<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_02_1632203</id>
	<title>Gaining Root Access On Linux-Based Femtocells</title>
	<author>Soulskill</author>
	<datestamp>1265131860000</datestamp>
	<htmltext>viralMeme writes <i>"According to the Register, 'Security researchers have turned their attention to <a href="http://en.wikipedia.org/wiki/Femtocell">femtocells</a>, and have discovered that gaining root on the tiny mobile base stations <a href="http://www.theregister.co.uk/2010/02/02/femtocell\_security/">isn't as hard as one might hope</a>.' One of the researchers said, 'After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had <a href="http://www.eweek.com/c/a/Security/Researchers-Uncover-Security-Vulnerabilities-in-Femtocell-Technology-760682/">obtained root access on these Linux-based cellular-based devices</a>, which piqued our curiosity [about] the security implications.' Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms. Or, as some pen-pusher would put it in a report: an unantipicated security excursion.</i></htmltext>
<tokenext>viralMeme writes " According to the Register , 'Security researchers have turned their attention to femtocells , and have discovered that gaining root on the tiny mobile base stations is n't as hard as one might hope .
' One of the researchers said , 'After hours of sniffing traffic , changing IP address ranges , guessing passwords and investigating hardware pinouts , we had obtained root access on these Linux-based cellular-based devices , which piqued our curiosity [ about ] the security implications .
' Whoever designed these devices should be sent back to computer school .
An authentication device that can be bypassed is a contradiction in terms .
Or , as some pen-pusher would put it in a report : an unantipicated security excursion .</tokentext>
<sentencetext>viralMeme writes "According to the Register, 'Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.
' One of the researchers said, 'After hours of sniffing traffic, changing IP address ranges, guessing passwords and investigating hardware pinouts, we had obtained root access on these Linux-based cellular-based devices, which piqued our curiosity [about] the security implications.
' Whoever designed these devices should be sent back to computer school.
An authentication device that can be bypassed is a contradiction in terms.
Or, as some pen-pusher would put it in a report: an unantipicated security excursion.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000920</id>
	<title>Computer School</title>
	<author>kuzb</author>
	<datestamp>1265103900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Whoever used the term "computer school" should be sent back to university.</htmltext>
<tokenext>Whoever used the term " computer school " should be sent back to university .</tokentext>
<sentencetext>Whoever used the term "computer school" should be sent back to university.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998524</id>
	<title>Wow,</title>
	<author>tomhudson</author>
	<datestamp>1265137140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>an unantipicated (sic) security excursion (sic).</p></div>
</blockquote><p>
1. "unanticipated", not "unanti<b>pic</b>ated".
<br>
2. <a href="http://en.wikipedia.org/wiki/Privilege\_escalation" title="wikipedia.org">"privilege escalation"</a> [wikipedia.org] or "privilege elevation", not "security excursion."
</p><p>

Let me guess<nobr> <wbr></nobr>... <a href="http://news.slashdot.org/article.pl?sid=10/02/01/0553259" title="slashdot.org">you went to Simon Fraser. University</a> [slashdot.org]<nobr> <wbr></nobr>...</p></div>
	</htmltext>
<tokenext>an unantipicated ( sic ) security excursion ( sic ) .
1. " unanticipated " , not " unantipicated " .
2. " privilege escalation " [ wikipedia.org ] or " privilege elevation " , not " security excursion .
" Let me guess ... you went to Simon Fraser .
University [ slashdot.org ] .. .</tokentext>
<sentencetext>an unantipicated (sic) security excursion (sic).
1. "unanticipated", not "unantipicated".
2. "privilege escalation" [wikipedia.org] or "privilege elevation", not "security excursion.
"


Let me guess ... you went to Simon Fraser.
University [slashdot.org] ...
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998950</id>
	<title>It was the business school</title>
	<author>kiehlster</author>
	<datestamp>1265138880000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Their computer schooling isn't the problem, it's that they've probably also gone to business school.  Rule #1, always cut corners to finish the product on time.</htmltext>
<tokenext>Their computer schooling is n't the problem , it 's that they 've probably also gone to business school .
Rule # 1 , always cut corners to finish the product on time .</tokentext>
<sentencetext>Their computer schooling isn't the problem, it's that they've probably also gone to business school.
Rule #1, always cut corners to finish the product on time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000962</id>
	<title>Re:Oh my... so that's what's going on.</title>
	<author>jedidiah</author>
	<datestamp>1265104080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You think you're funny but all of the Apple fanboys are holding up the iPad and saying the same thing times 10.</p><p>Most people either don't need the features of $300+ software or are simply unwilling to pay for it.</p></htmltext>
<tokenext>You think you 're funny but all of the Apple fanboys are holding up the iPad and saying the same thing times 10.Most people either do n't need the features of $ 300 + software or are simply unwilling to pay for it .</tokentext>
<sentencetext>You think you're funny but all of the Apple fanboys are holding up the iPad and saying the same thing times 10.Most people either don't need the features of $300+ software or are simply unwilling to pay for it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998576</id>
	<title>I noticed that the Register article...</title>
	<author>idontgno</author>
	<datestamp>1265137320000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>(Yes, I read TFAs)
</p><p>
The Reg article kinda brushed off the risks of a cell-tower MITM attack, relegating it to a mere "loss of privacy" because the 3G cryptosystem is strong.</p><p>I assume it means that the cryptosystem is too strong for a realtime attack. It's a damn rare cryptosystem that can't be broken using enough stored ciphertext, so if the modified femtocell is storing and forwarding all traffic, traffic analysis + theoretical weaknesses in the algo + massive compute power == recovered clear material at some point in the future. Depending on the use case, there may be a lot of value in that.</p></htmltext>
<tokenext>( Yes , I read TFAs ) The Reg article kinda brushed off the risks of a cell-tower MITM attack , relegating it to a mere " loss of privacy " because the 3G cryptosystem is strong.I assume it means that the cryptosystem is too strong for a realtime attack .
It 's a damn rare cryptosystem that ca n't be broken using enough stored ciphertext , so if the modified femtocell is storing and forwarding all traffic , traffic analysis + theoretical weaknesses in the algo + massive compute power = = recovered clear material at some point in the future .
Depending on the use case , there may be a lot of value in that .</tokentext>
<sentencetext>(Yes, I read TFAs)

The Reg article kinda brushed off the risks of a cell-tower MITM attack, relegating it to a mere "loss of privacy" because the 3G cryptosystem is strong.I assume it means that the cryptosystem is too strong for a realtime attack.
It's a damn rare cryptosystem that can't be broken using enough stored ciphertext, so if the modified femtocell is storing and forwarding all traffic, traffic analysis + theoretical weaknesses in the algo + massive compute power == recovered clear material at some point in the future.
