<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_25_2227231</id>
	<title>IE8, Safari, iPhone All Fall At Pwn2Own Contest</title>
	<author>timothy</author>
	<datestamp>1269512820000</datestamp>
	<htmltext>SpuriousLogic writes <i>"The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack. Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X <a href="http://www.pcmag.com/article2/0,2817,2361810,00.asp">all were forced to run exploit code</a>. To add insult to injury, an iPhone was cracked and the SMS database lifted from it."</i>

<strong>Updated 22:40 GMT by timothy:</strong> CWmike adds this interesting bit: <i>"The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that <a href="http://www.computerworld.com/s/article/9174120/Pwn2Own\_winner\_tells\_Apple\_Microsoft\_to\_find\_their\_own\_bugs">he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software</a>. Instead Charlie Miller will show the vendors how to find the bugs themselves."</i></htmltext>
<tokenext>SpuriousLogic writes " The annual Pwn2Own contest at CanSecWest is underway , and on the first day Web browsers fell to attack .
Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code .
To add insult to injury , an iPhone was cracked and the SMS database lifted from it .
" Updated 22 : 40 GMT by timothy : CWmike adds this interesting bit : " The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record ' that he wo n't hand over 20 vulnerabilities he 's found in Apple 's , Adobe 's and Microsoft 's software .
Instead Charlie Miller will show the vendors how to find the bugs themselves .
"</tokentext>
<sentencetext>SpuriousLogic writes "The annual Pwn2Own contest at CanSecWest is underway, and on the first day Web browsers fell to attack.
Internet Explorer 8 and Firefox 3.6.2 on 64-bit Windows 7 and Safari on OS X all were forced to run exploit code.
To add insult to injury, an iPhone was cracked and the SMS database lifted from it.
"

