title>Re:Firefox?</title>
	<author>Anonymous</author>
	<datestamp>1264436640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Hah!  Caught you!  It was a trap to get all the pro-IE5 people to float to the surface.  We will now be monitoring your thought patterns to come up with a reason why you are pro-IE5.</p><p>
Sincerely,
</p><p>The Internet</p></htmltext>
<tokenext>Hah !
Caught you !
It was a trap to get all the pro-IE5 people to float to the surface .
We will now be monitoring your thought patterns to come up with a reason why you are pro-IE5 .
Sincerely , The Internet</tokentext>
<sentencetext>Hah!
Caught you!
It was a trap to get all the pro-IE5 people to float to the surface.
We will now be monitoring your thought patterns to come up with a reason why you are pro-IE5.
Sincerely,
The Internet</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900690</id>
	<title>Sounds like Krebs reads slashdot posters</title>
	<author>Anonymous</author>
	<datestamp>1264444860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><a href="http://tech.slashdot.org/comments.pl?sid=1512306&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30782898" title="slashdot.org" rel="nofollow">http://tech.slashdot.org/comments.pl?sid=1512306&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30782898</a> [slashdot.org]</p><p>It is common sense to anyone that understands computing. In fact, the third enumerated point there in the link above merely reflects what they say about browser addons to a tee. Pity is that it got he attacked by the fanboys and trolls here as is usual for his posts from what I have seen directed his way.</p></htmltext>
<tokenext>http : //tech.slashdot.org/comments.pl ? sid = 1512306&amp;threshold = -1&amp;commentsort = 0&amp;mode = thread&amp;cid = 30782898 [ slashdot.org ] It is common sense to anyone that understands computing .
In fact , the third enumerated point there in the link above merely reflects what they say about browser addons to a tee .
Pity is that it got he attacked by the fanboys and trolls here as is usual for his posts from what I have seen directed his way .</tokentext>
<sentencetext>http://tech.slashdot.org/comments.pl?sid=1512306&amp;threshold=-1&amp;commentsort=0&amp;mode=thread&amp;cid=30782898 [slashdot.org]It is common sense to anyone that understands computing.
In fact, the third enumerated point there in the link above merely reflects what they say about browser addons to a tee.
Pity is that it got he attacked by the fanboys and trolls here as is usual for his posts from what I have seen directed his way.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964</id>
	<title>Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264423680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>But doesnt sandboxing these plugins make these browsers secure?</htmltext>
<tokenext>But doesnt sandboxing these plugins make these browsers secure ?</tokentext>
<sentencetext>But doesnt sandboxing these plugins make these browsers secure?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899554</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264434360000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place.</p></div><p>That's amusing because it goes completely contrary to what the winners of the Pwn2Own contest showed.  In fact the browsers running on Windows (whether it be Firefox or Safari) were shown to be more immune to attack on that OS than on Linux or OS X.</p></div>
	</htmltext>
<tokenext>Third , it does n't matter how much sandboxing you do when the underlying operating system is Windows , and is already full of holes and incapable of providing a sufficient level of security in the first place.That 's amusing because it goes completely contrary to what the winners of the Pwn2Own contest showed .
In fact the browsers running on Windows ( whether it be Firefox or Safari ) were shown to be more immune to attack on that OS than on Linux or OS X .</tokentext>
<sentencetext>Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place.That's amusing because it goes completely contrary to what the winners of the Pwn2Own contest showed.
In fact the browsers running on Windows (whether it be Firefox or Safari) were shown to be more immune to attack on that OS than on Linux or OS X.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898042</id>
	<title>Re:Headline?</title>
	<author>plasmator</author>
	<datestamp>1264424040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>I was just about to ask the same thing, especially when the summary lists FF.</p><p>I like Firefox, it's my primary browser, but not listing it in the headline is just lying by omission.</p></htmltext>
<tokenext>I was just about to ask the same thing , especially when the summary lists FF.I like Firefox , it 's my primary browser , but not listing it in the headline is just lying by omission .</tokentext>
<sentencetext>I was just about to ask the same thing, especially when the summary lists FF.I like Firefox, it's my primary browser, but not listing it in the headline is just lying by omission.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898312</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264425180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Java got its own sandbox. And it works really great. The vulnerabilities in the past were related to native image loading components. Loading binary data with C/C++ is very fast but also very error prone.</p></htmltext>
<tokenext>Java got its own sandbox .
And it works really great .
The vulnerabilities in the past were related to native image loading components .
Loading binary data with C/C + + is very fast but also very error prone .</tokentext>
<sentencetext>Java got its own sandbox.
And it works really great.
The vulnerabilities in the past were related to native image loading components.
Loading binary data with C/C++ is very fast but also very error prone.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898512</id>
	<title>Re:Headline?</title>
	<author>Anonymous</author>
	<datestamp>1264426320000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>0</modscore>
	<htmltext>Because KDawson is an asshole? That's my guess.</htmltext>
<tokenext>Because KDawson is an asshole ?
