<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_16_1939227</id>
	<title>MS Virtual PC Flaw Defeats Windows Defenses</title>
	<author>kdawson</author>
	<datestamp>1268737260000</datestamp>
	<htmltext>Coop's Troops writes <i>"An exploit writer at Core Security Technologies has discovered a serious <a href="http://threatpost.com/en\_us/blogs/microsoft-virtual-pc-flaw-lets-hackers-bypass-windows-defenses-031610">vulnerability that exposes users of Microsoft's Virtual PC</a> virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations &mdash; DEP, SafeSEH and ASLR &mdash; to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."</i></htmltext>
<tokenext>Coop 's Troops writes " An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft 's Virtual PC virtualization software to malicious hacker attacks .
The vulnerability , which is unpatched , essentially allows an attacker to bypass several major security mitigations    DEP , SafeSEH and ASLR    to exploit the Windows operating system .
As a result , some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC .
"</tokentext>
<sentencetext>Coop's Troops writes "An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks.
The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system.
As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322</id>
	<title>How many people even use VirtualPC/XP mode anyway?</title>
	<author>Anonymous</author>
	<datestamp>1268745000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>I mean, talk about small targets.  I highly doubt that any hacker would find it worth his time to attempt to exploit this.  I mean, first you have to find someone running XP mode.  Then you have to get them to open an executable (or exploit some other vulnerability to get onto the system) on the guest OS instead of the host OS.  Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once.  Then, after all that, you only have access to the XP VM, which may or may not have anything of worth on it.
<br> <br>
I'm not surprised that MS shrugged it off for now.</htmltext>
<tokenext>I mean , talk about small targets .
I highly doubt that any hacker would find it worth his time to attempt to exploit this .
I mean , first you have to find someone running XP mode .
Then you have to get them to open an executable ( or exploit some other vulnerability to get onto the system ) on the guest OS instead of the host OS .
Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once .
Then , after all that , you only have access to the XP VM , which may or may not have anything of worth on it .
I 'm not surprised that MS shrugged it off for now .</tokentext>
<sentencetext>I mean, talk about small targets.
I highly doubt that any hacker would find it worth his time to attempt to exploit this.
I mean, first you have to find someone running XP mode.
Then you have to get them to open an executable (or exploit some other vulnerability to get onto the system) on the guest OS instead of the host OS.
Then the person still has to have more than 2 gigs of RAM and be utilizing more than 2 gigs at once.
Then, after all that, you only have access to the XP VM, which may or may not have anything of worth on it.
I'm not surprised that MS shrugged it off for now.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506992</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>Anonymous</author>
	<datestamp>1268832480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Note that VMWare's free Player now allows you to create VMs, not just use them</p><p>Cheers</p></htmltext>
<tokenext>Note that VMWare 's free Player now allows you to create VMs , not just use themCheers</tokentext>
<sentencetext>Note that VMWare's free Player now allows you to create VMs, not just use themCheers</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504170</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268752800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.</p></div><p>At least the computers are free.  That's more than you can say with Windows.</p></div>
	</htmltext>
<tokenext>Ahh yes , come one , come all to Debian Island where all the computers are free and none of them work quite right.At least the computers are free .
That 's more than you can say with Windows .</tokentext>
<sentencetext>Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.At least the computers are free.
That's more than you can say with Windows.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502994</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502748</id>
	<title>Which only goes to show, it's always something</title>
	<author>koko</author>
	<datestamp>1268741100000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you want security, unplug the 'net.  You ain't gonna get it any other way.</p></htmltext>
<tokenext>If you want security , unplug the 'net .
You ai n't gon na get it any other way .</tokentext>
<sentencetext>If you want security, unplug the 'net.
You ain't gonna get it any other way.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503918</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>Anonymous</author>
	<datestamp>1268750700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>If someone is using VirtualPC for a honeypot, they are an idiot.</p><p>The idea of a honeypot is that it is indistinguishable from "the real thing."</p><p>That this flaw even exists means it is identifiable as a virtual machine.</p></htmltext>
<tokenext>If someone is using VirtualPC for a honeypot , they are an idiot.The idea of a honeypot is that it is indistinguishable from " the real thing .
" That this flaw even exists means it is identifiable as a virtual machine .</tokentext>
<sentencetext>If someone is using VirtualPC for a honeypot, they are an idiot.The idea of a honeypot is that it is indistinguishable from "the real thing.
"That this flaw even exists means it is identifiable as a virtual machine.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506816</id>
	<title>2 "hacks" i found in Windows recently</title>
	<author>Anonymous</author>
	<datestamp>1268830980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Not sure if anyone knows about these but...</p><p>The document and settings transfer wizard in Windows 7 did not ask me to authenticate for the other profiles I transferred.  So I assume that if one were to examine that program there might be something in there.</p><p>When I installed Windows 7 on my laptop - at the point where it asked me for the Key I unplugged to take the laptop to my desk to get the key - and the Key dialog was simply bypassed!  I was on the next screen.  So I still haven't entered my key.   Maybe this only happens with a MSDN license - not sure.</p></htmltext>
<tokenext>Not sure if anyone knows about these but...The document and settings transfer wizard in Windows 7 did not ask me to authenticate for the other profiles I transferred .