Depending on the use case, there may be a lot of value in that.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998294</id>
	<title>Re:So fix it</title>
	<author>amicusNYCL</author>
	<datestamp>1265136420000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>But, if an attacker can get control, then so can the owner, which means the owner can fix the security hole.</p></div><p>Not really.. you're assuming the flaw exists in software.  Regardless though, I'm interested to see a "fix" for a vulnerability get published which requires people to hack their phone and gives them a list of memory addresses and values that need to be changed.  That would go over well.</p></div>
	</htmltext>
<tokenext>But , if an attacker can get control , then so can the owner , which means the owner can fix the security hole.Not really.. you 're assuming the flaw exists in software .
Regardless though , I 'm interested to see a " fix " for a vulnerability get published which requires people to hack their phone and gives them a list of memory addresses and values that need to be changed .
That would go over well .</tokentext>
<sentencetext>But, if an attacker can get control, then so can the owner, which means the owner can fix the security hole.Not really.. you're assuming the flaw exists in software.
Regardless though, I'm interested to see a "fix" for a vulnerability get published which requires people to hack their phone and gives them a list of memory addresses and values that need to be changed.
That would go over well.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998164</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31003618</id>
	<title>Nothing new, not the first to do this</title>
	<author>kju</author>
	<datestamp>1265118420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I spoke with Harald Welte (of OpenBSC etc. fame) on ELC Europe back in October. He told me that he successfully gained root access to one of those Femtocells sold in the UK. As far as i remember he said that it was not very difficult to get access, also that he found some of the builtin features (e.g. check if operated in the correct location) nonworking.</p><p>On the other hand: This was bound to happen. Most embedded linux systems which have at least some remote hack-value tend to get opened up some day.</p></htmltext>
<tokenext>I spoke with Harald Welte ( of OpenBSC etc .
fame ) on ELC Europe back in October .
He told me that he successfully gained root access to one of those Femtocells sold in the UK .
As far as i remember he said that it was not very difficult to get access , also that he found some of the builtin features ( e.g .
check if operated in the correct location ) nonworking.On the other hand : This was bound to happen .
Most embedded linux systems which have at least some remote hack-value tend to get opened up some day .</tokentext>
<sentencetext>I spoke with Harald Welte (of OpenBSC etc.
fame) on ELC Europe back in October.
He told me that he successfully gained root access to one of those Femtocells sold in the UK.
As far as i remember he said that it was not very difficult to get access, also that he found some of the builtin features (e.g.
check if operated in the correct location) nonworking.On the other hand: This was bound to happen.
Most embedded linux systems which have at least some remote hack-value tend to get opened up some day.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998570</id>
	<title>Gases</title>
	<author>Anonymous</author>
	<datestamp>1265137320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>They're using the wrong gasses, thats what the problem was last time, and is this time as well.</p></htmltext>
<tokenext>They 're using the wrong gasses , thats what the problem was last time , and is this time as well .</tokentext>
<sentencetext>They're using the wrong gasses, thats what the problem was last time, and is this time as well.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31002844</id>
	<title>Re:Jedi Mind Trick, actually</title>
	<author>Anonymous</author>
	<datestamp>1265114460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Any idiot (or group of idiots), can 'do' Linux insecurely.</p><p>Same as with WinCE, or other OS, or standalone embedded app-of-your-choice.</p></htmltext>
<tokenext>Any idiot ( or group of idiots ) , can 'do ' Linux insecurely.Same as with WinCE , or other OS , or standalone embedded app-of-your-choice .</tokentext>
<sentencetext>Any idiot (or group of idiots), can 'do' Linux insecurely.Same as with WinCE, or other OS, or standalone embedded app-of-your-choice.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998670</id>
	<title>Re:it still comes down to one thing</title>
	<author>Leolo</author>
	<datestamp>1265137800000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Yes there is a cost; a company installs a plug-n-play device A.  It works for a while (months, years).  Then it stops working or they want something changed or it doesn't work with some new device B.  So then they call me to figure out the integration.  Now, I need to log in and find out as much as I can about the device in as short a time as possible.  I'm over 100 km from the device, have never used one before.  The person who originaly installed device A has retired and is now snorkeling in the Solomon islands.  So, what is root password?  Either "123456" or I Google up a list of default passwords for the device.  If I can't, that's a support call to the company that made the device (cost to maker) or the company that deployed it has to ditch the device and find something else (large cost to user).</p><p>So yes, complex passwords have a cost.</p></htmltext>
<tokenext>Yes there is a cost ; a company installs a plug-n-play device A. It works for a while ( months , years ) .
Then it stops working or they want something changed or it does n't work with some new device B. So then they call me to figure out the integration .
Now , I need to log in and find out as much as I can about the device in as short a time as possible .
I 'm over 100 km from the device , have never used one before .
The person who originaly installed device A has retired and is now snorkeling in the Solomon islands .
So , what is root password ?
Either " 123456 " or I Google up a list of default passwords for the device .
If I ca n't , that 's a support call to the company that made the device ( cost to maker ) or the company that deployed it has to ditch the device and find something else ( large cost to user ) .So yes , complex passwords have a cost .</tokentext>
<sentencetext>Yes there is a cost; a company installs a plug-n-play device A.  It works for a while (months, years).
Then it stops working or they want something changed or it doesn't work with some new device B.  So then they call me to figure out the integration.
Now, I need to log in and find out as much as I can about the device in as short a time as possible.
I'm over 100 km from the device, have never used one before.
The person who originaly installed device A has retired and is now snorkeling in the Solomon islands.
So, what is root password?
Either "123456" or I Google up a list of default passwords for the device.
If I can't, that's a support call to the company that made the device (cost to maker) or the company that deployed it has to ditch the device and find something else (large cost to user).So yes, complex passwords have a cost.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998718</id>
	<title>Be not afraid</title>
	<author>blair1q</author>
	<datestamp>1265137980000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>I for one welcome our easily-rooted overlords.</p></htmltext>
<tokenext>I for one welcome our easily-rooted overlords .</tokentext>
<sentencetext>I for one welcome our easily-rooted overlords.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999236</id>
	<title>investigating hardware pinouts</title>
	<author>bl8n8r</author>
	<datestamp>1265139900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Just what is that supposed to mean exactly?  Does this crack require physical access in order to be executed?</p><p>"We've sniffed for hours, and nothing."<br>"Try a different BOOTP request!"<br>"Damn orinoco firmware..."<br>"This sucks, how are we gonna get a publication out of this?"<br>"Fine, gimme the bolt cutters"<br>
&nbsp; &nbsp; *snip* *clink*<nobr> <wbr></nobr>...<br>"Hmm.. those are intersting pinouts.. they look like.."<br>"Yeah, dude that's SATA !!"<nobr> <wbr></nobr>...  *knoppix cd spins up*</p><p>"We got root! we got root!"</p></htmltext>
<tokenext>Just what is that supposed to mean exactly ?