That 's my guess .</tokentext>
<sentencetext>Because KDawson is an asshole?
That's my guess.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898130</id>
	<title>Adobe reader plugin?</title>
	<author>shitzu</author>
	<datestamp>1264424340000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I never acutally understood the reason for a PDF plugin. Why can't i just download the bloody file and look at it? On second thought, that's what i usually do. Can someone give me one good reason to have a plugin for PDF files? Paedophiles?</p></htmltext>
<tokenext>I never acutally understood the reason for a PDF plugin .
Why ca n't i just download the bloody file and look at it ?
On second thought , that 's what i usually do .
Can someone give me one good reason to have a plugin for PDF files ?
Paedophiles ?</tokentext>
<sentencetext>I never acutally understood the reason for a PDF plugin.
Why can't i just download the bloody file and look at it?
On second thought, that's what i usually do.
Can someone give me one good reason to have a plugin for PDF files?
Paedophiles?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</id>
	<title>The problem isn't browsers.</title>
	<author>morgan\_greywolf</author>
	<datestamp>1264424340000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem isn't browsers, it's the operating system they're running on.  Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken.</p></htmltext>
<tokenext>The problem is n't browsers , it 's the operating system they 're running on .
Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken .</tokentext>
<sentencetext>The problem isn't browsers, it's the operating system they're running on.
Any operating system that allows normal users to execute privileged code without entering some sort of authentication before allowing those privileges is inherently broken.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898816</id>
	<title>sChwit</title>
	<author>Anonymous</author>
	<datestamp>1264427940000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">for all practiCal the mundane 3hores</a> [goat.cx]</htmltext>
<tokenext>for all practiCal the mundane 3hores [ goat.cx ]</tokentext>
<sentencetext>for all practiCal the mundane 3hores [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899676</id>
	<title>Re:Adobe reader plugin?</title>
	<author>flyingfsck</author>
	<datestamp>1264435560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The plugin still downloads the whole PDF file before rendering it from the<nobr> <wbr></nobr>/tmp directory.  On Linux, the PDF plugin is decidedly more clunky to use especially when you have to view multiple files as in your example.</htmltext>
<tokenext>The plugin still downloads the whole PDF file before rendering it from the /tmp directory .
On Linux , the PDF plugin is decidedly more clunky to use especially when you have to view multiple files as in your example .</tokentext>
<sentencetext>The plugin still downloads the whole PDF file before rendering it from the /tmp directory.
On Linux, the PDF plugin is decidedly more clunky to use especially when you have to view multiple files as in your example.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898460</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898372</id>
	<title>Re:The problem isn't browsers.</title>
	<author>Anonymous</author>
	<datestamp>1264425540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Your browser wants to download a picture.  Cancel/Allow?<br>Your browser wants to download a plugin.  Cancel/Allow?<br>Your browser wants to show you what you just clicked on.  Cancel/Allow?  Allow: owned.<br>That doesn't work either.</p></htmltext>
<tokenext>Your browser wants to download a picture .
Cancel/Allow ? Your browser wants to download a plugin .
Cancel/Allow ? Your browser wants to show you what you just clicked on .
Cancel/Allow ? Allow : owned.That does n't work either .</tokentext>
<sentencetext>Your browser wants to download a picture.
Cancel/Allow?Your browser wants to download a plugin.
Cancel/Allow?Your browser wants to show you what you just clicked on.
Cancel/Allow?  Allow: owned.That doesn't work either.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898778</id>
	<title>Extensions are just as big a problem too.</title>
	<author>Anonymous</author>
	<datestamp>1264427700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>In fact, they can even be worse than plugins.</p><p>The only way to ensure extensions are safe would be to have a verification process on every one of them.*<br>An automatic extension tester could be run on every extension before being released.<br>This will check for any resources it accesses, just in case they tried to be smart and hide code execution from potential scanners.<br>Then there should be a simple table of what an extension does.<br>Accesses External URLs, accesses history, accesses cache, accesses bookmarks, local storage, file management probably the main ones. Read / write on all of those.<br>You should also be allowed to disable access to either the R/W permissions on any of those sections of functionality.</p><p>While automatic testing of extensions on submission servers is possible, testing for date triggers might not be as easy to find in decent obfuscated code.</p><p>Good luck getting Mozilla, Opera or Google to add this in.  "Oh it's too complicated, users don't need to see that" will probably be the general opinion.  Pathetic.</p><p>* Or go the evil route and ask for personal information and deny any without it.</p></htmltext>
<tokenext>In fact , they can even be worse than plugins.The only way to ensure extensions are safe would be to have a verification process on every one of them .
* An automatic extension tester could be run on every extension before being released.This will check for any resources it accesses , just in case they tried to be smart and hide code execution from potential scanners.Then there should be a simple table of what an extension does.Accesses External URLs , accesses history , accesses cache , accesses bookmarks , local storage , file management probably the main ones .