Updated 22:40 GMT by timothy: CWmike adds this interesting bit: "The only researcher to three-peat at the Pwn2Own hacking contest said on Thursday that security is such a 'broken record' that he won't hand over 20 vulnerabilities he's found in Apple's, Adobe's and Microsoft's software.
Instead Charlie Miller will show the vendors how to find the bugs themselves.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818</id>
	<title>As I said elsewhere on the net:</title>
	<author>Anonymous</author>
	<datestamp>1269517020000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Some of these exploits only took two weeks from conception to exploitation. TWO WEEKS. New product comes out, and POSSIBLY in 14 days you're fucked?</p><p>It seriously sounds like these idiots need to drop all high-level programming and go straight back to learning the BASICS first. Assembler and tight fucking code and source control.</p></htmltext>
<tokenext>Some of these exploits only took two weeks from conception to exploitation .
TWO WEEKS .
New product comes out , and POSSIBLY in 14 days you 're fucked ? It seriously sounds like these idiots need to drop all high-level programming and go straight back to learning the BASICS first .
Assembler and tight fucking code and source control .</tokentext>
<sentencetext>Some of these exploits only took two weeks from conception to exploitation.
TWO WEEKS.
New product comes out, and POSSIBLY in 14 days you're fucked?It seriously sounds like these idiots need to drop all high-level programming and go straight back to learning the BASICS first.
Assembler and tight fucking code and source control.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876</id>
	<title>So 64-bit ASLR on Windows is flawed as well...</title>
	<author>Anonymous</author>
	<datestamp>1269517320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak, but apparently the 64-bit version of it can be bypassed as well, as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks, which should be impossible on systems with address space layout randomization.</htmltext>
<tokenext>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak , but apparently the 64-bit version of it can be bypassed as well , as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks , which should be impossible on systems with address space layout randomization .</tokentext>
<sentencetext>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak, but apparently the 64-bit version of it can be bypassed as well, as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks, which should be impossible on systems with address space layout randomization.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622546</id>
	<title>They "forgot" Linux.</title>
	<author>miffo.swe</author>
	<datestamp>1269545160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It was very sad that Linux wouldnt be allowed in this year as opposed to last time when nobody could crack it. Regardless of how you measure market penetration its nice to have it there as a reference point. Anything you pay for should be much better than something you can get for free.</p><p>Chrome has an excellent sandbox, especially compared to IE8 and Safari which makes exploiting stuff very hard even if you know of an open exploit. That nobody even bothered is a testament to that it really works. Nobody hacks at pwn2own, its done long before the competition starts in reality.</p><p>Google Chrome OS is something really interesting and everything up until now points to it becoming one of the most secure OS in a long time. While MacOS X and Windows 7 is a pile of ugly hacks Chrome OS seems to be built on excellent foundation from a security viewpoint. I really like it how they take the user out of the equation, just in line with Microsofts security researchers (that Microsoft never seems to listen to).</p><p><a href="http://blogs.techrepublic.com.com/security/?p=3275&amp;tag=nl.e036" title="com.com" rel="nofollow">http://blogs.techrepublic.com.com/security/?p=3275&amp;tag=nl.e036</a> [com.com]</p></htmltext>
<tokenext>It was very sad that Linux wouldnt be allowed in this year as opposed to last time when nobody could crack it .
Regardless of how you measure market penetration its nice to have it there as a reference point .
Anything you pay for should be much better than something you can get for free.Chrome has an excellent sandbox , especially compared to IE8 and Safari which makes exploiting stuff very hard even if you know of an open exploit .
That nobody even bothered is a testament to that it really works .
Nobody hacks at pwn2own , its done long before the competition starts in reality.Google Chrome OS is something really interesting and everything up until now points to it becoming one of the most secure OS in a long time .
While MacOS X and Windows 7 is a pile of ugly hacks Chrome OS seems to be built on excellent foundation from a security viewpoint .
I really like it how they take the user out of the equation , just in line with Microsofts security researchers ( that Microsoft never seems to listen to ) .http : //blogs.techrepublic.com.com/security/ ? p = 3275&amp;tag = nl.e036 [ com.com ]</tokentext>
<sentencetext>It was very sad that Linux wouldnt be allowed in this year as opposed to last time when nobody could crack it.
Regardless of how you measure market penetration its nice to have it there as a reference point.
Anything you pay for should be much better than something you can get for free.Chrome has an excellent sandbox, especially compared to IE8 and Safari which makes exploiting stuff very hard even if you know of an open exploit.
That nobody even bothered is a testament to that it really works.
Nobody hacks at pwn2own, its done long before the competition starts in reality.Google Chrome OS is something really interesting and everything up until now points to it becoming one of the most secure OS in a long time.
While MacOS X and Windows 7 is a pile of ugly hacks Chrome OS seems to be built on excellent foundation from a security viewpoint.
I really like it how they take the user out of the equation, just in line with Microsofts security researchers (that Microsoft never seems to listen to).http://blogs.techrepublic.com.com/security/?p=3275&amp;tag=nl.e036 [com.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602</id>
	<title>I'd like to see crackers write their own browsers</title>
	<author>Rogerborg</author>
	<datestamp>1269521160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>As secure and hardened as they can make them, 100\% standards compliant.  And then cry and whine like little bitches as everybody sneers and calls them pathetic lamer noobs because their browsers totally suck at delivering content.</htmltext>
<tokenext>As secure and hardened as they can make them , 100 \ % standards compliant .
And then cry and whine like little bitches as everybody sneers and calls them pathetic lamer noobs because their browsers totally suck at delivering content .</tokentext>
<sentencetext>As secure and hardened as they can make them, 100\% standards compliant.
And then cry and whine like little bitches as everybody sneers and calls them pathetic lamer noobs because their browsers totally suck at delivering content.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620060</id>
	<title>Re:BS without details</title>
	<author>Anonymous</author>
	<datestamp>1269523500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Every OS and app in this test was fully patched with no publicly known security exploits.</p><p>Turns out Apple programmers aren't demi-gods.</p><p>Really got to ask yourself why you spend your time defending a company when they fuck up.</p><p>They're interested in nothing other than profit, why the fuck do you people seem to take things on a personal level.</p></htmltext>
<tokenext>Every OS and app in this test was fully patched with no publicly known security exploits.Turns out Apple programmers are n't demi-gods.Really got to ask yourself why you spend your time defending a company when they fuck up.They 're interested in nothing other than profit , why the fuck do you people seem to take things on a personal level .</tokentext>
<sentencetext>Every OS and app in this test was fully patched with no publicly known security exploits.Turns out Apple programmers aren't demi-gods.Really got to ask yourself why you spend your time defending a company when they fuck up.They're interested in nothing other than profit, why the fuck do you people seem to take things on a personal level.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619196</id>
	<title>Re:Misleading; no credibility</title>
	<author>Anonymous</author>
	<datestamp>1269519180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Chome is still a minority product. IE, FF and Safari are the main players these days. Where are you going to draw the line, Lynx? That fact is, the biggest browsers still have pathetic securit. Particularly Safari, which is beaten within seconds every year, and the usual winner stating there are tons of holes in it waiting for later competitions.</p></htmltext>
<tokenext>Chome is still a minority product .
IE , FF and Safari are the main players these days .
Where are you going to draw the line , Lynx ?
That fact is , the biggest browsers still have pathetic securit .
Particularly Safari , which is beaten within seconds every year , and the usual winner stating there are tons of holes in it waiting for later competitions .</tokentext>
<sentencetext>Chome is still a minority product.
IE, FF and Safari are the main players these days.
Where are you going to draw the line, Lynx?
That fact is, the biggest browsers still have pathetic securit.
Particularly Safari, which is beaten within seconds every year, and the usual winner stating there are tons of holes in it waiting for later competitions.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619304</id>
	<title>Re:Well ...</title>
	<author>AmberBlackCat</author>
	<datestamp>1269519660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I didn't see Opera get mentioned...</htmltext>
<tokenext>I did n't see Opera get mentioned.. .</tokentext>
<sentencetext>I didn't see Opera get mentioned...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619162</id>
	<title>Re:As I said elsewhere on the net:</title>
	<author>Anonymous</author>
	<datestamp>1269519060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits.  Oh, you don't have one and you're just a posturing tard?  Yeah, that's what I thought.</p></htmltext>
<tokenext>So if you 're such a badass programmer please link to your assembly-coded web browser that contains zero exploits .
Oh , you do n't have one and you 're just a posturing tard ?
Yeah , that 's what I thought .</tokentext>
<sentencetext>So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits.
Oh, you don't have one and you're just a posturing tard?
Yeah, that's what I thought.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622624</id>
	<title>Re:Misleading; no credibility</title>
	<author>aCC</author>
	<datestamp>1269546060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I normally don't write these comments, but this time I make an exception: that was hilarious! Thanks for that!</p><p>You made one mistake though. This is wrong:</p><p><div class="quote"><p>This is Slashdot!</p></div><p>It needs to be:</p><p><div class="quote"><p> <b>THIS! IS!<nobr> <wbr></nobr>/.!</b></p> </div></div>
	</htmltext>
<tokenext>I normally do n't write these comments , but this time I make an exception : that was hilarious !
Thanks for that ! You made one mistake though .
This is wrong : This is Slashdot ! It needs to be : THIS !
IS ! / .
!</tokentext>
<sentencetext>I normally don't write these comments, but this time I make an exception: that was hilarious!
Thanks for that!You made one mistake though.
This is wrong:This is Slashdot!It needs to be: THIS!
IS! /.
! 
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621206</id>
	<title>Re:Cue the Fanbois in three...two...one</title>
	<author>shutdown -p now</author>
	<datestamp>1269531300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It's not the <a href="http://www.computerworld.com/s/article/9129978/Researcher\_cracks\_Mac\_in\_10\_seconds\_at\_PWN2OWN\_wins\_5k" title="computerworld.com">first</a> [computerworld.com] <a href="http://www.computerworld.com/s/article/9072959/Mac\_easiest\_to\_hack\_says\_10\_000\_winner" title="computerworld.com">time</a> [computerworld.com] Apple products fail at pwn2own.</p></htmltext>
<tokenext>It 's not the first [ computerworld.com ] time [ computerworld.com ] Apple products fail at pwn2own .</tokentext>
<sentencetext>It's not the first [computerworld.com] time [computerworld.com] Apple products fail at pwn2own.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618860</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618860</id>
	<title>Cue the Fanbois in three...two...one</title>
	<author>Anonymous</author>
	<datestamp>1269517260000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext>I feel for the Apple Fanboi's who won't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned.
Newsflash: nothing is secure.</htmltext>
<tokenext>I feel for the Apple Fanboi 's who wo n't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned .
Newsflash : nothing is secure .</tokentext>
<sentencetext>I feel for the Apple Fanboi's who won't be getting any sleep tonight...coming up with a defense for why their flagship product got pwned.
Newsflash: nothing is secure.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760</id>
	<title>Well ...</title>
	<author>WrongSizeGlass</author>
	<datestamp>1269516780000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>... these guys (and gals?) all know what they are going to try <i>before</i> they ever get to this <i>contest</i>. It's not like they discover all these vulnerabilities during some epiphany once they arrive.<br> <br>
On the other hand, these security holes are real and need to be addressed by anyone and everyone that was shamed (this means MS, Apple, Mozilla, <b>everyone</b>) pronto!</htmltext>
<tokenext>... these guys ( and gals ?
) all know what they are going to try before they ever get to this contest .
It 's not like they discover all these vulnerabilities during some epiphany once they arrive .
On the other hand , these security holes are real and need to be addressed by anyone and everyone that was shamed ( this means MS , Apple , Mozilla , everyone ) pronto !</tokentext>
<sentencetext>... these guys (and gals?
) all know what they are going to try before they ever get to this contest.
It's not like they discover all these vulnerabilities during some epiphany once they arrive.
On the other hand, these security holes are real and need to be addressed by anyone and everyone that was shamed (this means MS, Apple, Mozilla, everyone) pronto!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31627504</id>