Does this crack require physical access in order to be executed ?
" We 've sniffed for hours , and nothing .
" " Try a different BOOTP request !
" " Damn orinoco firmware... " " This sucks , how are we gon na get a publication out of this ?
" " Fine , gim me the bolt cutters "     * snip * * clink * ... " Hmm.. those are intersting pinouts.. they look like.. " " Yeah , dude that 's SATA ! !
" ... * knoppix cd spins up * " We got root !
we got root !
"</tokentext>
<sentencetext>Just what is that supposed to mean exactly?
Does this crack require physical access in order to be executed?
"We've sniffed for hours, and nothing.
""Try a different BOOTP request!
""Damn orinoco firmware...""This sucks, how are we gonna get a publication out of this?
""Fine, gimme the bolt cutters"
    *snip* *clink* ..."Hmm.. those are intersting pinouts.. they look like..""Yeah, dude that's SATA !!
" ...  *knoppix cd spins up*"We got root!
we got root!
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000786</id>
	<title>Re:Oh my... so that's what's going on.</title>
	<author>Anonymous</author>
	<datestamp>1265103420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Ouch.  Modded as "funny", but probably the most apt thing I've read on<nobr> <wbr></nobr>/. in months.</p></htmltext>
<tokenext>Ouch .
Modded as " funny " , but probably the most apt thing I 've read on / .
in months .</tokentext>
<sentencetext>Ouch.
Modded as "funny", but probably the most apt thing I've read on /.
in months.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999744</id>
	<title>Been there, done that.</title>
	<author>marcansoft</author>
	<datestamp>1265142060000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>I've been working on hacking the Vodafone femtocells for fun. They have an internal serial port and the bootloader has no security, not to mention the Linux image uses short default passwords that are easy to crack given the shadow file. So far we don't know of a way to get root given only network control, but it might be possible depending on how their IPSEC tunnel is set up. Our goal would be to use these for our own network, via OpenBSC.</p><p>It's worth noting that it's early and we're not entirely sure about the security implications and just how much you can do with these things (e.g. I don't know yet if voice traffic is decrypted inside the femtocell or if it is passed on encrypted to the servers). Chances are there will be some interesting exploits and chances are they will be presented at this year's Chaos Community Congress if they're interesting enough. Unless we get bored and work on something else, which happens sometimes.</p></htmltext>
<tokenext>I 've been working on hacking the Vodafone femtocells for fun .
They have an internal serial port and the bootloader has no security , not to mention the Linux image uses short default passwords that are easy to crack given the shadow file .
So far we do n't know of a way to get root given only network control , but it might be possible depending on how their IPSEC tunnel is set up .
Our goal would be to use these for our own network , via OpenBSC.It 's worth noting that it 's early and we 're not entirely sure about the security implications and just how much you can do with these things ( e.g .
I do n't know yet if voice traffic is decrypted inside the femtocell or if it is passed on encrypted to the servers ) .
Chances are there will be some interesting exploits and chances are they will be presented at this year 's Chaos Community Congress if they 're interesting enough .
Unless we get bored and work on something else , which happens sometimes .</tokentext>
<sentencetext>I've been working on hacking the Vodafone femtocells for fun.
They have an internal serial port and the bootloader has no security, not to mention the Linux image uses short default passwords that are easy to crack given the shadow file.
So far we don't know of a way to get root given only network control, but it might be possible depending on how their IPSEC tunnel is set up.
Our goal would be to use these for our own network, via OpenBSC.It's worth noting that it's early and we're not entirely sure about the security implications and just how much you can do with these things (e.g.
I don't know yet if voice traffic is decrypted inside the femtocell or if it is passed on encrypted to the servers).
Chances are there will be some interesting exploits and chances are they will be presented at this year's Chaos Community Congress if they're interesting enough.
Unless we get bored and work on something else, which happens sometimes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998120</id>
	<title>but it should be open</title>
	<author>Anonymous</author>
	<datestamp>1265135760000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>but the iphone should be open for tinkeri... oh wait.</htmltext>
<tokenext>but the iphone should be open for tinkeri... oh wait .</tokentext>
<sentencetext>but the iphone should be open for tinkeri... oh wait.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999174</id>
	<title>Seriously?</title>
	<author>IceCreamGuy</author>
	<datestamp>1265139720000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>Whoever designed these devices should be sent back to computer school. An authentication device that can be bypassed is a contradiction in terms.</p></div></blockquote><p>
First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security. What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed? Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?" ("computer school?"<nobr> <wbr></nobr>...seriously?). How many privilege escalation vulnerabilities were found in the Linux kernel last year? I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter, but the poster is being sensationalist here, and, honestly, comes across as undereducated in the subject matter. I wouldn't consider myself an expert, but this person doesn't seem to have a clear understanding of the issue. It's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password.<br> <br>
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.</p></div>
	</htmltext>
<tokenext>Whoever designed these devices should be sent back to computer school .
An authentication device that can be bypassed is a contradiction in terms .
First of all , this is not an authentication device , it 's a cell network extender , which obviously requires some kind of authentication for any measure of security .
What " Authentication device " ( I think they mean " authentication mechanism " ) has never had a vulnerability exposed ?
Are all devices with a privilege escalation vulnerability designed by people who " should be sent back to computer school ?
" ( " computer school ?
" ...seriously ? ) .
How many privilege escalation vulnerabilities were found in the Linux kernel last year ?
I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter , but the poster is being sensationalist here , and , honestly , comes across as undereducated in the subject matter .
I would n't consider myself an expert , but this person does n't seem to have a clear understanding of the issue .
It 's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password .
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software .</tokentext>
<sentencetext>Whoever designed these devices should be sent back to computer school.
An authentication device that can be bypassed is a contradiction in terms.
First of all, this is not an authentication device, it's a cell network extender, which obviously requires some kind of authentication for any measure of security.
What "Authentication device" (I think they mean "authentication mechanism") has never had a vulnerability exposed?
Are all devices with a privilege escalation vulnerability designed by people who "should be sent back to computer school?
" ("computer school?
" ...seriously?).
How many privilege escalation vulnerabilities were found in the Linux kernel last year?
I empathize with the fact that an escalation exploit this serious in a device that is designed to be used by the public is not a trivial matter, but the poster is being sensationalist here, and, honestly, comes across as undereducated in the subject matter.
I wouldn't consider myself an expert, but this person doesn't seem to have a clear understanding of the issue.
It's a security vulnerability in a device that runs Linux because the designers were lazy when picking a password.
