<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_15_1227223</id>
	<title>Humans Continue To Be "Weak Link" In Data Security</title>
	<author>CmdrTaco</author>
	<datestamp>1268657160000</datestamp>
	<htmltext>ChiefMonkeyGrinder writes <i>"Nearly 90 percent of IT workers in the UK have said a laptop in their organization <a href="http://www.computerworlduk.com/management/security/data-control/news/index.cfm?newsId=19351">has been reported lost or stolen</a>, new research has found. Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software."</i></htmltext>
<tokenext>ChiefMonkeyGrinder writes " Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen , new research has found .
Sixty-one percent said that this then resulted in a data breach , according to the '2010 Human Factor in Laptop Encryption Study : United Kingdom, ' a report produced by the Ponemon Institute for Absolute Software .
"</tokentext>
<sentencetext>ChiefMonkeyGrinder writes "Nearly 90 percent of IT workers in the UK have said a laptop in their organization has been reported lost or stolen, new research has found.
Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom,' a report produced by the Ponemon Institute for Absolute Software.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484326</id>
	<title>Re:Security Failings</title>
	<author>John Hasler</author>
	<datestamp>1268678220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; If IT departments really would care about password security, and insist on<br>&gt; complex passwords AND not writing them down</p><p>How many security breaches do you know of that were due to the writing down of passwords?</p></htmltext>
<tokenext>&gt; If IT departments really would care about password security , and insist on &gt; complex passwords AND not writing them downHow many security breaches do you know of that were due to the writing down of passwords ?</tokentext>
<sentencetext>&gt; If IT departments really would care about password security, and insist on&gt; complex passwords AND not writing them downHow many security breaches do you know of that were due to the writing down of passwords?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481114</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480790</id>
	<title>Ponemon</title>
	<author>tepples</author>
	<datestamp>1268661600000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>the Ponemon Institute</p></div><p>Laptops: gotta steal 'em all.</p></div>
	</htmltext>
<tokenext>the Ponemon InstituteLaptops : got ta steal 'em all .</tokentext>
<sentencetext>the Ponemon InstituteLaptops: gotta steal 'em all.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748</id>
	<title>Encrypt your sh*t. Or you aren't a professional.</title>
	<author>Anonymous</author>
	<datestamp>1268661360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm tired of seeing articles which talk about IT "professionals" who don't even know how to use encryption.</p><p>It's not hard, it's more a matter of people not wanting to have any security because then they don't have to hire actual professionals who might cost a bit more.</p></htmltext>
<tokenext>I 'm tired of seeing articles which talk about IT " professionals " who do n't even know how to use encryption.It 's not hard , it 's more a matter of people not wanting to have any security because then they do n't have to hire actual professionals who might cost a bit more .</tokentext>
<sentencetext>I'm tired of seeing articles which talk about IT "professionals" who don't even know how to use encryption.It's not hard, it's more a matter of people not wanting to have any security because then they don't have to hire actual professionals who might cost a bit more.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480882</id>
	<title>Frqost pist</title>
	<author>Anonymous</author>
	<datestamp>1268662140000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><A HREF="http://goat.cx/" title="goat.cx" rel="nofollow">IN A HEAD SPINNING population as well Posts. Therefore of all legitimate '*BSD Sux0rs'. This *BSD has lost more DiScussion I'm All servers. Coming</a> [goat.cx]</htmltext>
<tokenext>IN A HEAD SPINNING population as well Posts .
Therefore of all legitimate ' * BSD Sux0rs' .
This * BSD has lost more DiScussion I 'm All servers .
Coming [ goat.cx ]</tokentext>
<sentencetext>IN A HEAD SPINNING population as well Posts.
Therefore of all legitimate '*BSD Sux0rs'.
This *BSD has lost more DiScussion I'm All servers.
Coming [goat.cx]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481474</id>
	<title>The reason why security is hard...</title>
	<author>TejWC</author>
	<datestamp>1268665740000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>... is because computers <a href="http://www.smbc-comics.com/index.php?db=comics&amp;id=1801" title="smbc-comics.com"> do exactly what they are told to do</a> [smbc-comics.com].</p></htmltext>
<tokenext>... is because computers do exactly what they are told to do [ smbc-comics.com ] .</tokentext>
<sentencetext>... is because computers  do exactly what they are told to do [smbc-comics.com].</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352</id>
	<title>Re:Hmmm ...</title>
	<author>Anonymous</author>
	<datestamp>1268664900000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>Better if you could remove data mobility from the equation.  If somebody leaves their laptop in an unlocked office or a box of hard disks in the back seat of their car, it's quite likely to get stolen.  So, knowing that that sort of thing <i>will</i> happen, it seems to make sense to force all sensitive data to be stored on physically and cyberly(just woke up, can't think of the proper word here, nurrrr) secured file servers.</htmltext>
<tokenext>Better if you could remove data mobility from the equation .
If somebody leaves their laptop in an unlocked office or a box of hard disks in the back seat of their car , it 's quite likely to get stolen .
So , knowing that that sort of thing will happen , it seems to make sense to force all sensitive data to be stored on physically and cyberly ( just woke up , ca n't think of the proper word here , nurrrr ) secured file servers .</tokentext>
<sentencetext>Better if you could remove data mobility from the equation.
If somebody leaves their laptop in an unlocked office or a box of hard disks in the back seat of their car, it's quite likely to get stolen.
So, knowing that that sort of thing will happen, it seems to make sense to force all sensitive data to be stored on physically and cyberly(just woke up, can't think of the proper word here, nurrrr) secured file servers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482046</id>
	<title>Re:Security Failings</title>
	<author>socsoc</author>
	<datestamp>1268668440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have no idea why that would be the easiest. The pass is nothing personal or memorable. <b>You</b> just happen to like the left side of your keyboard. It's similar to having the password of asda.</htmltext>
<tokenext>I have no idea why that would be the easiest .
The pass is nothing personal or memorable .
You just happen to like the left side of your keyboard .
It 's similar to having the password of asda .</tokentext>
<sentencetext>I have no idea why that would be the easiest.
The pass is nothing personal or memorable.
You just happen to like the left side of your keyboard.
It's similar to having the password of asda.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480676</id>
	<title>But humans can also forget...</title>
	<author>Anonymous</author>
	<datestamp>1268660880000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I guess for security, forgetting is best.<nobr> <wbr></nobr>:P</p></htmltext>
<tokenext>I guess for security , forgetting is best .
: P</tokentext>
<sentencetext>I guess for security, forgetting is best.
:P</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480916</id>
	<title>Re:Encrypt your sh*t. Or you aren't a professional</title>
	<author>c0mpliant</author>
	<datestamp>1268662380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext>Can't agree more. Encryption is such a basic and fundamental requirement that if you're security team isn't working on a way to encrypt your data now, they should have it already done.
<br>
<br>
A question that should be asked more though that it currently is, is why do you need this data on easily stolen device. For example, why do customer records need to be on a laptop, why is this confidential document on a USB stick?
<br>
In my work place, no one can transfer anything off our internal network via data transfer. USB sticks will not be detected by machines. There are no open ethernet cables so if you try to connect a laptop to the cable running into your machine, it wont work. If anyone wants <i>anything</i> taken from the network, they need to raise a request and then if its granted, they will get the data encrypted and placed on a USB stick or laptop of their choice. We have a record of where things were taken from, when they were, requested by whom, authorised by whom. Users may find it slightly inconvenient but our data is secure, controlled and even in the event on a lost laptop or USB stick, we know that its encrypted to a high standard</htmltext>
<tokenext>Ca n't agree more .
Encryption is such a basic and fundamental requirement that if you 're security team is n't working on a way to encrypt your data now , they should have it already done .
A question that should be asked more though that it currently is , is why do you need this data on easily stolen device .
For example , why do customer records need to be on a laptop , why is this confidential document on a USB stick ?
In my work place , no one can transfer anything off our internal network via data transfer .
USB sticks will not be detected by machines .
There are no open ethernet cables so if you try to connect a laptop to the cable running into your machine , it wont work .
If anyone wants anything taken from the network , they need to raise a request and then if its granted , they will get the data encrypted and placed on a USB stick or laptop of their choice .
We have a record of where things were taken from , when they were , requested by whom , authorised by whom .
Users may find it slightly inconvenient but our data is secure , controlled and even in the event on a lost laptop or USB stick , we know that its encrypted to a high standard</tokentext>
<sentencetext>Can't agree more.
Encryption is such a basic and fundamental requirement that if you're security team isn't working on a way to encrypt your data now, they should have it already done.
A question that should be asked more though that it currently is, is why do you need this data on easily stolen device.
For example, why do customer records need to be on a laptop, why is this confidential document on a USB stick?
In my work place, no one can transfer anything off our internal network via data transfer.
USB sticks will not be detected by machines.
There are no open ethernet cables so if you try to connect a laptop to the cable running into your machine, it wont work.
If anyone wants anything taken from the network, they need to raise a request and then if its granted, they will get the data encrypted and placed on a USB stick or laptop of their choice.
We have a record of where things were taken from, when they were, requested by whom, authorised by whom.
Users may find it slightly inconvenient but our data is secure, controlled and even in the event on a lost laptop or USB stick, we know that its encrypted to a high standard</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481726</id>
	<title>Re:Encryption and you</title>
	<author>Anonymous</author>
	<datestamp>1268667000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Encryption is not the solution. history of enigma machine is the evidence.<br>1) Most people like to use simple password to encrypt data, so encryption cannot really ensure security.</p><p>2) if you encrypted the whole hard disk, when system files are corrupted, the data are lost forever because you cannot boot from system CD to fix the hard disk.</p><p>3) If you make many backup of the data, you will have higher risk of losing the backup data. Instead of laptops, you will lose flash drive, DVD, CD or tapes.</p></htmltext>
<tokenext>Encryption is not the solution .
history of enigma machine is the evidence.1 ) Most people like to use simple password to encrypt data , so encryption can not really ensure security.2 ) if you encrypted the whole hard disk , when system files are corrupted , the data are lost forever because you can not boot from system CD to fix the hard disk.3 ) If you make many backup of the data , you will have higher risk of losing the backup data .
Instead of laptops , you will lose flash drive , DVD , CD or tapes .</tokentext>
<sentencetext>Encryption is not the solution.
history of enigma machine is the evidence.1) Most people like to use simple password to encrypt data, so encryption cannot really ensure security.2) if you encrypted the whole hard disk, when system files are corrupted, the data are lost forever because you cannot boot from system CD to fix the hard disk.3) If you make many backup of the data, you will have higher risk of losing the backup data.
Instead of laptops, you will lose flash drive, DVD, CD or tapes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481166</id>
	<title>Re:Security Failings</title>
	<author>Anonymous</author>
	<datestamp>1268663760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Oh yeah because qwQW12!" would be way harder. q1W@e3R$ is definitely the easiest.</htmltext>
<tokenext>Oh yeah because qwQW12 !
" would be way harder .
q1W @ e3R $ is definitely the easiest .</tokentext>
<sentencetext>Oh yeah because qwQW12!
" would be way harder.
q1W@e3R$ is definitely the easiest.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756</id>
	<title>Maybe they should tie them to thier wrists</title>
	<author>Johnny Fusion</author>
	<datestamp>1268661360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Nine out of Ten lost or stolen in the UK?  I have to wonder if seeing abandoned laptops laying around is commonplace there.  I don't think I have ever seen a "lost" computer just waiting for me to pick it up.

There must be something about the culture that only 10\% of the population can keep track of their gadgets.  I am reminded of people you see on the beach with metal detectors trying to find lost and dropped jewelery and coins.  I may have to make a trip to the UK and ride trains looking for discarded hardware.</htmltext>
<tokenext>Nine out of Ten lost or stolen in the UK ?