So I assume that if one were to examine that program there might be something in there.When I installed Windows 7 on my laptop - at the point where it asked me for the Key I unplugged to take the laptop to my desk to get the key - and the Key dialog was simply bypassed !
I was on the next screen .
So I still have n't entered my key .
Maybe this only happens with a MSDN license - not sure .</tokentext>
<sentencetext>Not sure if anyone knows about these but...The document and settings transfer wizard in Windows 7 did not ask me to authenticate for the other profiles I transferred.
So I assume that if one were to examine that program there might be something in there.When I installed Windows 7 on my laptop - at the point where it asked me for the Key I unplugged to take the laptop to my desk to get the key - and the Key dialog was simply bypassed!
I was on the next screen.
So I still haven't entered my key.
Maybe this only happens with a MSDN license - not sure.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505988</id>
	<title>Re:Still can't exploit the host OS</title>
	<author>pinkushun</author>
	<datestamp>1268821320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Out of interest, I develop on two XP SP3 VPC's, against older systems that do not support XP+. It's a bit worrying, doing production work in these environments.</p></htmltext>
<tokenext>Out of interest , I develop on two XP SP3 VPC 's , against older systems that do not support XP + .
It 's a bit worrying , doing production work in these environments .</tokentext>
<sentencetext>Out of interest, I develop on two XP SP3 VPC's, against older systems that do not support XP+.
It's a bit worrying, doing production work in these environments.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503090</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503310</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268744940000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Are you modding this guy troll because he's upset people insist on using this piece of sh* called Windholes?</p><p>Is that what<nobr> <wbr></nobr>/. has come to now?</p><p>Maybe malcontents should pack things and look for a Linux site to whine about M$, eh?</p></htmltext>
<tokenext>Are you modding this guy troll because he 's upset people insist on using this piece of sh * called Windholes ? Is that what / .
has come to now ? Maybe malcontents should pack things and look for a Linux site to whine about M $ , eh ?</tokentext>
<sentencetext>Are you modding this guy troll because he's upset people insist on using this piece of sh* called Windholes?Is that what /.
has come to now?Maybe malcontents should pack things and look for a Linux site to whine about M$, eh?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504654</id>
	<title>"security mitigations"?</title>
	<author>John Hasler</author>
	<datestamp>1268757540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Aren't those called "exploits"?</p></htmltext>
<tokenext>Are n't those called " exploits " ?</tokentext>
<sentencetext>Aren't those called "exploits"?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502994</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268742540000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.</p></htmltext>
<tokenext>Ahh yes , come one , come all to Debian Island where all the computers are free and none of them work quite right .</tokentext>
<sentencetext>Ahh yes, come one, come all to Debian Island where all the computers are free and none of them work quite right.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504948</id>
	<title>No kidding</title>
	<author>Sycraft-fu</author>
	<datestamp>1268761140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>To the extent we use it at work, it is for running stubborn old software that won't run in Windows 7 and/or 64-bit OSes. To date, we've discovered two applications like that. We also set them up to run seamless in the host OS (their window appears along any other window) where you don't see or play with the guest VM. It's easier for the user, and less potential trouble. They generally don't even know (or care) that the program is running in a VM.</p><p>So yes, it requires some fairly edge situations to exploit. Not many people use XP mode in the first place (most apps run natively in 7), if they do, reasonable bet they are just using it for compatibility for one or two old apps, not on a regular basis. So you have to convince them to get your exploit, and run it in their XP system. While I suppose you could craft it so that it doesn't run in 7, they may just say "Eh, do not want," and ignore it. If not they might wonder why a new app would have that problem. Either way you've got to get them to use it in XP mode and then... Well I guess you can own their XP VM. Wonderful, that does you a whole lot of nothing in general.</p><p>Also this isn't a case of "Bypasses any and all security," it just gets by some additional protections that can help in some cases. DEP, for example, doesn't do anything to stop malware, it doesn't check the "evil bit" and stop programs from running. All it does is prevent buffer overflows in some cases. You can't execute code in the data area of a program's memory. Ok, fine, however to even matter at all you have to have a program that is vulnerable to that kind of thing. If programs are checking their inputs and so on, then DEP never even comes in to play.</p><p>Don't get me wrong, I'm happy that MS has added some additional protections to make common problems harder to exploit, however they are not the first, last, and only line of defense. They are just things that cause additional problems for various sorts of exploits. Something has to find a way to try and get in to the system in the first place before they even matter.</p><p>I can't see this as any kind of big deal. I'm certainly not at all concerned with regards to the computers that use it at work.</p></htmltext>
<tokenext>To the extent we use it at work , it is for running stubborn old software that wo n't run in Windows 7 and/or 64-bit OSes .
