<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_07_13_142210</id>
	<title>R.I.P. FTP</title>
	<author>CmdrTaco</author>
	<datestamp>1247498340000</datestamp>
	<htmltext>Slashdot contributor <a href="mailto:bennett@peacefire.org">Bennett Haselton</a> says <i>"Using FTP to administer a website is insecure -- but not for the reasons that you probably think.  You yourself can stop using FTP any time you want, but how do we change the landscape Net-wide, to reduce the number of breakins using stolen FTP credentials?"</i>  You know what to click on if you want to read the rest.</htmltext>
<tokenext>Slashdot contributor Bennett Haselton says " Using FTP to administer a website is insecure -- but not for the reasons that you probably think .
You yourself can stop using FTP any time you want , but how do we change the landscape Net-wide , to reduce the number of breakins using stolen FTP credentials ?
" You know what to click on if you want to read the rest .</tokentext>
<sentencetext>Slashdot contributor Bennett Haselton says "Using FTP to administer a website is insecure -- but not for the reasons that you probably think.
You yourself can stop using FTP any time you want, but how do we change the landscape Net-wide, to reduce the number of breakins using stolen FTP credentials?
"  You know what to click on if you want to read the rest.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677005</id>
	<title>they won't guess mine</title>
	<author>Anonymous</author>
	<datestamp>1247502300000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Nobody will ever guess my FTP credentials.<p><div class="quote"><p>login: guest<br>
password: anonymous@host.com</p></div></div>
	</htmltext>
<tokenext>Nobody will ever guess my FTP credentials.login : guest password : anonymous @ host.com</tokentext>
<sentencetext>Nobody will ever guess my FTP credentials.login: guest
password: anonymous@host.com
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678797</id>
	<title>OK, I guess I'm gonna "troll" here...</title>
	<author>WheelDweller</author>
	<datestamp>1247508300000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><p>...but hear the truth: Running a webserver on a machine with TWO MILLION viruses in the wild, a machine that taught us to equate a reset button with another try, is probably not the best idea.</p><p>Please listen to me. All computers have hacks. Only one maker of OSs has an express lane.</p><p>Only ONE of these needs to get through to ruin your day. As that number climbs (and it does, about 100,000 a month) it becomes harder and harder to turn them away.  And while we're on the subject? Where else in your life do you buy something, then immediately get another product from someone else to patch it, so it'll be safe?  Did you buy that other thing a second time?</p><p>Let's be clear; FTP is insecure. It's why I don't use it; that's why SSH exists. But don't claim it's *more* insecure because your fragile operating system got hacked with it!</p><p>Can you tell me the "holy grail" feature of Windows that makes it worth the risk of losing your financial information, and spend nearly a decade trying to get it back?  Can you tell me what whiz-bang tool of theirs makes it OK to work for the Russian mob?</p><p>Wake up, people!  Don't be a statistic! This is product liability.</p></htmltext>
<tokenext>...but hear the truth : Running a webserver on a machine with TWO MILLION viruses in the wild , a machine that taught us to equate a reset button with another try , is probably not the best idea.Please listen to me .
All computers have hacks .
Only one maker of OSs has an express lane.Only ONE of these needs to get through to ruin your day .
As that number climbs ( and it does , about 100,000 a month ) it becomes harder and harder to turn them away .
And while we 're on the subject ?
Where else in your life do you buy something , then immediately get another product from someone else to patch it , so it 'll be safe ?
Did you buy that other thing a second time ? Let 's be clear ; FTP is insecure .
It 's why I do n't use it ; that 's why SSH exists .
But do n't claim it 's * more * insecure because your fragile operating system got hacked with it ! Can you tell me the " holy grail " feature of Windows that makes it worth the risk of losing your financial information , and spend nearly a decade trying to get it back ?
Can you tell me what whiz-bang tool of theirs makes it OK to work for the Russian mob ? Wake up , people !
Do n't be a statistic !
This is product liability .</tokentext>
<sentencetext>...but hear the truth: Running a webserver on a machine with TWO MILLION viruses in the wild, a machine that taught us to equate a reset button with another try, is probably not the best idea.Please listen to me.
All computers have hacks.
Only one maker of OSs has an express lane.Only ONE of these needs to get through to ruin your day.
As that number climbs (and it does, about 100,000 a month) it becomes harder and harder to turn them away.
And while we're on the subject?
Where else in your life do you buy something, then immediately get another product from someone else to patch it, so it'll be safe?
Did you buy that other thing a second time?Let's be clear; FTP is insecure.
It's why I don't use it; that's why SSH exists.
But don't claim it's *more* insecure because your fragile operating system got hacked with it!Can you tell me the "holy grail" feature of Windows that makes it worth the risk of losing your financial information, and spend nearly a decade trying to get it back?
Can you tell me what whiz-bang tool of theirs makes it OK to work for the Russian mob?Wake up, people!
Don't be a statistic!
This is product liability.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676993</id>
	<title>FTP is dead; long live FTP!</title>
	<author>Anonymous</author>
	<datestamp>1247502240000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>-1</modscore>
	<htmltext><p>Every few months, the Mac web is bombarded with <a href="http://www.trollaxor.com/2003/06/open-letter-to-steve-jobs.html" title="trollaxor.com" rel="nofollow">open pleas</a> [trollaxor.com] to <a href="http://www.apple.com/" title="apple.com" rel="nofollow">Apple</a> [apple.com], askingnay, demandingthat Apple swap out the <a href="http://www.cs.cmu.edu/afs/cs/project/mach/public/www/mach.html" title="cmu.edu" rel="nofollow">Mach</a> [cmu.edu]-based kernel that <a href="http://www.apple.com/macosx/" title="apple.com" rel="nofollow">Mac OS X</a> [apple.com] runs on, <a href="http://www.opensource.apple.com/release/mac-os-x-1057/" title="apple.com" rel="nofollow">XNU/Darwin</a> [apple.com], with Linux. This, of course, ends in with Apple stoically continuing development of XNU/Darwin while fanboys dry their eyes and limp home after their flamewars. The cycle then repeats itself again a few months later like clockwork. The truth of the matter, however, is that Apple will <i>never</i> replace XNU/Darwin with Linux.</p><p>Tearing XNU/Darwin out from OS X and replacing it with Linux would be winding the clock back almost twenty-five years. Mach, which comprises a large percentage of XNU/Darwin's <a href="http://www.opensource.apple.com/tarballs/xnu/xnu-1228.12.14.tar.gz" title="apple.com" rel="nofollow">XNU kernel</a> [apple.com], was a microkernel research project developed at <a href="http://www.cmu.edu/" title="cmu.edu" rel="nofollow">Carnegie-Mellon University</a> [cmu.edu] in the Eighties, overseen by Avie Tevanian, who usually worked on it while playing <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewAlbum?id=263502341&amp;s=143441" title="apple.com" rel="nofollow">Depeche Mode</a> [apple.com] and <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewAlbum?id=411490&amp;s=143441" title="apple.com" rel="nofollow">Tears For Fears</a> [apple.com] and ushered it through various revisions at NeXT and, ultimately, <a href="http://www.apple.com/pr/library/2003/jul/08avie.html" title="apple.com" rel="nofollow">Apple</a> [apple.com].</p><p>This continuity of development has given Apple a tight integration between the kernel, libraries, utilities, and higher-level frameworks. Linux would throw that synergy right out the window, making Apple dependent on an entirely <a href="http://uhacc.org/images/penguicon4/p4-esr1.jpg" title="uhacc.org" rel="nofollow">unregulated development team</a> [uhacc.org], and forcing Apple to play catch-up with their specific needs after every major upgrade to Linux. Apple would have to hire Linus Torvalds in order to recreate the creator/creation dynamic they have now. And as Linus has stated several times, he'll never go work for a company doing Linux.</p><p>Perhaps one reason Linux users bleat so unceasingly for Apple to switch kernels stems from a pre-NeXT project the company ran called <a href="http://en.wikipedia.org/wiki/MkLinux" title="wikipedia.org" rel="nofollow">MkLinux</a> [wikipedia.org]. MkLinux was a version of Mach running Linux as a process. The project was sponsored by both Apple and OSF/1 and ran on Apple's first generation Power Macs and some early second-generation Power Macs. Performance was about 20\% less than a native Linux would have been, but that wasn't the point; Apple was looking at different ways to create a modern operating system in the dark times of Copland before NeXT was even a gleam in their eyes.</p><p>After Apple's operating system woes came to a head in 1997, MkLinux was all but forgotten by everyone except the long-time Apple engineers tasked with updating OPENSTEP alongside their NeXT counterparts. It was a non-starter, but it was the first taste of Linux anywhere near a Mac; it would be years later that Linux/PPC or the swatch of PowerPC versions of more popular distributions like Debian, Fedora, SUSE, and YellowDog came to Apple motherboards.</p><p>"But wait!" whine the Linux zealots, "Apple uses the BSD kernel in Mac OS X, and that's not under their control!" And so it is not. But the portions of the <a href="http://www.freebsd.org/" title="freebsd.org" rel="nofollow">FreeBSD</a> [freebsd.org] kernel are only used to fill out Mach, and as such does not constitute a significant portion of the kernel. In fact, Apple's use of BSD code is so minute that it amounts to being <a href="http://www.trollaxor.com/2004/02/thank-apple-for-freebsd.html" title="trollaxor.com" rel="nofollow">a charity project</a> [trollaxor.com] that allows Apple a way of <a href="http://www.trollaxor.com/2008/11/freebsd-owes-apple-big.html" title="trollaxor.com" rel="nofollow">keeping FreeBSD solvent</a> [trollaxor.com]. So Apple is simply not using the FreeBSD kernel, and asking to replace XNU with the Linux kernel is therefore asking something dispropor</p></htmltext>
<tokenext>Every few months , the Mac web is bombarded with open pleas [ trollaxor.com ] to Apple [ apple.com ] , askingnay , demandingthat Apple swap out the Mach [ cmu.edu ] -based kernel that Mac OS X [ apple.com ] runs on , XNU/Darwin [ apple.com ] , with Linux .