	<title>Re:Holy Shit</title>
	<author>RivenAleem</author>
	<datestamp>1269623280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You cannot tell someone what the bugs in the system are, you have to see it for yourself.</p></htmltext>
<tokenext>You can not tell someone what the bugs in the system are , you have to see it for yourself .</tokentext>
<sentencetext>You cannot tell someone what the bugs in the system are, you have to see it for yourself.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622214</id>
	<title>Re:Holy Shit</title>
	<author>Onymous Coward</author>
	<datestamp>1269540780000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>No, really, guys, is it something that can be taught?  Or is it more like having the knack for programming in the first place?  Like having the cleverness to come up with certain algorithms?  If you can describe it well enough that you end up with something<nobr> <wbr></nobr>... that<nobr> <wbr></nobr>...  can<nobr> <wbr></nobr>... I bet<nobr> <wbr></nobr>... you end up with a program?  Um, Purify?  Valgrind?  I'm not a programmer, but I think those only go so far, right?  So we don't have the knowledge in question codified, I bet, so I suppose there may also be some challenge in trying to train others in it.</p><p>Ah, I'm a dumbass and should just RTFA.  Sorry.</p><p>Okay.</p><p>Dumb fuzzing?  Is that what I think it is?  And, so the vendors <em>are</em> dumb fuzzing but not as successfully as he?  Hm.  Maybe it's just a matter of giving some pointers.  I imagine withholding the bugs will get the vendors' attentions.  I love how this is a David -&gt; Goliath spanking.</p><p>Look, I found a virtual Wikipedia article on dumb fuzzing, but it wasn't at Wikipedia.  <a href="http://krakowlabs.com/dev.html" title="krakowlabs.com">It was at one of those homegrown security outfits.</a> [krakowlabs.com] ("Fuzzing for Fun and Profit", Jeremy Brown (rush).)</p></htmltext>
<tokenext>No , really , guys , is it something that can be taught ?
Or is it more like having the knack for programming in the first place ?
Like having the cleverness to come up with certain algorithms ?
If you can describe it well enough that you end up with something ... that ... can ... I bet ... you end up with a program ?
Um , Purify ?
Valgrind ? I 'm not a programmer , but I think those only go so far , right ?
So we do n't have the knowledge in question codified , I bet , so I suppose there may also be some challenge in trying to train others in it.Ah , I 'm a dumbass and should just RTFA .
Sorry.Okay.Dumb fuzzing ?
Is that what I think it is ?
And , so the vendors are dumb fuzzing but not as successfully as he ?
Hm. Maybe it 's just a matter of giving some pointers .
I imagine withholding the bugs will get the vendors ' attentions .
I love how this is a David - &gt; Goliath spanking.Look , I found a virtual Wikipedia article on dumb fuzzing , but it was n't at Wikipedia .
It was at one of those homegrown security outfits .
[ krakowlabs.com ] ( " Fuzzing for Fun and Profit " , Jeremy Brown ( rush ) .
)</tokentext>
<sentencetext>No, really, guys, is it something that can be taught?
Or is it more like having the knack for programming in the first place?
Like having the cleverness to come up with certain algorithms?
If you can describe it well enough that you end up with something ... that ...  can ... I bet ... you end up with a program?
Um, Purify?
Valgrind?  I'm not a programmer, but I think those only go so far, right?
So we don't have the knowledge in question codified, I bet, so I suppose there may also be some challenge in trying to train others in it.Ah, I'm a dumbass and should just RTFA.
Sorry.Okay.Dumb fuzzing?
Is that what I think it is?
And, so the vendors are dumb fuzzing but not as successfully as he?
Hm.  Maybe it's just a matter of giving some pointers.
I imagine withholding the bugs will get the vendors' attentions.
I love how this is a David -&gt; Goliath spanking.Look, I found a virtual Wikipedia article on dumb fuzzing, but it wasn't at Wikipedia.
It was at one of those homegrown security outfits.
[krakowlabs.com] ("Fuzzing for Fun and Profit", Jeremy Brown (rush).
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622060</id>
	<title>Is anyone really surprised by this?</title>
	<author>FlyingGuy</author>
	<datestamp>1269538800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>As another poster <i>vamman</i> put it the very nature of what a browser tries to do is a time bomb.</p><p>The very nature of a web server is the same thing.</p><p>Until the web gets itself under control and the people who write browsers and the people who write web servers tell the wc3 to shove their wildly horrible specs straight up their ass ( yes a lot of it will be recursive ) we will continue to see this sort of thing.</p><p>Computers were never designed to be <i>infinitely flexible</i> which is to say dealing with things like xml and html that are not well formed, defined and encapsulated in a rigid structure.  both xml and html are completely open ended structures with no real boundaries  to bump up against, so the machine simply has to keep allocating and allocating until it finds something the closes a section.  If their was ever a recipe for a buffer overrun or  a stack overflow this is certainly it.</p><p>Web servers still seem to have trouble caging the requests, again part of the <i>indefinitely flexible</i> nature of what has been built.    Why of course you will accept a request that is 90kb long, uhmmm oops wait I just exploded.</p><p>There are parts of the web mechanism that must be tightly controlled, they must be highly defined and yes they must be highly restrictive.  They must be designed with security as the over riding priority and to hell with convenience .  Buffer overflows must simply cease to exist.  ANY portion of the code that deals with requests coming in must have hard limits built into it as this the only way to get a handle on this.</p><p>The same thing with browsers.  There must be hard limits, the rules have to be made and maintained.  No more slipping in some code to be able to say, "Hey look at this cool thing I just did!"</p></htmltext>
<tokenext>As another poster vamman put it the very nature of what a browser tries to do is a time bomb.The very nature of a web server is the same thing.Until the web gets itself under control and the people who write browsers and the people who write web servers tell the wc3 to shove their wildly horrible specs straight up their ass ( yes a lot of it will be recursive ) we will continue to see this sort of thing.Computers were never designed to be infinitely flexible which is to say dealing with things like xml and html that are not well formed , defined and encapsulated in a rigid structure .
both xml and html are completely open ended structures with no real boundaries to bump up against , so the machine simply has to keep allocating and allocating until it finds something the closes a section .
If their was ever a recipe for a buffer overrun or a stack overflow this is certainly it.Web servers still seem to have trouble caging the requests , again part of the indefinitely flexible nature of what has been built .
Why of course you will accept a request that is 90kb long , uhmmm oops wait I just exploded.There are parts of the web mechanism that must be tightly controlled , they must be highly defined and yes they must be highly restrictive .
They must be designed with security as the over riding priority and to hell with convenience .
Buffer overflows must simply cease to exist .
ANY portion of the code that deals with requests coming in must have hard limits built into it as this the only way to get a handle on this.The same thing with browsers .
There must be hard limits , the rules have to be made and maintained .
No more slipping in some code to be able to say , " Hey look at this cool thing I just did !
"</tokentext>
<sentencetext>As another poster vamman put it the very nature of what a browser tries to do is a time bomb.The very nature of a web server is the same thing.Until the web gets itself under control and the people who write browsers and the people who write web servers tell the wc3 to shove their wildly horrible specs straight up their ass ( yes a lot of it will be recursive ) we will continue to see this sort of thing.Computers were never designed to be infinitely flexible which is to say dealing with things like xml and html that are not well formed, defined and encapsulated in a rigid structure.
both xml and html are completely open ended structures with no real boundaries  to bump up against, so the machine simply has to keep allocating and allocating until it finds something the closes a section.
If their was ever a recipe for a buffer overrun or  a stack overflow this is certainly it.Web servers still seem to have trouble caging the requests, again part of the indefinitely flexible nature of what has been built.
Why of course you will accept a request that is 90kb long, uhmmm oops wait I just exploded.There are parts of the web mechanism that must be tightly controlled, they must be highly defined and yes they must be highly restrictive.
They must be designed with security as the over riding priority and to hell with convenience .
Buffer overflows must simply cease to exist.
ANY portion of the code that deals with requests coming in must have hard limits built into it as this the only way to get a handle on this.The same thing with browsers.
There must be hard limits, the rules have to be made and maintained.
No more slipping in some code to be able to say, "Hey look at this cool thing I just did!
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619474</id>
	<title>Re:So many exploits, so few hydrogen bombs</title>
	<author>Red Flayer</author>
	<datestamp>1269520560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>There's an old saying about not killing the messenger...</p></div></blockquote><p>You make it seem like there's more to the saying that we're supposed to recall.  Like, we lean back and think for a second, and then our eyes light up as we have an epiphany about how that multi-part proverb that relates to not killing the messenger is the perfect metaphor for the OP's lack of analytical thought.<br> <br>When, in reality, the entire proverb is:<br> <br> <b> <i>Don't kill the messenger</i><nobr> <wbr></nobr></b>.<br> <br>So I vote we come up with some new clauses to add to that proverb.  Like:<br> <br> <i>Don't kill the messenger, lest he rise from the dead with a hunger for brains.</i> <br> <br>Or:<br> <br> <i>Don't kill the messenger, because he might not have given you the whole message yet, in which case you have less information and so you might make an uninformed decision.</i></p></div>
	</htmltext>
<tokenext>There 's an old saying about not killing the messenger...You make it seem like there 's more to the saying that we 're supposed to recall .
Like , we lean back and think for a second , and then our eyes light up as we have an epiphany about how that multi-part proverb that relates to not killing the messenger is the perfect metaphor for the OP 's lack of analytical thought .
When , in reality , the entire proverb is : Do n't kill the messenger .
So I vote we come up with some new clauses to add to that proverb .
Like : Do n't kill the messenger , lest he rise from the dead with a hunger for brains .
Or : Do n't kill the messenger , because he might not have given you the whole message yet , in which case you have less information and so you might make an uninformed decision .</tokentext>
<sentencetext>There's an old saying about not killing the messenger...You make it seem like there's more to the saying that we're supposed to recall.
Like, we lean back and think for a second, and then our eyes light up as we have an epiphany about how that multi-part proverb that relates to not killing the messenger is the perfect metaphor for the OP's lack of analytical thought.
When, in reality, the entire proverb is:   Don't kill the messenger .
So I vote we come up with some new clauses to add to that proverb.
Like:  Don't kill the messenger, lest he rise from the dead with a hunger for brains.
Or:  Don't kill the messenger, because he might not have given you the whole message yet, in which case you have less information and so you might make an uninformed decision.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619082</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620640</id>
	<title>Re:I'd like to see crackers write their own browse</title>
	<author>francium de neobie</author>
	<datestamp>1269527100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Actually, I bet their browsers are gonna suck at security too. It's much easier to find one exploit from 1 million lines of code than to make sure your 1 million lines of code have absolutely no security holes.</htmltext>
<tokenext>Actually , I bet their browsers are gon na suck at security too .
It 's much easier to find one exploit from 1 million lines of code than to make sure your 1 million lines of code have absolutely no security holes .</tokentext>
<sentencetext>Actually, I bet their browsers are gonna suck at security too.
It's much easier to find one exploit from 1 million lines of code than to make sure your 1 million lines of code have absolutely no security holes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623088</id>
	<title>Re:Misleading; no credibility</title>
	<author>Anonymous</author>
	<datestamp>1269595920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Funny enough your UID is much higher than his.</p></htmltext>
<tokenext>Funny enough your UID is much higher than his .</tokentext>
<sentencetext>Funny enough your UID is much higher than his.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619546</id>
	<title>Re:BS without details</title>
	<author>Anonymous</author>
	<datestamp>1269520800000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>All of these hacks are real-world drive-by attacks against fully patched machines with default OS mitigations in place (ASLR, DEP, sandboxing).
<br> <br>
You get pwn3d if you go to a malicious page, go to a legit page with a malicious banner ad/embedded iframe, get redirected (via malicious WiFi AP) to a malicious page, etc.
<br> <br>
This is the third year in a row that Miller did this.  He has street cred, so think before you call BS.</htmltext>
<tokenext>All of these hacks are real-world drive-by attacks against fully patched machines with default OS mitigations in place ( ASLR , DEP , sandboxing ) .
You get pwn3d if you go to a malicious page , go to a legit page with a malicious banner ad/embedded iframe , get redirected ( via malicious WiFi AP ) to a malicious page , etc .