Read / write on all of those.You should also be allowed to disable access to either the R/W permissions on any of those sections of functionality.While automatic testing of extensions on submission servers is possible , testing for date triggers might not be as easy to find in decent obfuscated code.Good luck getting Mozilla , Opera or Google to add this in .
" Oh it 's too complicated , users do n't need to see that " will probably be the general opinion .
Pathetic. * Or go the evil route and ask for personal information and deny any without it .</tokentext>
<sentencetext>In fact, they can even be worse than plugins.The only way to ensure extensions are safe would be to have a verification process on every one of them.
*An automatic extension tester could be run on every extension before being released.This will check for any resources it accesses, just in case they tried to be smart and hide code execution from potential scanners.Then there should be a simple table of what an extension does.Accesses External URLs, accesses history, accesses cache, accesses bookmarks, local storage, file management probably the main ones.
Read / write on all of those.You should also be allowed to disable access to either the R/W permissions on any of those sections of functionality.While automatic testing of extensions on submission servers is possible, testing for date triggers might not be as easy to find in decent obfuscated code.Good luck getting Mozilla, Opera or Google to add this in.
"Oh it's too complicated, users don't need to see that" will probably be the general opinion.
Pathetic.* Or go the evil route and ask for personal information and deny any without it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898554</id>
	<title>Re:The model</title>
	<author>Anonymous</author>
	<datestamp>1264426560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.</p><p>It is probably foolish to believe that you could ever build a [useful] system that had no security flaws but still allowed untrusted, unprompted arbitrary code execution.</p></div><p>It always amazes me that some of the most popular add-ons and plugins have invalid security certificates - at least when I download them.</p></div>
	</htmltext>
<tokenext>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server , or a page that had an embedded link to your server.It is probably foolish to believe that you could ever build a [ useful ] system that had no security flaws but still allowed untrusted , unprompted arbitrary code execution.It always amazes me that some of the most popular add-ons and plugins have invalid security certificates - at least when I download them .</tokentext>
<sentencetext>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.It is probably foolish to believe that you could ever build a [useful] system that had no security flaws but still allowed untrusted, unprompted arbitrary code execution.It always amazes me that some of the most popular add-ons and plugins have invalid security certificates - at least when I download them.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898334</id>
	<title>Would it hurt to proof-read submissions?</title>
	<author>ChunderDownunder</author>
	<datestamp>1264425300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I had a friend at university named Eleonor<b>a</b> . You've just besmirched her name by referencing an article about 'Eleonor<b>e</b>'.<nobr> <wbr></nobr>:(</htmltext>
<tokenext>I had a friend at university named Eleonora .
You 've just besmirched her name by referencing an article about 'Eleonore' .
: (</tokentext>
<sentencetext>I had a friend at university named Eleonora .
You've just besmirched her name by referencing an article about 'Eleonore'.
:(</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976</id>
	<title>Headline?</title>
	<author>Anonymous</author>
	<datestamp>1264423740000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>Why doesn't the headline list Firefox, too?</p></htmltext>
<tokenext>Why does n't the headline list Firefox , too ?</tokentext>
<sentencetext>Why doesn't the headline list Firefox, too?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898690</id>
	<title>A new browser?</title>
	<author>PopeRatzo</author>
	<datestamp>1264427160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Reading this headline quickly, for a second I thought there was a new browser out named "Ding".</p><p>Or I guess, this being 2010 and all, it would have to be named "ding".  The lower-case names apparently show extra coolness or something.</p></htmltext>
<tokenext>Reading this headline quickly , for a second I thought there was a new browser out named " Ding " .Or I guess , this being 2010 and all , it would have to be named " ding " .
The lower-case names apparently show extra coolness or something .</tokentext>
<sentencetext>Reading this headline quickly, for a second I thought there was a new browser out named "Ding".Or I guess, this being 2010 and all, it would have to be named "ding".
The lower-case names apparently show extra coolness or something.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056</id>
	<title>The model</title>
	<author>Anonymous</author>
	<datestamp>1264424100000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.</p><p>It is probably foolish to believe that you could ever build a [useful] system that had no security flaws but still allowed untrusted, unprompted arbitrary code execution.</p></htmltext>
<tokenext>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server , or a page that had an embedded link to your server.It is probably foolish to believe that you could ever build a [ useful ] system that had no security flaws but still allowed untrusted , unprompted arbitrary code execution .</tokentext>
<sentencetext>Perhaps the real insecurity is the whole model whereby the entire system depends on the ability for any random server to download arbitrary program code to your machine and execute it just because you visited their server, or a page that had an embedded link to your server.It is probably foolish to believe that you could ever build a [useful] system that had no security flaws but still allowed untrusted, unprompted arbitrary code execution.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901618</id>
	<title>Wide audience...</title>
	<author>Bert64</author>
	<datestamp>1264500360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When IE had 90\%+ marketshare it was easy to target a huge number of users at once with a single exploit, now that the browser market is more competitive it's harder for malware authors to attack. They could still write an exploit for a single browser, but that would target only a percentage of users...</p><p>As a result, malware authors look for something new which is as widespread as possible... Most browsers have flash and pdf plugins, and the alternatives in these markets are still extremely rare so they're a good start. So while your victims might be running any from a handful of browsers, they will all be running exactly the same flash plugin. Find an exploit in that, and you suddenly have a 90\%+ target area again.</p><p>Any single source software that becomes too widespread will be a target for attack... Having a competitive market makes things difficult for the attackers.</p></htmltext>
<tokenext>When IE had 90 \ % + marketshare it was easy to target a huge number of users at once with a single exploit , now that the browser market is more competitive it 's harder for malware authors to attack .