This , of course , ends in with Apple stoically continuing development of XNU/Darwin while fanboys dry their eyes and limp home after their flamewars .
The cycle then repeats itself again a few months later like clockwork .
The truth of the matter , however , is that Apple will never replace XNU/Darwin with Linux.Tearing XNU/Darwin out from OS X and replacing it with Linux would be winding the clock back almost twenty-five years .
Mach , which comprises a large percentage of XNU/Darwin 's XNU kernel [ apple.com ] , was a microkernel research project developed at Carnegie-Mellon University [ cmu.edu ] in the Eighties , overseen by Avie Tevanian , who usually worked on it while playing Depeche Mode [ apple.com ] and Tears For Fears [ apple.com ] and ushered it through various revisions at NeXT and , ultimately , Apple [ apple.com ] .This continuity of development has given Apple a tight integration between the kernel , libraries , utilities , and higher-level frameworks .
Linux would throw that synergy right out the window , making Apple dependent on an entirely unregulated development team [ uhacc.org ] , and forcing Apple to play catch-up with their specific needs after every major upgrade to Linux .
Apple would have to hire Linus Torvalds in order to recreate the creator/creation dynamic they have now .
And as Linus has stated several times , he 'll never go work for a company doing Linux.Perhaps one reason Linux users bleat so unceasingly for Apple to switch kernels stems from a pre-NeXT project the company ran called MkLinux [ wikipedia.org ] .
MkLinux was a version of Mach running Linux as a process .
The project was sponsored by both Apple and OSF/1 and ran on Apple 's first generation Power Macs and some early second-generation Power Macs .
Performance was about 20 \ % less than a native Linux would have been , but that was n't the point ; Apple was looking at different ways to create a modern operating system in the dark times of Copland before NeXT was even a gleam in their eyes.After Apple 's operating system woes came to a head in 1997 , MkLinux was all but forgotten by everyone except the long-time Apple engineers tasked with updating OPENSTEP alongside their NeXT counterparts .
It was a non-starter , but it was the first taste of Linux anywhere near a Mac ; it would be years later that Linux/PPC or the swatch of PowerPC versions of more popular distributions like Debian , Fedora , SUSE , and YellowDog came to Apple motherboards .
" But wait !
" whine the Linux zealots , " Apple uses the BSD kernel in Mac OS X , and that 's not under their control !
" And so it is not .
But the portions of the FreeBSD [ freebsd.org ] kernel are only used to fill out Mach , and as such does not constitute a significant portion of the kernel .
In fact , Apple 's use of BSD code is so minute that it amounts to being a charity project [ trollaxor.com ] that allows Apple a way of keeping FreeBSD solvent [ trollaxor.com ] .
So Apple is simply not using the FreeBSD kernel , and asking to replace XNU with the Linux kernel is therefore asking something dispropor</tokentext>
<sentencetext>Every few months, the Mac web is bombarded with open pleas [trollaxor.com] to Apple [apple.com], askingnay, demandingthat Apple swap out the Mach [cmu.edu]-based kernel that Mac OS X [apple.com] runs on, XNU/Darwin [apple.com], with Linux.
This, of course, ends in with Apple stoically continuing development of XNU/Darwin while fanboys dry their eyes and limp home after their flamewars.
The cycle then repeats itself again a few months later like clockwork.
The truth of the matter, however, is that Apple will never replace XNU/Darwin with Linux.Tearing XNU/Darwin out from OS X and replacing it with Linux would be winding the clock back almost twenty-five years.
Mach, which comprises a large percentage of XNU/Darwin's XNU kernel [apple.com], was a microkernel research project developed at Carnegie-Mellon University [cmu.edu] in the Eighties, overseen by Avie Tevanian, who usually worked on it while playing Depeche Mode [apple.com] and Tears For Fears [apple.com] and ushered it through various revisions at NeXT and, ultimately, Apple [apple.com].This continuity of development has given Apple a tight integration between the kernel, libraries, utilities, and higher-level frameworks.
Linux would throw that synergy right out the window, making Apple dependent on an entirely unregulated development team [uhacc.org], and forcing Apple to play catch-up with their specific needs after every major upgrade to Linux.
Apple would have to hire Linus Torvalds in order to recreate the creator/creation dynamic they have now.
And as Linus has stated several times, he'll never go work for a company doing Linux.Perhaps one reason Linux users bleat so unceasingly for Apple to switch kernels stems from a pre-NeXT project the company ran called MkLinux [wikipedia.org].
MkLinux was a version of Mach running Linux as a process.
The project was sponsored by both Apple and OSF/1 and ran on Apple's first generation Power Macs and some early second-generation Power Macs.
Performance was about 20\% less than a native Linux would have been, but that wasn't the point; Apple was looking at different ways to create a modern operating system in the dark times of Copland before NeXT was even a gleam in their eyes.After Apple's operating system woes came to a head in 1997, MkLinux was all but forgotten by everyone except the long-time Apple engineers tasked with updating OPENSTEP alongside their NeXT counterparts.
It was a non-starter, but it was the first taste of Linux anywhere near a Mac; it would be years later that Linux/PPC or the swatch of PowerPC versions of more popular distributions like Debian, Fedora, SUSE, and YellowDog came to Apple motherboards.
"But wait!
" whine the Linux zealots, "Apple uses the BSD kernel in Mac OS X, and that's not under their control!
" And so it is not.
But the portions of the FreeBSD [freebsd.org] kernel are only used to fill out Mach, and as such does not constitute a significant portion of the kernel.
In fact, Apple's use of BSD code is so minute that it amounts to being a charity project [trollaxor.com] that allows Apple a way of keeping FreeBSD solvent [trollaxor.com].
So Apple is simply not using the FreeBSD kernel, and asking to replace XNU with the Linux kernel is therefore asking something dispropor</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677679</id>
	<title>Re:It doesn't matter</title>
	<author>Goaway</author>
	<datestamp>1247504760000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>You know, the article addressed that, but let's have it one more time:</p><p>Sure, a determined attacker with malware on your machine can get your password for anything. But these aren't determined attackers. They are people throwing their nets very, very wide, and they rely on automation to find their passwords. Getting every keystroke isn't going to tell them what your password is without manual analysis, and nobody has the time for that. And making your keylogger smart enough to figure it out by itself requires adapting it for every possible file transfer client out there.</p><p>So it is much easier to just listen for FTP connections. That's the low-hanging fruit. The software COULD do other things, but it generally DOESN'T. At least not yet.</p></htmltext>
<tokenext>You know , the article addressed that , but let 's have it one more time : Sure , a determined attacker with malware on your machine can get your password for anything .
But these are n't determined attackers .
They are people throwing their nets very , very wide , and they rely on automation to find their passwords .
Getting every keystroke is n't going to tell them what your password is without manual analysis , and nobody has the time for that .
And making your keylogger smart enough to figure it out by itself requires adapting it for every possible file transfer client out there.So it is much easier to just listen for FTP connections .
That 's the low-hanging fruit .
The software COULD do other things , but it generally DOES N'T .
At least not yet .</tokentext>
<sentencetext>You know, the article addressed that, but let's have it one more time:Sure, a determined attacker with malware on your machine can get your password for anything.
But these aren't determined attackers.
They are people throwing their nets very, very wide, and they rely on automation to find their passwords.
Getting every keystroke isn't going to tell them what your password is without manual analysis, and nobody has the time for that.
And making your keylogger smart enough to figure it out by itself requires adapting it for every possible file transfer client out there.So it is much easier to just listen for FTP connections.
That's the low-hanging fruit.
The software COULD do other things, but it generally DOESN'T.
At least not yet.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683619</id>
	<title>Re:Missing the point...</title>
	<author>bigbird</author>
	<datestamp>1247484240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <i>Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.</i> </p><p>
That's actually only the case if you switch off host verification.
</p><p>
Normally with FTPS you would compare the certificate that the host sends you with your certificate store to either 1) verify you have that certificate already or 2) that the certificate is signed by a CA in your store and that its common name matches the domain name you are connecting to.
</p></htmltext>
<tokenext>Secure-FTP ( over SSL ) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to .
That 's actually only the case if you switch off host verification .
Normally with FTPS you would compare the certificate that the host sends you with your certificate store to either 1 ) verify you have that certificate already or 2 ) that the certificate is signed by a CA in your store and that its common name matches the domain name you are connecting to .</tokentext>
<sentencetext> Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.
That's actually only the case if you switch off host verification.
Normally with FTPS you would compare the certificate that the host sends you with your certificate store to either 1) verify you have that certificate already or 2) that the certificate is signed by a CA in your store and that its common name matches the domain name you are connecting to.
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679969</id>
	<title>Re:Users can't tell the difference</title>
	<author>Cyner</author>
	<datestamp>1247512020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You've got some tech savy users there. Mine all use the "download site". They download files from it and download files to the site.</p></htmltext>
<tokenext>You 've got some tech savy users there .