The real issue here is the fact that security is sometimes not taken as seriously with hardware and firmware design in commodity devices as it is with software.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998582</id>
	<title>Re:it still comes down to one thing</title>
	<author>toastar</author>
	<datestamp>1265137380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>It's not like it costs more to have a longer, more complex password.</p></div><p>What are you smoking?</p><p>Simple Passwords have to be reset less often, Which means less cost on the Customer/Luser Support calls. Not By a lot but not entirely Negligible.</p><p>Also having a complex password also means it usually has to be written down or requested often leaves room for Social engineering,<br>So therefore Having a Stronger Password Unnecessarily can actually reduce overall security by increasing other attack vectors.</p><p>Any system that lets a user bruteforce the password is inherently flawed, Hell even windows locks you out after a certain number of guesses.</p></div>
	</htmltext>
<tokenext>It 's not like it costs more to have a longer , more complex password.What are you smoking ? Simple Passwords have to be reset less often , Which means less cost on the Customer/Luser Support calls .
Not By a lot but not entirely Negligible.Also having a complex password also means it usually has to be written down or requested often leaves room for Social engineering,So therefore Having a Stronger Password Unnecessarily can actually reduce overall security by increasing other attack vectors.Any system that lets a user bruteforce the password is inherently flawed , Hell even windows locks you out after a certain number of guesses .</tokentext>
<sentencetext>It's not like it costs more to have a longer, more complex password.What are you smoking?Simple Passwords have to be reset less often, Which means less cost on the Customer/Luser Support calls.
Not By a lot but not entirely Negligible.Also having a complex password also means it usually has to be written down or requested often leaves room for Social engineering,So therefore Having a Stronger Password Unnecessarily can actually reduce overall security by increasing other attack vectors.Any system that lets a user bruteforce the password is inherently flawed, Hell even windows locks you out after a certain number of guesses.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000100</id>
	<title>Re:Encrypt everything</title>
	<author>mlts</author>
	<datestamp>1265143620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>One time pads are truly secure, but the hard part is getting a copy of the OTP from Alice to Bob via a secured route, as anyone who intercepts it has full and unfettered access.  Also, depending on the amount of data transferred, the amount of bytes stored on the OTP might run out.</p><p>Instead, if you are designing a cryptosystem where the two endpoints are "introduced" to each other, and essentially only talk to each other, so public key cryptography isn't needed, there is one method you can do:</p><p>Each device "knows" about the other and has 1024 bits that only it and the other device has.  (This can be copied manually via a USB flash drive, or the devices could be temporarily connected and they negotiate this info.)</p><p>Then, the devices can do a basic Diffie-Hellman handshake, except encrypted with the first 256 bits, and another 256 bits used for the initialization vector (if needed).  Once both sides negotiate a session key, before that key is used, it is encrypted using the last 512 bits as a key/IV.  This way, even if someone is able to figure out the first key used to encrypt the D-H handshake, the session key is still unguessable without a major break in the cryptographic algorithm, or a compromise of one of the endpoints.</p><p>The advantage of this setup is that it is quick -- public key cryptography is computationally intensive.  The disadvantage is that this system only works with a small amount of devices before it becomes unwieldy, similar to hosts files.</p></htmltext>
<tokenext>One time pads are truly secure , but the hard part is getting a copy of the OTP from Alice to Bob via a secured route , as anyone who intercepts it has full and unfettered access .
Also , depending on the amount of data transferred , the amount of bytes stored on the OTP might run out.Instead , if you are designing a cryptosystem where the two endpoints are " introduced " to each other , and essentially only talk to each other , so public key cryptography is n't needed , there is one method you can do : Each device " knows " about the other and has 1024 bits that only it and the other device has .
( This can be copied manually via a USB flash drive , or the devices could be temporarily connected and they negotiate this info .
) Then , the devices can do a basic Diffie-Hellman handshake , except encrypted with the first 256 bits , and another 256 bits used for the initialization vector ( if needed ) .
Once both sides negotiate a session key , before that key is used , it is encrypted using the last 512 bits as a key/IV .
This way , even if someone is able to figure out the first key used to encrypt the D-H handshake , the session key is still unguessable without a major break in the cryptographic algorithm , or a compromise of one of the endpoints.The advantage of this setup is that it is quick -- public key cryptography is computationally intensive .
The disadvantage is that this system only works with a small amount of devices before it becomes unwieldy , similar to hosts files .</tokentext>
<sentencetext>One time pads are truly secure, but the hard part is getting a copy of the OTP from Alice to Bob via a secured route, as anyone who intercepts it has full and unfettered access.
Also, depending on the amount of data transferred, the amount of bytes stored on the OTP might run out.Instead, if you are designing a cryptosystem where the two endpoints are "introduced" to each other, and essentially only talk to each other, so public key cryptography isn't needed, there is one method you can do:Each device "knows" about the other and has 1024 bits that only it and the other device has.
(This can be copied manually via a USB flash drive, or the devices could be temporarily connected and they negotiate this info.
)Then, the devices can do a basic Diffie-Hellman handshake, except encrypted with the first 256 bits, and another 256 bits used for the initialization vector (if needed).
Once both sides negotiate a session key, before that key is used, it is encrypted using the last 512 bits as a key/IV.
This way, even if someone is able to figure out the first key used to encrypt the D-H handshake, the session key is still unguessable without a major break in the cryptographic algorithm, or a compromise of one of the endpoints.The advantage of this setup is that it is quick -- public key cryptography is computationally intensive.
The disadvantage is that this system only works with a small amount of devices before it becomes unwieldy, similar to hosts files.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998626</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998082</id>
	<title>Goatse</title>
	<author>Anonymous</author>
	<datestamp>1265135640000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Time to <a href="http://goatse.fr/" title="goatse.fr" rel="nofollow">goatse</a> [goatse.fr] then.</p></htmltext>
<tokenext>Time to goatse [ goatse.fr ] then .</tokentext>
<sentencetext>Time to goatse [goatse.fr] then.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31003624</id>
	<title>Re:it still comes down to one thing</title>
	<author>Anonymous</author>
	<datestamp>1265118420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>The person who originaly installed device A has retired and is now snorkeling in the Solomon islands.  So, what is root password?  Either "123456" or I Google up a list of default passwords for the device.  If I can't, that's a support call to the company that made the device (cost to maker) or the company that deployed it has to ditch the device and find something else (large cost to user).</p><p>So yes, complex passwords have a cost.</p></div><p>Well, we all know that companies fail to document necessary account or password records for their techs and also that it's hard to "hide" information once it's out onto google. The problem is that they even get out to google in the first place. In other words, that we we made default passwords a customer standard without considering alternatives, allowing 1 router or special device to have a 'back door' that becomes a front door to anyone else for attack purposes. I mean, the adequate industry standard should have been hashing. Even rot13 'encryption' would keep the average nobody's attempts from trying to log into his neighbors router if he can't remember what "admin" and "password" read like once rot13'd.</p><p>It's now too late, and we need something better, but cleaning up the mess will be optional. We are still weak security wise. We can't even force a firmware upgrade on all those insecure WEP access points out there to bring up to WAP or WAP2. It's too late because there's a whole industry depending on them, like older cellphones portable videogame consoles, laptops and USB wireless sticks. What to do, what to do...</p></div>
	</htmltext>
<tokenext>The person who originaly installed device A has retired and is now snorkeling in the Solomon islands .