To date , we 've discovered two applications like that .
We also set them up to run seamless in the host OS ( their window appears along any other window ) where you do n't see or play with the guest VM .
It 's easier for the user , and less potential trouble .
They generally do n't even know ( or care ) that the program is running in a VM.So yes , it requires some fairly edge situations to exploit .
Not many people use XP mode in the first place ( most apps run natively in 7 ) , if they do , reasonable bet they are just using it for compatibility for one or two old apps , not on a regular basis .
So you have to convince them to get your exploit , and run it in their XP system .
While I suppose you could craft it so that it does n't run in 7 , they may just say " Eh , do not want , " and ignore it .
If not they might wonder why a new app would have that problem .
Either way you 've got to get them to use it in XP mode and then... Well I guess you can own their XP VM .
Wonderful , that does you a whole lot of nothing in general.Also this is n't a case of " Bypasses any and all security , " it just gets by some additional protections that can help in some cases .
DEP , for example , does n't do anything to stop malware , it does n't check the " evil bit " and stop programs from running .
All it does is prevent buffer overflows in some cases .
You ca n't execute code in the data area of a program 's memory .
Ok , fine , however to even matter at all you have to have a program that is vulnerable to that kind of thing .
If programs are checking their inputs and so on , then DEP never even comes in to play.Do n't get me wrong , I 'm happy that MS has added some additional protections to make common problems harder to exploit , however they are not the first , last , and only line of defense .
They are just things that cause additional problems for various sorts of exploits .
Something has to find a way to try and get in to the system in the first place before they even matter.I ca n't see this as any kind of big deal .
I 'm certainly not at all concerned with regards to the computers that use it at work .</tokentext>
<sentencetext>To the extent we use it at work, it is for running stubborn old software that won't run in Windows 7 and/or 64-bit OSes.
To date, we've discovered two applications like that.
We also set them up to run seamless in the host OS (their window appears along any other window) where you don't see or play with the guest VM.
It's easier for the user, and less potential trouble.
They generally don't even know (or care) that the program is running in a VM.So yes, it requires some fairly edge situations to exploit.
Not many people use XP mode in the first place (most apps run natively in 7), if they do, reasonable bet they are just using it for compatibility for one or two old apps, not on a regular basis.
So you have to convince them to get your exploit, and run it in their XP system.
While I suppose you could craft it so that it doesn't run in 7, they may just say "Eh, do not want," and ignore it.
If not they might wonder why a new app would have that problem.
Either way you've got to get them to use it in XP mode and then... Well I guess you can own their XP VM.
Wonderful, that does you a whole lot of nothing in general.Also this isn't a case of "Bypasses any and all security," it just gets by some additional protections that can help in some cases.
DEP, for example, doesn't do anything to stop malware, it doesn't check the "evil bit" and stop programs from running.
All it does is prevent buffer overflows in some cases.
You can't execute code in the data area of a program's memory.
Ok, fine, however to even matter at all you have to have a program that is vulnerable to that kind of thing.
If programs are checking their inputs and so on, then DEP never even comes in to play.Don't get me wrong, I'm happy that MS has added some additional protections to make common problems harder to exploit, however they are not the first, last, and only line of defense.
They are just things that cause additional problems for various sorts of exploits.
Something has to find a way to try and get in to the system in the first place before they even matter.I can't see this as any kind of big deal.
I'm certainly not at all concerned with regards to the computers that use it at work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31512932</id>
	<title>Re:Linux</title>
	<author>trapnest</author>
	<datestamp>1268854920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Because Linux isn't ready for the desktop.</htmltext>
<tokenext>Because Linux is n't ready for the desktop .</tokentext>
<sentencetext>Because Linux isn't ready for the desktop.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503814</id>
	<title>Whats new...</title>
	<author>joocemann</author>
	<datestamp>1268749500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Its like they do this on purpose...</p></htmltext>
<tokenext>Its like they do this on purpose.. .</tokentext>
<sentencetext>Its like they do this on purpose...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503278</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268744520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>So apparently smug isn't isolated to just macfags and prius drivers.</p></htmltext>
<tokenext>So apparently smug is n't isolated to just macfags and prius drivers .</tokentext>
<sentencetext>So apparently smug isn't isolated to just macfags and prius drivers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502824</id>
	<title>This gets me every time</title>
	<author>Anonymous</author>
	<datestamp>1268741460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>Arce said Core reported the flaw to Microsoft last August...
Microsoft officials declined to comment until they had a chance to review Core&rsquo;s advisory on the issue
<br>
<br>

So how many months do you need to review once you are told about it???</htmltext>
<tokenext>Arce said Core reported the flaw to Microsoft last August.. . Microsoft officials declined to comment until they had a chance to review Core    s advisory on the issue So how many months do you need to review once you are told about it ? ?
?</tokentext>
<sentencetext>Arce said Core reported the flaw to Microsoft last August...