This is the third year in a row that Miller did this .
He has street cred , so think before you call BS .</tokentext>
<sentencetext>All of these hacks are real-world drive-by attacks against fully patched machines with default OS mitigations in place (ASLR, DEP, sandboxing).
You get pwn3d if you go to a malicious page, go to a legit page with a malicious banner ad/embedded iframe, get redirected (via malicious WiFi AP) to a malicious page, etc.
This is the third year in a row that Miller did this.
He has street cred, so think before you call BS.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030</id>
	<title>BS without details</title>
	<author>Anonymous</author>
	<datestamp>1269518280000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>Is this another benign Safari hack that has no real world application, or another one where you need physical access to the box, or another that is already patched in the newer releases?  What does "were forced to run exploit code" mean?  It says "hacked into a MacBook."  Is this another vulnerability in a 3rd party wireless driver?  I'm not saying that it's not legit, but "Safari on OS X" without versions and details doesn't tell me a whole lot.  Sounds like BS to me.</p></htmltext>
<tokenext>Is this another benign Safari hack that has no real world application , or another one where you need physical access to the box , or another that is already patched in the newer releases ?
What does " were forced to run exploit code " mean ?
It says " hacked into a MacBook .
" Is this another vulnerability in a 3rd party wireless driver ?
I 'm not saying that it 's not legit , but " Safari on OS X " without versions and details does n't tell me a whole lot .
Sounds like BS to me .</tokentext>
<sentencetext>Is this another benign Safari hack that has no real world application, or another one where you need physical access to the box, or another that is already patched in the newer releases?
What does "were forced to run exploit code" mean?
It says "hacked into a MacBook.
"  Is this another vulnerability in a 3rd party wireless driver?
I'm not saying that it's not legit, but "Safari on OS X" without versions and details doesn't tell me a whole lot.
Sounds like BS to me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621394</id>
	<title>Re:So many exploits, so few hydrogen bombs</title>
	<author>Antique Geekmeister</author>
	<datestamp>1269533040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Middle management.</p></htmltext>
<tokenext>Middle management .</tokentext>
<sentencetext>Middle management.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619324</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734</id>
	<title>Title misleading?</title>
	<author>Anonymous</author>
	<datestamp>1269516660000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Title misleading maybe... just a bit? Firefox got owned as well.</p></htmltext>
<tokenext>Title misleading maybe... just a bit ?
Firefox got owned as well .</tokentext>
<sentencetext>Title misleading maybe... just a bit?
Firefox got owned as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31629748</id>
	<title>Re:Misleading; no credibility</title>
	<author>sabt-pestnu</author>
	<datestamp>1269630360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I did not know the rules of the Pwn2Own contest, so came up with some things that sounded reasonable:<br>- first hack counts for more than later hacks.<br>- new exploits count for more than old ones.<br>- teams succeeding on a given target (be it OS, service, whatever) split a pool of points; the more teams that target a system, the lower the value overall would be.</p><p>Looking at <a href="http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010" title="tippingpoint.com">Tipping Point's Pwn2Own 2010 page</a> [tippingpoint.com], I find that they took on most of that:<br>- (it looks like) first hack on a platform gets all the marbles; no counter-weighting appears to have been done for multiple successes against the same target.<br>- platforms are weighted, presumably (but not necessarily) in difficulty.</p><p>As to "Linux vs Windows", I suppose you might count OS X in that category, as well as Android.  I don't personally know if any of the other phones are Linux based.  But the only general purpose computer + browser platforms in the browser category were windows and mac.</p></htmltext>
<tokenext>I did not know the rules of the Pwn2Own contest , so came up with some things that sounded reasonable : - first hack counts for more than later hacks.- new exploits count for more than old ones.- teams succeeding on a given target ( be it OS , service , whatever ) split a pool of points ; the more teams that target a system , the lower the value overall would be.Looking at Tipping Point 's Pwn2Own 2010 page [ tippingpoint.com ] , I find that they took on most of that : - ( it looks like ) first hack on a platform gets all the marbles ; no counter-weighting appears to have been done for multiple successes against the same target.- platforms are weighted , presumably ( but not necessarily ) in difficulty.As to " Linux vs Windows " , I suppose you might count OS X in that category , as well as Android .
I do n't personally know if any of the other phones are Linux based .
But the only general purpose computer + browser platforms in the browser category were windows and mac .</tokentext>
<sentencetext>I did not know the rules of the Pwn2Own contest, so came up with some things that sounded reasonable:- first hack counts for more than later hacks.- new exploits count for more than old ones.- teams succeeding on a given target (be it OS, service, whatever) split a pool of points; the more teams that target a system, the lower the value overall would be.Looking at Tipping Point's Pwn2Own 2010 page [tippingpoint.com], I find that they took on most of that:- (it looks like) first hack on a platform gets all the marbles; no counter-weighting appears to have been done for multiple successes against the same target.- platforms are weighted, presumably (but not necessarily) in difficulty.As to "Linux vs Windows", I suppose you might count OS X in that category, as well as Android.
I don't personally know if any of the other phones are Linux based.
But the only general purpose computer + browser platforms in the browser category were windows and mac.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623264</id>
	<title>Re:Security is dead</title>
	<author>Joce640k</author>
	<datestamp>1269598020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>C++ can be as safe/secure as any other language, it's just up to the programmer to do the right things and use the right constructs.</p><p>Many don't because they still think it's "just C with extras".</p></htmltext>
<tokenext>C + + can be as safe/secure as any other language , it 's just up to the programmer to do the right things and use the right constructs.Many do n't because they still think it 's " just C with extras " .</tokentext>
<sentencetext>C++ can be as safe/secure as any other language, it's just up to the programmer to do the right things and use the right constructs.Many don't because they still think it's "just C with extras".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623040</id>
	<title>Re:Security is dead</title>
	<author>RAMMS+EIN</author>
	<datestamp>1269595200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I agree with you.</p><p>There are whole classes of bugs that could right out be eliminated by writing software in safe languages, and using safe APIs. Many of such bugs (buffer overruns, integer overflows, stack smashing, memory leaks, dangling pointers, format string vulnerabilities, SQL injections, predictable filename attacks,<nobr> <wbr></nobr>...) end up being featured over and over and over again in vulnerability reports and exploits.</p><p>Considering that we have languages and APIs that are safe, efficient, and expressive, all exploits that fall into one of these classes could and should have been avoided. You really need some unsafe constructs to write the kernel of your operating system, but they really have no business being anywhere else. Least of all in applications that can receive arbitrary input from over the network!</p><p>Ditch C for application development, and you will be more productive and safer as a result.</p></htmltext>
<tokenext>I agree with you.There are whole classes of bugs that could right out be eliminated by writing software in safe languages , and using safe APIs .
Many of such bugs ( buffer overruns , integer overflows , stack smashing , memory leaks , dangling pointers , format string vulnerabilities , SQL injections , predictable filename attacks , ... ) end up being featured over and over and over again in vulnerability reports and exploits.Considering that we have languages and APIs that are safe , efficient , and expressive , all exploits that fall into one of these classes could and should have been avoided .
You really need some unsafe constructs to write the kernel of your operating system , but they really have no business being anywhere else .
Least of all in applications that can receive arbitrary input from over the network ! Ditch C for application development , and you will be more productive and safer as a result .</tokentext>
<sentencetext>I agree with you.There are whole classes of bugs that could right out be eliminated by writing software in safe languages, and using safe APIs.
Many of such bugs (buffer overruns, integer overflows, stack smashing, memory leaks, dangling pointers, format string vulnerabilities, SQL injections, predictable filename attacks, ...) end up being featured over and over and over again in vulnerability reports and exploits.Considering that we have languages and APIs that are safe, efficient, and expressive, all exploits that fall into one of these classes could and should have been avoided.
You really need some unsafe constructs to write the kernel of your operating system, but they really have no business being anywhere else.
Least of all in applications that can receive arbitrary input from over the network!Ditch C for application development, and you will be more productive and safer as a result.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621798</id>
	<title>Re:Title misleading?</title>
	<author>Anonymous</author>
	<datestamp>1269536160000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>But Opera didn't.</p></htmltext>
<tokenext>But Opera did n't .</tokentext>
<sentencetext>But Opera didn't.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619316</id>
	<title>Re:Misleading; no credibility</title>
	<author>Anonymous</author>
	<datestamp>1269519720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Chrome is in the list of targeted browsers, but apparently nobody tried it...</htmltext>
<tokenext>Chrome is in the list of targeted browsers , but apparently nobody tried it.. .</tokentext>
<sentencetext>Chrome is in the list of targeted browsers, but apparently nobody tried it...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619196</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618792</id>
	<title>firefox on osx?</title>
	<author>Anonymous</author>
	<datestamp>1269516960000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>is the firefox exploit windows x64 only? or is it an exploit in the common firefox code?<br>
&nbsp; <br>why does cracking the iphone add insult to injury? seems like you're throwing about cliches for the hell of it<br>
&nbsp; <br>capture: wetness... it's what slashdot makes me feel in my pants</p></htmltext>
<tokenext>is the firefox exploit windows x64 only ?
or is it an exploit in the common firefox code ?
  why does cracking the iphone add insult to injury ?
seems like you 're throwing about cliches for the hell of it   capture : wetness... it 's what slashdot makes me feel in my pants</tokentext>
<sentencetext>is the firefox exploit windows x64 only?
or is it an exploit in the common firefox code?
  why does cracking the iphone add insult to injury?
seems like you're throwing about cliches for the hell of it
  capture: wetness... it's what slashdot makes me feel in my pants</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619398</id>
	<title>Huh?  "Pwn2Own" Has No Credibility?</title>
	<author>RobotRunAmok</author>
	<datestamp>1269520200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why would you ever imagine something called "Pwn2Own" might ever have credibility in the first place?</p></htmltext>
<tokenext>Why would you ever imagine something called " Pwn2Own " might ever have credibility in the first place ?</tokentext>
<sentencetext>Why would you ever imagine something called "Pwn2Own" might ever have credibility in the first place?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619438</id>
	<title>Sandboxing news!</title>
	<author>Anonymous</author>
	<datestamp>1269520380000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>"However, neither the Firefox nor the IE 8 exploit  could overcome the sandboxing features in Windows 7 Protected Mode."</p><p>big, good, relevant, no, yes?</p></htmltext>
<tokenext>" However , neither the Firefox nor the IE 8 exploit could overcome the sandboxing features in Windows 7 Protected Mode .
" big , good , relevant , no , yes ?</tokentext>
<sentencetext>"However, neither the Firefox nor the IE 8 exploit  could overcome the sandboxing features in Windows 7 Protected Mode.
"big, good, relevant, no, yes?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086</id>
	<title>Holy Shit</title>
	<author>Onymous Coward</author>
	<datestamp>1269518520000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>Instead Charlie Miller will show the vendors how to find the bugs themselves.</p></div><p>Well, there's an idea.  Is it something that really can be taught?</p></div>
	</htmltext>
<tokenext>Instead Charlie Miller will show the vendors how to find the bugs themselves.Well , there 's an idea .
Is it something that really can be taught ?</tokentext>
<sentencetext>Instead Charlie Miller will show the vendors how to find the bugs themselves.Well, there's an idea.
Is it something that really can be taught?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625942</id>
	<title>Re:Well ...</title>
	<author>Hurricane78</author>
	<datestamp>1269617340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>and need to be addressed by anyone and everyone that was shamed (this means MS, Apple, Mozilla, everyone) pronto!</p></div><p>Actually... if you aren&rsquo;t paying anything for it, you don&rsquo;t get to demand such things. ^^<br>Of course if I were the developer, I&rsquo;d fix it anyway, because of pride. But if I&rsquo;d get enough annoying dicks thinking they are entitled to something, I might just decide to wait a bit longer, before releasing it to the general public.<nobr> <wbr></nobr>;)<br>(Same think as complaining too much about the cook, when he&rsquo;s the one making the food that you will eat then. *evil grin*)</p></div>