So , what is root password ?
Either " 123456 " or I Google up a list of default passwords for the device .
If I ca n't , that 's a support call to the company that made the device ( cost to maker ) or the company that deployed it has to ditch the device and find something else ( large cost to user ) .So yes , complex passwords have a cost.Well , we all know that companies fail to document necessary account or password records for their techs and also that it 's hard to " hide " information once it 's out onto google .
The problem is that they even get out to google in the first place .
In other words , that we we made default passwords a customer standard without considering alternatives , allowing 1 router or special device to have a 'back door ' that becomes a front door to anyone else for attack purposes .
I mean , the adequate industry standard should have been hashing .
Even rot13 'encryption ' would keep the average nobody 's attempts from trying to log into his neighbors router if he ca n't remember what " admin " and " password " read like once rot13 'd.It 's now too late , and we need something better , but cleaning up the mess will be optional .
We are still weak security wise .
We ca n't even force a firmware upgrade on all those insecure WEP access points out there to bring up to WAP or WAP2 .
It 's too late because there 's a whole industry depending on them , like older cellphones portable videogame consoles , laptops and USB wireless sticks .
What to do , what to do.. .</tokentext>
<sentencetext>The person who originaly installed device A has retired and is now snorkeling in the Solomon islands.
So, what is root password?
Either "123456" or I Google up a list of default passwords for the device.
If I can't, that's a support call to the company that made the device (cost to maker) or the company that deployed it has to ditch the device and find something else (large cost to user).So yes, complex passwords have a cost.Well, we all know that companies fail to document necessary account or password records for their techs and also that it's hard to "hide" information once it's out onto google.
The problem is that they even get out to google in the first place.
In other words, that we we made default passwords a customer standard without considering alternatives, allowing 1 router or special device to have a 'back door' that becomes a front door to anyone else for attack purposes.
I mean, the adequate industry standard should have been hashing.
Even rot13 'encryption' would keep the average nobody's attempts from trying to log into his neighbors router if he can't remember what "admin" and "password" read like once rot13'd.It's now too late, and we need something better, but cleaning up the mess will be optional.
We are still weak security wise.
We can't even force a firmware upgrade on all those insecure WEP access points out there to bring up to WAP or WAP2.
It's too late because there's a whole industry depending on them, like older cellphones portable videogame consoles, laptops and USB wireless sticks.
What to do, what to do...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998670</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998290</id>
	<title>Impossible</title>
	<author>Anonymous</author>
	<datestamp>1265136360000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Lunix doesn't have exploits.</htmltext>
<tokenext>Lunix does n't have exploits .</tokentext>
<sentencetext>Lunix doesn't have exploits.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998164</id>
	<title>So fix it</title>
	<author>Anonymous</author>
	<datestamp>1265135940000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>No details about the attack yet (not until ShmooCon, this weekend). But, if an attacker can get control, then so can the owner, which means the owner can fix the security hole. Unfortunately, there's no way to ensure that your phone is not connected to someone else malicious femtocell. I want a phone that shows the the hash of the public key of the femtocell I'm using.</p></htmltext>
<tokenext>No details about the attack yet ( not until ShmooCon , this weekend ) .
But , if an attacker can get control , then so can the owner , which means the owner can fix the security hole .
Unfortunately , there 's no way to ensure that your phone is not connected to someone else malicious femtocell .
I want a phone that shows the the hash of the public key of the femtocell I 'm using .</tokentext>
<sentencetext>No details about the attack yet (not until ShmooCon, this weekend).
But, if an attacker can get control, then so can the owner, which means the owner can fix the security hole.
Unfortunately, there's no way to ensure that your phone is not connected to someone else malicious femtocell.
I want a phone that shows the the hash of the public key of the femtocell I'm using.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999654</id>
	<title>Re:it still comes down to one thing</title>
	<author>LaminatorX</author>
	<datestamp>1265141640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>It's not like it costs more to have a longer, more complex password.</p></div><p>Only if you have an unlimited data plan.<nobr> <wbr></nobr>;)</p></div>
	</htmltext>
<tokenext>It 's not like it costs more to have a longer , more complex password.Only if you have an unlimited data plan .
; )</tokentext>
<sentencetext>It's not like it costs more to have a longer, more complex password.Only if you have an unlimited data plan.
;)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999120</id>
	<title>Re:it still comes down to one thing</title>
	<author>Anonymous</author>
	<datestamp>1265139540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p><i>Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password". It's not like it costs more to have a longer, more complex password.</i></p><p>You think longer, complex setup doesn't cost the company money? <b>I gather that you haven't considered support costs?</b></p><p>The best solution I've seen so far is to have a strong password printed on a sticker on the outside of the box. That's a pretty good compromise because if the attacker has physical access to the box, he/she could hit the "Reset" button on the device anyway. Thus, putting the password on the bottom of the device on a sticker really isn't any less secure than other solutions, and this can be done fairly cheaply.</p><p>But it still costs - each router has to be given its own unique password, and a process has to be set up to match up the passwords given with the stickers, and there are still more support costs from the clueless dolts who have to be told to look on the bottom of the device for the default password.</p><p>If you assume any intelligence on the part of the end user, your support costs will quickly challenge that assumption!</p></htmltext>
<tokenext>Too many companies are still shipping products that have no intended user access to the command shell with passwords like " Admin " , " 12345 " , and the ever-popular " password " .
It 's not like it costs more to have a longer , more complex password.You think longer , complex setup does n't cost the company money ?
I gather that you have n't considered support costs ? The best solution I 've seen so far is to have a strong password printed on a sticker on the outside of the box .
That 's a pretty good compromise because if the attacker has physical access to the box , he/she could hit the " Reset " button on the device anyway .
Thus , putting the password on the bottom of the device on a sticker really is n't any less secure than other solutions , and this can be done fairly cheaply.But it still costs - each router has to be given its own unique password , and a process has to be set up to match up the passwords given with the stickers , and there are still more support costs from the clueless dolts who have to be told to look on the bottom of the device for the default password.If you assume any intelligence on the part of the end user , your support costs will quickly challenge that assumption !</tokentext>
<sentencetext>Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password".
It's not like it costs more to have a longer, more complex password.You think longer, complex setup doesn't cost the company money?
I gather that you haven't considered support costs?The best solution I've seen so far is to have a strong password printed on a sticker on the outside of the box.
That's a pretty good compromise because if the attacker has physical access to the box, he/she could hit the "Reset" button on the device anyway.