Microsoft officials declined to comment until they had a chance to review Core’s advisory on the issue



So how many months do you need to review once you are told about it??
?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</id>
	<title>Linux</title>
	<author>Anonymous</author>
	<datestamp>1268741100000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>Every time I read an article like this, it gives me a smug face wondering why more people don't switch.</htmltext>
<tokenext>Every time I read an article like this , it gives me a smug face wondering why more people do n't switch .</tokentext>
<sentencetext>Every time I read an article like this, it gives me a smug face wondering why more people don't switch.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503360</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>PingPongBoy</author>
	<datestamp>1268745300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><em>On the other hand, Virtual PC isn't even a hypervisor; it requires a full OS onderneath it, running itself as just another Windows app</em></p><p>So<nobr> <wbr></nobr>... install Virtual PC in a Virtual PC virtual machine.</p><p>I haven't tried, as it is slow enough</p></htmltext>
<tokenext>On the other hand , Virtual PC is n't even a hypervisor ; it requires a full OS onderneath it , running itself as just another Windows appSo ... install Virtual PC in a Virtual PC virtual machine.I have n't tried , as it is slow enough</tokentext>
<sentencetext>On the other hand, Virtual PC isn't even a hypervisor; it requires a full OS onderneath it, running itself as just another Windows appSo ... install Virtual PC in a Virtual PC virtual machine.I haven't tried, as it is slow enough</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506308</id>
	<title>Use a VHD for booting and your screwed?</title>
	<author>Anonymous</author>
	<datestamp>1268824860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Alltough I never got this working: booting from a VHD<nobr> <wbr></nobr>:, it occurs to me that are a lot of people doing this for different purposes...</p><p><a href="http://www.sevenforums.com/tutorials/2953-virtual-hard-drive-vhd-file-create-start-boot.html" title="sevenforums.com" rel="nofollow">http://www.sevenforums.com/tutorials/2953-virtual-hard-drive-vhd-file-create-start-boot.html</a> [sevenforums.com]</p><p>Would this be affected too?</p></htmltext>
<tokenext>Alltough I never got this working : booting from a VHD : , it occurs to me that are a lot of people doing this for different purposes...http : //www.sevenforums.com/tutorials/2953-virtual-hard-drive-vhd-file-create-start-boot.html [ sevenforums.com ] Would this be affected too ?</tokentext>
<sentencetext>Alltough I never got this working: booting from a VHD :, it occurs to me that are a lot of people doing this for different purposes...http://www.sevenforums.com/tutorials/2953-virtual-hard-drive-vhd-file-create-start-boot.html [sevenforums.com]Would this be affected too?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502958</id>
	<title>Re:Linux</title>
	<author>Lunix Nutcase</author>
	<datestamp>1268742360000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>1</modscore>
	<htmltext><p>Because Linux doesn't have the apps they want?  They don't want to have to relearn years of knowledge built up using Windows?  That it's not as simple to switch an entire OS and migrate all your programs and data as people like you would have people believe?</p></htmltext>
<tokenext>Because Linux does n't have the apps they want ?
They do n't want to have to relearn years of knowledge built up using Windows ?
That it 's not as simple to switch an entire OS and migrate all your programs and data as people like you would have people believe ?</tokentext>
<sentencetext>Because Linux doesn't have the apps they want?
They don't want to have to relearn years of knowledge built up using Windows?
That it's not as simple to switch an entire OS and migrate all your programs and data as people like you would have people believe?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31525294</id>
	<title>Re:Credits</title>
	<author>cachimaster</author>
	<datestamp>1268938680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Awesome aurelianito, thanks for the clarification!</p><p>And thanks to Nico too!</p></htmltext>
<tokenext>Awesome aurelianito , thanks for the clarification ! And thanks to Nico too !</tokentext>
<sentencetext>Awesome aurelianito, thanks for the clarification!And thanks to Nico too!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503182</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502924</id>
	<title>Re:Linux</title>
	<author>snowraver1</author>
	<datestamp>1268742060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>Answer: Because their apps run on windows.  That's all there is to it.</htmltext>
<tokenext>Answer : Because their apps run on windows .
That 's all there is to it .</tokentext>
<sentencetext>Answer: Because their apps run on windows.
That's all there is to it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505392</id>
	<title>Not a vulnerability</title>
	<author>Anonymous</author>
	<datestamp>1268768640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>This is really a vulnerability in any meaningful sense of the word. Rather, this means that certain advanced protections that Windows uses are less effective in a Virtual PC. Microsoft is actually in a leading postion when it comes to memory protection features as compared to anyone this side of OpenBSD.</p><p>What isn't someone issuing an "advisory" that the MacOS implementation of things like GS, ALSR, early-heap-termination and SafeSEH are either weak or nonexistent?</p><p>ASLR could use more entropy. Stack coookies could be present in every function, instead of just some. Every defense can be improved, and I don't think Microsoft has ever claimed that ASLR or GS is a reason NOT to produce a patch.</p><p>IMHO, Microsoft is completely correct to not issue a bulletin for this since that is an indication of a severe issue. And Core is free to make the issue known publically as well, and people can decide for themselves. But the Slashdot title is midleading at best.</p></htmltext>
<tokenext>This is really a vulnerability in any meaningful sense of the word .