I have to wonder if seeing abandoned laptops laying around is commonplace there .
I do n't think I have ever seen a " lost " computer just waiting for me to pick it up .
There must be something about the culture that only 10 \ % of the population can keep track of their gadgets .
I am reminded of people you see on the beach with metal detectors trying to find lost and dropped jewelery and coins .
I may have to make a trip to the UK and ride trains looking for discarded hardware .</tokentext>
<sentencetext>Nine out of Ten lost or stolen in the UK?
I have to wonder if seeing abandoned laptops laying around is commonplace there.
I don't think I have ever seen a "lost" computer just waiting for me to pick it up.
There must be something about the culture that only 10\% of the population can keep track of their gadgets.
I am reminded of people you see on the beach with metal detectors trying to find lost and dropped jewelery and coins.
I may have to make a trip to the UK and ride trains looking for discarded hardware.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483846</id>
	<title>Skynert</title>
	<author>Toze</author>
	<datestamp>1268676360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Oh, <i>damn</i>.</htmltext>
<tokenext>Oh , damn .</tokentext>
<sentencetext>Oh, damn.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480846</id>
	<title>Re:Encrypt your sh*t. Or you aren't a professional</title>
	<author>zappepcs</author>
	<datestamp>1268661960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>IT workers != IT professionals.  The marketing directors admin does IT work for him, she is not a professional IT technician. Laptops AFAIK are not given out to those that deserve them so much as those who can't be required to sit in an office all day. Think about this for a minute. Are the tech savvy people in the office or on the road?</p></htmltext>
<tokenext>IT workers ! = IT professionals .
The marketing directors admin does IT work for him , she is not a professional IT technician .
Laptops AFAIK are not given out to those that deserve them so much as those who ca n't be required to sit in an office all day .
Think about this for a minute .
Are the tech savvy people in the office or on the road ?</tokentext>
<sentencetext>IT workers != IT professionals.
The marketing directors admin does IT work for him, she is not a professional IT technician.
Laptops AFAIK are not given out to those that deserve them so much as those who can't be required to sit in an office all day.
Think about this for a minute.
Are the tech savvy people in the office or on the road?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480746</id>
	<title>Bosses are human too.</title>
	<author>Anonymous</author>
	<datestamp>1268661300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Bosses are human too. If you're giving data to the untrustworthy, that's YOUR failure as a manager in data security.</p><p>If you're giving data to people who have been shown no loyalty, yet you expect loyalty from them, that is YOUR failure as a manager in data security.</p><p>If you're demanding results and won't take "that is not safe" as an answer (cf the passwords of a US city network), that is YOUR failure as a manager in data security.</p><p>The weakest link in the chain is usually the one with least to trouble themselves with the problems and the greatest power to demand.</p><p>The Boss.</p></htmltext>
<tokenext>Bosses are human too .
If you 're giving data to the untrustworthy , that 's YOUR failure as a manager in data security.If you 're giving data to people who have been shown no loyalty , yet you expect loyalty from them , that is YOUR failure as a manager in data security.If you 're demanding results and wo n't take " that is not safe " as an answer ( cf the passwords of a US city network ) , that is YOUR failure as a manager in data security.The weakest link in the chain is usually the one with least to trouble themselves with the problems and the greatest power to demand.The Boss .</tokentext>
<sentencetext>Bosses are human too.
If you're giving data to the untrustworthy, that's YOUR failure as a manager in data security.If you're giving data to people who have been shown no loyalty, yet you expect loyalty from them, that is YOUR failure as a manager in data security.If you're demanding results and won't take "that is not safe" as an answer (cf the passwords of a US city network), that is YOUR failure as a manager in data security.The weakest link in the chain is usually the one with least to trouble themselves with the problems and the greatest power to demand.The Boss.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483784</id>
	<title>Re:Not a great thing.</title>
	<author>chrysrobyn</author>
	<datestamp>1268676120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>awfuieri3v<br>
4u9388535v<br>
v9tv379vn7<br>
mc20884v05<br>

That's just gibberish, but I could easily write that matrix down on a piece of paper, and then pick a path to take through it(it doesn't even have to be a complicated one, for example I could just use columns 2, 4, and 6)</p></div> </blockquote><p>An attacker should use everything available to him/her to compromise your account.  With your gibberish of 10x4 up there, one might immediately assume a random string is necessary.  If I assume 8 digits, I'm stuck with 40^8.  Immediately, that search space is much lower than (26*26*10*10)^8 (lowercase, uppercase, numbers and a pile of symbols).  If I remove duplicates, I'd observe that there are 4 8s, 3 5s, 4 vs, etc, so that's really less than 32^8.  If I have reason to believe there's a contiguous path involved, then the problem is far closer to 40*8^7, because once an initial character is chosen, we'll stick with neighbors.  An attacker who knows of the existence of your matrix could code up some C and have it standing by to brute force as soon as you enter the matrix.</p><p>Better than having a matrix is something never written down.  Long known phrases concatenated together with periodic numbers, or even just the first letter of such phrases are far more secure.  Muscle memory will make them hard to casually observe.</p><p>Instead, work demands I change the password on each of my dozen accounts every 90 days.  So, I algorithmically pad the date in case I have to reverse decipher anything I miss.  There's no way I could remember a strong password in less than 30 days; even when my password is this simple, it takes me 2 weeks to stop typing the old one.  3 weeks if I have to remember a new year.</p></div>
	</htmltext>
<tokenext>awfuieri3v 4u9388535v v9tv379vn7 mc20884v05 That 's just gibberish , but I could easily write that matrix down on a piece of paper , and then pick a path to take through it ( it does n't even have to be a complicated one , for example I could just use columns 2 , 4 , and 6 ) An attacker should use everything available to him/her to compromise your account .
With your gibberish of 10x4 up there , one might immediately assume a random string is necessary .
If I assume 8 digits , I 'm stuck with 40 ^ 8 .
Immediately , that search space is much lower than ( 26 * 26 * 10 * 10 ) ^ 8 ( lowercase , uppercase , numbers and a pile of symbols ) .
If I remove duplicates , I 'd observe that there are 4 8s , 3 5s , 4 vs , etc , so that 's really less than 32 ^ 8 .
If I have reason to believe there 's a contiguous path involved , then the problem is far closer to 40 * 8 ^ 7 , because once an initial character is chosen , we 'll stick with neighbors .
An attacker who knows of the existence of your matrix could code up some C and have it standing by to brute force as soon as you enter the matrix.Better than having a matrix is something never written down .
Long known phrases concatenated together with periodic numbers , or even just the first letter of such phrases are far more secure .
Muscle memory will make them hard to casually observe.Instead , work demands I change the password on each of my dozen accounts every 90 days .
So , I algorithmically pad the date in case I have to reverse decipher anything I miss .
There 's no way I could remember a strong password in less than 30 days ; even when my password is this simple , it takes me 2 weeks to stop typing the old one .
3 weeks if I have to remember a new year .</tokentext>
<sentencetext>awfuieri3v
4u9388535v
v9tv379vn7
mc20884v05

That's just gibberish, but I could easily write that matrix down on a piece of paper, and then pick a path to take through it(it doesn't even have to be a complicated one, for example I could just use columns 2, 4, and 6) An attacker should use everything available to him/her to compromise your account.
With your gibberish of 10x4 up there, one might immediately assume a random string is necessary.
If I assume 8 digits, I'm stuck with 40^8.
Immediately, that search space is much lower than (26*26*10*10)^8 (lowercase, uppercase, numbers and a pile of symbols).
If I remove duplicates, I'd observe that there are 4 8s, 3 5s, 4 vs, etc, so that's really less than 32^8.
If I have reason to believe there's a contiguous path involved, then the problem is far closer to 40*8^7, because once an initial character is chosen, we'll stick with neighbors.
An attacker who knows of the existence of your matrix could code up some C and have it standing by to brute force as soon as you enter the matrix.Better than having a matrix is something never written down.
Long known phrases concatenated together with periodic numbers, or even just the first letter of such phrases are far more secure.
Muscle memory will make them hard to casually observe.Instead, work demands I change the password on each of my dozen accounts every 90 days.
So, I algorithmically pad the date in case I have to reverse decipher anything I miss.
There's no way I could remember a strong password in less than 30 days; even when my password is this simple, it takes me 2 weeks to stop typing the old one.
3 weeks if I have to remember a new year.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480844</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483620</id>
	<title>Re:FULL DISCLOSURE - Absolute Software</title>
	<author>Anonymous</author>
	<datestamp>1268675400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Sure, but the research was done &amp; published by the Ponemon Institute, a well-respected independent IT security think-tank.<br> <br>

<a href="http://www.ponemon.org/index.php" title="ponemon.org" rel="nofollow">http://www.ponemon.org/index.php</a> [ponemon.org] <br> <br><nobr> <wbr></nobr>...In other words, it sounds like Absolute didn't just pay some guy down the hall to just make up some numbers.</htmltext>
<tokenext>Sure , but the research was done &amp; published by the Ponemon Institute , a well-respected independent IT security think-tank .
http : //www.ponemon.org/index.php [ ponemon.org ] ...In other words , it sounds like Absolute did n't just pay some guy down the hall to just make up some numbers .</tokentext>
<sentencetext>Sure, but the research was done &amp; published by the Ponemon Institute, a well-respected independent IT security think-tank.
http://www.ponemon.org/index.php [ponemon.org]   ...In other words, it sounds like Absolute didn't just pay some guy down the hall to just make up some numbers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481490</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812</id>
	<title>Encryption and you</title>
	<author>Kaldesh</author>
	<datestamp>1268661720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>I really fail to see why so many of these companies fail to use common sense.  The first thing we do as an IT staff in my organization with laptops is encrypt them.  Use something like Truecrypt, enable full drive encryption and set a good password.  Laptop gets stolen? You're out the cost of the physical hardware that was taken from you... but the data that was on the machine? You can rest easy that you took every precaution you could to keep it safe.

Of course, I work in the health care field so, any laptops, tablets, netbooks etc that have any ePHI (Electronic Protected Health Information), have to be secured.  We just take our security practices a step further and do it to all of them.  Which is worse? Having your users gripe a bit about an extra password? Or having data stolen? It's saved us once already as a laptop was stolen last year on a business trip.</htmltext>
<tokenext>I really fail to see why so many of these companies fail to use common sense .
The first thing we do as an IT staff in my organization with laptops is encrypt them .
Use something like Truecrypt , enable full drive encryption and set a good password .
Laptop gets stolen ?
You 're out the cost of the physical hardware that was taken from you... but the data that was on the machine ?
You can rest easy that you took every precaution you could to keep it safe .
Of course , I work in the health care field so , any laptops , tablets , netbooks etc that have any ePHI ( Electronic Protected Health Information ) , have to be secured .
We just take our security practices a step further and do it to all of them .
Which is worse ?
Having your users gripe a bit about an extra password ?
Or having data stolen ?
It 's saved us once already as a laptop was stolen last year on a business trip .</tokentext>
<sentencetext>I really fail to see why so many of these companies fail to use common sense.
The first thing we do as an IT staff in my organization with laptops is encrypt them.
Use something like Truecrypt, enable full drive encryption and set a good password.
Laptop gets stolen?
You're out the cost of the physical hardware that was taken from you... but the data that was on the machine?
You can rest easy that you took every precaution you could to keep it safe.
Of course, I work in the health care field so, any laptops, tablets, netbooks etc that have any ePHI (Electronic Protected Health Information), have to be secured.
We just take our security practices a step further and do it to all of them.
Which is worse?
Having your users gripe a bit about an extra password?
Or having data stolen?