Thus, putting the password on the bottom of the device on a sticker really isn't any less secure than other solutions, and this can be done fairly cheaply.But it still costs - each router has to be given its own unique password, and a process has to be set up to match up the passwords given with the stickers, and there are still more support costs from the clueless dolts who have to be told to look on the bottom of the device for the default password.If you assume any intelligence on the part of the end user, your support costs will quickly challenge that assumption!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31001158</id>
	<title>embedded != security</title>
	<author>Anonymous</author>
	<datestamp>1265105160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Embedded devices and security don't mix.  The people who design the devices and software have very different goals.  Most embedded guys are just trying to hack some abortion of a CPU+board to work at all for their needs.  No one gives security a second thought, beyond setting a password (or not).</p><p>The guys who care about security are usually working on bank software etc, where nothing is embedded, mostly working on VM languages on VM OSes, and the simplest feature is thousands of lines of triple-checked code with hundreds of tests against it.</p><p>Not surprising at all.</p></htmltext>
<tokenext>Embedded devices and security do n't mix .
The people who design the devices and software have very different goals .
Most embedded guys are just trying to hack some abortion of a CPU + board to work at all for their needs .
No one gives security a second thought , beyond setting a password ( or not ) .The guys who care about security are usually working on bank software etc , where nothing is embedded , mostly working on VM languages on VM OSes , and the simplest feature is thousands of lines of triple-checked code with hundreds of tests against it.Not surprising at all .</tokentext>
<sentencetext>Embedded devices and security don't mix.
The people who design the devices and software have very different goals.
Most embedded guys are just trying to hack some abortion of a CPU+board to work at all for their needs.
No one gives security a second thought, beyond setting a password (or not).The guys who care about security are usually working on bank software etc, where nothing is embedded, mostly working on VM languages on VM OSes, and the simplest feature is thousands of lines of triple-checked code with hundreds of tests against it.Not surprising at all.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</id>
	<title>it still comes down to one thing</title>
	<author>prgrmr</author>
	<datestamp>1265136540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><i>changing IP address ranges, guessing passwords </i>
<br> <br>
Better passwords would have made all the difference in the world. 16 character, mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access.  Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password".  It's not like it costs more to have a longer, more complex password.</htmltext>
<tokenext>changing IP address ranges , guessing passwords Better passwords would have made all the difference in the world .
16 character , mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access .
Too many companies are still shipping products that have no intended user access to the command shell with passwords like " Admin " , " 12345 " , and the ever-popular " password " .
It 's not like it costs more to have a longer , more complex password .</tokentext>
<sentencetext>changing IP address ranges, guessing passwords 
 
Better passwords would have made all the difference in the world.
16 character, mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access.
Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password".
It's not like it costs more to have a longer, more complex password.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999974</id>
	<title>Re:it still comes down to one thing</title>
	<author>lukas84</author>
	<datestamp>1265143140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>A good concept that i've seen in use on an embedded device.</p><p>The device ships with it's user interface completely locked. There's no possibility to login. Press a button on the device, and you can logon using default credentials - doing this will prompt you to change user and password. After doing this, the button can be used to perform a full reset of the device.</p><p>Basically, the device is secure out of the box - when logging in for the first time, you need to provide physical authentication, and afterwards you have your own user and password.</p><p>I haven't seen any downsides to this approach yet.</p></htmltext>
<tokenext>A good concept that i 've seen in use on an embedded device.The device ships with it 's user interface completely locked .
There 's no possibility to login .
Press a button on the device , and you can logon using default credentials - doing this will prompt you to change user and password .
After doing this , the button can be used to perform a full reset of the device.Basically , the device is secure out of the box - when logging in for the first time , you need to provide physical authentication , and afterwards you have your own user and password.I have n't seen any downsides to this approach yet .</tokentext>
<sentencetext>A good concept that i've seen in use on an embedded device.The device ships with it's user interface completely locked.
There's no possibility to login.
Press a button on the device, and you can logon using default credentials - doing this will prompt you to change user and password.
After doing this, the button can be used to perform a full reset of the device.Basically, the device is secure out of the box - when logging in for the first time, you need to provide physical authentication, and afterwards you have your own user and password.I haven't seen any downsides to this approach yet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31001384</id>
	<title>Sprint's Airave gets it precisely backwards</title>
	<author>gelfling</author>
	<datestamp>1265106120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>There are two modes: 'anyone' or 'from a list'. Now 'anyone' means that any Sprint customer in range can use the device up to the preprogrammed maximum of 3 simultaneous calls. 'From a list' means that only the phone numbers from a pre selected list are allowed to access the box. The problem is that is if you are a Sprint customer and your # is not on the list you can't have ANY service at all. You are in a 'private network' and therefore excluded from BOTH the Airave and connections to a local tower.</p><p>Which is stupid.</p><p>At a minimum you should be required to log onto the Airave using a PIN code which expires after "X" hours. And anyone else, who happens to be a Sprint customer is simply ignored by the Airave and ignores it so that they can access a tower.</p></htmltext>
<tokenext>There are two modes : 'anyone ' or 'from a list' .
Now 'anyone ' means that any Sprint customer in range can use the device up to the preprogrammed maximum of 3 simultaneous calls .
'From a list ' means that only the phone numbers from a pre selected list are allowed to access the box .
The problem is that is if you are a Sprint customer and your # is not on the list you ca n't have ANY service at all .
You are in a 'private network ' and therefore excluded from BOTH the Airave and connections to a local tower.Which is stupid.At a minimum you should be required to log onto the Airave using a PIN code which expires after " X " hours .
And anyone else , who happens to be a Sprint customer is simply ignored by the Airave and ignores it so that they can access a tower .</tokentext>
<sentencetext>There are two modes: 'anyone' or 'from a list'.
Now 'anyone' means that any Sprint customer in range can use the device up to the preprogrammed maximum of 3 simultaneous calls.
'From a list' means that only the phone numbers from a pre selected list are allowed to access the box.
The problem is that is if you are a Sprint customer and your # is not on the list you can't have ANY service at all.
You are in a 'private network' and therefore excluded from BOTH the Airave and connections to a local tower.Which is stupid.At a minimum you should be required to log onto the Airave using a PIN code which expires after "X" hours.
And anyone else, who happens to be a Sprint customer is simply ignored by the Airave and ignores it so that they can access a tower.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999028</id>
	<title>A couple of points ...</title>
	<author>PPH</author>
	<datestamp>1265139180000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>The summary mentions "investigating hardware pinouts". This makes me think that the attack is, in part, on the hardware. If one has access to hardware, they've pwned the system. Period. So this is a non-issue.