Rather , this means that certain advanced protections that Windows uses are less effective in a Virtual PC .
Microsoft is actually in a leading postion when it comes to memory protection features as compared to anyone this side of OpenBSD.What is n't someone issuing an " advisory " that the MacOS implementation of things like GS , ALSR , early-heap-termination and SafeSEH are either weak or nonexistent ? ASLR could use more entropy .
Stack coookies could be present in every function , instead of just some .
Every defense can be improved , and I do n't think Microsoft has ever claimed that ASLR or GS is a reason NOT to produce a patch.IMHO , Microsoft is completely correct to not issue a bulletin for this since that is an indication of a severe issue .
And Core is free to make the issue known publically as well , and people can decide for themselves .
But the Slashdot title is midleading at best .</tokentext>
<sentencetext>This is really a vulnerability in any meaningful sense of the word.
Rather, this means that certain advanced protections that Windows uses are less effective in a Virtual PC.
Microsoft is actually in a leading postion when it comes to memory protection features as compared to anyone this side of OpenBSD.What isn't someone issuing an "advisory" that the MacOS implementation of things like GS, ALSR, early-heap-termination and SafeSEH are either weak or nonexistent?ASLR could use more entropy.
Stack coookies could be present in every function, instead of just some.
Every defense can be improved, and I don't think Microsoft has ever claimed that ASLR or GS is a reason NOT to produce a patch.IMHO, Microsoft is completely correct to not issue a bulletin for this since that is an indication of a severe issue.
And Core is free to make the issue known publically as well, and people can decide for themselves.
But the Slashdot title is midleading at best.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506842</id>
	<title>Re:Are VMware, Parallels, and VB also vulnerable?</title>
	<author>vegiVamp</author>
	<datestamp>1268831280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A random guess would be that some developer took a few shortcuts so he could show off the performance improvements he made on the hypervisor.</p></htmltext>
<tokenext>A random guess would be that some developer took a few shortcuts so he could show off the performance improvements he made on the hypervisor .</tokentext>
<sentencetext>A random guess would be that some developer took a few shortcuts so he could show off the performance improvements he made on the hypervisor.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503090</id>
	<title>Still can't exploit the host OS</title>
	<author>cbhacking</author>
	<datestamp>1268743260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>This is definitley a bug, but all it does is allow bypassing of security features in the virtualized system. In other words, you can exploit the VM client, but you still can't get at the host.</p><p>It's worth of a patch, but not of a panic. If you're virtualizing for security, you don't really care what happens to the virtual system (that's the point). If you're virtualizing so you can run an old OS, it's going to be full of holes anyhow. If you're virtualizing for any other reason, why the hell are you using consumer-grade virtualization software?</p></htmltext>
<tokenext>This is definitley a bug , but all it does is allow bypassing of security features in the virtualized system .
In other words , you can exploit the VM client , but you still ca n't get at the host.It 's worth of a patch , but not of a panic .
If you 're virtualizing for security , you do n't really care what happens to the virtual system ( that 's the point ) .
If you 're virtualizing so you can run an old OS , it 's going to be full of holes anyhow .
If you 're virtualizing for any other reason , why the hell are you using consumer-grade virtualization software ?</tokentext>
<sentencetext>This is definitley a bug, but all it does is allow bypassing of security features in the virtualized system.
In other words, you can exploit the VM client, but you still can't get at the host.It's worth of a patch, but not of a panic.
If you're virtualizing for security, you don't really care what happens to the virtual system (that's the point).
If you're virtualizing so you can run an old OS, it's going to be full of holes anyhow.
If you're virtualizing for any other reason, why the hell are you using consumer-grade virtualization software?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503506</id>
	<title>Mooslims are a plague on society</title>
	<author>Anonymous</author>
	<datestamp>1268746380000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext>Allah is a lie. Mohammad was an opportunist.</htmltext>
<tokenext>Allah is a lie .
Mohammad was an opportunist .</tokentext>
<sentencetext>Allah is a lie.
Mohammad was an opportunist.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506556</id>
	<title>Obvious...</title>
	<author>mahiskali</author>
	<datestamp>1268828460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I love how the summary has to point out that the vulnerability is "unpatched".  Well no shit, it wouldn't be a vulnerability if it was patched.</htmltext>
<tokenext>I love how the summary has to point out that the vulnerability is " unpatched " .
Well no shit , it would n't be a vulnerability if it was patched .</tokentext>
<sentencetext>I love how the summary has to point out that the vulnerability is "unpatched".