It's saved us once already as a laptop was stolen last year on a business trip.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482190</id>
	<title>Re:Hmmm ...</title>
	<author>Anonymous</author>
	<datestamp>1268669160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is why many of my customers use Citrix XenApp or Xendesktop or VMware View on a thin client laptop. People steal the laptop, there's no data to worry about.</p></htmltext>
<tokenext>This is why many of my customers use Citrix XenApp or Xendesktop or VMware View on a thin client laptop .
People steal the laptop , there 's no data to worry about .</tokentext>
<sentencetext>This is why many of my customers use Citrix XenApp or Xendesktop or VMware View on a thin client laptop.
People steal the laptop, there's no data to worry about.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481240</id>
	<title>Its Funny</title>
	<author>MrTripps</author>
	<datestamp>1268664240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Its funny when you go to the trouble of encrypting a laptop and then see they have their user name and password taped to bottom. Its also funny when the encryption software bricks the laptop. I'm looking at you McAfee.</htmltext>
<tokenext>Its funny when you go to the trouble of encrypting a laptop and then see they have their user name and password taped to bottom .
Its also funny when the encryption software bricks the laptop .
I 'm looking at you McAfee .</tokentext>
<sentencetext>Its funny when you go to the trouble of encrypting a laptop and then see they have their user name and password taped to bottom.
Its also funny when the encryption software bricks the laptop.
I'm looking at you McAfee.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481024</id>
	<title>Re:Security Failings</title>
	<author>L4t3r4lu5</author>
	<datestamp>1268662980000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Make it long, make it simple.<br> <br>Pass<b>phrases</b> are the way forward. Ih4t3MSoft may well satisfy Microsoft's Secure Password policy of 7 characters, one upper, one lower case, one non-alphabetical. However, it's nowhere near as secure (from a brute-force perspective) as ihaterubbishmicrosoftsoftware.<br> <br>N.B. Not Anti-MS trolling, just picking phrases as they come to mind.</htmltext>
<tokenext>Make it long , make it simple .
Passphrases are the way forward .
Ih4t3MSoft may well satisfy Microsoft 's Secure Password policy of 7 characters , one upper , one lower case , one non-alphabetical .
However , it 's nowhere near as secure ( from a brute-force perspective ) as ihaterubbishmicrosoftsoftware .
N.B. Not Anti-MS trolling , just picking phrases as they come to mind .</tokentext>
<sentencetext>Make it long, make it simple.
Passphrases are the way forward.
Ih4t3MSoft may well satisfy Microsoft's Secure Password policy of 7 characters, one upper, one lower case, one non-alphabetical.
However, it's nowhere near as secure (from a brute-force perspective) as ihaterubbishmicrosoftsoftware.
N.B. Not Anti-MS trolling, just picking phrases as they come to mind.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778</id>
	<title>Human is the weak link in anything</title>
	<author>Opportunist</author>
	<datestamp>1268661540000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error. Why we let these insecure parts remain a critical part in anything is beyond me.</p></htmltext>
<tokenext>Any procedure , any system , any protocol , anything fails 9 out of 10 times due to human error .
Why we let these insecure parts remain a critical part in anything is beyond me .</tokentext>
<sentencetext>Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error.
Why we let these insecure parts remain a critical part in anything is beyond me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483314</id>
	<title>Re:Security Failings</title>
	<author>houghi</author>
	<datestamp>1268674200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It is not only passwords, but also usernames. I use some 10 different usernames. Most of them are variations of my first and last name, but in different order, but some are not. They are given by sites or departments and sometimes I am not able to change the login and/or the password.</p><p>The worst changing of password I had was where I needed to change every week.</p><p>At a place I used to work I conviniently 'forgot' my new password each month. IT did a reset and I was able to re-use my password again. Now I change about 7 passwords every month the first of the month, but one has an expiration date of 30 days (instead of 31).</p><p>So yes, I also do have a file with URL or filename, logins and passwords.</p></htmltext>
<tokenext>It is not only passwords , but also usernames .
I use some 10 different usernames .
Most of them are variations of my first and last name , but in different order , but some are not .
They are given by sites or departments and sometimes I am not able to change the login and/or the password.The worst changing of password I had was where I needed to change every week.At a place I used to work I conviniently 'forgot ' my new password each month .
IT did a reset and I was able to re-use my password again .
Now I change about 7 passwords every month the first of the month , but one has an expiration date of 30 days ( instead of 31 ) .So yes , I also do have a file with URL or filename , logins and passwords .</tokentext>
<sentencetext>It is not only passwords, but also usernames.
I use some 10 different usernames.
Most of them are variations of my first and last name, but in different order, but some are not.
They are given by sites or departments and sometimes I am not able to change the login and/or the password.The worst changing of password I had was where I needed to change every week.At a place I used to work I conviniently 'forgot' my new password each month.
IT did a reset and I was able to re-use my password again.
Now I change about 7 passwords every month the first of the month, but one has an expiration date of 30 days (instead of 31).So yes, I also do have a file with URL or filename, logins and passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481714</id>
	<title>Re:Encrypt your sh*t. Or you aren't a professional</title>
	<author>JasterBobaMereel</author>
	<datestamp>1268667000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The professional only needs to ask two questions<nobr> <wbr></nobr>....</p><p>1st question: why have you got sensitive data on your laptop ?</p><p>2nd question: if you have (or might have) sensitive data on your laptop, why is not encrypted?</p><p>In my experience the people who "have to" have sensitive data on their laptops generally don't have to<nobr> <wbr></nobr>...</p><p>and the people who have sensitive data on their laptops always come up with poor reasons why they don't want encryption<nobr> <wbr></nobr>...</p></htmltext>
<tokenext>The professional only needs to ask two questions ....1st question : why have you got sensitive data on your laptop ? 2nd question : if you have ( or might have ) sensitive data on your laptop , why is not encrypted ? In my experience the people who " have to " have sensitive data on their laptops generally do n't have to ...and the people who have sensitive data on their laptops always come up with poor reasons why they do n't want encryption .. .</tokentext>
<sentencetext>The professional only needs to ask two questions ....1st question: why have you got sensitive data on your laptop ?2nd question: if you have (or might have) sensitive data on your laptop, why is not encrypted?In my experience the people who "have to" have sensitive data on their laptops generally don't have to ...and the people who have sensitive data on their laptops always come up with poor reasons why they don't want encryption ...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480844</id>
	<title>Not a great thing.</title>
	<author>FlyingBishop</author>
	<datestamp>1268661960000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><blockquote><div><p>None of the IT workers recorded their password on a private document, but three percent did admit to sharing their key with other people.</p></div></blockquote><p>You keep your password on a private document in your pocket, you can use a stronger password, and it's a lot harder to lose both your laptop and your password.</p><p>If you do lose one, it's easy to take steps to blacklist the other. You can even use some trivial obfuscation in recording the password so that even if someone gets it, they won't be able to figure out your password.</p><p>Example:</p><p><tt><br>awfuieri3v<br>4u9388535v<br>v9tv379vn7<br>mc20884v05<br></tt></p><p>That's just gibberish, but I could easily write that matrix down on a piece of paper, and then pick a path to take through it(it doesn't even have to be a complicated one, for example I could just use columns 2, 4, and 6) and there's not really much chance that someone's going to find my password. Of course there are even better examples where it's not even obvious that you're looking at a password matrix.</p></div>
	</htmltext>
<tokenext>None of the IT workers recorded their password on a private document , but three percent did admit to sharing their key with other people.You keep your password on a private document in your pocket , you can use a stronger password , and it 's a lot harder to lose both your laptop and your password.If you do lose one , it 's easy to take steps to blacklist the other .
You can even use some trivial obfuscation in recording the password so that even if someone gets it , they wo n't be able to figure out your password.Example : awfuieri3v4u9388535vv9tv379vn7mc20884v05That 's just gibberish , but I could easily write that matrix down on a piece of paper , and then pick a path to take through it ( it does n't even have to be a complicated one , for example I could just use columns 2 , 4 , and 6 ) and there 's not really much chance that someone 's going to find my password .
Of course there are even better examples where it 's not even obvious that you 're looking at a password matrix .</tokentext>
<sentencetext>None of the IT workers recorded their password on a private document, but three percent did admit to sharing their key with other people.You keep your password on a private document in your pocket, you can use a stronger password, and it's a lot harder to lose both your laptop and your password.If you do lose one, it's easy to take steps to blacklist the other.
You can even use some trivial obfuscation in recording the password so that even if someone gets it, they won't be able to figure out your password.Example:awfuieri3v4u9388535vv9tv379vn7mc20884v05That's just gibberish, but I could easily write that matrix down on a piece of paper, and then pick a path to take through it(it doesn't even have to be a complicated one, for example I could just use columns 2, 4, and 6) and there's not really much chance that someone's going to find my password.
Of course there are even better examples where it's not even obvious that you're looking at a password matrix.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481090</id>
	<title>Humans Continue To Be 'Weak Link'</title>
	<author>jack2000</author>
	<datestamp>1268663460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>In other news, carbon based lifeforms require nutritional sustenance.<br> Come on people! Enough of these filler stories!</htmltext>
<tokenext>In other news , carbon based lifeforms require nutritional sustenance .
Come on people !
Enough of these filler stories !</tokentext>
<sentencetext>In other news, carbon based lifeforms require nutritional sustenance.
Come on people!
Enough of these filler stories!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482644</id>
	<title>Re:Security Failings</title>
	<author>tlhIngan</author>
	<datestamp>1268671380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Not only making it too hard, but making changes too frequent. If someone has to change their password once a month, they will have trouble remembering it. They'll make it as simple as the security will allow and write it down (maybe multiple places).</p></div></blockquote><p>Actually, it happens in stages. The first few passwords are nice and secure. Then the next time around they're forgotten and the password is reset, and it's written down. After a few more months of that, the guy will choose a password according to some algorithm</p><p>Monthly ones are fun, because you can get upper case, lower case, and numbers easily:</p><p>January2010, Feburary2010, March2010,<nobr> <wbr></nobr>..., December2010, January2011,<nobr> <wbr></nobr>...</p><p>How about a symbol?</p><p>January@010, February2)10, March20!0,<nobr> <wbr></nobr>... (number is shifted)</p><p>Yes, very secure.</p><p>A better way would be to use something like apg that generates pronouncable passwords that have numbers/letters/caps, maybe a symbol, and re-issue it to the staff no more often than yearly. Print it out on newsprint or other paper that degrades after a month, by which time muscle memory would store the password. The only time password changes are more frequent is if there's a deliberate attack (which your servers log, right?)</p></div>
	</htmltext>
<tokenext>Not only making it too hard , but making changes too frequent .
If someone has to change their password once a month , they will have trouble remembering it .
They 'll make it as simple as the security will allow and write it down ( maybe multiple places ) .Actually , it happens in stages .
The first few passwords are nice and secure .
Then the next time around they 're forgotten and the password is reset , and it 's written down .
After a few more months of that , the guy will choose a password according to some algorithmMonthly ones are fun , because you can get upper case , lower case , and numbers easily : January2010 , Feburary2010 , March2010 , ... , December2010 , January2011 , ...How about a symbol ? January @ 010 , February2 ) 10 , March20 ! 0 , ... ( number is shifted ) Yes , very secure.A better way would be to use something like apg that generates pronouncable passwords that have numbers/letters/caps , maybe a symbol , and re-issue it to the staff no more often than yearly .
Print it out on newsprint or other paper that degrades after a month , by which time muscle memory would store the password .
The only time password changes are more frequent is if there 's a deliberate attack ( which your servers log , right ?
)</tokentext>
<sentencetext>Not only making it too hard, but making changes too frequent.