They could still write an exploit for a single browser , but that would target only a percentage of users...As a result , malware authors look for something new which is as widespread as possible... Most browsers have flash and pdf plugins , and the alternatives in these markets are still extremely rare so they 're a good start .
So while your victims might be running any from a handful of browsers , they will all be running exactly the same flash plugin .
Find an exploit in that , and you suddenly have a 90 \ % + target area again.Any single source software that becomes too widespread will be a target for attack... Having a competitive market makes things difficult for the attackers .</tokentext>
<sentencetext>When IE had 90\%+ marketshare it was easy to target a huge number of users at once with a single exploit, now that the browser market is more competitive it's harder for malware authors to attack.
They could still write an exploit for a single browser, but that would target only a percentage of users...As a result, malware authors look for something new which is as widespread as possible... Most browsers have flash and pdf plugins, and the alternatives in these markets are still extremely rare so they're a good start.
So while your victims might be running any from a handful of browsers, they will all be running exactly the same flash plugin.
Find an exploit in that, and you suddenly have a 90\%+ target area again.Any single source software that becomes too widespread will be a target for attack... Having a competitive market makes things difficult for the attackers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898296</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264425060000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>http://queue.acm.org/detail.cfm?id=1556050<br><br>"...Google Chrome must support plug-ins such as Flash Player and Silverlight so users can visit popular Web sites such as YouTube. These plug-ins are not designed to run in a sandbox, however, and they expect direct access to the underlying operating system. This allows them to implement features such as full-screen video chat with access to the entire screen, the user's webcam, and microphone. Google Chrome does not currently run these plug-ins in a sandbox, instead relying on their respective vendors to maintain their own security."<br><br>I'd imagine that since Chrome doesn't sandbox, the other browsers would have a hard time sandboxing those plugins as well.</htmltext>
<tokenext>http : //queue.acm.org/detail.cfm ? id = 1556050 " ...Google Chrome must support plug-ins such as Flash Player and Silverlight so users can visit popular Web sites such as YouTube .
These plug-ins are not designed to run in a sandbox , however , and they expect direct access to the underlying operating system .
This allows them to implement features such as full-screen video chat with access to the entire screen , the user 's webcam , and microphone .
Google Chrome does not currently run these plug-ins in a sandbox , instead relying on their respective vendors to maintain their own security .
" I 'd imagine that since Chrome does n't sandbox , the other browsers would have a hard time sandboxing those plugins as well .</tokentext>
<sentencetext>http://queue.acm.org/detail.cfm?id=1556050"...Google Chrome must support plug-ins such as Flash Player and Silverlight so users can visit popular Web sites such as YouTube.
These plug-ins are not designed to run in a sandbox, however, and they expect direct access to the underlying operating system.
This allows them to implement features such as full-screen video chat with access to the entire screen, the user's webcam, and microphone.
Google Chrome does not currently run these plug-ins in a sandbox, instead relying on their respective vendors to maintain their own security.
"I'd imagine that since Chrome doesn't sandbox, the other browsers would have a hard time sandboxing those plugins as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900948</id>
	<title>Re:Foxit is vulnerable, too</title>
	<author>Anonymous</author>
	<datestamp>1264448580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It would be naive to think that only Acrobat Reader has vulnerabilities. <a href="http://www.coresecurity.com/content/foxit-reader-vulnerabilities" title="coresecurity.com" rel="nofollow">Foxit Reader has some, too.</a> [coresecurity.com] </p><p>Anyway, it's probably still a good solution since Acrobat Reader is unnecessarily bloated, and I totally agree to disable Java.</p></htmltext>
<tokenext>It would be naive to think that only Acrobat Reader has vulnerabilities .
Foxit Reader has some , too .
[ coresecurity.com ] Anyway , it 's probably still a good solution since Acrobat Reader is unnecessarily bloated , and I totally agree to disable Java .</tokentext>
<sentencetext>It would be naive to think that only Acrobat Reader has vulnerabilities.
Foxit Reader has some, too.