Mine all use the " download site " .
They download files from it and download files to the site .</tokentext>
<sentencetext>You've got some tech savy users there.
Mine all use the "download site".
They download files from it and download files to the site.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681479</id>
	<title>Re:Keyloggers don't care</title>
	<author>Anonymous</author>
	<datestamp>1247518080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>VNC with local keyboard disconnect -- you have about 30 seconds before I pull the plug.</p></htmltext>
<tokenext>VNC with local keyboard disconnect -- you have about 30 seconds before I pull the plug .</tokentext>
<sentencetext>VNC with local keyboard disconnect -- you have about 30 seconds before I pull the plug.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677209</id>
	<title>Wowa.....</title>
	<author>sysgeek01</author>
	<datestamp>1247503020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I just had a flashback to 1999...</htmltext>
<tokenext>I just had a flashback to 1999.. .</tokentext>
<sentencetext>I just had a flashback to 1999...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681555</id>
	<title>Re:Users can't tell the difference</title>
	<author>fast turtle</author>
	<datestamp>1247518380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The FTP term has lost its meaning to represent a protocol (which is what the IT staff thinks of it as) vs the end users with think of FTP as a generic term to transfer files.</p></div><p>And the role of IT is to support those end users called <b>"Joe Sixpack"</b> in the completion of their duties. In this case those users are absolutely correct based upon the definition of FTP which is</p><blockquote><div><p>File Transfer Protocol</p></div></blockquote><p> Simply put, those users are using the terminology in the correct manner based upon the language instead of using it according to the damn RFC. In fact based upon the definition of FTP, it could easily include Sneaker Net, Direct Connection, Bit Torrent, Rapid Share, WhaleMail and a whole rash of other setups that do the same thing as you're local server does.</p></div>
	</htmltext>
<tokenext>The FTP term has lost its meaning to represent a protocol ( which is what the IT staff thinks of it as ) vs the end users with think of FTP as a generic term to transfer files.And the role of IT is to support those end users called " Joe Sixpack " in the completion of their duties .
In this case those users are absolutely correct based upon the definition of FTP which isFile Transfer Protocol Simply put , those users are using the terminology in the correct manner based upon the language instead of using it according to the damn RFC .
In fact based upon the definition of FTP , it could easily include Sneaker Net , Direct Connection , Bit Torrent , Rapid Share , WhaleMail and a whole rash of other setups that do the same thing as you 're local server does .</tokentext>
<sentencetext>The FTP term has lost its meaning to represent a protocol (which is what the IT staff thinks of it as) vs the end users with think of FTP as a generic term to transfer files.And the role of IT is to support those end users called "Joe Sixpack" in the completion of their duties.
In this case those users are absolutely correct based upon the definition of FTP which isFile Transfer Protocol Simply put, those users are using the terminology in the correct manner based upon the language instead of using it according to the damn RFC.
In fact based upon the definition of FTP, it could easily include Sneaker Net, Direct Connection, Bit Torrent, Rapid Share, WhaleMail and a whole rash of other setups that do the same thing as you're local server does.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676957</id>
	<title>RIPFTP!</title>
	<author>SteveHeadroom</author>
	<datestamp>1247502120000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>Isn't that the sound someone makes after eating enough chili or lentils?</p></htmltext>
<tokenext>Is n't that the sound someone makes after eating enough chili or lentils ?</tokentext>
<sentencetext>Isn't that the sound someone makes after eating enough chili or lentils?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677205</id>
	<title>My Server</title>
	<author>ironicsky</author>
	<datestamp>1247502960000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext>I run a linux server that has FTP services on it.I did have an issue a while back where someone's ftp account got cracked, someone uploaded a malicious root kit, then executed it through the web and... BLAMO! I was compromised. Every<nobr> <wbr></nobr>.html and<nobr> <wbr></nobr>.php file on the server was over written. I didn't feel like cleaning it up, so I just loaded the back ups on the a clean server and took the compromised one out of production.
<br> <br>
But I did make one change on the new server... I upped the security substantially. One of the changes involved enforcing SFTP and discontinuing my FTP services.
<br> <br>
For me, all it took was one serious compromise to wake me up. I'm sure for a lot of other people it will be the same.</htmltext>
<tokenext>I run a linux server that has FTP services on it.I did have an issue a while back where someone 's ftp account got cracked , someone uploaded a malicious root kit , then executed it through the web and... BLAMO ! I was compromised .
Every .html and .php file on the server was over written .
I did n't feel like cleaning it up , so I just loaded the back ups on the a clean server and took the compromised one out of production .
But I did make one change on the new server... I upped the security substantially .
One of the changes involved enforcing SFTP and discontinuing my FTP services .
For me , all it took was one serious compromise to wake me up .
I 'm sure for a lot of other people it will be the same .</tokentext>
<sentencetext>I run a linux server that has FTP services on it.I did have an issue a while back where someone's ftp account got cracked, someone uploaded a malicious root kit, then executed it through the web and... BLAMO! I was compromised.
Every .html and .php file on the server was over written.
I didn't feel like cleaning it up, so I just loaded the back ups on the a clean server and took the compromised one out of production.
But I did make one change on the new server... I upped the security substantially.
One of the changes involved enforcing SFTP and discontinuing my FTP services.
For me, all it took was one serious compromise to wake me up.
I'm sure for a lot of other people it will be the same.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681579</id>
	<title>Re:FTPS</title>
	<author>treat</author>
	<datestamp>1247518440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>So many reasons why this post is silly:</p><p>chroot is not a jail, its a hack to make shitty software work in a specially constructed enviroment.  It does not in any way prevent a malicious program from breaking out of the chroot, it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.</p><p>FTP without a chroot is not really any different than ssh without a chroot.  If you're just depending on the authors of your ftp daemon to protect you then your an idiot.</p><p>Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.</p><p>CHROOT IS NOT A FUCKING SECURITY FENCE, NOT INTENDED TO BE, DOESN'T ACT LIKE ONE, WILL NEVER BE ONE.</p></div><p>Wait, so depending on the daemon to protect you is idiocy. But also chroot is not useful for security.</p><p>So you'd like another, unstated solution? Love to hear it.</p></div>
	</htmltext>
<tokenext>So many reasons why this post is silly : chroot is not a jail , its a hack to make shitty software work in a specially constructed enviroment .
It does not in any way prevent a malicious program from breaking out of the chroot , it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.FTP without a chroot is not really any different than ssh without a chroot .
If you 're just depending on the authors of your ftp daemon to protect you then your an idiot.Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.CHROOT IS NOT A FUCKING SECURITY FENCE , NOT INTENDED TO BE , DOES N'T ACT LIKE ONE , WILL NEVER BE ONE.Wait , so depending on the daemon to protect you is idiocy .
But also chroot is not useful for security.So you 'd like another , unstated solution ?
Love to hear it .</tokentext>
<sentencetext>So many reasons why this post is silly:chroot is not a jail, its a hack to make shitty software work in a specially constructed enviroment.
It does not in any way prevent a malicious program from breaking out of the chroot, it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.FTP without a chroot is not really any different than ssh without a chroot.
If you're just depending on the authors of your ftp daemon to protect you then your an idiot.Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.CHROOT IS NOT A FUCKING SECURITY FENCE, NOT INTENDED TO BE, DOESN'T ACT LIKE ONE, WILL NEVER BE ONE.Wait, so depending on the daemon to protect you is idiocy.
But also chroot is not useful for security.So you'd like another, unstated solution?
Love to hear it.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</id>
	<title>Missing the point...</title>
	<author>hackel</author>
	<datestamp>1247505060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Amazing how this article (and so many people responding) seem to be missing the point entirely.  The real problem is people using operating systems that are vulnerable to these types of attacks!  I don't know about Vista, but even if Linux was ever targeted for this kind of attack/spyware, you would have to run the software as root to enable packet sniffing!  And anyone who uses IE for regular browsing and not just local site development is clearly not a competent web developer and has no business working in this industry!  Seriously--how can anyone still use IE, FTP, or anything like that in this day and age?  I think I stopped using FTP, what...10 years ago now?</p><p>The bottom line is that all hosting companies must disable all access to their services via insecure FTP.  It's shameful how many companies still use it.  I'm in such an isolated bubble, apparently, that I didn't even know this was still going on until recently I had to access a shared web service to migrate a particular client.  I was shocked, to say the least!  Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.  It's bad enough that people keep using Windows, but since we can't control this, competent sysadmins really need to take the initiative in disabling FTP.  Likewise, unencrypted pop3, imap, telnet, or whatever unencrypted services they provide.</p></htmltext>
<tokenext>Amazing how this article ( and so many people responding ) seem to be missing the point entirely .
The real problem is people using operating systems that are vulnerable to these types of attacks !
I do n't know about Vista , but even if Linux was ever targeted for this kind of attack/spyware , you would have to run the software as root to enable packet sniffing !
And anyone who uses IE for regular browsing and not just local site development is clearly not a competent web developer and has no business working in this industry !
Seriously--how can anyone still use IE , FTP , or anything like that in this day and age ?
I think I stopped using FTP , what...10 years ago now ? The bottom line is that all hosting companies must disable all access to their services via insecure FTP .
It 's shameful how many companies still use it .
I 'm in such an isolated bubble , apparently , that I did n't even know this was still going on until recently I had to access a shared web service to migrate a particular client .
I was shocked , to say the least !
Secure-FTP ( over SSL ) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to .