If someone has to change their password once a month, they will have trouble remembering it.
They'll make it as simple as the security will allow and write it down (maybe multiple places).Actually, it happens in stages.
The first few passwords are nice and secure.
Then the next time around they're forgotten and the password is reset, and it's written down.
After a few more months of that, the guy will choose a password according to some algorithmMonthly ones are fun, because you can get upper case, lower case, and numbers easily:January2010, Feburary2010, March2010, ..., December2010, January2011, ...How about a symbol?January@010, February2)10, March20!0, ... (number is shifted)Yes, very secure.A better way would be to use something like apg that generates pronouncable passwords that have numbers/letters/caps, maybe a symbol, and re-issue it to the staff no more often than yearly.
Print it out on newsprint or other paper that degrades after a month, by which time muscle memory would store the password.
The only time password changes are more frequent is if there's a deliberate attack (which your servers log, right?
)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481102</id>
	<title>Encryption isn't everything</title>
	<author>Sycraft-fu</author>
	<datestamp>1268663520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>I'm not saying there aren't plenty of places that encryption is useful security, but I see it far oversold as a panacea. That something is encrypted doesn't mean it is secure. A great example of that would be copy protected games or movies. They use encryption to secure their data. Often it is quite good encryption. AACS uses 128-bit AES crypto, doesn't get much stronger or more tested than that. Yet, it is all for naught. Games are cracked, Blu-Rays are copied and so on. Why? Well because the decryption key is on the disc somewhere. Obfuscate all you like, if they key is there you are screwed.</p><p>Same deal with encryption is terms of security for your data. Encryption is useful for data in transit over insecure channels, the Internet being the main one. So long as only your computer and the remote computer have the key, there'll be no snooping on what is going on. Encryption is also useful against physical theft in the case of a laptop or something. If they grab the computer but can't get the password (and the computer isn't logged in or the like) then they can't get the data.</p><p>However encryption isn't useful a whole lot outside of that. For example encrypting data on your desktop won't do much against a remote attack. You have to get in to said data and so when you decrypt it, the key and/or data can be captured. You'd be just as well off with unencrypted data overall. Likewise encryption does little to nothing against a social engineering type of attack.</p><p>So I'm not saying "Don't use encryption," just that you should think about when to use it, if it is doing any good. Don't sell encryption as something you need to always do, because it isn't useful and can lead to a false sense of security.</p></htmltext>
<tokenext>I 'm not saying there are n't plenty of places that encryption is useful security , but I see it far oversold as a panacea .
That something is encrypted does n't mean it is secure .
A great example of that would be copy protected games or movies .
They use encryption to secure their data .
Often it is quite good encryption .
AACS uses 128-bit AES crypto , does n't get much stronger or more tested than that .
Yet , it is all for naught .
Games are cracked , Blu-Rays are copied and so on .
Why ? Well because the decryption key is on the disc somewhere .
Obfuscate all you like , if they key is there you are screwed.Same deal with encryption is terms of security for your data .
Encryption is useful for data in transit over insecure channels , the Internet being the main one .
So long as only your computer and the remote computer have the key , there 'll be no snooping on what is going on .
Encryption is also useful against physical theft in the case of a laptop or something .
If they grab the computer but ca n't get the password ( and the computer is n't logged in or the like ) then they ca n't get the data.However encryption is n't useful a whole lot outside of that .
For example encrypting data on your desktop wo n't do much against a remote attack .
You have to get in to said data and so when you decrypt it , the key and/or data can be captured .
You 'd be just as well off with unencrypted data overall .
Likewise encryption does little to nothing against a social engineering type of attack.So I 'm not saying " Do n't use encryption , " just that you should think about when to use it , if it is doing any good .
Do n't sell encryption as something you need to always do , because it is n't useful and can lead to a false sense of security .</tokentext>
<sentencetext>I'm not saying there aren't plenty of places that encryption is useful security, but I see it far oversold as a panacea.
That something is encrypted doesn't mean it is secure.
A great example of that would be copy protected games or movies.
They use encryption to secure their data.
Often it is quite good encryption.
AACS uses 128-bit AES crypto, doesn't get much stronger or more tested than that.
Yet, it is all for naught.
Games are cracked, Blu-Rays are copied and so on.
Why? Well because the decryption key is on the disc somewhere.
Obfuscate all you like, if they key is there you are screwed.Same deal with encryption is terms of security for your data.
Encryption is useful for data in transit over insecure channels, the Internet being the main one.
So long as only your computer and the remote computer have the key, there'll be no snooping on what is going on.
Encryption is also useful against physical theft in the case of a laptop or something.
If they grab the computer but can't get the password (and the computer isn't logged in or the like) then they can't get the data.However encryption isn't useful a whole lot outside of that.
For example encrypting data on your desktop won't do much against a remote attack.
You have to get in to said data and so when you decrypt it, the key and/or data can be captured.
You'd be just as well off with unencrypted data overall.
Likewise encryption does little to nothing against a social engineering type of attack.So I'm not saying "Don't use encryption," just that you should think about when to use it, if it is doing any good.
Don't sell encryption as something you need to always do, because it isn't useful and can lead to a false sense of security.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480938</id>
	<title>Re:Maybe they should tie them to thier wrists</title>
	<author>bkr1\_2k</author>
	<datestamp>1268662500000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>It doesn't say 9 out of 10 lost or stolen.  It says 9 out of 10 people reported that <b>a</b> piece of equipment has been lost or stolen within their organization.  There's a big difference between those two statements.</p><p>Of course the issue still remains, people are <i>always</i> going to be the weakest security link.  This should come as no surprise to anyone.  It has always been that way, and always will be.</p></htmltext>
<tokenext>It does n't say 9 out of 10 lost or stolen .
It says 9 out of 10 people reported that a piece of equipment has been lost or stolen within their organization .
There 's a big difference between those two statements.Of course the issue still remains , people are always going to be the weakest security link .
This should come as no surprise to anyone .
It has always been that way , and always will be .</tokentext>
<sentencetext>It doesn't say 9 out of 10 lost or stolen.
It says 9 out of 10 people reported that a piece of equipment has been lost or stolen within their organization.
There's a big difference between those two statements.Of course the issue still remains, people are always going to be the weakest security link.
This should come as no surprise to anyone.
It has always been that way, and always will be.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484664</id>
	<title>where's the beef?</title>
	<author>sammy baby</author>
	<datestamp>1268679420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Nearly 90 percent of IT workers in the UK have said a laptop in their organisation has been reported lost or stolen, new research has found.</p><p>Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom', a report produced by the Ponemon Institute for Absolute Software.</p></div> </blockquote><p>I went to Ponemon's home page, but was unable to find the study referenced by the article. Just two questions, though:</p><p>What information do we have on the relative sizes of the companies represented by this study?  The company I work for (a multinational, but I'm in the US) has close to half a million employees worldwide, more than fifty thousand of whom are in the US. How many people do you poll from my company before "yes, a laptop has been stolen from my organization" ceases to be an interesting question?  I looked at a related study Ponemon performed (link to PDF <a href="http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/Cost\%20of\%20a\%20Lost\%20Laptop\%20White\%20Paper\%20Final\%203.pdf" title="ponemon.org">here</a> [ponemon.org]) and found that in that study, there were a total of 29 organizations sampled.</p><p>Second, what constitutes a data breach? Someone accessing a system with protected information? Someone accessing a system with protected information, and actually being able to get to the protected information?</p><p>There's just no "there" in this summary.</p><p>(By the way - that study I linked to is interesting in its own right. According to Ponemon, respondents who cited a case of laptop theft in which there was a full backup available of the lost system consistently reported the cost of the lost system as <i>higher</i> - perhaps, as Ponemon speculates, because they could determine exactly what was on it when it disappeared. That kind of weird, counter-intuitive relationship is the type of thing that makes me wonder exactly how useful this type of research is.)</p></div>
	</htmltext>
<tokenext>Nearly 90 percent of IT workers in the UK have said a laptop in their organisation has been reported lost or stolen , new research has found.Sixty-one percent said that this then resulted in a data breach , according to the '2010 Human Factor in Laptop Encryption Study : United Kingdom ' , a report produced by the Ponemon Institute for Absolute Software .
I went to Ponemon 's home page , but was unable to find the study referenced by the article .
Just two questions , though : What information do we have on the relative sizes of the companies represented by this study ?
The company I work for ( a multinational , but I 'm in the US ) has close to half a million employees worldwide , more than fifty thousand of whom are in the US .
How many people do you poll from my company before " yes , a laptop has been stolen from my organization " ceases to be an interesting question ?
I looked at a related study Ponemon performed ( link to PDF here [ ponemon.org ] ) and found that in that study , there were a total of 29 organizations sampled.Second , what constitutes a data breach ?
Someone accessing a system with protected information ?
Someone accessing a system with protected information , and actually being able to get to the protected information ? There 's just no " there " in this summary .
( By the way - that study I linked to is interesting in its own right .
According to Ponemon , respondents who cited a case of laptop theft in which there was a full backup available of the lost system consistently reported the cost of the lost system as higher - perhaps , as Ponemon speculates , because they could determine exactly what was on it when it disappeared .
That kind of weird , counter-intuitive relationship is the type of thing that makes me wonder exactly how useful this type of research is .
)</tokentext>
<sentencetext>Nearly 90 percent of IT workers in the UK have said a laptop in their organisation has been reported lost or stolen, new research has found.Sixty-one percent said that this then resulted in a data breach, according to the '2010 Human Factor in Laptop Encryption Study: United Kingdom', a report produced by the Ponemon Institute for Absolute Software.
I went to Ponemon's home page, but was unable to find the study referenced by the article.
Just two questions, though:What information do we have on the relative sizes of the companies represented by this study?
The company I work for (a multinational, but I'm in the US) has close to half a million employees worldwide, more than fifty thousand of whom are in the US.
How many people do you poll from my company before "yes, a laptop has been stolen from my organization" ceases to be an interesting question?
I looked at a related study Ponemon performed (link to PDF here [ponemon.org]) and found that in that study, there were a total of 29 organizations sampled.Second, what constitutes a data breach?
Someone accessing a system with protected information?
Someone accessing a system with protected information, and actually being able to get to the protected information?There's just no "there" in this summary.
(By the way - that study I linked to is interesting in its own right.
According to Ponemon, respondents who cited a case of laptop theft in which there was a full backup available of the lost system consistently reported the cost of the lost system as higher - perhaps, as Ponemon speculates, because they could determine exactly what was on it when it disappeared.
That kind of weird, counter-intuitive relationship is the type of thing that makes me wonder exactly how useful this type of research is.
)
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481318</id>
	<title>90 percent?</title>
	<author>john.wingfield</author>
	<datestamp>1268664660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Reported to whom?  Internally or externally?</p><p>If this is meant to be a statement that only 90 percent of companies have lost a laptop then the other 1 percent are lying.  Loss is one thing, reporting is quite another matter.</p></htmltext>
<tokenext>Reported to whom ?
Internally or externally ? If this is meant to be a statement that only 90 percent of companies have lost a laptop then the other 1 percent are lying .
Loss is one thing , reporting is quite another matter .</tokentext>
<sentencetext>Reported to whom?
Internally or externally?If this is meant to be a statement that only 90 percent of companies have lost a laptop then the other 1 percent are lying.
Loss is one thing, reporting is quite another matter.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480974</id>
	<title>Re:Security Failings</title>
	<author>buruonbrails</author>
	<datestamp>1268662740000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>It's because people tend to think of their passwords as words, not phrases. It's much easier to remember a simple pass phrase (e.g. "Quick\_brown\_fox"), than a shorter, but completely senseless random symbol combination (e.g. "gsf12mU&amp;*").</htmltext>
<tokenext>It 's because people tend to think of their passwords as words , not phrases .