[coresecurity.com] Anyway, it's probably still a good solution since Acrobat Reader is unnecessarily bloated, and I totally agree to disable Java.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264424160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>No. "Sandboxing", as done by browsers, is generally nothing more than a buzzword.</p><p>First, you have to assume that the sandboxing has been done correctly. More often than not this is just not the case. Holes get poked in the sandbox walls for what are benign and legitimate actions, but soon enough somebody will figure out a way to exploit that hole, and then you've got a huge security flaw affecting millions of users.</p><p>Second, sandboxing does absolutely nothing to stop social attacks, which are one of the leading ways that sensitive data is stolen from users.</p><p>Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place.</p><p>The browser was never meant to be a fucking operating system, like some people today treat it as. It was meant for displaying documents, and linking between them. It's just plain stupid to try and build complex applications in the browser, especially with the Internet being so hostile.</p></htmltext>
<tokenext>No .
" Sandboxing " , as done by browsers , is generally nothing more than a buzzword.First , you have to assume that the sandboxing has been done correctly .
More often than not this is just not the case .
Holes get poked in the sandbox walls for what are benign and legitimate actions , but soon enough somebody will figure out a way to exploit that hole , and then you 've got a huge security flaw affecting millions of users.Second , sandboxing does absolutely nothing to stop social attacks , which are one of the leading ways that sensitive data is stolen from users.Third , it does n't matter how much sandboxing you do when the underlying operating system is Windows , and is already full of holes and incapable of providing a sufficient level of security in the first place.The browser was never meant to be a fucking operating system , like some people today treat it as .
It was meant for displaying documents , and linking between them .
It 's just plain stupid to try and build complex applications in the browser , especially with the Internet being so hostile .</tokentext>
<sentencetext>No.
"Sandboxing", as done by browsers, is generally nothing more than a buzzword.First, you have to assume that the sandboxing has been done correctly.
More often than not this is just not the case.
Holes get poked in the sandbox walls for what are benign and legitimate actions, but soon enough somebody will figure out a way to exploit that hole, and then you've got a huge security flaw affecting millions of users.Second, sandboxing does absolutely nothing to stop social attacks, which are one of the leading ways that sensitive data is stolen from users.Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place.The browser was never meant to be a fucking operating system, like some people today treat it as.
It was meant for displaying documents, and linking between them.
It's just plain stupid to try and build complex applications in the browser, especially with the Internet being so hostile.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899498</id>
	<title>Re:The model</title>
	<author>Temporal</author>
	<datestamp>1264433940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No, what's broken is the model that by default gives all your authority to every piece of code you run.  There is absolutely nothing wrong with running untrusted arbitrary code as long as you don't give it the ability to access any sensitive resources.  The Adobe Reader plugin has *no* reason to be granted access to do anything except read the PDF you downloaded and render it to the screen -- no hard drive access (other than its own installed files), no network access, etc.  But by default we assume that installed programs (like plugins) should be allowed to do everything the user herself can do, and grant that permission.</p><p>In short, run the Adobe Reader plugin in a separate process in a chroot jail as user "nobody" and only let it communicate to the browser through a socket and maybe some shared memory.  Then security flaws in Reader are irrelevant.</p><p>BTW, Chrome runs plugins in separate processes so we're already part of the way there.  Unfortunately those plugins are still written under the assumption that they can do whatever the hell they want, which means they often break when not given that ability.  Sigh.</p></htmltext>
<tokenext>No , what 's broken is the model that by default gives all your authority to every piece of code you run .
There is absolutely nothing wrong with running untrusted arbitrary code as long as you do n't give it the ability to access any sensitive resources .
The Adobe Reader plugin has * no * reason to be granted access to do anything except read the PDF you downloaded and render it to the screen -- no hard drive access ( other than its own installed files ) , no network access , etc .
But by default we assume that installed programs ( like plugins ) should be allowed to do everything the user herself can do , and grant that permission.In short , run the Adobe Reader plugin in a separate process in a chroot jail as user " nobody " and only let it communicate to the browser through a socket and maybe some shared memory .
Then security flaws in Reader are irrelevant.BTW , Chrome runs plugins in separate processes so we 're already part of the way there .
Unfortunately those plugins are still written under the assumption that they can do whatever the hell they want , which means they often break when not given that ability .
Sigh .</tokentext>
<sentencetext>No, what's broken is the model that by default gives all your authority to every piece of code you run.
There is absolutely nothing wrong with running untrusted arbitrary code as long as you don't give it the ability to access any sensitive resources.
The Adobe Reader plugin has *no* reason to be granted access to do anything except read the PDF you downloaded and render it to the screen -- no hard drive access (other than its own installed files), no network access, etc.
But by default we assume that installed programs (like plugins) should be allowed to do everything the user herself can do, and grant that permission.In short, run the Adobe Reader plugin in a separate process in a chroot jail as user "nobody" and only let it communicate to the browser through a socket and maybe some shared memory.
Then security flaws in Reader are irrelevant.BTW, Chrome runs plugins in separate processes so we're already part of the way there.