It 's bad enough that people keep using Windows , but since we ca n't control this , competent sysadmins really need to take the initiative in disabling FTP .
Likewise , unencrypted pop3 , imap , telnet , or whatever unencrypted services they provide .</tokentext>
<sentencetext>Amazing how this article (and so many people responding) seem to be missing the point entirely.
The real problem is people using operating systems that are vulnerable to these types of attacks!
I don't know about Vista, but even if Linux was ever targeted for this kind of attack/spyware, you would have to run the software as root to enable packet sniffing!
And anyone who uses IE for regular browsing and not just local site development is clearly not a competent web developer and has no business working in this industry!
Seriously--how can anyone still use IE, FTP, or anything like that in this day and age?
I think I stopped using FTP, what...10 years ago now?The bottom line is that all hosting companies must disable all access to their services via insecure FTP.
It's shameful how many companies still use it.
I'm in such an isolated bubble, apparently, that I didn't even know this was still going on until recently I had to access a shared web service to migrate a particular client.
I was shocked, to say the least!
Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.
It's bad enough that people keep using Windows, but since we can't control this, competent sysadmins really need to take the initiative in disabling FTP.
Likewise, unencrypted pop3, imap, telnet, or whatever unencrypted services they provide.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681065</id>
	<title>If not FTP, then what for resumes support?</title>
	<author>antdude</author>
	<datestamp>1247516400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I recalled SFTP can't do resume downloads and uploads when I last tried it, years ago. So I use good old Z-modem's sz and rz commands through SSH(1-2) connections with <a href="http://www.vandyke.com/products/securecrt/index.html" title="vandyke.com">SecureCRT</a> [vandyke.com] clients (wished <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/" title="greenend.org.uk">PuTTY</a> [greenend.org.uk] could do it and <a href="http://syncterm.bbsdev.net/" title="bbsdev.net">SyncTERM</a> [bbsdev.net]'s Z-modem seems to be broken [never worked correctly]). FTP can do resumes too, but obviously insecured. Are there any other popular/common protocols that will transfers, with resume support, securedly on various platforms (Apple Mac, Windows, and Linux/UNIX)?</p></htmltext>
<tokenext>I recalled SFTP ca n't do resume downloads and uploads when I last tried it , years ago .
So I use good old Z-modem 's sz and rz commands through SSH ( 1-2 ) connections with SecureCRT [ vandyke.com ] clients ( wished PuTTY [ greenend.org.uk ] could do it and SyncTERM [ bbsdev.net ] 's Z-modem seems to be broken [ never worked correctly ] ) .
FTP can do resumes too , but obviously insecured .
Are there any other popular/common protocols that will transfers , with resume support , securedly on various platforms ( Apple Mac , Windows , and Linux/UNIX ) ?</tokentext>
<sentencetext>I recalled SFTP can't do resume downloads and uploads when I last tried it, years ago.
So I use good old Z-modem's sz and rz commands through SSH(1-2) connections with SecureCRT [vandyke.com] clients (wished PuTTY [greenend.org.uk] could do it and SyncTERM [bbsdev.net]'s Z-modem seems to be broken [never worked correctly]).
FTP can do resumes too, but obviously insecured.
Are there any other popular/common protocols that will transfers, with resume support, securedly on various platforms (Apple Mac, Windows, and Linux/UNIX)?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677795</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Anonymous</author>
	<datestamp>1247505120000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>SFTP is not FTP tunneled over SSH, it's a protocol for file transfer which is not based on FTP in any way. In fact, due to its dual connection nature, FTP is not trivial to tunnel over SSH. And since SFTP exists and is built in SSH servers, its a waste of time to try to tunnel FTP over SSH.</p></htmltext>
<tokenext>SFTP is not FTP tunneled over SSH , it 's a protocol for file transfer which is not based on FTP in any way .
In fact , due to its dual connection nature , FTP is not trivial to tunnel over SSH .
And since SFTP exists and is built in SSH servers , its a waste of time to try to tunnel FTP over SSH .</tokentext>
<sentencetext>SFTP is not FTP tunneled over SSH, it's a protocol for file transfer which is not based on FTP in any way.
In fact, due to its dual connection nature, FTP is not trivial to tunnel over SSH.
And since SFTP exists and is built in SSH servers, its a waste of time to try to tunnel FTP over SSH.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677135</id>
	<title>J.T.P.</title>
	<author>Anonymous</author>
	<datestamp>1247502780000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Jew Transfer Protocol - let's just say it involves trains, gas chambers, and Germans.</htmltext>
<tokenext>Jew Transfer Protocol - let 's just say it involves trains , gas chambers , and Germans .</tokentext>
<sentencetext>Jew Transfer Protocol - let's just say it involves trains, gas chambers, and Germans.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681029</id>
	<title>what I do</title>
	<author>Anonymous</author>
	<datestamp>1247516220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Being a sys admin for a hosting company (a medium sized one), here are some suggestions.</p><p>1.  FTP passwords - 10 characters, numbers, letters, capitalization, changed every 90 days.  I don't use FTP for uploading content, though.<nobr> <wbr></nobr>:)<br>2.  SCP for uploading files.  Can be used with Windows and Linux hosting, using generally much more secure SSH.  Also move SSH to a different port (won't stop major scanners, but will keep most script-kiddies off your box).<br>3.  File Permissions.  Make sure they are set correctly.  i've fixed more Linux boxes with incorrect permissions than I care to count.  755 on directories, 644 on files.  Some CMS screw this up, so watch for it.<br>4.  Disable local mail relaying from your boxes.  Make all web forms use PHP PEAR to authenticate to a SMTP server to send out mail.  Some yahoo that doesn't know how to program a php mail script can cause some major problems.</p></htmltext>
<tokenext>Being a sys admin for a hosting company ( a medium sized one ) , here are some suggestions.1 .
FTP passwords - 10 characters , numbers , letters , capitalization , changed every 90 days .
I do n't use FTP for uploading content , though .
: ) 2. SCP for uploading files .
Can be used with Windows and Linux hosting , using generally much more secure SSH .
Also move SSH to a different port ( wo n't stop major scanners , but will keep most script-kiddies off your box ) .3 .
File Permissions .
Make sure they are set correctly .
i 've fixed more Linux boxes with incorrect permissions than I care to count .
755 on directories , 644 on files .
Some CMS screw this up , so watch for it.4 .
Disable local mail relaying from your boxes .
Make all web forms use PHP PEAR to authenticate to a SMTP server to send out mail .
Some yahoo that does n't know how to program a php mail script can cause some major problems .</tokentext>
<sentencetext>Being a sys admin for a hosting company (a medium sized one), here are some suggestions.1.
FTP passwords - 10 characters, numbers, letters, capitalization, changed every 90 days.
I don't use FTP for uploading content, though.
:)2.  SCP for uploading files.
Can be used with Windows and Linux hosting, using generally much more secure SSH.
Also move SSH to a different port (won't stop major scanners, but will keep most script-kiddies off your box).3.
File Permissions.
Make sure they are set correctly.
i've fixed more Linux boxes with incorrect permissions than I care to count.
755 on directories, 644 on files.
Some CMS screw this up, so watch for it.4.
Disable local mail relaying from your boxes.
Make all web forms use PHP PEAR to authenticate to a SMTP server to send out mail.
Some yahoo that doesn't know how to program a php mail script can cause some major problems.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</id>
	<title>It doesn't matter</title>
	<author>RenHoek</author>
	<datestamp>1247502540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>Look, if your machine is infected by malware, it's not going to make any difference if you use FTP or SFTP or god know what else.</p><p>Either your passwords are stored on your harddisk or you're going to have to type them in at a later point. In both cases software is going to be able to get your passwords. And they have that they can get in without a problem, regardless of protocol used.</p><p>So instead of this looooong article, some more vigilance online to avoid the infection to begin with would be more helpful.</p><p>And if you \_have\_ to use MSIE, use SandboxIE.</p></htmltext>
<tokenext>Look , if your machine is infected by malware , it 's not going to make any difference if you use FTP or SFTP or god know what else.Either your passwords are stored on your harddisk or you 're going to have to type them in at a later point .
In both cases software is going to be able to get your passwords .
And they have that they can get in without a problem , regardless of protocol used.So instead of this looooong article , some more vigilance online to avoid the infection to begin with would be more helpful.And if you \ _have \ _ to use MSIE , use SandboxIE .</tokentext>
<sentencetext>Look, if your machine is infected by malware, it's not going to make any difference if you use FTP or SFTP or god know what else.Either your passwords are stored on your harddisk or you're going to have to type them in at a later point.
In both cases software is going to be able to get your passwords.