It 's much easier to remember a simple pass phrase ( e.g .
" Quick \ _brown \ _fox " ) , than a shorter , but completely senseless random symbol combination ( e.g .
" gsf12mU&amp; * " ) .</tokentext>
<sentencetext>It's because people tend to think of their passwords as words, not phrases.
It's much easier to remember a simple pass phrase (e.g.
"Quick\_brown\_fox"), than a shorter, but completely senseless random symbol combination (e.g.
"gsf12mU&amp;*").</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480950</id>
	<title>Weakest Link</title>
	<author>kiehlster</author>
	<datestamp>1268662560000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>You ARE the weakest link.  Goodbye.</p><p>I really enjoyed that episode of <a href="http://www.youtube.com/watch?v=T774vjQ4-ho" title="youtube.com" rel="nofollow">Doctor Who</a> [youtube.com].  Now I'm a little scared.</p></htmltext>
<tokenext>You ARE the weakest link .
Goodbye.I really enjoyed that episode of Doctor Who [ youtube.com ] .
Now I 'm a little scared .</tokentext>
<sentencetext>You ARE the weakest link.
Goodbye.I really enjoyed that episode of Doctor Who [youtube.com].
Now I'm a little scared.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481238</id>
	<title>Obvious tag only accurate for /.</title>
	<author>Anonymous</author>
	<datestamp>1268664180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The rest of the world probably doesn't realize that information espionage mostly depends on users failing to think while performing routine actions (which is normal for anyone performing routine actions that are abstractions) and so accidentally infecting their computers or getting phished.</p><p>This is not obvious the same way as a study finding that morbidly obese people eat more and move less. I think that the tag is condescending and closed minded in this instance.</p></htmltext>
<tokenext>The rest of the world probably does n't realize that information espionage mostly depends on users failing to think while performing routine actions ( which is normal for anyone performing routine actions that are abstractions ) and so accidentally infecting their computers or getting phished.This is not obvious the same way as a study finding that morbidly obese people eat more and move less .
I think that the tag is condescending and closed minded in this instance .</tokentext>
<sentencetext>The rest of the world probably doesn't realize that information espionage mostly depends on users failing to think while performing routine actions (which is normal for anyone performing routine actions that are abstractions) and so accidentally infecting their computers or getting phished.This is not obvious the same way as a study finding that morbidly obese people eat more and move less.
I think that the tag is condescending and closed minded in this instance.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484434</id>
	<title>Re:Hmmm ...</title>
	<author>Anonymous</author>
	<datestamp>1268678640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If 90\% of IT workers loose their notebook computers, then those 90\% of IT workers should be summarily dismissed with an account payable notice for the cost of the notebook computer. If 90\% of the workers in my firm lost their notebook computers, there would be Hell to pay.</p></htmltext>
<tokenext>If 90 \ % of IT workers loose their notebook computers , then those 90 \ % of IT workers should be summarily dismissed with an account payable notice for the cost of the notebook computer .
If 90 \ % of the workers in my firm lost their notebook computers , there would be Hell to pay .</tokentext>
<sentencetext>If 90\% of IT workers loose their notebook computers, then those 90\% of IT workers should be summarily dismissed with an account payable notice for the cost of the notebook computer.
If 90\% of the workers in my firm lost their notebook computers, there would be Hell to pay.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484616</id>
	<title>Tipsy agents</title>
	<author>Space Guerilla</author>
	<datestamp>1268679300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>The British Defense Ministry has reported 205 laptops missing since 1997 -- most of which contained classified information. That's an average of 51 lost laptops per year.

The latest was reported missing on Monday. This one reportedly contained data about new weapons systems. Its owner left it in the back of a taxi.

To combat this spate of missing-in-action machines, the Defense Ministry plans to outfit their absent-minded workers with secret-agent-style briefcases that protect national secrets by automatically destroying the contents of lost laptops' hard drives.

Thieves have been blamed for some of the laptop losses, but the majority of the missing machines were simply mislaid by tipsy or distracted agents.

Read More <a href="http://www.wired.com/politics/law/news/2001/04/43088#ixzz0iGiAjJpW" title="wired.com" rel="nofollow">http://www.wired.com/politics/law/news/2001/04/43088#ixzz0iGiAjJpW</a> [wired.com]</htmltext>
<tokenext>The British Defense Ministry has reported 205 laptops missing since 1997 -- most of which contained classified information .
That 's an average of 51 lost laptops per year .
The latest was reported missing on Monday .
This one reportedly contained data about new weapons systems .
Its owner left it in the back of a taxi .
To combat this spate of missing-in-action machines , the Defense Ministry plans to outfit their absent-minded workers with secret-agent-style briefcases that protect national secrets by automatically destroying the contents of lost laptops ' hard drives .
Thieves have been blamed for some of the laptop losses , but the majority of the missing machines were simply mislaid by tipsy or distracted agents .
Read More http : //www.wired.com/politics/law/news/2001/04/43088 # ixzz0iGiAjJpW [ wired.com ]</tokentext>
<sentencetext>The British Defense Ministry has reported 205 laptops missing since 1997 -- most of which contained classified information.
That's an average of 51 lost laptops per year.
The latest was reported missing on Monday.
This one reportedly contained data about new weapons systems.
Its owner left it in the back of a taxi.
To combat this spate of missing-in-action machines, the Defense Ministry plans to outfit their absent-minded workers with secret-agent-style briefcases that protect national secrets by automatically destroying the contents of lost laptops' hard drives.
Thieves have been blamed for some of the laptop losses, but the majority of the missing machines were simply mislaid by tipsy or distracted agents.
Read More http://www.wired.com/politics/law/news/2001/04/43088#ixzz0iGiAjJpW [wired.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480730</id>
	<title>Usernames in browsers</title>
	<author>Sigma 7</author>
	<datestamp>1268661180000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>I noticed that browsers have a neat habit of storing userames that you've used on various sites, and help pre-fill the username field with that information.</p><p>It would be much more helpful if those usernames didn't bleed across servers; it would really cut down on potential exploits, and helps me remember which one of my usernames for a given site is correct (especially before I crack open the encrypted volume to lookup the real username/password combo.)</p></htmltext>
<tokenext>I noticed that browsers have a neat habit of storing userames that you 've used on various sites , and help pre-fill the username field with that information.It would be much more helpful if those usernames did n't bleed across servers ; it would really cut down on potential exploits , and helps me remember which one of my usernames for a given site is correct ( especially before I crack open the encrypted volume to lookup the real username/password combo .
)</tokentext>
<sentencetext>I noticed that browsers have a neat habit of storing userames that you've used on various sites, and help pre-fill the username field with that information.It would be much more helpful if those usernames didn't bleed across servers; it would really cut down on potential exploits, and helps me remember which one of my usernames for a given site is correct (especially before I crack open the encrypted volume to lookup the real username/password combo.
)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481490</id>
	<title>FULL DISCLOSURE - Absolute Software</title>
	<author>Anonymous</author>
	<datestamp>1268665800000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p> <b>Absolute Software</b> - The absolute best way to track, manage and protect your digital world.
<br>
Tracking software to aid recovery of lost or stolen computers. Also software for hardware/software inventory and software license management.</p></div><p>There's a reason why Absolute Software is talking this up...
<br>
<br>
Just sayin'</p></div>
	</htmltext>
<tokenext>Absolute Software - The absolute best way to track , manage and protect your digital world .
Tracking software to aid recovery of lost or stolen computers .
Also software for hardware/software inventory and software license management.There 's a reason why Absolute Software is talking this up.. . Just sayin '</tokentext>
<sentencetext> Absolute Software - The absolute best way to track, manage and protect your digital world.
Tracking software to aid recovery of lost or stolen computers.
Also software for hardware/software inventory and software license management.There's a reason why Absolute Software is talking this up...


Just sayin'
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481148</id>
	<title>Yes</title>
	<author>rolando2424</author>
	<datestamp>1268663700000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p> <i>Skynet</i> </p></htmltext>
<tokenext>Skynet</tokentext>
<sentencetext> Skynet </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481798</id>
	<title>Why allow important data on laptops at all?</title>
	<author>drinkypoo</author>
	<datestamp>1268667300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You had me at 'at all'.</p><p>Why allow important data on laptops at all? Why not simply <em>require</em> that sensitive data only be accessed remotely? You can solve this problem with VNC. There are a very few situations where it is impossible to get internet access sufficient to use a computer remotely. In these few situations, a whole-disk-encrypted system can be used, which won't solve every problem (as this article indicates) but will at least narrow things down considerably. But in most cases, there's no actual need for the data to be on the laptop at all.</p></htmltext>
<tokenext>You had me at 'at all'.Why allow important data on laptops at all ?
Why not simply require that sensitive data only be accessed remotely ?
You can solve this problem with VNC .
There are a very few situations where it is impossible to get internet access sufficient to use a computer remotely .
In these few situations , a whole-disk-encrypted system can be used , which wo n't solve every problem ( as this article indicates ) but will at least narrow things down considerably .
But in most cases , there 's no actual need for the data to be on the laptop at all .</tokentext>
<sentencetext>You had me at 'at all'.Why allow important data on laptops at all?
Why not simply require that sensitive data only be accessed remotely?
You can solve this problem with VNC.
There are a very few situations where it is impossible to get internet access sufficient to use a computer remotely.
In these few situations, a whole-disk-encrypted system can be used, which won't solve every problem (as this article indicates) but will at least narrow things down considerably.
But in most cases, there's no actual need for the data to be on the laptop at all.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481382</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482286</id>
	<title>Re:Maybe they should tie them to thier wrists</title>
	<author>Tim C</author>
	<datestamp>1268669700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I have to wonder if seeing abandoned laptops laying around is commonplace there.</i></p><p>I've never seen a laptop just lying around unattended somewhere, so no, it is far from commonplace.</p></htmltext>
<tokenext>I have to wonder if seeing abandoned laptops laying around is commonplace there.I 've never seen a laptop just lying around unattended somewhere , so no , it is far from commonplace .</tokentext>
<sentencetext>I have to wonder if seeing abandoned laptops laying around is commonplace there.I've never seen a laptop just lying around unattended somewhere, so no, it is far from commonplace.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481114</id>
	<title>Re:Security Failings</title>
	<author>bickerdyke</author>
	<datestamp>1268663580000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>If IT departments really would care about password security, and insist on complex passwords AND not writing them down, they should start treating a forgotten password as something normal, and not a chance to ridicule that poor guy who forgot it again.</p><p>Whats worse for security? Resetting that poor guys password twice a week or have him trying to avoid is by using a post it under his keyboard?</p></htmltext>
<tokenext>If IT departments really would care about password security , and insist on complex passwords AND not writing them down , they should start treating a forgotten password as something normal , and not a chance to ridicule that poor guy who forgot it again.Whats worse for security ?
Resetting that poor guys password twice a week or have him trying to avoid is by using a post it under his keyboard ?</tokentext>
<sentencetext>If IT departments really would care about password security, and insist on complex passwords AND not writing them down, they should start treating a forgotten password as something normal, and not a chance to ridicule that poor guy who forgot it again.Whats worse for security?