	</htmltext>
<tokenext>and need to be addressed by anyone and everyone that was shamed ( this means MS , Apple , Mozilla , everyone ) pronto ! Actually... if you aren    t paying anything for it , you don    t get to demand such things .
^ ^ Of course if I were the developer , I    d fix it anyway , because of pride .
But if I    d get enough annoying dicks thinking they are entitled to something , I might just decide to wait a bit longer , before releasing it to the general public .
; ) ( Same think as complaining too much about the cook , when he    s the one making the food that you will eat then .
* evil grin * )</tokentext>
<sentencetext>and need to be addressed by anyone and everyone that was shamed (this means MS, Apple, Mozilla, everyone) pronto!Actually... if you aren’t paying anything for it, you don’t get to demand such things.
^^Of course if I were the developer, I’d fix it anyway, because of pride.
But if I’d get enough annoying dicks thinking they are entitled to something, I might just decide to wait a bit longer, before releasing it to the general public.
;)(Same think as complaining too much about the cook, when he’s the one making the food that you will eat then.
*evil grin*)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619118</id>
	<title>Re:As I said elsewhere on the net:</title>
	<author>garaged</author>
	<datestamp>1269518700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>back to what? 10 and 20 years ago was way more easy to exploit computers, we are better, not good enough but better</p></htmltext>
<tokenext>back to what ?
10 and 20 years ago was way more easy to exploit computers , we are better , not good enough but better</tokentext>
<sentencetext>back to what?
10 and 20 years ago was way more easy to exploit computers, we are better, not good enough but better</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621220</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>aristotle-dude</author>
	<datestamp>1269531480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Wait, wait, don't tell me: Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable? Oh my <i>fuck</i>, it's Armageddon!</p></div><p>No, I am running VS 2008 and as I pointed out in another post, OS X can run 64bit apps in 32bit mode or visa versa no problem.
</p><p>
Here is a link to the more on the problems I was having and someone in the responses posted a link to a wrapper in memory patch to the fragmentation problem.
</p><p>
<a href="http://stevenharman.net/blog/archive/2008/04/29/hacking-visual-studio-to-use-more-than-2gigabytes-of-memory.aspx" title="stevenharman.net">http://stevenharman.net/blog/archive/2008/04/29/hacking-visual-studio-to-use-more-than-2gigabytes-of-memory.aspx</a> [stevenharman.net]</p></div>
	</htmltext>
<tokenext>Wait , wait , do n't tell me : Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable ?
Oh my fuck , it 's Armageddon ! No , I am running VS 2008 and as I pointed out in another post , OS X can run 64bit apps in 32bit mode or visa versa no problem .
Here is a link to the more on the problems I was having and someone in the responses posted a link to a wrapper in memory patch to the fragmentation problem .
http : //stevenharman.net/blog/archive/2008/04/29/hacking-visual-studio-to-use-more-than-2gigabytes-of-memory.aspx [ stevenharman.net ]</tokentext>
<sentencetext>Wait, wait, don't tell me: Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable?
Oh my fuck, it's Armageddon!No, I am running VS 2008 and as I pointed out in another post, OS X can run 64bit apps in 32bit mode or visa versa no problem.
Here is a link to the more on the problems I was having and someone in the responses posted a link to a wrapper in memory patch to the fragmentation problem.
http://stevenharman.net/blog/archive/2008/04/29/hacking-visual-studio-to-use-more-than-2gigabytes-of-memory.aspx [stevenharman.net]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619568</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619568</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>Anonymous</author>
	<datestamp>1269520920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Wait, wait, don't tell me: Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable? Oh my <i>fuck</i>, it's Armageddon!</p></htmltext>
<tokenext>Wait , wait , do n't tell me : Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable ?
Oh my fuck , it 's Armageddon !</tokentext>
<sentencetext>Wait, wait, don't tell me: Running an 8 year old development platform written by amateurs with an unsupported 3rd-party plugin in a 32-to-64-bit emulation layer on a modern operating system is unstable?
Oh my fuck, it's Armageddon!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619726</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>Xenoflargactian</author>
	<datestamp>1269521760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The attacker used a memory corruption bug to overwrite the null terminator of a string.  He then read that string, which kept going until it hit another null terminator (two consecutive 0 bytes).  He read memory he wasn't supposed to have access to, which included pointers to a C++ object's member functions (vftable).  With these pointers in hand, he has defeated ASLR, because he has information about the address space that he's not supposed to have.
<br> <br>
This MS's fault for a memory corruption bug, but their ASLR implementation isn't broken (at least not by this attack).
<br> <br>
Details if you're curious: <a href="http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf" title="vreugdenhilresearch.nl" rel="nofollow">http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf</a> [vreugdenhilresearch.nl]</htmltext>
<tokenext>The attacker used a memory corruption bug to overwrite the null terminator of a string .
He then read that string , which kept going until it hit another null terminator ( two consecutive 0 bytes ) .
He read memory he was n't supposed to have access to , which included pointers to a C + + object 's member functions ( vftable ) .
With these pointers in hand , he has defeated ASLR , because he has information about the address space that he 's not supposed to have .
This MS 's fault for a memory corruption bug , but their ASLR implementation is n't broken ( at least not by this attack ) .
Details if you 're curious : http : //vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf [ vreugdenhilresearch.nl ]</tokentext>
<sentencetext>The attacker used a memory corruption bug to overwrite the null terminator of a string.
He then read that string, which kept going until it hit another null terminator (two consecutive 0 bytes).
He read memory he wasn't supposed to have access to, which included pointers to a C++ object's member functions (vftable).
With these pointers in hand, he has defeated ASLR, because he has information about the address space that he's not supposed to have.
This MS's fault for a memory corruption bug, but their ASLR implementation isn't broken (at least not by this attack).
Details if you're curious: http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf [vreugdenhilresearch.nl]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619486</id>
	<title>iPhone hacked using a malicious website</title>
	<author>Anonymous</author>
	<datestamp>1269520620000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>In a related story, AT&amp;T spins a lack of network coverage as a security feature!</p></htmltext>
<tokenext>In a related story , AT&amp;T spins a lack of network coverage as a security feature !</tokentext>
<sentencetext>In a related story, AT&amp;T spins a lack of network coverage as a security feature!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619324</id>
	<title>Re:So many exploits, so few hydrogen bombs</title>
	<author>Anonymous</author>
	<datestamp>1269519720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>That's analogous to suggesting that getting rid of all the drug-sniffing dogs will cut down on drug smuggling.
What kind of world do you live in where the argument "If I don't know about it, then it must not exist!" is considered logical?</htmltext>
<tokenext>That 's analogous to suggesting that getting rid of all the drug-sniffing dogs will cut down on drug smuggling .
What kind of world do you live in where the argument " If I do n't know about it , then it must not exist !
" is considered logical ?</tokentext>
<sentencetext>That's analogous to suggesting that getting rid of all the drug-sniffing dogs will cut down on drug smuggling.
What kind of world do you live in where the argument "If I don't know about it, then it must not exist!
" is considered logical?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622946</id>
	<title>Re:I'd like to see crackers write their own browse</title>
	<author>RAMMS+EIN</author>
	<datestamp>1269636840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Indeed. Writing a web browser is bloody nasty work. Even the standards are hellish to have to implement, and then there is all that non-standard crap floating around the web that you're supposed to be able to handle. To make things worse, to make your browser usable you must also write pretty performant code. And you have to be able to stand up to the flak you will get if you don't beat the competition on JavaScript benchmarks and Acidn tests, don't have someone's favorite Firefox extension available, or don't run on someone's favorite platform. And even if you work with a team of demi-gods and somehow accomplish all that, your browser will still be susceptible to vulnerabilities in plugins and in libraries that it uses.</p><p>Really, I have immense respect for the developers of today's leading web browsers. It's a herculean task, and I know it. Keep it up, fellows!</p></htmltext>
<tokenext>Indeed .
Writing a web browser is bloody nasty work .
Even the standards are hellish to have to implement , and then there is all that non-standard crap floating around the web that you 're supposed to be able to handle .
To make things worse , to make your browser usable you must also write pretty performant code .
And you have to be able to stand up to the flak you will get if you do n't beat the competition on JavaScript benchmarks and Acidn tests , do n't have someone 's favorite Firefox extension available , or do n't run on someone 's favorite platform .
And even if you work with a team of demi-gods and somehow accomplish all that , your browser will still be susceptible to vulnerabilities in plugins and in libraries that it uses.Really , I have immense respect for the developers of today 's leading web browsers .
It 's a herculean task , and I know it .
Keep it up , fellows !</tokentext>
<sentencetext>Indeed.
Writing a web browser is bloody nasty work.
Even the standards are hellish to have to implement, and then there is all that non-standard crap floating around the web that you're supposed to be able to handle.
To make things worse, to make your browser usable you must also write pretty performant code.
And you have to be able to stand up to the flak you will get if you don't beat the competition on JavaScript benchmarks and Acidn tests, don't have someone's favorite Firefox extension available, or don't run on someone's favorite platform.
And even if you work with a team of demi-gods and somehow accomplish all that, your browser will still be susceptible to vulnerabilities in plugins and in libraries that it uses.Really, I have immense respect for the developers of today's leading web browsers.
It's a herculean task, and I know it.
Keep it up, fellows!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956</id>
	<title>Misleading;  no credibility</title>
	<author>carlhaagen</author>
	<datestamp>1269517860000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext>The exploits were of course not found in the 5, 10 or 15 minutes advertised. They were all worked on for weeks, and even months, and were well-tested and prepared before being executed at the contest like a rehearsed stage play. Also worth to note is that the reason behind "Chrome only browser that withstood security breach" was that NO ONE TESTED CHROME AT ALL. I give this particular "Pwn2Own" show no credibility what so ever because of these details.</htmltext>
<tokenext>The exploits were of course not found in the 5 , 10 or 15 minutes advertised .
They were all worked on for weeks , and even months , and were well-tested and prepared before being executed at the contest like a rehearsed stage play .
Also worth to note is that the reason behind " Chrome only browser that withstood security breach " was that NO ONE TESTED CHROME AT ALL .
I give this particular " Pwn2Own " show no credibility what so ever because of these details .</tokentext>
<sentencetext>The exploits were of course not found in the 5, 10 or 15 minutes advertised.
They were all worked on for weeks, and even months, and were well-tested and prepared before being executed at the contest like a rehearsed stage play.
Also worth to note is that the reason behind "Chrome only browser that withstood security breach" was that NO ONE TESTED CHROME AT ALL.
I give this particular "Pwn2Own" show no credibility what so ever because of these details.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618738</id>
	<title>Poor browsers...</title>
	<author>Anonymous</author>
	<datestamp>1269516660000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p> all were forced to run exploit code.</p> </div><p>I wonder if they can sue for rape or at least some form of sexual harrassment.</p></div>
	</htmltext>
<tokenext>all were forced to run exploit code .
I wonder if they can sue for rape or at least some form of sexual harrassment .</tokentext>
<sentencetext> all were forced to run exploit code.
I wonder if they can sue for rape or at least some form of sexual harrassment.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264</id>
	<title>Re:Misleading; no credibility</title>
	<author>Anonymous</author>
	<datestamp>1269519480000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><blockquote><div><p>I give this particular "Pwn2Own" show no credibility what so ever because of these details.</p></div></blockquote><p>I believe what you really meant to say was that we shouldn't fall into the trap of believing that Chrome is actually safer due to the fact that no one really targeted it in this contest.
</p><p>I've done my share of "Digital Combat Exercises" and you are correct that we should only view the contest as a verification that flaws exist, and not as a certification that a particular platform is safe.