And they have that they can get in without a problem, regardless of protocol used.So instead of this looooong article, some more vigilance online to avoid the infection to begin with would be more helpful.And if you \_have\_ to use MSIE, use SandboxIE.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679769</id>
	<title>People are slow to adapt...</title>
	<author>Bert64</author>
	<datestamp>1247511360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>As someone else pointed out, getting infected with a piece of malware is extremely serious... Not something you can run some automated tool to "clean up"...<br>Most of the malware i've seen is not just a single infection, it tries to install additional malware too (to decrease the chance of you finding it all, nothing detects every piece of malware) and will often change system configuration to make it intentionally insecure, because none of the anti malware tools will detect if you have a legitimate but old (ie vulnerable) system binary installed, or if you have an insecure configuration such as allowing activex controls to run automatically without prompting. What you need to do is restore the system from known clean media and manually verify any data files you copy back (don't copy back any executable binaries).</p><p>Another issue with public shared hosting, is that often the web server runs as a single user, so that all the different sites need to be readable by that user. If one site gets compromised and an attacker gets a shell as the web server user they can read and possibly modify every other user's files... Quite often this will be enough to retrieve database passwords if not more.</p><p>Also consider the popular website authoring tools people use, which usually default to FTP and often don't support anything else. If your webhost doesn't support FTP you will lose customers.</p></htmltext>
<tokenext>As someone else pointed out , getting infected with a piece of malware is extremely serious... Not something you can run some automated tool to " clean up " ...Most of the malware i 've seen is not just a single infection , it tries to install additional malware too ( to decrease the chance of you finding it all , nothing detects every piece of malware ) and will often change system configuration to make it intentionally insecure , because none of the anti malware tools will detect if you have a legitimate but old ( ie vulnerable ) system binary installed , or if you have an insecure configuration such as allowing activex controls to run automatically without prompting .
What you need to do is restore the system from known clean media and manually verify any data files you copy back ( do n't copy back any executable binaries ) .Another issue with public shared hosting , is that often the web server runs as a single user , so that all the different sites need to be readable by that user .
If one site gets compromised and an attacker gets a shell as the web server user they can read and possibly modify every other user 's files... Quite often this will be enough to retrieve database passwords if not more.Also consider the popular website authoring tools people use , which usually default to FTP and often do n't support anything else .
If your webhost does n't support FTP you will lose customers .</tokentext>
<sentencetext>As someone else pointed out, getting infected with a piece of malware is extremely serious... Not something you can run some automated tool to "clean up"...Most of the malware i've seen is not just a single infection, it tries to install additional malware too (to decrease the chance of you finding it all, nothing detects every piece of malware) and will often change system configuration to make it intentionally insecure, because none of the anti malware tools will detect if you have a legitimate but old (ie vulnerable) system binary installed, or if you have an insecure configuration such as allowing activex controls to run automatically without prompting.
What you need to do is restore the system from known clean media and manually verify any data files you copy back (don't copy back any executable binaries).Another issue with public shared hosting, is that often the web server runs as a single user, so that all the different sites need to be readable by that user.
If one site gets compromised and an attacker gets a shell as the web server user they can read and possibly modify every other user's files... Quite often this will be enough to retrieve database passwords if not more.Also consider the popular website authoring tools people use, which usually default to FTP and often don't support anything else.
If your webhost doesn't support FTP you will lose customers.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681255</id>
	<title>Re:These aren't average users, are they?</title>
	<author>hedwards</author>
	<datestamp>1247517180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The college that my mother works at uses sftp to do all the off campus file transfers. Specifically they use FileZilla with a walkthrough as to how to get it done. From what I gather they're not having a whole lot of trouble with it. Then again, they do have a couple of computer labs where they can walk people through the process from time to time if they need to. And I can assure anybody reading this comment that a fair number of them are barely computer literate, and even then just if I'm being generous.<br> <br>

But ultimately the bottom line is that while there are solutions to the issue of security, FTP is a protocol that probably ought to be replaced with something new, something that better tolerates the new realities of networking. IPv6 is a good excuse to scrap it for something that's redesigned to better handle that sort of thing.</htmltext>
<tokenext>The college that my mother works at uses sftp to do all the off campus file transfers .
Specifically they use FileZilla with a walkthrough as to how to get it done .
From what I gather they 're not having a whole lot of trouble with it .
Then again , they do have a couple of computer labs where they can walk people through the process from time to time if they need to .
And I can assure anybody reading this comment that a fair number of them are barely computer literate , and even then just if I 'm being generous .
But ultimately the bottom line is that while there are solutions to the issue of security , FTP is a protocol that probably ought to be replaced with something new , something that better tolerates the new realities of networking .
IPv6 is a good excuse to scrap it for something that 's redesigned to better handle that sort of thing .</tokentext>
<sentencetext>The college that my mother works at uses sftp to do all the off campus file transfers.
Specifically they use FileZilla with a walkthrough as to how to get it done.
From what I gather they're not having a whole lot of trouble with it.
Then again, they do have a couple of computer labs where they can walk people through the process from time to time if they need to.
And I can assure anybody reading this comment that a fair number of them are barely computer literate, and even then just if I'm being generous.
But ultimately the bottom line is that while there are solutions to the issue of security, FTP is a protocol that probably ought to be replaced with something new, something that better tolerates the new realities of networking.
IPv6 is a good excuse to scrap it for something that's redesigned to better handle that sort of thing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677111</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680419</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>Anonymous</author>
	<datestamp>1247513580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Have you tried setting up apache or lighttpd on Windows let alone using them for production? Windows just doesn't hold a candle to Linux in the server market. Windows is not a server OS. Sure some PHB will want it used INTERNALLY for Active Directory but who's going to FTP into that again? No one I hope. If you want an internet facing server today 13 July 2009 your choices are Unix and Linux.</p></htmltext>
<tokenext>Have you tried setting up apache or lighttpd on Windows let alone using them for production ?
Windows just does n't hold a candle to Linux in the server market .
Windows is not a server OS .
Sure some PHB will want it used INTERNALLY for Active Directory but who 's going to FTP into that again ?
No one I hope .
If you want an internet facing server today 13 July 2009 your choices are Unix and Linux .</tokentext>
<sentencetext>Have you tried setting up apache or lighttpd on Windows let alone using them for production?
Windows just doesn't hold a candle to Linux in the server market.
Windows is not a server OS.
Sure some PHB will want it used INTERNALLY for Active Directory but who's going to FTP into that again?
No one I hope.
If you want an internet facing server today 13 July 2009 your choices are Unix and Linux.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680249</id>
	<title>But</title>
	<author>RomulusNR</author>
	<datestamp>1247512980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>h0w 4m 3y3 g01ng 2 g3t 4ll my w4r3z mp3z and pr0n n0w?</p></htmltext>
<tokenext>h0w 4m 3y3 g01ng 2 g3t 4ll my w4r3z mp3z and pr0n n0w ?</tokentext>
<sentencetext>h0w 4m 3y3 g01ng 2 g3t 4ll my w4r3z mp3z and pr0n n0w?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680861</id>
	<title>Re:It doesn't matter</title>
	<author>Urban Garlic</author>
	<datestamp>1247515620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well, as discussed in the article, it's a question of level of effort.</p><p>A malware packet-sniffer can watch for outgoing FTP connections, and skim plain-text passwords out of them. This is very easy, and, according to the article, quite common.</p><p>A highly sophisticated malware disk-browser can locate and, if required, decrypt your stored password from your SFTP profile.  Or, a keylogger could log all your keystrokes, and try to figure out when you're typing passwords, and store them.  These attacks are harder, and according to the article, quite uncommon.</p><p>By using SFTP, you're protected against the common, easy attack, but you remain vulnerable to the uncommon, difficult attack.  It's not perfect, but you actually are less vulnerable.  Thinking otherwise is like insisting on using a bad analogy, because people always misunderstand analogies anyways, so using a good one won't help.</p></htmltext>
<tokenext>Well , as discussed in the article , it 's a question of level of effort.A malware packet-sniffer can watch for outgoing FTP connections , and skim plain-text passwords out of them .
This is very easy , and , according to the article , quite common.A highly sophisticated malware disk-browser can locate and , if required , decrypt your stored password from your SFTP profile .
Or , a keylogger could log all your keystrokes , and try to figure out when you 're typing passwords , and store them .
These attacks are harder , and according to the article , quite uncommon.By using SFTP , you 're protected against the common , easy attack , but you remain vulnerable to the uncommon , difficult attack .
It 's not perfect , but you actually are less vulnerable .
Thinking otherwise is like insisting on using a bad analogy , because people always misunderstand analogies anyways , so using a good one wo n't help .</tokentext>
<sentencetext>Well, as discussed in the article, it's a question of level of effort.A malware packet-sniffer can watch for outgoing FTP connections, and skim plain-text passwords out of them.
This is very easy, and, according to the article, quite common.A highly sophisticated malware disk-browser can locate and, if required, decrypt your stored password from your SFTP profile.
Or, a keylogger could log all your keystrokes, and try to figure out when you're typing passwords, and store them.
These attacks are harder, and according to the article, quite uncommon.By using SFTP, you're protected against the common, easy attack, but you remain vulnerable to the uncommon, difficult attack.
It's not perfect, but you actually are less vulnerable.
Thinking otherwise is like insisting on using a bad analogy, because people always misunderstand analogies anyways, so using a good one won't help.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679923</id>
	<title>Re:Keyloggers don't care</title>
	<author>nine-times</author>
	<datestamp>1247511900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well first, that's a good argument to make sure you don't have a keylogger, but not an argument against encrypting authentication while operating over an insecure network.  Really, it's not a whacky or complicated idea.  Unencrypted authentication is vulnerable to more types of attacks than encrypted authentication.
</p><p>But just to argue the point, SFTP can be set up so that a keylogger alone won't get your login credentials.  You can use public key authentication instead of a password.  Now sure, public key authentication is potentially vulnerable to another sort of attack (someone with local access under your local account can simply copy the private key), but if you just want to talk about keyloggers....</p></htmltext>
<tokenext>Well first , that 's a good argument to make sure you do n't have a keylogger , but not an argument against encrypting authentication while operating over an insecure network .
Really , it 's not a whacky or complicated idea .
Unencrypted authentication is vulnerable to more types of attacks than encrypted authentication .