Resetting that poor guys password twice a week or have him trying to avoid is by using a post it under his keyboard?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481382</id>
	<title>Why allow imporant data on laptops at all?</title>
	<author>Anonymous</author>
	<datestamp>1268665080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>...without strong countermeasures to prevent the data from being exploited?</p><p>I guess I don't understand why, if some chunk of data is critically important, that the organization would allow it to be dragged out of the office on a laptop.  The data should be required to stay in the office with access from outside the office only on a business-critical basis and with strong security requirements (ie, VPN-only accessable terminal server, all using RSA tokens).</p><p>And if it MUST go out of the office on a laptop, why aren't very strong encryption measures being taken into consideration, including whole-disk encryption with failed-access data wiping?</p><p>I see so many people with laptops who don't really need portability.  Most of the time they have a laptop because it's a token of their importance to the organization or some kind of freebie (they have a desktop, too, but the laptop is so they can "work from home" but is really just a free home computer).</p><p>The other thing weird about this is that 61\% of the lost laptops resulted in a security breach!  Most of the people I've dealt with who had laptops were by and large wankers with company data of interest to almost no one; at worst you might be able to reverse a cached password or raid the browser passwords for something trivial.</p><p>And who is stealing laptops?  In the US, a lot of that theft is just petty theft for quick cash -- drug addicts, gang members, losers looking for something they can pawn or turn on the street for $200.  It's really not info security experts.</p></htmltext>
<tokenext>...without strong countermeasures to prevent the data from being exploited ? I guess I do n't understand why , if some chunk of data is critically important , that the organization would allow it to be dragged out of the office on a laptop .
The data should be required to stay in the office with access from outside the office only on a business-critical basis and with strong security requirements ( ie , VPN-only accessable terminal server , all using RSA tokens ) .And if it MUST go out of the office on a laptop , why are n't very strong encryption measures being taken into consideration , including whole-disk encryption with failed-access data wiping ? I see so many people with laptops who do n't really need portability .
Most of the time they have a laptop because it 's a token of their importance to the organization or some kind of freebie ( they have a desktop , too , but the laptop is so they can " work from home " but is really just a free home computer ) .The other thing weird about this is that 61 \ % of the lost laptops resulted in a security breach !
Most of the people I 've dealt with who had laptops were by and large wankers with company data of interest to almost no one ; at worst you might be able to reverse a cached password or raid the browser passwords for something trivial.And who is stealing laptops ?
In the US , a lot of that theft is just petty theft for quick cash -- drug addicts , gang members , losers looking for something they can pawn or turn on the street for $ 200 .
It 's really not info security experts .</tokentext>
<sentencetext>...without strong countermeasures to prevent the data from being exploited?I guess I don't understand why, if some chunk of data is critically important, that the organization would allow it to be dragged out of the office on a laptop.
The data should be required to stay in the office with access from outside the office only on a business-critical basis and with strong security requirements (ie, VPN-only accessable terminal server, all using RSA tokens).And if it MUST go out of the office on a laptop, why aren't very strong encryption measures being taken into consideration, including whole-disk encryption with failed-access data wiping?I see so many people with laptops who don't really need portability.
Most of the time they have a laptop because it's a token of their importance to the organization or some kind of freebie (they have a desktop, too, but the laptop is so they can "work from home" but is really just a free home computer).The other thing weird about this is that 61\% of the lost laptops resulted in a security breach!
Most of the people I've dealt with who had laptops were by and large wankers with company data of interest to almost no one; at worst you might be able to reverse a cached password or raid the browser passwords for something trivial.And who is stealing laptops?
In the US, a lot of that theft is just petty theft for quick cash -- drug addicts, gang members, losers looking for something they can pawn or turn on the street for $200.
It's really not info security experts.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481978</id>
	<title>Re:Security Failings</title>
	<author>Kozz</author>
	<datestamp>1268668140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Strong password requirements are a big part of the problem.</p></div><p>I've known people to use a kind of "formula" to create/remember passwords.  It works such that you don't need to strictly memorize your password, but you only need to remember how to derive it.  First, I come up with some basic, moderate-strength password, like 4Fa2@xx8?L.  But instead of the "xx", I replace it with the two letters in the site's domain name before the TLD, so for slashdot, maybe my password would be 4Fa2@ot8?L.</p><p>This is a very simple example, but you can imagine new ways of creating a formula (say, count the number of vowels in the domain, etc) to create your own scheme.</p><p>Yes, it's true, this isn't an incredibly strong method, strictly speaking.  If someone catches one PW and can figure out your scheme, you're cooked.  On the other hand, the result is that you're probably going to have a different password on every site you use, it's a strong password, and you don't have to use any tools to manage your PWs, just memorize the scheme.</p><p>I admit I don't have a similar solution for places that require password changes every 90 days, such as my employer.  There, I try each time to come up with a password based on an easily-remembered phrase, like "gilligans3hourtour" or "drdanieljacksondiedagain".  Yeah, I tend to get funny looks when I type in 20+ character passwords.  heh.</p></div>
	</htmltext>
<tokenext>Strong password requirements are a big part of the problem.I 've known people to use a kind of " formula " to create/remember passwords .
It works such that you do n't need to strictly memorize your password , but you only need to remember how to derive it .
First , I come up with some basic , moderate-strength password , like 4Fa2 @ xx8 ? L .
But instead of the " xx " , I replace it with the two letters in the site 's domain name before the TLD , so for slashdot , maybe my password would be 4Fa2 @ ot8 ? L.This is a very simple example , but you can imagine new ways of creating a formula ( say , count the number of vowels in the domain , etc ) to create your own scheme.Yes , it 's true , this is n't an incredibly strong method , strictly speaking .
If someone catches one PW and can figure out your scheme , you 're cooked .
On the other hand , the result is that you 're probably going to have a different password on every site you use , it 's a strong password , and you do n't have to use any tools to manage your PWs , just memorize the scheme.I admit I do n't have a similar solution for places that require password changes every 90 days , such as my employer .
There , I try each time to come up with a password based on an easily-remembered phrase , like " gilligans3hourtour " or " drdanieljacksondiedagain " .
Yeah , I tend to get funny looks when I type in 20 + character passwords .
heh .</tokentext>
<sentencetext>Strong password requirements are a big part of the problem.I've known people to use a kind of "formula" to create/remember passwords.
It works such that you don't need to strictly memorize your password, but you only need to remember how to derive it.
First, I come up with some basic, moderate-strength password, like 4Fa2@xx8?L.
But instead of the "xx", I replace it with the two letters in the site's domain name before the TLD, so for slashdot, maybe my password would be 4Fa2@ot8?L.This is a very simple example, but you can imagine new ways of creating a formula (say, count the number of vowels in the domain, etc) to create your own scheme.Yes, it's true, this isn't an incredibly strong method, strictly speaking.
If someone catches one PW and can figure out your scheme, you're cooked.
On the other hand, the result is that you're probably going to have a different password on every site you use, it's a strong password, and you don't have to use any tools to manage your PWs, just memorize the scheme.I admit I don't have a similar solution for places that require password changes every 90 days, such as my employer.
There, I try each time to come up with a password based on an easily-remembered phrase, like "gilligans3hourtour" or "drdanieljacksondiedagain".
Yeah, I tend to get funny looks when I type in 20+ character passwords.
heh.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481652</id>
	<title>Re:Security Failings</title>
	<author>JasterBobaMereel</author>
	<datestamp>1268666640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Security : Pick any two<br>Something you know<br>Something you have<br>Something you are</p><p>Unfortunately these are :<br>something you forget<br>something you lose<br>something you cease to be</p></htmltext>
<tokenext>Security : Pick any twoSomething you knowSomething you haveSomething you areUnfortunately these are : something you forgetsomething you losesomething you cease to be</tokentext>
<sentencetext>Security : Pick any twoSomething you knowSomething you haveSomething you areUnfortunately these are :something you forgetsomething you losesomething you cease to be</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864</id>
	<title>Re:Security Failings</title>
	<author>Anonymous</author>
	<datestamp>1268662080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>A policy I had to follow on one site required the use of a minimum of 2 lower caps, 2 upper caps, 2 numbers and 2 special characters.<br> <br>

I'm sure a lot of users had the password <em>q1W@e3R$</em> which is probably the easiest password to remember that fulfilled the requirements.  And therefore easy to guess if the password policy is known.</htmltext>
<tokenext>A policy I had to follow on one site required the use of a minimum of 2 lower caps , 2 upper caps , 2 numbers and 2 special characters .
I 'm sure a lot of users had the password q1W @ e3R $ which is probably the easiest password to remember that fulfilled the requirements .
And therefore easy to guess if the password policy is known .</tokentext>
<sentencetext>A policy I had to follow on one site required the use of a minimum of 2 lower caps, 2 upper caps, 2 numbers and 2 special characters.
I'm sure a lot of users had the password q1W@e3R$ which is probably the easiest password to remember that fulfilled the requirements.
And therefore easy to guess if the password policy is known.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484244</id>
	<title>Re:Security Failings</title>
	<author>darkmeridian</author>
	<datestamp>1268677920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Brute force methods use dictionary words. Therefore, "ihaterubbishmicrosoftsoftware," which has five dictionary words without any capitalization or numbers or symbols, is the equivalent of a five-character password. The much stronger approach is to use phrases to generate hard passwords. For instance, you can make "ihaterubbishmicrosoftsoftware" to "!h8rM$SW". That's an eight-character that has capitalization and characters and numbers, and therefore harder to attack.</p></htmltext>
<tokenext>Brute force methods use dictionary words .
Therefore , " ihaterubbishmicrosoftsoftware , " which has five dictionary words without any capitalization or numbers or symbols , is the equivalent of a five-character password .
The much stronger approach is to use phrases to generate hard passwords .
For instance , you can make " ihaterubbishmicrosoftsoftware " to " ! h8rM $ SW " .
That 's an eight-character that has capitalization and characters and numbers , and therefore harder to attack .</tokentext>
<sentencetext>Brute force methods use dictionary words.
Therefore, "ihaterubbishmicrosoftsoftware," which has five dictionary words without any capitalization or numbers or symbols, is the equivalent of a five-character password.
The much stronger approach is to use phrases to generate hard passwords.
For instance, you can make "ihaterubbishmicrosoftsoftware" to "!h8rM$SW".
That's an eight-character that has capitalization and characters and numbers, and therefore harder to attack.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481024</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481782</id>
	<title>Uhm.  DUH!?!?!?</title>
	<author>Chas</author>
	<datestamp>1268667180000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>You can have your shit locked down 6 billion ways to Sunday.<br>The minute you introduce the human element into it, you have a massive security hole that can be patched, but NEVER closed.<br>You can train and train and train. Ennui sets in and their brains shut off after a while.<br>You can have the most draconian policies regarding proper usage. People will still circumvent it, accidentally or deliberately.<br>You can fire people. It just creates ill will and the damage is already done.<br>And, if it happens to be the owner of the company doing the circumvention there's jack and shit you can do about it.</p><p>I'm sorry, but anyone who tells you that security is about "keeping the bad guys out" is SELLING YOU SOMETHING (see: "How much for my large and stinky pile of crap?"). Nothing more.<br>Security is about putting enough roadblocks in place that attackers begin looking for easier targets so they can maximize their returns on time invested.<br>If someone wants into your systems bad enough, THEY WILL GET IN. Period.<br>The job of security is to make this interval as long as possible so they can maximize the chances of catching them before they get in or forcing them into something spectacular and HIGHLY traceable.</p></htmltext>
<tokenext>You can have your shit locked down 6 billion ways to Sunday.The minute you introduce the human element into it , you have a massive security hole that can be patched , but NEVER closed.You can train and train and train .
Ennui sets in and their brains shut off after a while.You can have the most draconian policies regarding proper usage .
People will still circumvent it , accidentally or deliberately.You can fire people .
It just creates ill will and the damage is already done.And , if it happens to be the owner of the company doing the circumvention there 's jack and shit you can do about it.I 'm sorry , but anyone who tells you that security is about " keeping the bad guys out " is SELLING YOU SOMETHING ( see : " How much for my large and stinky pile of crap ? " ) .