Well no shit, it wouldn't be a vulnerability if it was patched.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</id>
	<title>Ugh, this isn't good.</title>
	<author>Anonymous</author>
	<datestamp>1268741820000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>The good news is that this doesn't affect the big iron (Hyper-V).  However, for people who have Windows 7 and XP mode, using it for Web browsing, this will cause them a world of hurt.</p><p>Since this essentially doesn't affect servers, I'm going to recommend to people that they move to VMWare Workstation if they want commercial support, or VirtualBox if they desire an open source solution.  Either one of these has as many features as VirtualPC (although VirtualPC has one nice advantage -- it drops changes to the undo disk fast compared to the 2-3 minutes VMWare does.)</p><p>A hole in a hypervisor is a really bad thing.  A lot of people use VMs for honeypots, and this would cause unintended infections, or other damage, perhaps catastrophic.</p></htmltext>
<tokenext>The good news is that this does n't affect the big iron ( Hyper-V ) .
However , for people who have Windows 7 and XP mode , using it for Web browsing , this will cause them a world of hurt.Since this essentially does n't affect servers , I 'm going to recommend to people that they move to VMWare Workstation if they want commercial support , or VirtualBox if they desire an open source solution .
Either one of these has as many features as VirtualPC ( although VirtualPC has one nice advantage -- it drops changes to the undo disk fast compared to the 2-3 minutes VMWare does .
) A hole in a hypervisor is a really bad thing .
A lot of people use VMs for honeypots , and this would cause unintended infections , or other damage , perhaps catastrophic .</tokentext>
<sentencetext>The good news is that this doesn't affect the big iron (Hyper-V).
However, for people who have Windows 7 and XP mode, using it for Web browsing, this will cause them a world of hurt.Since this essentially doesn't affect servers, I'm going to recommend to people that they move to VMWare Workstation if they want commercial support, or VirtualBox if they desire an open source solution.
Either one of these has as many features as VirtualPC (although VirtualPC has one nice advantage -- it drops changes to the undo disk fast compared to the 2-3 minutes VMWare does.
)A hole in a hypervisor is a really bad thing.
A lot of people use VMs for honeypots, and this would cause unintended infections, or other damage, perhaps catastrophic.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762</id>
	<title>Are VMware, Parallels, and VB also vulnerable?</title>
	<author>postbigbang</author>
	<datestamp>1268741160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Makes one wonder if the disabling of these crack-thwarting mechanisms are also killed in other desktop hypervisors. Bad news.</p></htmltext>
<tokenext>Makes one wonder if the disabling of these crack-thwarting mechanisms are also killed in other desktop hypervisors .
Bad news .</tokentext>
<sentencetext>Makes one wonder if the disabling of these crack-thwarting mechanisms are also killed in other desktop hypervisors.
Bad news.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502900</id>
	<title>Re:Linux</title>
	<author>Stormwatch</author>
	<datestamp>1268741880000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Maybe people are so used to a buggy, bloated, vulnerable operating system that they assume other systems will be just as awful.</htmltext>
<tokenext>Maybe people are so used to a buggy , bloated , vulnerable operating system that they assume other systems will be just as awful .</tokentext>
<sentencetext>Maybe people are so used to a buggy, bloated, vulnerable operating system that they assume other systems will be just as awful.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506012</id>
	<title>Re:Which only goes to show, it's always something</title>
	<author>Anonymous</author>
	<datestamp>1268821620000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I wonder why Slashdot doesn't point out that all the Windows security features that have been 'defeated' have either no analogue in Linux/Mac OSX or a piss-poor imitation that doesn't actually secure anything.</p></htmltext>
<tokenext>I wonder why Slashdot does n't point out that all the Windows security features that have been 'defeated ' have either no analogue in Linux/Mac OSX or a piss-poor imitation that does n't actually secure anything .</tokentext>
<sentencetext>I wonder why Slashdot doesn't point out that all the Windows security features that have been 'defeated' have either no analogue in Linux/Mac OSX or a piss-poor imitation that doesn't actually secure anything.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502748</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503628</id>
	<title>Finally! Some good news!</title>
	<author>Anonymous</author>
	<datestamp>1268747760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><a href="http://www.msnbc.msn.com/id/35890027/ns/health-aids/" title="msn.com" rel="nofollow">This is just the kind of thing I can put my faith in.</a> [msn.com]</htmltext>
<tokenext>This is just the kind of thing I can put my faith in .
[ msn.com ]</tokentext>
<sentencetext>This is just the kind of thing I can put my faith in.
[msn.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503406</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268745720000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Because they don't want to use your busted POS OS?  Because a bug that will effect far less than 1\% of all Windows users isn't a cause to change OSes?  Because you suck more dicks than a gay bathhouse full of Mac users?</p></htmltext>
<tokenext>Because they do n't want to use your busted POS OS ?
Because a bug that will effect far less than 1 \ % of all Windows users is n't a cause to change OSes ?
Because you suck more dicks than a gay bathhouse full of Mac users ?</tokentext>
<sentencetext>Because they don't want to use your busted POS OS?