But just to argue the point , SFTP can be set up so that a keylogger alone wo n't get your login credentials .
You can use public key authentication instead of a password .
Now sure , public key authentication is potentially vulnerable to another sort of attack ( someone with local access under your local account can simply copy the private key ) , but if you just want to talk about keyloggers... .</tokentext>
<sentencetext>Well first, that's a good argument to make sure you don't have a keylogger, but not an argument against encrypting authentication while operating over an insecure network.
Really, it's not a whacky or complicated idea.
Unencrypted authentication is vulnerable to more types of attacks than encrypted authentication.
But just to argue the point, SFTP can be set up so that a keylogger alone won't get your login credentials.
You can use public key authentication instead of a password.
Now sure, public key authentication is potentially vulnerable to another sort of attack (someone with local access under your local account can simply copy the private key), but if you just want to talk about keyloggers....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680291</id>
	<title>Fine display of judgement</title>
	<author>Anonymous</author>
	<datestamp>1247513100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>The original file with the script tags inserted is here if you want to examine it, but use with caution</p></div><p>Do you also send virus emails to your addressbook so people can examine them? Your site is still blacklisted, and that's a good thing.</p></div>
	</htmltext>
<tokenext>The original file with the script tags inserted is here if you want to examine it , but use with cautionDo you also send virus emails to your addressbook so people can examine them ?
Your site is still blacklisted , and that 's a good thing .</tokentext>
<sentencetext>The original file with the script tags inserted is here if you want to examine it, but use with cautionDo you also send virus emails to your addressbook so people can examine them?
Your site is still blacklisted, and that's a good thing.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684181</id>
	<title>Re:Amusingly..</title>
	<author>Nefarious Wheel</author>
	<datestamp>1247487540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>One of the things they talked about was ftp and how it's used to upload content to your "web host"</p></div><p>You mean like the FileZilla utility that comes with XAMPP?</p></div>
	</htmltext>
<tokenext>One of the things they talked about was ftp and how it 's used to upload content to your " web host " You mean like the FileZilla utility that comes with XAMPP ?</tokentext>
<sentencetext>One of the things they talked about was ftp and how it's used to upload content to your "web host"You mean like the FileZilla utility that comes with XAMPP?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680143</id>
	<title>Re:My Server</title>
	<author>neoform</author>
	<datestamp>1247512680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>How does SFTP stop someone from getting ahold of a user's password and uploading another malicious script, then running it via web? Sounds like you had a web accessible directory that a user could upload to, unless you change this, the same thing can happen again. The only thing you changed was you encrypted the file transfer process..</htmltext>
<tokenext>How does SFTP stop someone from getting ahold of a user 's password and uploading another malicious script , then running it via web ?
Sounds like you had a web accessible directory that a user could upload to , unless you change this , the same thing can happen again .
The only thing you changed was you encrypted the file transfer process. .</tokentext>
<sentencetext>How does SFTP stop someone from getting ahold of a user's password and uploading another malicious script, then running it via web?
Sounds like you had a web accessible directory that a user could upload to, unless you change this, the same thing can happen again.
The only thing you changed was you encrypted the file transfer process..</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677205</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28685689</id>
	<title>Probably not ftp's fault</title>
	<author>CoffeePlease</author>
	<datestamp>1247499720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>More like you were attacked through one of the many http or sql injection attacks that are constantly being run out there. Which is not to say you aren't right - everything else uses encryption so why not FTP?</htmltext>
<tokenext>More like you were attacked through one of the many http or sql injection attacks that are constantly being run out there .
Which is not to say you are n't right - everything else uses encryption so why not FTP ?</tokentext>
<sentencetext>More like you were attacked through one of the many http or sql injection attacks that are constantly being run out there.
Which is not to say you aren't right - everything else uses encryption so why not FTP?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677001</id>
	<title>WebDav</title>
	<author>lymond01</author>
	<datestamp>1247502300000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>How to secure WebDav<br><a href="http://www.howtoforge.com/webdav\_with\_ssl\_and\_two\_factor\_authentication" title="howtoforge.com">http://www.howtoforge.com/webdav\_with\_ssl\_and\_two\_factor\_authentication</a> [howtoforge.com]</p></htmltext>
<tokenext>How to secure WebDavhttp : //www.howtoforge.com/webdav \ _with \ _ssl \ _and \ _two \ _factor \ _authentication [ howtoforge.com ]</tokentext>
<sentencetext>How to secure WebDavhttp://www.howtoforge.com/webdav\_with\_ssl\_and\_two\_factor\_authentication [howtoforge.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678415</id>
	<title>Rambling nonsense</title>
	<author>Anonymous</author>
	<datestamp>1247507100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm not trying to be a jerk here, but am I the only one who thinks this slashdot posting is total rambling nonsense? It's about 100 times longer than it needs to be. I'm not really even sure what he's talking about.</p><p>Basically this guy has discovered that sending data in the clear is bad, so that is why he now thinks FTP is bad. But for some reason he believes that this is a new discovery? I'm confused.</p></htmltext>
<tokenext>I 'm not trying to be a jerk here , but am I the only one who thinks this slashdot posting is total rambling nonsense ?
It 's about 100 times longer than it needs to be .
I 'm not really even sure what he 's talking about.Basically this guy has discovered that sending data in the clear is bad , so that is why he now thinks FTP is bad .
But for some reason he believes that this is a new discovery ?
I 'm confused .</tokentext>
<sentencetext>I'm not trying to be a jerk here, but am I the only one who thinks this slashdot posting is total rambling nonsense?
It's about 100 times longer than it needs to be.
I'm not really even sure what he's talking about.Basically this guy has discovered that sending data in the clear is bad, so that is why he now thinks FTP is bad.
But for some reason he believes that this is a new discovery?
I'm confused.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28687807</id>
	<title>Why are people still on FTP - Firewalls, perhaps?</title>
	<author>IBBoard</author>
	<datestamp>1247563620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Maybe people still use FTP rather than SFTP because of firewalls. At work we've got a firewall that blocks all unexpected ports and even does a degree of protocol checking on the expected ports. We're allowed to use the Net for personal use at lunch etc, and we have a proxy for FTP that lets use get at FTP servers, but anything encrypted like SSH/SFTP is right out.</p><p>It's probably not just the old legacy apps that don't support the protocols (which people will keep on using once they've bought them if they're expensive for the new ones and it isn't a commercial site) and a lack of knowledge, but sometimes it'll be technical limitations as well. FTP is a nice common denominator that people can rely on more than encrypted stuff.</p></htmltext>
<tokenext>Maybe people still use FTP rather than SFTP because of firewalls .
At work we 've got a firewall that blocks all unexpected ports and even does a degree of protocol checking on the expected ports .
We 're allowed to use the Net for personal use at lunch etc , and we have a proxy for FTP that lets use get at FTP servers , but anything encrypted like SSH/SFTP is right out.It 's probably not just the old legacy apps that do n't support the protocols ( which people will keep on using once they 've bought them if they 're expensive for the new ones and it is n't a commercial site ) and a lack of knowledge , but sometimes it 'll be technical limitations as well .
FTP is a nice common denominator that people can rely on more than encrypted stuff .</tokentext>
<sentencetext>Maybe people still use FTP rather than SFTP because of firewalls.
At work we've got a firewall that blocks all unexpected ports and even does a degree of protocol checking on the expected ports.
We're allowed to use the Net for personal use at lunch etc, and we have a proxy for FTP that lets use get at FTP servers, but anything encrypted like SSH/SFTP is right out.It's probably not just the old legacy apps that don't support the protocols (which people will keep on using once they've bought them if they're expensive for the new ones and it isn't a commercial site) and a lack of knowledge, but sometimes it'll be technical limitations as well.
FTP is a nice common denominator that people can rely on more than encrypted stuff.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680153</id>
	<title>FTP pros and cons</title>
	<author>Anonymous</author>
	<datestamp>1247512680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>FTP is insecure and shouldn't be used, generally, when there is a password at stake. However, FTP also makes for a very easy and light way to share files to a large group. It's sort of the lowest common demoninator of file transfers. FTP isn't going anywhere, because it's still very useful and resource light compared to other protocols. Which is why companies like HP and Dell use FTP servers to serve up drivers and other software.</p></htmltext>
<tokenext>FTP is insecure and should n't be used , generally , when there is a password at stake .
However , FTP also makes for a very easy and light way to share files to a large group .
It 's sort of the lowest common demoninator of file transfers .
FTP is n't going anywhere , because it 's still very useful and resource light compared to other protocols .
Which is why companies like HP and Dell use FTP servers to serve up drivers and other software .</tokentext>
<sentencetext>FTP is insecure and shouldn't be used, generally, when there is a password at stake.
However, FTP also makes for a very easy and light way to share files to a large group.
It's sort of the lowest common demoninator of file transfers.
FTP isn't going anywhere, because it's still very useful and resource light compared to other protocols.
Which is why companies like HP and Dell use FTP servers to serve up drivers and other software.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28682775</id>
	<title>Re:Users can't tell the difference</title>
	<author>Anonymous</author>
	<datestamp>1247480220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Lots of people do this nowadays and it drives me insane.. I hate those stupid web file upload scripts. They're slow, require me to have a browser available on the machine I"m on, and they can't resume.  also, there's all the extra clicking and gui manipulation I have to do to use them.  they're not more convenient, they're LESS convenient.</p></htmltext>
<tokenext>Lots of people do this nowadays and it drives me insane.. I hate those stupid web file upload scripts .