Unfortunately those plugins are still written under the assumption that they can do whatever the hell they want, which means they often break when not given that ability.
Sigh.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900092</id>
	<title>Re:Firefox?</title>
	<author>Anonymous</author>
	<datestamp>1264439220000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins.  I'm certain this problem applies to it as well (particularly since it gets mentioned in the summary below).  Innocent slip or ulterior motive of the anti-IE crowd?</p></div><p>Probably not so much anti-IE as pro-Firefox, seeing as how that was pretty much the only browser missing from the list in the title, which should have read "Insecure Plugins a Problem for Browsers."</p></div>
	</htmltext>
<tokenext>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins .
I 'm certain this problem applies to it as well ( particularly since it gets mentioned in the summary below ) .
Innocent slip or ulterior motive of the anti-IE crowd ? Probably not so much anti-IE as pro-Firefox , seeing as how that was pretty much the only browser missing from the list in the title , which should have read " Insecure Plugins a Problem for Browsers .
"</tokentext>
<sentencetext>I noticed that Firefox / Mozilla was left out of the title list of insecure plugins.
I'm certain this problem applies to it as well (particularly since it gets mentioned in the summary below).
Innocent slip or ulterior motive of the anti-IE crowd?Probably not so much anti-IE as pro-Firefox, seeing as how that was pretty much the only browser missing from the list in the title, which should have read "Insecure Plugins a Problem for Browsers.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898780</id>
	<title>Re:Sandboxing?</title>
	<author>Drive42</author>
	<datestamp>1264427760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Amen.</p></htmltext>
<tokenext>Amen .</tokentext>
<sentencetext>Amen.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899106</id>
	<title>Re:Sandboxing?</title>
	<author>Your.Master</author>
	<datestamp>1264430100000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>"Second, sandboxing does absolutely nothing to stop social attacks, which are one of the leading ways that sensitive data is stolen from users."</p><p>True, and that's often lost on people, but irrelevant to the subject at hand.  We were talking about whether a browser could do anything to mitigate insecure plugins as an attack vector short of disabling plugins.</p><p>"Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place."</p><p>Explain.</p></htmltext>
<tokenext>" Second , sandboxing does absolutely nothing to stop social attacks , which are one of the leading ways that sensitive data is stolen from users .
" True , and that 's often lost on people , but irrelevant to the subject at hand .
We were talking about whether a browser could do anything to mitigate insecure plugins as an attack vector short of disabling plugins .
" Third , it does n't matter how much sandboxing you do when the underlying operating system is Windows , and is already full of holes and incapable of providing a sufficient level of security in the first place .
" Explain .</tokentext>
<sentencetext>"Second, sandboxing does absolutely nothing to stop social attacks, which are one of the leading ways that sensitive data is stolen from users.
"True, and that's often lost on people, but irrelevant to the subject at hand.
We were talking about whether a browser could do anything to mitigate insecure plugins as an attack vector short of disabling plugins.
"Third, it doesn't matter how much sandboxing you do when the underlying operating system is Windows, and is already full of holes and incapable of providing a sufficient level of security in the first place.
"Explain.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898094</id>
	<title>Simple solution built into Opera...</title>
	<author>Anonymous</author>
	<datestamp>1264424220000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Quick options toggle menu -&gt; enable/disable plugins.</p><p>(with whitelisting and blacklisting of particular sites available of course)</p></htmltext>
<tokenext>Quick options toggle menu - &gt; enable/disable plugins .
( with whitelisting and blacklisting of particular sites available of course )</tokentext>
<sentencetext>Quick options toggle menu -&gt; enable/disable plugins.
(with whitelisting and blacklisting of particular sites available of course)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901650</id>
	<title>Re:Sandboxing?</title>
	<author>Anonymous</author>
	<datestamp>1264500780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Well, you could also argue that Windows was never meant to be a networked operating system, the initial design was a simple graphical shell for dos and a lot of those design decisions shine through today... They tried to design a proper system with NT, but they piled too much of their existing cruft on top that it pretty much rendered the security model of NT worthless.</p><p>But you do have a point, too much complexity, both in windows and in modern browsers, the more complexity you have the greater the risk of something going wrong.</p><p>On the other hand, if not for browser applications, what else instead?</p><p>Local apps? you either have to design for multiple platforms, or have a single monoculture which has its own very serious problems...</p><p>Like it or not, in this regard the browser makes a better OS because at least you have multiple compatible implementations. The browser just moves things up the stack.</p></htmltext>
<tokenext>Well , you could also argue that Windows was never meant to be a networked operating system , the initial design was a simple graphical shell for dos and a lot of those design decisions shine through today... They tried to design a proper system with NT , but they piled too much of their existing cruft on top that it pretty much rendered the security model of NT worthless.But you do have a point , too much complexity , both in windows and in modern browsers , the more complexity you have the greater the risk of something going wrong.On the other hand , if not for browser applications , what else instead ? Local apps ?
you either have to design for multiple platforms , or have a single monoculture which has its own very serious problems...Like it or not , in this regard the browser makes a better OS because at least you have multiple compatible implementations .