</p><p>For my first competition, my team concentrated on all the windows machine on the network because we had a list of known exploits and figured that we could exploit them the quickest and therefore accumulate the highest score possible within the time limits. All teams used the same strategy, and the Linux machines weren't even targeted. This wasn't because Linux was safer, it was because we all knew Windows was a softer target. This made for a some very close final scores.
</p><p>For the following year's contest (which I couldn't participate due to a schedule conflict), my old team paid attention to the known exploits for Linux and started targeting them to guarantee a larger lead going into the final minutes of the contest.
</p><p>I think you'll see this pattern in all "hacker" contests. Each year more platforms will fall as each team strategize on what will give them the edge during the time alloted. You'll probably see Chrome fall next year. Look at Safari in Pwn2Own, it wasn't until 2 years ago before people started to seriously attack it for the points.</p></div>
	</htmltext>
<tokenext>I give this particular " Pwn2Own " show no credibility what so ever because of these details.I believe what you really meant to say was that we should n't fall into the trap of believing that Chrome is actually safer due to the fact that no one really targeted it in this contest .
I 've done my share of " Digital Combat Exercises " and you are correct that we should only view the contest as a verification that flaws exist , and not as a certification that a particular platform is safe .
For my first competition , my team concentrated on all the windows machine on the network because we had a list of known exploits and figured that we could exploit them the quickest and therefore accumulate the highest score possible within the time limits .
All teams used the same strategy , and the Linux machines were n't even targeted .
This was n't because Linux was safer , it was because we all knew Windows was a softer target .
This made for a some very close final scores .
For the following year 's contest ( which I could n't participate due to a schedule conflict ) , my old team paid attention to the known exploits for Linux and started targeting them to guarantee a larger lead going into the final minutes of the contest .
I think you 'll see this pattern in all " hacker " contests .
Each year more platforms will fall as each team strategize on what will give them the edge during the time alloted .
You 'll probably see Chrome fall next year .
Look at Safari in Pwn2Own , it was n't until 2 years ago before people started to seriously attack it for the points .</tokentext>
<sentencetext>I give this particular "Pwn2Own" show no credibility what so ever because of these details.I believe what you really meant to say was that we shouldn't fall into the trap of believing that Chrome is actually safer due to the fact that no one really targeted it in this contest.
I've done my share of "Digital Combat Exercises" and you are correct that we should only view the contest as a verification that flaws exist, and not as a certification that a particular platform is safe.
For my first competition, my team concentrated on all the windows machine on the network because we had a list of known exploits and figured that we could exploit them the quickest and therefore accumulate the highest score possible within the time limits.
All teams used the same strategy, and the Linux machines weren't even targeted.
This wasn't because Linux was safer, it was because we all knew Windows was a softer target.
This made for a some very close final scores.
For the following year's contest (which I couldn't participate due to a schedule conflict), my old team paid attention to the known exploits for Linux and started targeting them to guarantee a larger lead going into the final minutes of the contest.
I think you'll see this pattern in all "hacker" contests.
Each year more platforms will fall as each team strategize on what will give them the edge during the time alloted.
You'll probably see Chrome fall next year.
Look at Safari in Pwn2Own, it wasn't until 2 years ago before people started to seriously attack it for the points.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619504</id>
	<title>Re:BS without details</title>
	<author>Anonymous</author>
	<datestamp>1269520680000</datestamp>
	<modclass>Flamebait</modclass>
	<modscore>-1</modscore>
	<htmltext><p>I wonder what utter fag modded the above comment "interesting". Apple apologetics aren't "interesting", they are <b>gay</b>.</p></htmltext>
<tokenext>I wonder what utter fag modded the above comment " interesting " .
Apple apologetics are n't " interesting " , they are gay .</tokentext>
<sentencetext>I wonder what utter fag modded the above comment "interesting".
Apple apologetics aren't "interesting", they are gay.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619958</id>
	<title>The sheer nature of HTML/JavaScript</title>
	<author>Vamman</author>
	<datestamp>1269523020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Putting all the server/database exploits aside. The whole client process of pushing a value in and seeing if it breaks will never go away. Web browsers are one of the worst possible tools to secure. The nature of their job seems to predict failure. As soon as some creative web monkey pushes the envelope another exploit is found. The Gecko and Trident engines can be pushed to break over and over. Chrome and Safari are not any different. You can follow the standards as much as you like. At the end of day these tools are reading XML and Script and rendering/compiling. If you consider a browser for what it is, most of them have come a long way. I remember when a harsh sneeze would cause catastrophic failure and crashing =)</htmltext>
<tokenext>Putting all the server/database exploits aside .
The whole client process of pushing a value in and seeing if it breaks will never go away .
Web browsers are one of the worst possible tools to secure .
The nature of their job seems to predict failure .
As soon as some creative web monkey pushes the envelope another exploit is found .
The Gecko and Trident engines can be pushed to break over and over .
Chrome and Safari are not any different .
You can follow the standards as much as you like .
At the end of day these tools are reading XML and Script and rendering/compiling .
If you consider a browser for what it is , most of them have come a long way .
I remember when a harsh sneeze would cause catastrophic failure and crashing = )</tokentext>
<sentencetext>Putting all the server/database exploits aside.
The whole client process of pushing a value in and seeing if it breaks will never go away.
Web browsers are one of the worst possible tools to secure.
The nature of their job seems to predict failure.
As soon as some creative web monkey pushes the envelope another exploit is found.
The Gecko and Trident engines can be pushed to break over and over.
Chrome and Safari are not any different.
You can follow the standards as much as you like.
At the end of day these tools are reading XML and Script and rendering/compiling.
If you consider a browser for what it is, most of them have come a long way.
I remember when a harsh sneeze would cause catastrophic failure and crashing =)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620330</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>jpmorgan</author>
	<datestamp>1269525120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>???</p><p>I don't see memory fragmentation being a problem with 64-bit address spaces for a very, very long time. Unless a contiguous range of 2^40  addresses is just not enough.</p></htmltext>
<tokenext>? ?
? I do n't see memory fragmentation being a problem with 64-bit address spaces for a very , very long time .
Unless a contiguous range of 2 ^ 40 addresses is just not enough .</tokentext>
<sentencetext>??
?I don't see memory fragmentation being a problem with 64-bit address spaces for a very, very long time.
Unless a contiguous range of 2^40  addresses is just not enough.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619312</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>Anonymous</author>
	<datestamp>1269519720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Were browsers used in the contest 32 or 64 bit versions? I wonder whether a 32 bit process can be given the same protections on Win 64 than a fully native 64 bit process may have.</p></htmltext>
<tokenext>Were browsers used in the contest 32 or 64 bit versions ?
I wonder whether a 32 bit process can be given the same protections on Win 64 than a fully native 64 bit process may have .</tokentext>
<sentencetext>Were browsers used in the contest 32 or 64 bit versions?
I wonder whether a 32 bit process can be given the same protections on Win 64 than a fully native 64 bit process may have.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618842</id>
	<title>Publishing methods.</title>
	<author>Anonymous</author>
	<datestamp>1269517140000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>I find it interesting that the IE exploit was published for the world to see, but the Mac and Firefox hacks have been held back.</p></htmltext>
<tokenext>I find it interesting that the IE exploit was published for the world to see , but the Mac and Firefox hacks have been held back .</tokentext>
<sentencetext>I find it interesting that the IE exploit was published for the world to see, but the Mac and Firefox hacks have been held back.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856</id>
	<title>So many exploits, so few hydrogen bombs</title>
	<author>Anonymous</author>
	<datestamp>1269517200000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>You mean to say we had all those people trying out their exploits in one place and no one bothered to drop a bomb on the joint?<br>Sure it may not stop exploits from getting into the wild or script kiddies from using them, but if you have a roomful of cockroaches, doesn't it make sense to break out a can of RAID?</p></htmltext>
<tokenext>You mean to say we had all those people trying out their exploits in one place and no one bothered to drop a bomb on the joint ? Sure it may not stop exploits from getting into the wild or script kiddies from using them , but if you have a roomful of cockroaches , does n't it make sense to break out a can of RAID ?</tokentext>
<sentencetext>You mean to say we had all those people trying out their exploits in one place and no one bothered to drop a bomb on the joint?Sure it may not stop exploits from getting into the wild or script kiddies from using them, but if you have a roomful of cockroaches, doesn't it make sense to break out a can of RAID?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622672</id>
	<title>Please elaborate</title>
	<author>Anonymous</author>
	<datestamp>1269546600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>How can you say that Windows is a "softer" target than Linux, but Linux is not "safer"? Surely having more exploits that are easily available to any cracker is less safe.</p><p>But do correct me if I misunderstand.</p></htmltext>
<tokenext>How can you say that Windows is a " softer " target than Linux , but Linux is not " safer " ?
Surely having more exploits that are easily available to any cracker is less safe.But do correct me if I misunderstand .</tokentext>
<sentencetext>How can you say that Windows is a "softer" target than Linux, but Linux is not "safer"?
Surely having more exploits that are easily available to any cracker is less safe.But do correct me if I misunderstand.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619900</id>
	<title>M$ vs Mozilla - the security difference...</title>
	<author>Anonymous</author>
	<datestamp>1269522600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><a href="http://www.google.com/safebrowsing/diagnostic?site=microsoft.com" title="google.com" rel="nofollow">The folks who make Exploder 8</a> [google.com]</p><p>vs.</p><p><a href="http://www.google.com/safebrowsing/diagnostic?site=mozilla.org" title="google.com" rel="nofollow">The folks who make Firefox</a> [google.com]</p></htmltext>
<tokenext>The folks who make Exploder 8 [ google.com ] vs.The folks who make Firefox [ google.com ]</tokentext>
<sentencetext>The folks who make Exploder 8 [google.com]vs.The folks who make Firefox [google.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619082</id>
	<title>Re:So many exploits, so few hydrogen bombs</title>
	<author>Bill\_the\_Engineer</author>
	<datestamp>1269518520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>There's an old saying about not killing the messenger...</htmltext>
<tokenext>There 's an old saying about not killing the messenger.. .</tokentext>
<sentencetext>There's an old saying about not killing the messenger...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621948</id>
	<title>Re:Well ...</title>
	<author>cthellis</author>
	<datestamp>1269537720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Nor Arachne.  Grr!</htmltext>
<tokenext>Nor Arachne .
Grr !</tokentext>
<sentencetext>Nor Arachne.
Grr!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619304</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620324</id>
	<title>They had no choice, Slashdot headlines are short.</title>
	<author>Anonymous</author>
	<datestamp>1269525060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Just FYI, you don't get that many characters to work with in Slashdot headlines.  They actually couldn't have listed all of them, so they appear to have listed as many of the shorter names as they could in the headline.</p><p>Try submitting a story sometime and you'll see what I mean...</p></htmltext>
<tokenext>Just FYI , you do n't get that many characters to work with in Slashdot headlines .
They actually could n't have listed all of them , so they appear to have listed as many of the shorter names as they could in the headline.Try submitting a story sometime and you 'll see what I mean.. .</tokentext>
<sentencetext>Just FYI, you don't get that many characters to work with in Slashdot headlines.
They actually couldn't have listed all of them, so they appear to have listed as many of the shorter names as they could in the headline.Try submitting a story sometime and you'll see what I mean...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744</id>
	<title>Re:Misleading; no credibility</title>
	<author>Anonymous</author>
	<datestamp>1269521820000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>This wasn't because Linux was safer, it was because we all knew Windows was a softer target.</p></div><p>
Whoa, whoa, <i>WHOA</i>. Just stop right there, <b>Bill</b>. I'm going to have to teach you a thing or to about what you're allowed to write here on <i>Slashdot</i>. Now give me a second to get on my high-horse.