They 're slow , require me to have a browser available on the machine I " m on , and they ca n't resume .
also , there 's all the extra clicking and gui manipulation I have to do to use them .
they 're not more convenient , they 're LESS convenient .</tokentext>
<sentencetext>Lots of people do this nowadays and it drives me insane.. I hate those stupid web file upload scripts.
They're slow, require me to have a browser available on the machine I"m on, and they can't resume.
also, there's all the extra clicking and gui manipulation I have to do to use them.
they're not more convenient, they're LESS convenient.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680063</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>Alun Jones</author>
	<datestamp>1247512320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Thanks for the plug for WFTPD (actually you have to get WFTPD Pro for FTPS support).
You might ask your bank why FTPS isn't a supported mechanism, given that it's possible to provide equivalent security through FTPS that they might get through SFTP, and it's a documented protocol, as opposed to SFTP, which has several incompatible versions and no documentation that allows for development of an SFTP implementation without having to refer to other people's source code in order to do so. This is the basic reason why there are so few SFTP implementations from established FTP developers - we don't want to build our implementations from other people's source code, and thus be subject to their licences.</htmltext>
<tokenext>Thanks for the plug for WFTPD ( actually you have to get WFTPD Pro for FTPS support ) .
You might ask your bank why FTPS is n't a supported mechanism , given that it 's possible to provide equivalent security through FTPS that they might get through SFTP , and it 's a documented protocol , as opposed to SFTP , which has several incompatible versions and no documentation that allows for development of an SFTP implementation without having to refer to other people 's source code in order to do so .
This is the basic reason why there are so few SFTP implementations from established FTP developers - we do n't want to build our implementations from other people 's source code , and thus be subject to their licences .</tokentext>
<sentencetext>Thanks for the plug for WFTPD (actually you have to get WFTPD Pro for FTPS support).
You might ask your bank why FTPS isn't a supported mechanism, given that it's possible to provide equivalent security through FTPS that they might get through SFTP, and it's a documented protocol, as opposed to SFTP, which has several incompatible versions and no documentation that allows for development of an SFTP implementation without having to refer to other people's source code in order to do so.
This is the basic reason why there are so few SFTP implementations from established FTP developers - we don't want to build our implementations from other people's source code, and thus be subject to their licences.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678737</id>
	<title>Dreamweaver, sftp</title>
	<author>drougie</author>
	<datestamp>1247508120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>FYI for those of you who rely on Dreamweaver you can in fact get it to use SFTP without any addons or tweaks. In the remote info under manage sites, in the advanced tab, selecting ftp up top, you can check Use Secure FTP (SFTP). If you run the server yourself, you want to install <a href="http://www.openssh.org/" title="openssh.org" rel="nofollow">openssh</a> [openssh.org], the common package name for which is openssh-server and its conf files may be found in<nobr> <wbr></nobr>/etc/ssh. If you don't run the server, ask your ISP to fire it up if they haven't already.</p><p>This of course won't defend you from getting nailed by a keylogger phoning home... but ditching XP and using nano or emacs on *nix of course would help. Do regular backups just in case -- not just the docroot folder but sql if you use that as well.</p></htmltext>
<tokenext>FYI for those of you who rely on Dreamweaver you can in fact get it to use SFTP without any addons or tweaks .
In the remote info under manage sites , in the advanced tab , selecting ftp up top , you can check Use Secure FTP ( SFTP ) .
If you run the server yourself , you want to install openssh [ openssh.org ] , the common package name for which is openssh-server and its conf files may be found in /etc/ssh .
If you do n't run the server , ask your ISP to fire it up if they have n't already.This of course wo n't defend you from getting nailed by a keylogger phoning home... but ditching XP and using nano or emacs on * nix of course would help .
Do regular backups just in case -- not just the docroot folder but sql if you use that as well .</tokentext>
<sentencetext>FYI for those of you who rely on Dreamweaver you can in fact get it to use SFTP without any addons or tweaks.
In the remote info under manage sites, in the advanced tab, selecting ftp up top, you can check Use Secure FTP (SFTP).
If you run the server yourself, you want to install openssh [openssh.org], the common package name for which is openssh-server and its conf files may be found in /etc/ssh.
If you don't run the server, ask your ISP to fire it up if they haven't already.This of course won't defend you from getting nailed by a keylogger phoning home... but ditching XP and using nano or emacs on *nix of course would help.
Do regular backups just in case -- not just the docroot folder but sql if you use that as well.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28732609</id>
	<title>Another link to preventing this type of attack.</title>
	<author>Anonymous</author>
	<datestamp>1247857320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Here is another Blog Post on steps to prevent this type of attack.

<a href="http://blog.igothacked.com/2009/06/steps-to-prevent-gumblar-martuz-nine.html" title="igothacked.com" rel="nofollow">http://blog.igothacked.com/2009/06/steps-to-prevent-gumblar-martuz-nine.html</a> [igothacked.com]</htmltext>
<tokenext>Here is another Blog Post on steps to prevent this type of attack .
http : //blog.igothacked.com/2009/06/steps-to-prevent-gumblar-martuz-nine.html [ igothacked.com ]</tokentext>
<sentencetext>Here is another Blog Post on steps to prevent this type of attack.
http://blog.igothacked.com/2009/06/steps-to-prevent-gumblar-martuz-nine.html [igothacked.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684049</id>
	<title>Re:It doesn't matter</title>
	<author>tunapez</author>
	<datestamp>1247486760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>And if you \_have\_ to use MSIE, use SandboxIE.</p></div><p>Cripes, whatever you surf with, use SandboxIE! Especially when surfing Pr0n!!!!</p><p>Best program since sliced.bread.2.0, IMO.</p></div>
	</htmltext>
<tokenext>And if you \ _have \ _ to use MSIE , use SandboxIE.Cripes , whatever you surf with , use SandboxIE !
Especially when surfing Pr0n ! ! !
! Best program since sliced.bread.2.0 , IMO .</tokentext>
<sentencetext>And if you \_have\_ to use MSIE, use SandboxIE.Cripes, whatever you surf with, use SandboxIE!
Especially when surfing Pr0n!!!
!Best program since sliced.bread.2.0, IMO.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680253</id>
	<title>Look at it another way...</title>
	<author>benjfowler</author>
	<datestamp>1247512980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The other side of the coin is the lawlessness and lack of enforcement of anti-computer crime laws.  This is all as much a social, political and legal problem as a technical one.</p><p>It's no secret that much of the crime happening online comes from Eastern Europe (particularly, Russia, Ukraine, Romania, Bulgaria), and China.  Russia and China in particular, are rabidly anti-West in their outlook.  The governments over there think it's funny and cool for legions of bored and greedy kids to rob people and destroy other people's property, so long as they're not Slavs/Chinese.</p><p>Of course, the problem is going to get so bad, that the entire generation of criminals they're incubating will start attacking their own countries; but in the meantime, we have what is basically a law enforcement problem (clueless law enforcement), caused by a political problem (clueless and/or hostile foreign governments).</p><p>Believe me, if the Russian kids robbing people on the Internet today were actually made to face the consequences of their actions (e.g. chopping trees and dying of AIDS and TB somewhere in Siberia), the problem wouldn't be anywhere near as bad.</p></htmltext>
<tokenext>The other side of the coin is the lawlessness and lack of enforcement of anti-computer crime laws .
This is all as much a social , political and legal problem as a technical one.It 's no secret that much of the crime happening online comes from Eastern Europe ( particularly , Russia , Ukraine , Romania , Bulgaria ) , and China .
Russia and China in particular , are rabidly anti-West in their outlook .
The governments over there think it 's funny and cool for legions of bored and greedy kids to rob people and destroy other people 's property , so long as they 're not Slavs/Chinese.Of course , the problem is going to get so bad , that the entire generation of criminals they 're incubating will start attacking their own countries ; but in the meantime , we have what is basically a law enforcement problem ( clueless law enforcement ) , caused by a political problem ( clueless and/or hostile foreign governments ) .Believe me , if the Russian kids robbing people on the Internet today were actually made to face the consequences of their actions ( e.g .
chopping trees and dying of AIDS and TB somewhere in Siberia ) , the problem would n't be anywhere near as bad .</tokentext>
<sentencetext>The other side of the coin is the lawlessness and lack of enforcement of anti-computer crime laws.
This is all as much a social, political and legal problem as a technical one.It's no secret that much of the crime happening online comes from Eastern Europe (particularly, Russia, Ukraine, Romania, Bulgaria), and China.
Russia and China in particular, are rabidly anti-West in their outlook.
The governments over there think it's funny and cool for legions of bored and greedy kids to rob people and destroy other people's property, so long as they're not Slavs/Chinese.Of course, the problem is going to get so bad, that the entire generation of criminals they're incubating will start attacking their own countries; but in the meantime, we have what is basically a law enforcement problem (clueless law enforcement), caused by a political problem (clueless and/or hostile foreign governments).Believe me, if the Russian kids robbing people on the Internet today were actually made to face the consequences of their actions (e.g.
chopping trees and dying of AIDS and TB somewhere in Siberia), the problem wouldn't be anywhere near as bad.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</id>
	<title>SFTP support is still spotty ....</title>
	<author>Anonymous</author>
	<datestamp>1247502900000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Switching from FTP to SFTP on the server side is great, in theory, but it's really only a trivial task for people running Unix type operating systems.</p><p>SSH isn't an integral part of most Windows operating systems, and nearly all of the well-regarded, commercial FTP servers for Windows have no SFTP support in them.</p><p>(I understand the Serv-U FTPD for Windows does support it, but it's an exception to the rule.)</p><p>I recently ran into this at my workplace. We've run the commercial WFTPD product (from Texas Imperial software) for years, but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits.</p></htmltext>
<tokenext>Switching from FTP to SFTP on the server side is great , in theory , but it 's really only a trivial task for people running Unix type operating systems.SSH is n't an integral part of most Windows operating systems , and nearly all of the well-regarded , commercial FTP servers for Windows have no SFTP support in them .