Nothing more.Security is about putting enough roadblocks in place that attackers begin looking for easier targets so they can maximize their returns on time invested.If someone wants into your systems bad enough , THEY WILL GET IN .
Period.The job of security is to make this interval as long as possible so they can maximize the chances of catching them before they get in or forcing them into something spectacular and HIGHLY traceable .</tokentext>
<sentencetext>You can have your shit locked down 6 billion ways to Sunday.The minute you introduce the human element into it, you have a massive security hole that can be patched, but NEVER closed.You can train and train and train.
Ennui sets in and their brains shut off after a while.You can have the most draconian policies regarding proper usage.
People will still circumvent it, accidentally or deliberately.You can fire people.
It just creates ill will and the damage is already done.And, if it happens to be the owner of the company doing the circumvention there's jack and shit you can do about it.I'm sorry, but anyone who tells you that security is about "keeping the bad guys out" is SELLING YOU SOMETHING (see: "How much for my large and stinky pile of crap?").
Nothing more.Security is about putting enough roadblocks in place that attackers begin looking for easier targets so they can maximize their returns on time invested.If someone wants into your systems bad enough, THEY WILL GET IN.
Period.The job of security is to make this interval as long as possible so they can maximize the chances of catching them before they get in or forcing them into something spectacular and HIGHLY traceable.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483418</id>
	<title>Re:Encryption and you</title>
	<author>houghi</author>
	<datestamp>1268674500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>When I proposed that to our IT department, they just looked at me with some blank stare and nothing came of it.</p><p>To me this should be a default for any laptop that leaves the factory. I bet the reason they do not do that is because they would get too many calls from people who forgot their password and blame the company for the data they lost.</p></htmltext>
<tokenext>When I proposed that to our IT department , they just looked at me with some blank stare and nothing came of it.To me this should be a default for any laptop that leaves the factory .
I bet the reason they do not do that is because they would get too many calls from people who forgot their password and blame the company for the data they lost .</tokentext>
<sentencetext>When I proposed that to our IT department, they just looked at me with some blank stare and nothing came of it.To me this should be a default for any laptop that leaves the factory.
I bet the reason they do not do that is because they would get too many calls from people who forgot their password and blame the company for the data they lost.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990</id>
	<title>Re:Security Failings</title>
	<author>Sycraft-fu</author>
	<datestamp>1268662860000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Not only making it too hard, but making changes too frequent. If someone has to change their password once a month, they will have trouble remembering it. They'll make it as simple as the security will allow and write it down (maybe multiple places).</p><p>What it comes down to is if you feel the data you are protecting is important enough that it needs to have a complex password and such, what it really needs is two factor security. Something like a SecureID token or whatever. That makes it near impossible to break in as you have to get the password AND the token and you have to make use of it before the token's absence is noted.</p><p>Being a jerk about password policy is no replacement for a better security system over all, and in fact can make your stuff less secure than you think. You are ultimately dealing with people and as such you can't expect them to be perfect with their memories. You need to adapt your security to them, not demand they adapt.</p><p>You also have to simply accept that there's no such thing as perfect security. You can't have a system that can't be broken no matter what. Thus you need to make it as good as you can, have defense in depth (multiple security layers such that if one is breached not everything is bypassed), and remain vigilant.</p></htmltext>
<tokenext>Not only making it too hard , but making changes too frequent .
If someone has to change their password once a month , they will have trouble remembering it .
They 'll make it as simple as the security will allow and write it down ( maybe multiple places ) .What it comes down to is if you feel the data you are protecting is important enough that it needs to have a complex password and such , what it really needs is two factor security .
Something like a SecureID token or whatever .
That makes it near impossible to break in as you have to get the password AND the token and you have to make use of it before the token 's absence is noted.Being a jerk about password policy is no replacement for a better security system over all , and in fact can make your stuff less secure than you think .
You are ultimately dealing with people and as such you ca n't expect them to be perfect with their memories .
You need to adapt your security to them , not demand they adapt.You also have to simply accept that there 's no such thing as perfect security .
You ca n't have a system that ca n't be broken no matter what .
Thus you need to make it as good as you can , have defense in depth ( multiple security layers such that if one is breached not everything is bypassed ) , and remain vigilant .</tokentext>
<sentencetext>Not only making it too hard, but making changes too frequent.
If someone has to change their password once a month, they will have trouble remembering it.
They'll make it as simple as the security will allow and write it down (maybe multiple places).What it comes down to is if you feel the data you are protecting is important enough that it needs to have a complex password and such, what it really needs is two factor security.
Something like a SecureID token or whatever.
That makes it near impossible to break in as you have to get the password AND the token and you have to make use of it before the token's absence is noted.Being a jerk about password policy is no replacement for a better security system over all, and in fact can make your stuff less secure than you think.
You are ultimately dealing with people and as such you can't expect them to be perfect with their memories.
You need to adapt your security to them, not demand they adapt.You also have to simply accept that there's no such thing as perfect security.
You can't have a system that can't be broken no matter what.
Thus you need to make it as good as you can, have defense in depth (multiple security layers such that if one is breached not everything is bypassed), and remain vigilant.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480818</id>
	<title>Humans may be the weak link, but...</title>
	<author>bsDaemon</author>
	<datestamp>1268661720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext>Humans may be the weak link in information security, but the information is only useful to humans so its not as if we can remove ourselves from the system.  Well, we could, and then go back to invisible inks, hand ciphers and cars that actually stop, but these days people probably wouldn't want to do that.</htmltext>
<tokenext>Humans may be the weak link in information security , but the information is only useful to humans so its not as if we can remove ourselves from the system .
Well , we could , and then go back to invisible inks , hand ciphers and cars that actually stop , but these days people probably would n't want to do that .</tokentext>
<sentencetext>Humans may be the weak link in information security, but the information is only useful to humans so its not as if we can remove ourselves from the system.
Well, we could, and then go back to invisible inks, hand ciphers and cars that actually stop, but these days people probably wouldn't want to do that.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482074</id>
	<title>phishing</title>
	<author>jonpublic</author>
	<datestamp>1268668560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>We get people responding to this kind of phishing message all the time, to a helpdesk@yahoo.com.hk address</p><p>We haven't had quotas in like 6 years.</p><p>---<br>The Helpdesk Program that periodically checks the size of your e-mail space is<br>sending you this information. The program runs weekly to ensure your<br>inbox does not grow too large, thus preventing you from receiving or sending new e-mail.<br>As this message is being sent, you have 18 megabytes (MB) or more stored in<br>your inbox. To help us reset your space in our database, please enter your<br>current user name ()  password<br>()</p><p>You will receive a periodic alert if your inbox size is between 18 and 20 MB.<br>If your inbox size is 20 MB, a program on your Webmail will move your<br>oldest e-mails to a folder in your home directory to ensure you can continue receiving<br>incoming e-mail. You will be notified if this has taken place.</p><p>If your inbox grows to 25 MB, you will be unable to receive new e-mail and it<br>will be returned to sender. All this is programmed to ensure your e-mail<br>continues to function well.</p><p>Thank you for your cooperation.<br>Help Desk</p><p>This message was sent using IMP, the Internet Messaging Program.</p></htmltext>
<tokenext>We get people responding to this kind of phishing message all the time , to a helpdesk @ yahoo.com.hk addressWe have n't had quotas in like 6 years.---The Helpdesk Program that periodically checks the size of your e-mail space issending you this information .
The program runs weekly to ensure yourinbox does not grow too large , thus preventing you from receiving or sending new e-mail.As this message is being sent , you have 18 megabytes ( MB ) or more stored inyour inbox .
To help us reset your space in our database , please enter yourcurrent user name ( ) password ( ) You will receive a periodic alert if your inbox size is between 18 and 20 MB.If your inbox size is 20 MB , a program on your Webmail will move youroldest e-mails to a folder in your home directory to ensure you can continue receivingincoming e-mail .
You will be notified if this has taken place.If your inbox grows to 25 MB , you will be unable to receive new e-mail and itwill be returned to sender .
All this is programmed to ensure your e-mailcontinues to function well.Thank you for your cooperation.Help DeskThis message was sent using IMP , the Internet Messaging Program .</tokentext>
<sentencetext>We get people responding to this kind of phishing message all the time, to a helpdesk@yahoo.com.hk addressWe haven't had quotas in like 6 years.---The Helpdesk Program that periodically checks the size of your e-mail space issending you this information.
The program runs weekly to ensure yourinbox does not grow too large, thus preventing you from receiving or sending new e-mail.As this message is being sent, you have 18 megabytes (MB) or more stored inyour inbox.
To help us reset your space in our database, please enter yourcurrent user name ()  password()You will receive a periodic alert if your inbox size is between 18 and 20 MB.If your inbox size is 20 MB, a program on your Webmail will move youroldest e-mails to a folder in your home directory to ensure you can continue receivingincoming e-mail.
You will be notified if this has taken place.If your inbox grows to 25 MB, you will be unable to receive new e-mail and itwill be returned to sender.
All this is programmed to ensure your e-mailcontinues to function well.Thank you for your cooperation.Help DeskThis message was sent using IMP, the Internet Messaging Program.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</id>
	<title>Security Failings</title>
	<author>Y2KDragon</author>
	<datestamp>1268661240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Strong password requirements are a big part of the problem.  We can teach people how to make more complicated passwords.  But the draconian policies set by some sites makes it almost impossible to maintain any degree of security.  Make the password requirement difficult enough, and people HAVE to write it down and keep it in an insecure location just to make it usable.</htmltext>
<tokenext>Strong password requirements are a big part of the problem .
We can teach people how to make more complicated passwords .
But the draconian policies set by some sites makes it almost impossible to maintain any degree of security .
Make the password requirement difficult enough , and people HAVE to write it down and keep it in an insecure location just to make it usable .</tokentext>
<sentencetext>Strong password requirements are a big part of the problem.
We can teach people how to make more complicated passwords.
But the draconian policies set by some sites makes it almost impossible to maintain any degree of security.
Make the password requirement difficult enough, and people HAVE to write it down and keep it in an insecure location just to make it usable.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480876</id>
	<title>Human error</title>
	<author>charm101</author>
	<datestamp>1268662140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Security on your laptop is a human error. This means due to clumsiness, is a laptop could talk and say someone stole it. -<a href="http://www.teenbootcamps.org/" title="teenbootcamps.org" rel="nofollow">Turning Winds</a> [teenbootcamps.org]</htmltext>
<tokenext>Security on your laptop is a human error .
This means due to clumsiness , is a laptop could talk and say someone stole it .
-Turning Winds [ teenbootcamps.org ]</tokentext>
<sentencetext>Security on your laptop is a human error.
This means due to clumsiness, is a laptop could talk and say someone stole it.
-Turning Winds [teenbootcamps.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481076</id>
	<title>Oh, what a feeling...</title>
	<author>srussia</author>
	<datestamp>1268663400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error. Why we let these insecure parts remain a critical part in anything is beyond me.</p></div><p>JohnnyCab!</p></div>
	</htmltext>
<tokenext>Any procedure , any system , any protocol , anything fails 9 out of 10 times due to human error .
Why we let these insecure parts remain a critical part in anything is beyond me.JohnnyCab !</tokentext>
<sentencetext>Any procedure, any system, any protocol, anything fails 9 out of 10 times due to human error.
Why we let these insecure parts remain a critical part in anything is beyond me.JohnnyCab!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31485236</id>
	<title>I say...</title>
	<author>Anonymous</author>
	<datestamp>1268681580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I say we pull the humans out of the loop.</p></htmltext>
<tokenext>I say we pull the humans out of the loop .</tokentext>
<sentencetext>I say we pull the humans out of the loop.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483028</id>
	<title>Re:Human is the weak link in anything</title>
	<author>dkleinsc</author>
	<datestamp>1268673060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Thanks, HAL.</p></htmltext>
<tokenext>Thanks , HAL .</tokentext>
<sentencetext>Thanks, HAL.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481756</id>
	<title>It will be that way</title>
	<author>Hymer</author>
	<datestamp>1268667120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>...until someone invents humanproof security.