</p><p>
<b>Reasoning is not welcome here.</b>

</p><p>
That's right <b>Bill</b>. We don't need your reasoning here. We know we are right. This is Slashdot! We are <i>the</i> tech community. We know our OSes. We know our software. Just because of some contest with some rules and some teams that want to win the contest by the rules doesn't automatically invalidate our  <b>knowledge</b> and <b>wisdom</b> as <b>Slashdot</b>.

</p><p>
<b>Linux is more secure because it is open source and licensed under the <i>GPL</i>. It doesn't matter if it is still unsafe by your standards.</b>

</p><p>
You see, Bill, we on Slashdot do not need to review the source code of Linux because we have declared it safe. Why is it safe? Because it is GPL. And everyone knows the GPL is safe. Therefore Linux is safe, <i>Bill</i>.

</p><p>
<b>IE8 is mentioned first because it is owned by Microsoft, and Microsoft is evil due to historical technology atrocities against other for-profit software corporations. Therefore IE8 is the worst piece of software ever to exist.</b>

</p><p>
So the reason why IE8 falls faster is not because you and your team thought the Microsoft product was "softer". It was because it was the spawn of the devil! Even wackos know the spawn of the devil should be hacked first. Don't you agree?

</p><p>
<b>Firefox is not listed in the title because we need to get a head start on bashing proprietary software rather than reading the summary.</b>

</p><p>
As a <i>real</i> Slashdotter, I pride myself in not reading the article let alone the summary. The title effectively summarizes the direction of all comments in the thread. And that direction is to bash proprietary software, starting with Microsoft first.

</p><p>
Here's a tip, Bill. The headline on Slashdot should give you a hint at what kind of comment you should post on Slashdot. If you are not capable of discerning that from the title, only then may you read the summary. Reading the article is only reserved for picking out additional points to backup your original claim, not to invalidate Slashdot's wisdom. And that would never happen because Slashdot's wisdom is never wrong in the first place.

</p><p>
<b>Apple and Google are bad... but did you know that OSX is really UNIX and Webkit and Chrome are open source?</b>

</p><p>
See, once again open source products are <i>good for you</i>. You should use open source products!
</p><p>I hope that clears things up, Bill. Please refrain from posting useless comments in the future.

</p><p>Thanks,

</p><p>/.</p></div>
	</htmltext>
<tokenext>This was n't because Linux was safer , it was because we all knew Windows was a softer target .
Whoa , whoa , WHOA .
Just stop right there , Bill .
I 'm going to have to teach you a thing or to about what you 're allowed to write here on Slashdot .
Now give me a second to get on my high-horse .
Reasoning is not welcome here .
That 's right Bill .
We do n't need your reasoning here .
We know we are right .
This is Slashdot !
We are the tech community .
We know our OSes .
We know our software .
Just because of some contest with some rules and some teams that want to win the contest by the rules does n't automatically invalidate our knowledge and wisdom as Slashdot .
Linux is more secure because it is open source and licensed under the GPL .
It does n't matter if it is still unsafe by your standards .
You see , Bill , we on Slashdot do not need to review the source code of Linux because we have declared it safe .
Why is it safe ?
Because it is GPL .
And everyone knows the GPL is safe .
Therefore Linux is safe , Bill .
IE8 is mentioned first because it is owned by Microsoft , and Microsoft is evil due to historical technology atrocities against other for-profit software corporations .
Therefore IE8 is the worst piece of software ever to exist .
So the reason why IE8 falls faster is not because you and your team thought the Microsoft product was " softer " .
It was because it was the spawn of the devil !
Even wackos know the spawn of the devil should be hacked first .
Do n't you agree ?
Firefox is not listed in the title because we need to get a head start on bashing proprietary software rather than reading the summary .
As a real Slashdotter , I pride myself in not reading the article let alone the summary .
The title effectively summarizes the direction of all comments in the thread .
And that direction is to bash proprietary software , starting with Microsoft first .
Here 's a tip , Bill .
The headline on Slashdot should give you a hint at what kind of comment you should post on Slashdot .
If you are not capable of discerning that from the title , only then may you read the summary .
Reading the article is only reserved for picking out additional points to backup your original claim , not to invalidate Slashdot 's wisdom .
And that would never happen because Slashdot 's wisdom is never wrong in the first place .
Apple and Google are bad... but did you know that OSX is really UNIX and Webkit and Chrome are open source ?
See , once again open source products are good for you .
You should use open source products !
I hope that clears things up , Bill .
Please refrain from posting useless comments in the future .
Thanks , / .</tokentext>
<sentencetext>This wasn't because Linux was safer, it was because we all knew Windows was a softer target.
Whoa, whoa, WHOA.
Just stop right there, Bill.
I'm going to have to teach you a thing or to about what you're allowed to write here on Slashdot.
Now give me a second to get on my high-horse.
Reasoning is not welcome here.
That's right Bill.
We don't need your reasoning here.
We know we are right.
This is Slashdot!
We are the tech community.
We know our OSes.
We know our software.
Just because of some contest with some rules and some teams that want to win the contest by the rules doesn't automatically invalidate our  knowledge and wisdom as Slashdot.
Linux is more secure because it is open source and licensed under the GPL.
It doesn't matter if it is still unsafe by your standards.
You see, Bill, we on Slashdot do not need to review the source code of Linux because we have declared it safe.
Why is it safe?
Because it is GPL.
And everyone knows the GPL is safe.
Therefore Linux is safe, Bill.
IE8 is mentioned first because it is owned by Microsoft, and Microsoft is evil due to historical technology atrocities against other for-profit software corporations.
Therefore IE8 is the worst piece of software ever to exist.
So the reason why IE8 falls faster is not because you and your team thought the Microsoft product was "softer".
It was because it was the spawn of the devil!
Even wackos know the spawn of the devil should be hacked first.
Don't you agree?
Firefox is not listed in the title because we need to get a head start on bashing proprietary software rather than reading the summary.
As a real Slashdotter, I pride myself in not reading the article let alone the summary.
The title effectively summarizes the direction of all comments in the thread.
And that direction is to bash proprietary software, starting with Microsoft first.
Here's a tip, Bill.
The headline on Slashdot should give you a hint at what kind of comment you should post on Slashdot.
If you are not capable of discerning that from the title, only then may you read the summary.
Reading the article is only reserved for picking out additional points to backup your original claim, not to invalidate Slashdot's wisdom.
And that would never happen because Slashdot's wisdom is never wrong in the first place.
Apple and Google are bad... but did you know that OSX is really UNIX and Webkit and Chrome are open source?
See, once again open source products are good for you.
You should use open source products!
I hope that clears things up, Bill.
Please refrain from posting useless comments in the future.
Thanks,