Because a bug that will effect far less than 1\% of all Windows users isn't a cause to change OSes?
Because you suck more dicks than a gay bathhouse full of Mac users?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504896</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>PFAK</author>
	<datestamp>1268760360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's a good thing this vulnerability doesn't allow the host system to be compromised, otherwise we'd be in real trouble!</p><p>(AKA: Parent poster is wrong.)</p></htmltext>
<tokenext>It 's a good thing this vulnerability does n't allow the host system to be compromised , otherwise we 'd be in real trouble !
( AKA : Parent poster is wrong .
)</tokentext>
<sentencetext>It's a good thing this vulnerability doesn't allow the host system to be compromised, otherwise we'd be in real trouble!
(AKA: Parent poster is wrong.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503494</id>
	<title>Re:Linux</title>
	<author>smash</author>
	<datestamp>1268746260000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>0</modscore>
	<htmltext>Because a large proporrtion of the userbase are smug, albeit clueless assholes?</htmltext>
<tokenext>Because a large proporrtion of the userbase are smug , albeit clueless assholes ?</tokentext>
<sentencetext>Because a large proporrtion of the userbase are smug, albeit clueless assholes?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504664</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>John Hasler</author>
	<datestamp>1268757660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; VMWare Workstation if they want commercial support, or VirtualBox if they<br>&gt; desire an open source solution.</p><p>You know very well that commercial support is available for Open Source.</p></htmltext>
<tokenext>&gt; VMWare Workstation if they want commercial support , or VirtualBox if they &gt; desire an open source solution.You know very well that commercial support is available for Open Source .</tokentext>
<sentencetext>&gt; VMWare Workstation if they want commercial support, or VirtualBox if they&gt; desire an open source solution.You know very well that commercial support is available for Open Source.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503528</id>
	<title>Re:Are VMware, Parallels, and VB also vulnerable?</title>
	<author>icebike</author>
	<datestamp>1268746680000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Makes me wonder why a company with the name of "Core Security Technologies" has an <b>exploit writer</b> on staff.</p></htmltext>
<tokenext>Makes me wonder why a company with the name of " Core Security Technologies " has an exploit writer on staff .</tokentext>
<sentencetext>Makes me wonder why a company with the name of "Core Security Technologies" has an exploit writer on staff.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>cbhacking</author>
	<datestamp>1268743560000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>Honeypots are designed to get hit. This bug doesn't make the host system vulnerable, it just means that the client OS is easier to exploit.</p><p>If it worked on Hyper-V, this would be a big problem; that's a server-level technology where even the clients are expected to remain secure. On the other hand, Virtual PC isn't even a hypervisor; it requires a full OS onderneath it, running itself as just another Windows app. Up until 2007 didn't even require hardware support for virtualization.</p></htmltext>
<tokenext>Honeypots are designed to get hit .
This bug does n't make the host system vulnerable , it just means that the client OS is easier to exploit.If it worked on Hyper-V , this would be a big problem ; that 's a server-level technology where even the clients are expected to remain secure .
On the other hand , Virtual PC is n't even a hypervisor ; it requires a full OS onderneath it , running itself as just another Windows app .
Up until 2007 did n't even require hardware support for virtualization .</tokentext>
<sentencetext>Honeypots are designed to get hit.
This bug doesn't make the host system vulnerable, it just means that the client OS is easier to exploit.If it worked on Hyper-V, this would be a big problem; that's a server-level technology where even the clients are expected to remain secure.
On the other hand, Virtual PC isn't even a hypervisor; it requires a full OS onderneath it, running itself as just another Windows app.
Up until 2007 didn't even require hardware support for virtualization.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503182</id>
	<title>Credits</title>
	<author>aurelianito</author>
	<datestamp>1268743860000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext>From TFA:<blockquote><div><p>An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks.</p></div></blockquote><p>I would like to add that the <i>exploit writer at Core Security Technologies</i> that discovered this vulnerability is <a href="http://corelabs.coresecurity.com/index.php?module=Wiki&amp;action=view&amp;type=researcher&amp;name=Nicolas\_Economou" title="coresecurity.com" rel="nofollow">Nicol&#225;s Economou</a> [coresecurity.com] and congratulate him on the great work he has made.</p><p>Disclaimer: I also work at Core</p></div>
	</htmltext>
<tokenext>From TFA : An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft 's Virtual PC virtualization software to malicious hacker attacks.I would like to add that the exploit writer at Core Security Technologies that discovered this vulnerability is Nicol   s Economou [ coresecurity.com ] and congratulate him on the great work he has made.Disclaimer : I also work at Core</tokentext>
<sentencetext>From TFA:An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks.I would like to add that the exploit writer at Core Security Technologies that discovered this vulnerability is Nicolás Economou [coresecurity.com] and congratulate him on the great work he has made.Disclaimer: I also work at Core
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502882</id>
	<title>Re:Linux</title>
	<author>customizedmischief</author>
	<datestamp>1268741820000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p> Every time I read an article like this, it gives me a smug face wondering why more people don't switch.</p> </div><p>Swtch to what, VMware or Parallels?</p></div>
	</htmltext>
<tokenext>Every time I read an article like this , it gives me a smug face wondering why more people do n't switch .