</p><p>Second; cell phones trusting the base station has always been a security issue. And "exploits" based upon this weakness are already in use by law enforcement as well as criminals. The whole inmates sneaking cell phones into prisons has been made a non-issue based upon this very approach. Prisons are beginning to cover their facilities with femtocells which give them the ability to monitor all illicit cell traffic on their property. Any truly secure system will assume that the network carrying its traffic is insecure.</p></htmltext>
<tokenext>The summary mentions " investigating hardware pinouts " .
This makes me think that the attack is , in part , on the hardware .
If one has access to hardware , they 've pwned the system .
Period. So this is a non-issue .
Second ; cell phones trusting the base station has always been a security issue .
And " exploits " based upon this weakness are already in use by law enforcement as well as criminals .
The whole inmates sneaking cell phones into prisons has been made a non-issue based upon this very approach .
Prisons are beginning to cover their facilities with femtocells which give them the ability to monitor all illicit cell traffic on their property .
Any truly secure system will assume that the network carrying its traffic is insecure .</tokentext>
<sentencetext>The summary mentions "investigating hardware pinouts".
This makes me think that the attack is, in part, on the hardware.
If one has access to hardware, they've pwned the system.
Period. So this is a non-issue.
Second; cell phones trusting the base station has always been a security issue.
And "exploits" based upon this weakness are already in use by law enforcement as well as criminals.
The whole inmates sneaking cell phones into prisons has been made a non-issue based upon this very approach.
Prisons are beginning to cover their facilities with femtocells which give them the ability to monitor all illicit cell traffic on their property.
Any truly secure system will assume that the network carrying its traffic is insecure.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998626</id>
	<title>Encrypt everything</title>
	<author>Anonymous</author>
	<datestamp>1265137560000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Don't use the regular 3G voicecalls, use only encrypted VoiP. Preferebly with a microSD card filled with one-time pad</p><p>
&nbsp; Of course its not actually a bad thign that these are hacked, people just need to realise that their communications are not secure. just like when I use my Nokia's SIP client now I know full well that it would be easy for the person who'se WiFi i'm using to intercept my calls but I take the chance anyway.</p><p>Femtocells rely on 'security against the user' much like DRM does, in fact a large part of the 3G/GSM network relies on people not being able to fuck around with their own equipment too much, so I am actually surprised it took this long since that client-side security model is doomed anyway</p></htmltext>
<tokenext>Do n't use the regular 3G voicecalls , use only encrypted VoiP .
Preferebly with a microSD card filled with one-time pad   Of course its not actually a bad thign that these are hacked , people just need to realise that their communications are not secure .
just like when I use my Nokia 's SIP client now I know full well that it would be easy for the person who'se WiFi i 'm using to intercept my calls but I take the chance anyway.Femtocells rely on 'security against the user ' much like DRM does , in fact a large part of the 3G/GSM network relies on people not being able to fuck around with their own equipment too much , so I am actually surprised it took this long since that client-side security model is doomed anyway</tokentext>
<sentencetext>Don't use the regular 3G voicecalls, use only encrypted VoiP.
Preferebly with a microSD card filled with one-time pad
  Of course its not actually a bad thign that these are hacked, people just need to realise that their communications are not secure.
just like when I use my Nokia's SIP client now I know full well that it would be easy for the person who'se WiFi i'm using to intercept my calls but I take the chance anyway.Femtocells rely on 'security against the user' much like DRM does, in fact a large part of the 3G/GSM network relies on people not being able to fuck around with their own equipment too much, so I am actually surprised it took this long since that client-side security model is doomed anyway</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31019662</id>
	<title>Re:Oh my... so that's what's going on.</title>
	<author>Anonymous</author>
	<datestamp>1265315820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I had no idea linux proponents were all Jedi. That explains everything.</p><p>Now those Jedi need to start using their powers for good.</p><p>"You NEED to write documentation for non-technical users..."</p></div><p>"You don't NEED "Linux Jedi" OS for non-technical users..."</p></div>
	</htmltext>
<tokenext>I had no idea linux proponents were all Jedi .
That explains everything.Now those Jedi need to start using their powers for good .
" You NEED to write documentation for non-technical users... " " You do n't NEED " Linux Jedi " OS for non-technical users... "</tokentext>
<sentencetext>I had no idea linux proponents were all Jedi.
That explains everything.Now those Jedi need to start using their powers for good.
"You NEED to write documentation for non-technical users...""You don't NEED "Linux Jedi" OS for non-technical users..."
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998172</id>
	<title>But...but...</title>
	<author>Anonymous</author>
	<datestamp>1265135940000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I thought all one had to do was install Loonix on something and it was magically secure without any additional work.  At least that's what freetards would have you believe.</p></htmltext>
<tokenext>I thought all one had to do was install Loonix on something and it was magically secure without any additional work .
At least that 's what freetards would have you believe .</tokentext>
<sentencetext>I thought all one had to do was install Loonix on something and it was magically secure without any additional work.
At least that's what freetards would have you believe.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31004436</id>
	<title>Re:Oh my... so that's what's going on.</title>
	<author>Anonymous</author>
	<datestamp>1265124120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>You NEED to write documentation for non-technical users...</p></div><p>no, non technical users need to become literate.</p></div>
	</htmltext>
<tokenext>You NEED to write documentation for non-technical users...no , non technical users need to become literate .</tokentext>
<sentencetext>You NEED to write documentation for non-technical users...no, non technical users need to become literate.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31020168</id>
	<title>Re:Oh my... so that's what's going on.</title>
	<author>Anonymous</author>
	<datestamp>1265279640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>I had no idea linux proponents were all Jedi.</p></div><p>We're Sith, actually.</p></div>
	</htmltext>
<tokenext>I had no idea linux proponents were all Jedi.We 're Sith , actually .</tokentext>
<sentencetext>I had no idea linux proponents were all Jedi.We're Sith, actually.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999086</id>
	<title>Re:Wow,</title>
	<author>Anonymous</author>
	<datestamp>1265139420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You do realize the part about the "security excursion" was a joke, right?</p></htmltext>
<tokenext>You do realize the part about the " security excursion " was a joke , right ?</tokentext>
<sentencetext>You do realize the part about the "security excursion" was a joke, right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998524</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998512</id>
	<title>inb4</title>
	<author>Anonymous</author>
	<datestamp>1265137080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>All your femtocell are belong to us!</p></htmltext>
<tokenext>All your femtocell are belong to us !</tokentext>
<sentencetext>All your femtocell are belong to us!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998638</id>
	<title>Re:So fix it</title>
	<author>eleuthero</author>
	<datestamp>1265137680000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>I believe we usually call "fixes" requiring people to "hack" their phones "firmware upgrades" - The fact that many of us hack our phones with other firmware / software doesn't change what the company is going to call it. It would seem to me to be fairly easy to set up even cheap phones for such a firmware upgrade. Any old phone would need to be replaced at end of contract or it simply would stop functioning. While this won't immediately solve the privacy issues, it would provide for a workable solution. For those with smartphones, firmware upgrades can be pushed or dl'ed via itunes/whatever.</htmltext>
<tokenext>I believe we usually call " fixes " requiring people to " hack " their phones " firmware upgrades " - The fact that many of us hack our phones with other firmware / software does n't change what the company is going to call it .