If people have to remember something they will either<ul>
<li>write it down if it is too complex to remember</li>
<li>choose something obvious so it is easy to remember</li>
<li>choose something obvious AND write it down</li>
</ul></htmltext>
<tokenext>...until someone invents humanproof security .
If people have to remember something they will either write it down if it is too complex to remember choose something obvious so it is easy to remember choose something obvious AND write it down</tokentext>
<sentencetext>...until someone invents humanproof security.
If people have to remember something they will either
write it down if it is too complex to remember
choose something obvious so it is easy to remember
choose something obvious AND write it down
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481096</id>
	<title>Re:Security Failings</title>
	<author>Aceticon</author>
	<datestamp>1268663520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Draconian IT Security policies that end up achieving the opposite effect are caused by the same underlying problems as the theatrical Security that's currently done in most airports:</p><ul><li>If a Well-Balanced Security policy is in place and Something Bad happens, they blame the Security guys. If a Draconian Security policy is in place and Something Bad happens they can blame the person that "went around the security" (i.e. wrote a password in a piece of paper)</li><li>When a new widget/software is proclaimed as the next silver bullet, if Security gets it and Something Bad happens, they're the ones blames, if they do get it, then they can blame the widget/software</li><li>The guy that prevented thousands of Bad Somethings never got promoted to management, since Nothing Happened. They guys that get promotions are the ones that make an Heroic Recover when Something Bad happens</li><li>Billions of man-hours wasted can easilly be ignored when spread over many people as many small hassles.</li></ul><p>The blame here is in Management - rewards and punishement are distributed on the basis of easilly observable artifacts of The Work instead of looking at the hard to define and hard to measure Results.</p><p>This problem is very common in all kinds of professions and in most countries<nobr> <wbr></nobr>...</p></htmltext>
<tokenext>Draconian IT Security policies that end up achieving the opposite effect are caused by the same underlying problems as the theatrical Security that 's currently done in most airports : If a Well-Balanced Security policy is in place and Something Bad happens , they blame the Security guys .
If a Draconian Security policy is in place and Something Bad happens they can blame the person that " went around the security " ( i.e .
wrote a password in a piece of paper ) When a new widget/software is proclaimed as the next silver bullet , if Security gets it and Something Bad happens , they 're the ones blames , if they do get it , then they can blame the widget/softwareThe guy that prevented thousands of Bad Somethings never got promoted to management , since Nothing Happened .
They guys that get promotions are the ones that make an Heroic Recover when Something Bad happensBillions of man-hours wasted can easilly be ignored when spread over many people as many small hassles.The blame here is in Management - rewards and punishement are distributed on the basis of easilly observable artifacts of The Work instead of looking at the hard to define and hard to measure Results.This problem is very common in all kinds of professions and in most countries .. .</tokentext>
<sentencetext>Draconian IT Security policies that end up achieving the opposite effect are caused by the same underlying problems as the theatrical Security that's currently done in most airports:If a Well-Balanced Security policy is in place and Something Bad happens, they blame the Security guys.
If a Draconian Security policy is in place and Something Bad happens they can blame the person that "went around the security" (i.e.
wrote a password in a piece of paper)When a new widget/software is proclaimed as the next silver bullet, if Security gets it and Something Bad happens, they're the ones blames, if they do get it, then they can blame the widget/softwareThe guy that prevented thousands of Bad Somethings never got promoted to management, since Nothing Happened.
They guys that get promotions are the ones that make an Heroic Recover when Something Bad happensBillions of man-hours wasted can easilly be ignored when spread over many people as many small hassles.The blame here is in Management - rewards and punishement are distributed on the basis of easilly observable artifacts of The Work instead of looking at the hard to define and hard to measure Results.This problem is very common in all kinds of professions and in most countries ...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684</id>
	<title>Hmmm ...</title>
	<author>Anonymous</author>
	<datestamp>1268660940000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>If only there was a way to remove humans from the equation<nobr> <wbr></nobr>... can you say <i>Skynet</i>?</htmltext>
<tokenext>If only there was a way to remove humans from the equation ... can you say Skynet ?</tokentext>
<sentencetext>If only there was a way to remove humans from the equation ... can you say Skynet?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480880</id>
	<title>Huh?</title>
	<author>Anonymous</author>
	<datestamp>1268662140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>This is news?</p></htmltext>
<tokenext>This is news ?</tokentext>
<sentencetext>This is news?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483648</id>
	<title>The general terms for this security problem are:</title>
	<author>Anonymous</author>
	<datestamp>1268675460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Wetware error.</p><p>LUSER factor.</p></htmltext>
<tokenext>Wetware error.LUSER factor .</tokentext>
<sentencetext>Wetware error.LUSER factor.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481980</id>
	<title>The Art of Deception</title>
	<author>Anonymous</author>
	<datestamp>1268668200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Read "The Art of Deception" by Kevin Mitnick. In this book he explains and provides examples of the human factor of security, and how we are indeed the weakest link.</p></htmltext>
<tokenext>Read " The Art of Deception " by Kevin Mitnick .
In this book he explains and provides examples of the human factor of security , and how we are indeed the weakest link .</tokentext>
<sentencetext>Read "The Art of Deception" by Kevin Mitnick.
In this book he explains and provides examples of the human factor of security, and how we are indeed the weakest link.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480884</id>
	<title>Re:Security Failings</title>
	<author>Anonymous</author>
	<datestamp>1268662200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The employment site a very large US defense contractor is like that and its got to be changed every couple of months. I always for the pw and the where the paper is where I write it down. I don't want to mention Lockheed's name so keep that in mind.</p><p>I'm constantly having to have the pw reset. If they're tracking that, that may explain why they haven't called me.<nobr> <wbr></nobr>:-(</p><p>Anyway, I got a Chinese lesson to go to.</p></htmltext>
<tokenext>The employment site a very large US defense contractor is like that and its got to be changed every couple of months .
I always for the pw and the where the paper is where I write it down .
I do n't want to mention Lockheed 's name so keep that in mind.I 'm constantly having to have the pw reset .
If they 're tracking that , that may explain why they have n't called me .
: - ( Anyway , I got a Chinese lesson to go to .</tokentext>
<sentencetext>The employment site a very large US defense contractor is like that and its got to be changed every couple of months.
I always for the pw and the where the paper is where I write it down.
I don't want to mention Lockheed's name so keep that in mind.I'm constantly having to have the pw reset.
If they're tracking that, that may explain why they haven't called me.
:-(Anyway, I got a Chinese lesson to go to.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480816</id>
	<title>Re:Usernames in browsers</title>
	<author>clemdoc</author>
	<datestamp>1268661720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Another neat feature in some browsers is that you can switch off this helpful password storage feature. But if you store your password on an encrypted volume, you certainly know this.</htmltext>
<tokenext>Another neat feature in some browsers is that you can switch off this helpful password storage feature .
But if you store your password on an encrypted volume , you certainly know this .</tokentext>
<sentencetext>Another neat feature in some browsers is that you can switch off this helpful password storage feature.
But if you store your password on an encrypted volume, you certainly know this.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480730</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483134</id>
	<title>Re:Encrypt your sh*t. Or you aren't a professional</title>
	<author>Mr\_Icon</author>
	<datestamp>1268673660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>"Bob, I need financial data for all clients bought the WidgetMaster 9000, ASAP!"<br>"Sure, boss. I couldn't attach it to email for some reason, so I posted it on superfileshare.com."</p></htmltext>
<tokenext>" Bob , I need financial data for all clients bought the WidgetMaster 9000 , ASAP !
" " Sure , boss .
I could n't attach it to email for some reason , so I posted it on superfileshare.com .
"</tokentext>
<sentencetext>"Bob, I need financial data for all clients bought the WidgetMaster 9000, ASAP!
""Sure, boss.
I couldn't attach it to email for some reason, so I posted it on superfileshare.com.
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480916</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481430</id>
	<title>Anonoymous</title>
	<author>Anonymous</author>
	<datestamp>1268665380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>people just neglect the fact to show proper care for something unless they spent their hard-earned money on it... just in the human's nature - one thing we do at my job we use a service called MaaS360 by Fiberlink.</p><p>pretty sick console with a ton of security features and reporting functions... the best thing about this tool is that we can see people outside of the VPN even if they are connecting through a wi-fi hotspot or home router - we have full visibility and can pull reports and manage applications and data as well through this console.</p></htmltext>
<tokenext>people just neglect the fact to show proper care for something unless they spent their hard-earned money on it... just in the human 's nature - one thing we do at my job we use a service called MaaS360 by Fiberlink.pretty sick console with a ton of security features and reporting functions... the best thing about this tool is that we can see people outside of the VPN even if they are connecting through a wi-fi hotspot or home router - we have full visibility and can pull reports and manage applications and data as well through this console .</tokentext>
<sentencetext>people just neglect the fact to show proper care for something unless they spent their hard-earned money on it... just in the human's nature - one thing we do at my job we use a service called MaaS360 by Fiberlink.pretty sick console with a ton of security features and reporting functions... the best thing about this tool is that we can see people outside of the VPN even if they are connecting through a wi-fi hotspot or home router - we have full visibility and can pull reports and manage applications and data as well through this console.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483182</id>
	<title>In Other News the Sky is Blue...</title>
	<author>Taliesan999</author>
	<datestamp>1268673780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Seriously... humans are the weak link... don't tell me it's so!</p></htmltext>
<tokenext>Seriously... humans are the weak link... do n't tell me it 's so !</tokentext>
<sentencetext>Seriously... humans are the weak link... don't tell me it's so!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482246</id>
	<title>Stolen laptops should be ok</title>
	<author>Yvanhoe</author>
	<datestamp>1268669520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>A stolen laptop should not threaten internal security. The tools to encipher crucial informations are free (as in $0)</htmltext>
<tokenext>A stolen laptop should not threaten internal security .
The tools to encipher crucial informations are free ( as in $ 0 )</tokentext>
<sentencetext>A stolen laptop should not threaten internal security.
The tools to encipher crucial informations are free (as in $0)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482806</id>
	<title>Re:Hmmm ...</title>
	<author>nospam007</author>
	<datestamp>1268671980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Actually most of them forget them in the Underground, which is a series of tubes</p></htmltext>
<tokenext>Actually most of them forget them in the Underground , which is a series of tubes</tokentext>
<sentencetext>Actually most of them forget them in the Underground, which is a series of tubes</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483028
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481652
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483134
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480916
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481166
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481090
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482806
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480938
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481726
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484326
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481114
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481798
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481382
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482644
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483784
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480844
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481102
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481076
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482046
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480816
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480730
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481148
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483846
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482286
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482190
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480846
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480974
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481096
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483418
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480884
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481978
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484244
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481024
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483314
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483620
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481490
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_15_1227223_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481714
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480740
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480990
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483314
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481652
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482644
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480974
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481024
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484244
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481096
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481114
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484326
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480884
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481978
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480864
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481166
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482046
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480818
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481318
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480730
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480816
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480684
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483846
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481148
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31484434
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481490
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483620
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481352
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482806
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482190
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480844
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483784
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480756
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480938
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31482286
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480748
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481102
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480916
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483134
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480846
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481714
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480778
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481076
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483028
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481382
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481798
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_15_1227223.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31480812
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31481726
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_15_1227223.31483418
</commentlist>
</conversation>