The browser just moves things up the stack .</tokentext>
<sentencetext>Well, you could also argue that Windows was never meant to be a networked operating system, the initial design was a simple graphical shell for dos and a lot of those design decisions shine through today... They tried to design a proper system with NT, but they piled too much of their existing cruft on top that it pretty much rendered the security model of NT worthless.But you do have a point, too much complexity, both in windows and in modern browsers, the more complexity you have the greater the risk of something going wrong.On the other hand, if not for browser applications, what else instead?Local apps?
you either have to design for multiple platforms, or have a single monoculture which has its own very serious problems...Like it or not, in this regard the browser makes a better OS because at least you have multiple compatible implementations.
The browser just moves things up the stack.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30906966</id>
	<title>Re:Two Browsers?</title>
	<author>Anonymous</author>
	<datestamp>1264531320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Actually, how about a REAL sandbox?  I've used both VMWare Player and VirtualBox to run sandboxed (virtualized) Linux and Windows browser sessions.  Use bridged networking instead of NAT, ensure no drive mappings back to the underlying host OS, run the app in a dedicated memory space, and DON'T go to places that you shouldn't go in the same virtual browser appliance that you use for online banking.  Works for me.</p><p>Oh, for additional security, you can use snapshots to make sure that no nasty trojans or other rootkits infest your virtual browser, either.  Build a virtual browser with the OS of your choice, customize with whatever security mods and/or addons that you want, shut it down, and snapshot it.  Then run new sessions from the snapshot, and when you're done discard the changes and go back to the snapshot when starting another browsing session.  Even if you get infested, it gets wiped out when the snapshot is reverted and all previous changes are abandoned.</p><p>If you need to update, update the snapshot, TEST TEST TEST, and then if you're satisfied, create a NEW snapshot and browse from there.  Optionally, merge the new changes into the base image and then create a new snapshot.  Personally, though, I keep at least a two-snapshot hierarchy so I can revert to a previous "known good" configuration, just in case I dork something up or miss a nasty bug that makes it into my current working snapshot.</p><p>Is it perfect?  Depends on how you look at it.  For me, it is (but I don't do VOIP or online gaming, either).  But then again, I have two NIC's in my PC; one for the actual computer, with a non-routed TCP/IP address (i.e. no Internet access at all, but can still access my WHS server).  The other NIC has every protocol and service uninstalled except for the VMWare bridging protocol.  I route all "Internet" traffic from my virtual browsing appliance through that NIC, and the appliance DOES have a routeable TCP/IP address.</p><p>In VMWare Player, I get most of what I want.  Streaming video works great, HD content looks great, Flash works great (just can't have 20 open tabs in Firefox with flash content, but you can't do that on a normal PC, either).</p><p>Not perfect for every user, but works great for me, and I haven't had a single bot, virus, trojan, or malware attack in over two years.</p><p>Just my two cents, for anyone who cares<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>Actually , how about a REAL sandbox ?
I 've used both VMWare Player and VirtualBox to run sandboxed ( virtualized ) Linux and Windows browser sessions .
Use bridged networking instead of NAT , ensure no drive mappings back to the underlying host OS , run the app in a dedicated memory space , and DO N'T go to places that you should n't go in the same virtual browser appliance that you use for online banking .
Works for me.Oh , for additional security , you can use snapshots to make sure that no nasty trojans or other rootkits infest your virtual browser , either .
Build a virtual browser with the OS of your choice , customize with whatever security mods and/or addons that you want , shut it down , and snapshot it .
Then run new sessions from the snapshot , and when you 're done discard the changes and go back to the snapshot when starting another browsing session .
Even if you get infested , it gets wiped out when the snapshot is reverted and all previous changes are abandoned.If you need to update , update the snapshot , TEST TEST TEST , and then if you 're satisfied , create a NEW snapshot and browse from there .
Optionally , merge the new changes into the base image and then create a new snapshot .
Personally , though , I keep at least a two-snapshot hierarchy so I can revert to a previous " known good " configuration , just in case I dork something up or miss a nasty bug that makes it into my current working snapshot.Is it perfect ?
Depends on how you look at it .
For me , it is ( but I do n't do VOIP or online gaming , either ) .
But then again , I have two NIC 's in my PC ; one for the actual computer , with a non-routed TCP/IP address ( i.e .
no Internet access at all , but can still access my WHS server ) .
The other NIC has every protocol and service uninstalled except for the VMWare bridging protocol .
I route all " Internet " traffic from my virtual browsing appliance through that NIC , and the appliance DOES have a routeable TCP/IP address.In VMWare Player , I get most of what I want .
Streaming video works great , HD content looks great , Flash works great ( just ca n't have 20 open tabs in Firefox with flash content , but you ca n't do that on a normal PC , either ) .Not perfect for every user , but works great for me , and I have n't had a single bot , virus , trojan , or malware attack in over two years.Just my two cents , for anyone who cares : - )</tokentext>
<sentencetext>Actually, how about a REAL sandbox?