/.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625982</id>
	<title>Re:Google Chrome</title>
	<author>Hurricane78</author>
	<datestamp>1269617520000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You wish. It&rsquo;s only that nobody actually cared. Because nobody&rsquo;s using it anyway.<nobr> <wbr></nobr>;)</p></htmltext>
<tokenext>You wish .
It    s only that nobody actually cared .
Because nobody    s using it anyway .
; )</tokentext>
<sentencetext>You wish.
It’s only that nobody actually cared.
Because nobody’s using it anyway.
;)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618750</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619048</id>
	<title>Kudos to Peter Vreugdenhil</title>
	<author>vikingpower</author>
	<datestamp>1269518340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>for his paper written on the plane ( and for his exploit ). Gawd knows how hard it is to write anything decent while travelling on a fucking plane.</htmltext>
<tokenext>for his paper written on the plane ( and for his exploit ) .
Gawd knows how hard it is to write anything decent while travelling on a fucking plane .</tokentext>
<sentencetext>for his paper written on the plane ( and for his exploit ).
Gawd knows how hard it is to write anything decent while travelling on a fucking plane.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210</id>
	<title>Re:So 64-bit ASLR on Windows is flawed as well...</title>
	<author>aristotle-dude</author>
	<datestamp>1269519240000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak, but apparently the 64-bit version of it can be bypassed as well, as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks, which should be impossible on systems with address space layout randomization.</p></div><p>You can corrupt memory on 64-bit windows by just running MSFT's own development tools like VS.NET with resharper plug-in. VS.NET begins to corrupt the address space rather quickly. To run VS.NET with any amount of stability on 64bit windows, you have to run it through a third party wrapper application which patches VS in memory to make it large address space aware and stop the memory fragmentation.</p></div>
	</htmltext>
<tokenext>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak , but apparently the 64-bit version of it can be bypassed as well , as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks , which should be impossible on systems with address space layout randomization.You can corrupt memory on 64-bit windows by just running MSFT 's own development tools like VS.NET with resharper plug-in .
VS.NET begins to corrupt the address space rather quickly .
To run VS.NET with any amount of stability on 64bit windows , you have to run it through a third party wrapper application which patches VS in memory to make it large address space aware and stop the memory fragmentation .</tokentext>
<sentencetext>It was already known and acknowledged by Microsoft that their ASLR implementation on 32-bit Windows was rather weak, but apparently the 64-bit version of it can be bypassed as well, as all of the hacks of pwn2own on Windows 7 made use of return-to-libc attacks, which should be impossible on systems with address space layout randomization.You can corrupt memory on 64-bit windows by just running MSFT's own development tools like VS.NET with resharper plug-in.
VS.NET begins to corrupt the address space rather quickly.
To run VS.NET with any amount of stability on 64bit windows, you have to run it through a third party wrapper application which patches VS in memory to make it large address space aware and stop the memory fragmentation.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619832</id>
	<title>Re:Security is dead</title>
	<author>icebraining</author>
	<datestamp>1269522180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You talk like they're doing it wrong.</p><p>Security is always a tradeoff. Yes, you can have a verified browser - and maybe you can reach Lynx features in six years. And remember, you'll also need a verified subsystem (L4 is a <i>micro</i>kernel, it doesn't include much of the stuff you get from e.g. Linux), libraries, etc.</p><p>It's no different than physical security. Why don't we all have a bodyguard and bullet-proof cars? It's simply not cost-effective.</p></htmltext>
<tokenext>You talk like they 're doing it wrong.Security is always a tradeoff .
Yes , you can have a verified browser - and maybe you can reach Lynx features in six years .
And remember , you 'll also need a verified subsystem ( L4 is a microkernel , it does n't include much of the stuff you get from e.g .
Linux ) , libraries , etc.It 's no different than physical security .
Why do n't we all have a bodyguard and bullet-proof cars ?
It 's simply not cost-effective .</tokentext>
<sentencetext>You talk like they're doing it wrong.Security is always a tradeoff.
Yes, you can have a verified browser - and maybe you can reach Lynx features in six years.
And remember, you'll also need a verified subsystem (L4 is a microkernel, it doesn't include much of the stuff you get from e.g.
Linux), libraries, etc.It's no different than physical security.
Why don't we all have a bodyguard and bullet-proof cars?
It's simply not cost-effective.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188</id>
	<title>Security is dead</title>
	<author>Anonymous</author>
	<datestamp>1269519120000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>While I'm all for tight code where every byte is important, one could just as well argue that languages used aren't high-level enough.</p><p>Operating systems and apps are often coded in languages like C or C++, that <em>allow</em> a lot of things, which turn into vulnerabilities down the road. Assembly is king of this: it allows a progammer to do <em>anything</em>, including things that aren't safe, smart or correct. No matter how good the code you produce or how comprehensive your testing procedures are, the sheer size of software systems guarantees a number of bugs to be lurking.</p><p>Personally I think that security is dead as long as these languages are the tools, <em>testing</em> code is the norm (vs. some sort of formal verification), and coders are <em>looking</em> for bugs rather than proving they're not there. Fixing this will take a combination of new methods for building software, new design principles to manage system complexity, and safe(r) languages to write the code in. There's a lot of research around (see seL4 microkernel or Coyotos for example), but results rarely finds its way into mainstream products. There's a long way to go still... or users just don't care enough.</p></htmltext>
<tokenext>While I 'm all for tight code where every byte is important , one could just as well argue that languages used are n't high-level enough.Operating systems and apps are often coded in languages like C or C + + , that allow a lot of things , which turn into vulnerabilities down the road .
Assembly is king of this : it allows a progammer to do anything , including things that are n't safe , smart or correct .
No matter how good the code you produce or how comprehensive your testing procedures are , the sheer size of software systems guarantees a number of bugs to be lurking.Personally I think that security is dead as long as these languages are the tools , testing code is the norm ( vs. some sort of formal verification ) , and coders are looking for bugs rather than proving they 're not there .
Fixing this will take a combination of new methods for building software , new design principles to manage system complexity , and safe ( r ) languages to write the code in .
There 's a lot of research around ( see seL4 microkernel or Coyotos for example ) , but results rarely finds its way into mainstream products .
There 's a long way to go still... or users just do n't care enough .</tokentext>
<sentencetext>While I'm all for tight code where every byte is important, one could just as well argue that languages used aren't high-level enough.Operating systems and apps are often coded in languages like C or C++, that allow a lot of things, which turn into vulnerabilities down the road.
Assembly is king of this: it allows a progammer to do anything, including things that aren't safe, smart or correct.
No matter how good the code you produce or how comprehensive your testing procedures are, the sheer size of software systems guarantees a number of bugs to be lurking.Personally I think that security is dead as long as these languages are the tools, testing code is the norm (vs. some sort of formal verification), and coders are looking for bugs rather than proving they're not there.
Fixing this will take a combination of new methods for building software, new design principles to manage system complexity, and safe(r) languages to write the code in.
There's a lot of research around (see seL4 microkernel or Coyotos for example), but results rarely finds its way into mainstream products.
There's a long way to go still... or users just don't care enough.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618750</id>
	<title>Google Chrome</title>
	<author>drcosquared</author>
	<datestamp>1269516720000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>Apparently none of them wanted to take on Google Chrome..I believe no one was able to crack it last year.</htmltext>
<tokenext>Apparently none of them wanted to take on Google Chrome..I believe no one was able to crack it last year .</tokentext>
<sentencetext>Apparently none of them wanted to take on Google Chrome..I believe no one was able to crack it last year.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620482</id>
	<title>Re:As I said elsewhere on the net:</title>
	<author>Kitkoan</author>
	<datestamp>1269526080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits.  Oh, you don't have one and you're just a posturing tard?  Yeah, that's what I thought.</p></div><p>You don't have to be a master of the subject to be able to point out it's flaws. Pointing them out helps to see the problems so they can be fixed. I can tell when a cars engine is not working, doesn't mean that I shouldn't keep quiet about it if I can't build a better one.</p></div>
	</htmltext>
<tokenext>So if you 're such a badass programmer please link to your assembly-coded web browser that contains zero exploits .
Oh , you do n't have one and you 're just a posturing tard ?
Yeah , that 's what I thought.You do n't have to be a master of the subject to be able to point out it 's flaws .
Pointing them out helps to see the problems so they can be fixed .
I can tell when a cars engine is not working , does n't mean that I should n't keep quiet about it if I ca n't build a better one .</tokentext>
<sentencetext>So if you're such a badass programmer please link to your assembly-coded web browser that contains zero exploits.
Oh, you don't have one and you're just a posturing tard?
Yeah, that's what I thought.You don't have to be a master of the subject to be able to point out it's flaws.
Pointing them out helps to see the problems so they can be fixed.
I can tell when a cars engine is not working, doesn't mean that I shouldn't keep quiet about it if I can't build a better one.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619162</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31624970</id>
	<title>Re:firefox on osx?</title>
	<author>mdwh2</author>
	<datestamp>1269612900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Fair's fair. The Iphone gets an obligitary mention even when it's irrelevant ("You can also view this website on an Iphone!") So it's fair to do so when it's negative publicity also - they can't have it both ways.</p></htmltext>
<tokenext>Fair 's fair .
The Iphone gets an obligitary mention even when it 's irrelevant ( " You can also view this website on an Iphone !
" ) So it 's fair to do so when it 's negative publicity also - they ca n't have it both ways .</tokentext>
<sentencetext>Fair's fair.
The Iphone gets an obligitary mention even when it's irrelevant ("You can also view this website on an Iphone!
") So it's fair to do so when it's negative publicity also - they can't have it both ways.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618792</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621394
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619324
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619474
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619082
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622946
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619546
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623088
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619312
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622214
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621948
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619304
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621206
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618860
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620330
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620324
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619316
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619196
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31629748
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619726
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619398
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623040
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621798
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31624970
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618792
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621220
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619568
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619832
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31627504
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622672
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619118
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625942
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620060
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619504
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625982
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618750
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_25_2227231_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620482
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619162
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618856
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619082
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619474
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619324
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621394
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618760
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619304
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621948
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625942
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619602
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620640
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622946
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619438
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618750
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31625982
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618842
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618818
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619118
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619162
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620482
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619188
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623040
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619832
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623264
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618734
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621798
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620324
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619958
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619048
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618860
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621206
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618876
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619312
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619726
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619210
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620330
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619568
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31621220
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619030
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619504
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31620060
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619546
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618792
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31624970
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31618956
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619398
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619196
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619316
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619264
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31629748
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622672
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619744
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31623088
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622624
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_25_2227231.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31619086
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31622214
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_25_2227231.31627504
</commentlist>
</conversation>