It would seem to me to be fairly easy to set up even cheap phones for such a firmware upgrade .
Any old phone would need to be replaced at end of contract or it simply would stop functioning .
While this wo n't immediately solve the privacy issues , it would provide for a workable solution .
For those with smartphones , firmware upgrades can be pushed or dl'ed via itunes/whatever .</tokentext>
<sentencetext>I believe we usually call "fixes" requiring people to "hack" their phones "firmware upgrades" - The fact that many of us hack our phones with other firmware / software doesn't change what the company is going to call it.
It would seem to me to be fairly easy to set up even cheap phones for such a firmware upgrade.
Any old phone would need to be replaced at end of contract or it simply would stop functioning.
While this won't immediately solve the privacy issues, it would provide for a workable solution.
For those with smartphones, firmware upgrades can be pushed or dl'ed via itunes/whatever.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998294</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698</id>
	<title>Oh my... so that's what's going on.</title>
	<author>Anonymous</author>
	<datestamp>1265141820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p>I had no idea linux proponents were all Jedi. That explains everything.</p><p>"You don't NEED the extra features in Photoshop."</p><p>"You don't NEED integrated audio processing software."</p><p>"You don't NEED anything OpenOffice doesn't have."</p><p>"You don't NEED..."</p><p>Now those Jedi need to start using their powers for good.</p><p>"You NEED to write documentation for non-technical users..."</p></htmltext>
<tokenext>I had no idea linux proponents were all Jedi .
That explains everything .
" You do n't NEED the extra features in Photoshop .
" " You do n't NEED integrated audio processing software .
" " You do n't NEED anything OpenOffice does n't have .
" " You do n't NEED... " Now those Jedi need to start using their powers for good .
" You NEED to write documentation for non-technical users... "</tokentext>
<sentencetext>I had no idea linux proponents were all Jedi.
That explains everything.
"You don't NEED the extra features in Photoshop.
""You don't NEED integrated audio processing software.
""You don't NEED anything OpenOffice doesn't have.
""You don't NEED..."Now those Jedi need to start using their powers for good.
"You NEED to write documentation for non-technical users..."</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138</id>
	<title>Jedi Mind Trick, actually</title>
	<author>Monkeedude1212</author>
	<datestamp>1265135820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>An authentication device that can be bypassed is a contradiction in terms.</p></div><p>You don't <i>need</i> to see his identification.</p></div>
	</htmltext>
<tokenext>An authentication device that can be bypassed is a contradiction in terms.You do n't need to see his identification .</tokentext>
<sentencetext>An authentication device that can be bypassed is a contradiction in terms.You don't need to see his identification.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998272</id>
	<title>Re:Trouble</title>
	<author>Anonymous</author>
	<datestamp>1265136300000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>If that shit becomes a running<nobr> <wbr></nobr>/. meme, I'm out of here.</p></htmltext>
<tokenext>If that shit becomes a running / .
meme , I 'm out of here .</tokentext>
<sentencetext>If that shit becomes a running /.
meme, I'm out of here.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999252</id>
	<title>Re:it still comes down to one thing</title>
	<author>ComputerGeek01</author>
	<datestamp>1265140020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Better passwords would have made all the difference in the world. 16 character, mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access.  Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password".  It's not like it costs more to have a longer, more complex password.</p></div><p>Neither is it anymore secure. Having the same 16 char password on every unit of a product only makes it frustrating to use; not any more secure. What is needed is a individual password for every unit based on something unique like the serial number of the unit, and this WOULD cost more money for production AND support costs. Also you would alienate a portion of the market because this seemingly simple thing will be well beyond their ability. Stupid people will always exist, it is the burden of society to tolerate them and evidently to make exceptions for them. We cannot blast every manufactorer who wants to sell stuff to stupid people for brining things like security down to a level that the morons with money can use.</p></div>
	</htmltext>
<tokenext>Better passwords would have made all the difference in the world .
16 character , mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access .
Too many companies are still shipping products that have no intended user access to the command shell with passwords like " Admin " , " 12345 " , and the ever-popular " password " .
It 's not like it costs more to have a longer , more complex password.Neither is it anymore secure .
Having the same 16 char password on every unit of a product only makes it frustrating to use ; not any more secure .
What is needed is a individual password for every unit based on something unique like the serial number of the unit , and this WOULD cost more money for production AND support costs .
Also you would alienate a portion of the market because this seemingly simple thing will be well beyond their ability .
Stupid people will always exist , it is the burden of society to tolerate them and evidently to make exceptions for them .
We can not blast every manufactorer who wants to sell stuff to stupid people for brining things like security down to a level that the morons with money can use .</tokentext>
<sentencetext>Better passwords would have made all the difference in the world.
16 character, mixed case and symbol types would have been enough of a roadblock to prevent them from gaining access.
Too many companies are still shipping products that have no intended user access to the command shell with passwords like "Admin", "12345", and the ever-popular "password".
It's not like it costs more to have a longer, more complex password.Neither is it anymore secure.
Having the same 16 char password on every unit of a product only makes it frustrating to use; not any more secure.
What is needed is a individual password for every unit based on something unique like the serial number of the unit, and this WOULD cost more money for production AND support costs.
Also you would alienate a portion of the market because this seemingly simple thing will be well beyond their ability.
Stupid people will always exist, it is the burden of society to tolerate them and evidently to make exceptions for them.
We cannot blast every manufactorer who wants to sell stuff to stupid people for brining things like security down to a level that the morons with money can use.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090</id>
	<title>Trouble</title>
	<author>Anonymous</author>
	<datestamp>1265135640000</datestamp>
	<modclass>Funny</modclass>
	<modscore>0</modscore>
	<htmltext>That's trouble o' some kind, George.</htmltext>
<tokenext>That 's trouble o ' some kind , George .</tokentext>
<sentencetext>That's trouble o' some kind, George.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31019662
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999252
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998638
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998294
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998164
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000100
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998626
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31003624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998670
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31002844
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31020168
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998272
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998570
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000786
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999086
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998524
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998582
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31004436
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_02_1632203_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000962
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999174
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31003618
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998576
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998626
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000100
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998138
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31002844
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999698
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31004436
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000786
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31020168
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000962
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31019662
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998164
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998294
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998638
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998524
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999086
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998570
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998272
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999028
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998338
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998582
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999654
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30998670
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31003624
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999252
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999120
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.30999974
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_02_1632203.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_02_1632203.31000920
</commentlist>
</conversation>