I've used both VMWare Player and VirtualBox to run sandboxed (virtualized) Linux and Windows browser sessions.
Use bridged networking instead of NAT, ensure no drive mappings back to the underlying host OS, run the app in a dedicated memory space, and DON'T go to places that you shouldn't go in the same virtual browser appliance that you use for online banking.
Works for me.Oh, for additional security, you can use snapshots to make sure that no nasty trojans or other rootkits infest your virtual browser, either.
Build a virtual browser with the OS of your choice, customize with whatever security mods and/or addons that you want, shut it down, and snapshot it.
Then run new sessions from the snapshot, and when you're done discard the changes and go back to the snapshot when starting another browsing session.
Even if you get infested, it gets wiped out when the snapshot is reverted and all previous changes are abandoned.If you need to update, update the snapshot, TEST TEST TEST, and then if you're satisfied, create a NEW snapshot and browse from there.
Optionally, merge the new changes into the base image and then create a new snapshot.
Personally, though, I keep at least a two-snapshot hierarchy so I can revert to a previous "known good" configuration, just in case I dork something up or miss a nasty bug that makes it into my current working snapshot.Is it perfect?
Depends on how you look at it.
For me, it is (but I don't do VOIP or online gaming, either).
But then again, I have two NIC's in my PC; one for the actual computer, with a non-routed TCP/IP address (i.e.
no Internet access at all, but can still access my WHS server).
The other NIC has every protocol and service uninstalled except for the VMWare bridging protocol.
I route all "Internet" traffic from my virtual browsing appliance through that NIC, and the appliance DOES have a routeable TCP/IP address.In VMWare Player, I get most of what I want.
Streaming video works great, HD content looks great, Flash works great (just can't have 20 open tabs in Firefox with flash content, but you can't do that on a normal PC, either).Not perfect for every user, but works great for me, and I haven't had a single bot, virus, trojan, or malware attack in over two years.Just my two cents, for anyone who cares :-)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899564</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899272</id>
	<title>Re:The problem isn't browsers.</title>
	<author>mcrbids</author>
	<datestamp>1264431660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Great! You got +5 insightful for an unenlightened post.</p><p>So you have a process, the browser. And within that process, is a security hole. And in the context of the browser, there's this scripting language called "javascript" which (tadum!) executes code. Code which might take advantage of aforementioned security hole.</p><p>In this example, the Operating System isn't even involved - it's all <b>happening within the browser.</b> Yet, your security is still hosed. There's still a keylogger running inside browser space, and when you go to your bank, they still get your access credentials.</p><p>How would you expect the operating system to protect you here? In this space, the Operating System is barely relevant at all!</p></htmltext>
<tokenext>Great !
You got + 5 insightful for an unenlightened post.So you have a process , the browser .
And within that process , is a security hole .
And in the context of the browser , there 's this scripting language called " javascript " which ( tadum !
) executes code .
Code which might take advantage of aforementioned security hole.In this example , the Operating System is n't even involved - it 's all happening within the browser .
Yet , your security is still hosed .
There 's still a keylogger running inside browser space , and when you go to your bank , they still get your access credentials.How would you expect the operating system to protect you here ?
In this space , the Operating System is barely relevant at all !</tokentext>
<sentencetext>Great!
You got +5 insightful for an unenlightened post.So you have a process, the browser.
And within that process, is a security hole.
And in the context of the browser, there's this scripting language called "javascript" which (tadum!
) executes code.
Code which might take advantage of aforementioned security hole.In this example, the Operating System isn't even involved - it's all happening within the browser.
Yet, your security is still hosed.
There's still a keylogger running inside browser space, and when you go to your bank, they still get your access credentials.How would you expect the operating system to protect you here?
In this space, the Operating System is barely relevant at all!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900092
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898372
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899066
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901650
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898554
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899554
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900948
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899206
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900218
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898882
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899272
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899106
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899358
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30906966
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899564
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898064
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899790
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898780
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908272
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898432
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908994
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898162
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899384
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30902088
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899498
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898852
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898772
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899676
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898460
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898130
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898512
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898042
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898118
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898296
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898314
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_25_221236_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900690
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898130
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898460
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899676
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899322
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898056
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898554
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898852
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899498
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899206
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900948
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908994
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898220
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899790
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900092
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898120
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898314
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898772
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898264
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899358
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899384
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898372
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899272
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899708
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897976
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898162
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898512
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898042
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898064
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30908272
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898654
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899066
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30897964
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898296
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901672
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898078
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899564
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30906966
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898780
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899106
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900106
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30899554
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30901650
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898312
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898118
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898094
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898690
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898032
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898432
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30902088
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900690
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898882
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30900218
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_25_221236.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_25_221236.30898334
</commentlist>
</conversation>