Swtch to what , VMware or Parallels ?</tokentext>
<sentencetext> Every time I read an article like this, it gives me a smug face wondering why more people don't switch.
Swtch to what, VMware or Parallels?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503228</id>
	<title>Re:Linux</title>
	<author>Anonymous</author>
	<datestamp>1268744160000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext>Well, if you are a linux user, didn't you already have a smug face?</htmltext>
<tokenext>Well , if you are a linux user , did n't you already have a smug face ?</tokentext>
<sentencetext>Well, if you are a linux user, didn't you already have a smug face?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505012</id>
	<title>Re:Are VMware, Parallels, and VB also vulnerable?</title>
	<author>Anonymous</author>
	<datestamp>1268762100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>There was an undisclosed proof-of-concept a while back I saw which allowed code in a VM to be executed on the host. The demonstration video opened Windows Calculator on a Vista host from an XP VM, and claimed that it worked on Player, Workstation and Fusion.</p></htmltext>
<tokenext>There was an undisclosed proof-of-concept a while back I saw which allowed code in a VM to be executed on the host .
The demonstration video opened Windows Calculator on a Vista host from an XP VM , and claimed that it worked on Player , Workstation and Fusion .</tokentext>
<sentencetext>There was an undisclosed proof-of-concept a while back I saw which allowed code in a VM to be executed on the host.
The demonstration video opened Windows Calculator on a Vista host from an XP VM, and claimed that it worked on Player, Workstation and Fusion.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504434</id>
	<title>Re:How many people even use VirtualPC/XP mode anyw</title>
	<author>Antique Geekmeister</author>
	<datestamp>1268755440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The target isn't that small. The fact that being virtualized breaks their security models is a big issue, and indicative of other big issues. (Using virtualization to break copy protection is one of my personal favorites.) And there are plenty of home and business users who have gotten Windows Vista machines foisted onto them who use and need to use Windows XP for software compatibility reasons, and who therefore run old games or critical applications in Windows XP under Virtual PC. I've done it myself for debugging purposes, when I've had spare licenses but not spare desktop systems.</p></htmltext>
<tokenext>The target is n't that small .
The fact that being virtualized breaks their security models is a big issue , and indicative of other big issues .
( Using virtualization to break copy protection is one of my personal favorites .
) And there are plenty of home and business users who have gotten Windows Vista machines foisted onto them who use and need to use Windows XP for software compatibility reasons , and who therefore run old games or critical applications in Windows XP under Virtual PC .
I 've done it myself for debugging purposes , when I 've had spare licenses but not spare desktop systems .</tokentext>
<sentencetext>The target isn't that small.
The fact that being virtualized breaks their security models is a big issue, and indicative of other big issues.
(Using virtualization to break copy protection is one of my personal favorites.
) And there are plenty of home and business users who have gotten Windows Vista machines foisted onto them who use and need to use Windows XP for software compatibility reasons, and who therefore run old games or critical applications in Windows XP under Virtual PC.
I've done it myself for debugging purposes, when I've had spare licenses but not spare desktop systems.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503088</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>Anonymous</author>
	<datestamp>1268743260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>The hole is not in the hypervisor. The GUEST OS is the one that is compromised, not the OS running the VM.</p></htmltext>
<tokenext>The hole is not in the hypervisor .
The GUEST OS is the one that is compromised , not the OS running the VM .</tokentext>
<sentencetext>The hole is not in the hypervisor.
The GUEST OS is the one that is compromised, not the OS running the VM.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504194</id>
	<title>Re:Ugh, this isn't good.</title>
	<author>NSIM</author>
	<datestamp>1268752980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>And what makes you think that other desktop hypervisors don't have similar vulnerabilities?</htmltext>
<tokenext>And what makes you think that other desktop hypervisors do n't have similar vulnerabilities ?</tokentext>
<sentencetext>And what makes you think that other desktop hypervisors don't have similar vulnerabilities?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504948
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506012
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502748
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505988
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503090
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502882
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506992
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31512932
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506842
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503088
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504194
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503918
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503406
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503360
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503228
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502924
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504170
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502994
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504434
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504664
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502900
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31525294
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503182
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504896
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503528
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502958
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503310
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505012
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_16_1939227_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503494
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506308
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506556
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504654
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502754
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502994
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504170
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503310
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503278
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31512932
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502924
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502958
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502882
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503494
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503228
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503406
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502900
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505392
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503322
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504434
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504948
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506816
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502824
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502762
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503528
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505012
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502884
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506992
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504194
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503138
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503918
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503360
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504664
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503088
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31504896
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31502748
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31506012
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31505988
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_16_1939227.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31503182
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_16_1939227.31525294
</commentlist>
</conversation>