( I understand the Serv-U FTPD for Windows does support it , but it 's an exception to the rule .
) I recently ran into this at my workplace .
We 've run the commercial WFTPD product ( from Texas Imperial software ) for years , but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits .</tokentext>
<sentencetext>Switching from FTP to SFTP on the server side is great, in theory, but it's really only a trivial task for people running Unix type operating systems.SSH isn't an integral part of most Windows operating systems, and nearly all of the well-regarded, commercial FTP servers for Windows have no SFTP support in them.
(I understand the Serv-U FTPD for Windows does support it, but it's an exception to the rule.
)I recently ran into this at my workplace.
We've run the commercial WFTPD product (from Texas Imperial software) for years, but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679171</id>
	<title>The solution is so simple, yet people are too dumb</title>
	<author>Anonymous</author>
	<datestamp>1247509500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The solution is so simple, yet people are too dumb to do anything about it properly.</p><p>1.) Use OpenBSD's OpenSSH suite for SFTP (not FTPS crap) - be it in OpenBSD, FreeBSD, Linux or even Windows, etc.</p><p>2.) For windows clients, there's WinSCP or FileZilla (or PSCP or PSFTP from PuTTY) + PuTTY, PageNT,  PuTTYgen,<br>The trick here to avoid passwords being logged with keyloggers, sniffed, etc. hence, the use of public / private key pairs and an SSH-Agent such.</p><p>3.) For *BSD UNIX and Linux systems (and others), there's the OpenSSH suite + ssh-agent(1).</p><p>Anonymous, chroot'ed SFTP only accounts and/or chroot'd user accounts are extremely simply to set up and use. Head over to openbsd.org and read the FAQ and man pages.</p><p>Enjoy!</p></htmltext>
<tokenext>The solution is so simple , yet people are too dumb to do anything about it properly.1 .
) Use OpenBSD 's OpenSSH suite for SFTP ( not FTPS crap ) - be it in OpenBSD , FreeBSD , Linux or even Windows , etc.2 .
) For windows clients , there 's WinSCP or FileZilla ( or PSCP or PSFTP from PuTTY ) + PuTTY , PageNT , PuTTYgen,The trick here to avoid passwords being logged with keyloggers , sniffed , etc .
hence , the use of public / private key pairs and an SSH-Agent such.3 .
) For * BSD UNIX and Linux systems ( and others ) , there 's the OpenSSH suite + ssh-agent ( 1 ) .Anonymous , chroot'ed SFTP only accounts and/or chroot 'd user accounts are extremely simply to set up and use .
Head over to openbsd.org and read the FAQ and man pages.Enjoy !</tokentext>
<sentencetext>The solution is so simple, yet people are too dumb to do anything about it properly.1.
) Use OpenBSD's OpenSSH suite for SFTP (not FTPS crap) - be it in OpenBSD, FreeBSD, Linux or even Windows, etc.2.
) For windows clients, there's WinSCP or FileZilla (or PSCP or PSFTP from PuTTY) + PuTTY, PageNT,  PuTTYgen,The trick here to avoid passwords being logged with keyloggers, sniffed, etc.
hence, the use of public / private key pairs and an SSH-Agent such.3.
) For *BSD UNIX and Linux systems (and others), there's the OpenSSH suite + ssh-agent(1).Anonymous, chroot'ed SFTP only accounts and/or chroot'd user accounts are extremely simply to set up and use.
Head over to openbsd.org and read the FAQ and man pages.Enjoy!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683565</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>bigbird</author>
	<datestamp>1247483880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Try <a href="http://www.enterprisedt.com/products/completeftp/overview.html" title="enterprisedt.com">CompleteFTP</a> [enterprisedt.com]. It's a reasonably priced Windows server supporting FTP,FTP and SFTP (with SCP in the next release). (I'm one of the developers btw).</htmltext>
<tokenext>Try CompleteFTP [ enterprisedt.com ] .
It 's a reasonably priced Windows server supporting FTP,FTP and SFTP ( with SCP in the next release ) .
( I 'm one of the developers btw ) .</tokentext>
<sentencetext>Try CompleteFTP [enterprisedt.com].
It's a reasonably priced Windows server supporting FTP,FTP and SFTP (with SCP in the next release).
(I'm one of the developers btw).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681733</id>
	<title>horray for SFTP! :)</title>
	<author>Anonymous</author>
	<datestamp>1247475780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>horray for SFTP!<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>horray for SFTP !
: )</tokentext>
<sentencetext>horray for SFTP!
:)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680741</id>
	<title>Re:FTPS (breaks load-balancers and firewalls)</title>
	<author>toejam13</author>
	<datestamp>1247515080000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>One major issue with FTP over SSL/TLS is that network address translation (NAT) devices, such as firewalls and load-balancers, that eavesdrop on the FTP control channel in order to open dynamic data ports fail hard with FTPS.</p><p>If you use "explicit mode" FTPS, the client negotiates up to FTPS via a standard port 21 connection.  After secure authentication, they can issue a 'CCC' (clear control channel) command which backs the control channel back to a NAT compatible mode.  Problem is, this is a client side option.  It cannot be pushed by the server.  So, it is yet another thing that users must be educated over.</p><p>If you use "implicit mode" FTPS, which runs up on port 990, negotiation is not an option.  You're immediately forced into crypto mode, and you cannot back out either the control or data channel.  "Implicit mode" FTPS is incompatible with NAT devices unless you do some seriously nasty hacks.</p><p>In my opinion, SFTP (the file transfer subsystem of SSH) is a much better protocol.  It does not utilize dynamic ports, and it doesn't involve callbacks (like active FTP) that make firewall rule management a PITA.</p></htmltext>
<tokenext>One major issue with FTP over SSL/TLS is that network address translation ( NAT ) devices , such as firewalls and load-balancers , that eavesdrop on the FTP control channel in order to open dynamic data ports fail hard with FTPS.If you use " explicit mode " FTPS , the client negotiates up to FTPS via a standard port 21 connection .
After secure authentication , they can issue a 'CCC ' ( clear control channel ) command which backs the control channel back to a NAT compatible mode .
Problem is , this is a client side option .
It can not be pushed by the server .
So , it is yet another thing that users must be educated over.If you use " implicit mode " FTPS , which runs up on port 990 , negotiation is not an option .
You 're immediately forced into crypto mode , and you can not back out either the control or data channel .
" Implicit mode " FTPS is incompatible with NAT devices unless you do some seriously nasty hacks.In my opinion , SFTP ( the file transfer subsystem of SSH ) is a much better protocol .
It does not utilize dynamic ports , and it does n't involve callbacks ( like active FTP ) that make firewall rule management a PITA .</tokentext>
<sentencetext>One major issue with FTP over SSL/TLS is that network address translation (NAT) devices, such as firewalls and load-balancers, that eavesdrop on the FTP control channel in order to open dynamic data ports fail hard with FTPS.If you use "explicit mode" FTPS, the client negotiates up to FTPS via a standard port 21 connection.
After secure authentication, they can issue a 'CCC' (clear control channel) command which backs the control channel back to a NAT compatible mode.
Problem is, this is a client side option.
It cannot be pushed by the server.
So, it is yet another thing that users must be educated over.If you use "implicit mode" FTPS, which runs up on port 990, negotiation is not an option.
You're immediately forced into crypto mode, and you cannot back out either the control or data channel.
"Implicit mode" FTPS is incompatible with NAT devices unless you do some seriously nasty hacks.In my opinion, SFTP (the file transfer subsystem of SSH) is a much better protocol.
It does not utilize dynamic ports, and it doesn't involve callbacks (like active FTP) that make firewall rule management a PITA.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680173</id>
	<title>lack of sftp server software</title>
	<author>Cronq</author>
	<datestamp>1247512680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>In my practice setting up sftp server is a problem due to lack of sftp server software. Yes, there is openssh based sftp server which can do almost nothing.</p><p>No sql, no non filesystem quotas, no virtual fs etc.</p><p>If there were something like pureftpd or vsftpd supporting sftp...</p></htmltext>
<tokenext>In my practice setting up sftp server is a problem due to lack of sftp server software .
Yes , there is openssh based sftp server which can do almost nothing.No sql , no non filesystem quotas , no virtual fs etc.If there were something like pureftpd or vsftpd supporting sftp.. .</tokentext>
<sentencetext>In my practice setting up sftp server is a problem due to lack of sftp server software.
Yes, there is openssh based sftp server which can do almost nothing.No sql, no non filesystem quotas, no virtual fs etc.If there were something like pureftpd or vsftpd supporting sftp...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679123</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>flajann</author>
	<datestamp>1247509380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Of course, I think anyone who uses Windows for web services get what they deserve. Windows might be good for some things; serving the Web is not one of them.</htmltext>
<tokenext>Of course , I think anyone who uses Windows for web services get what they deserve .
Windows might be good for some things ; serving the Web is not one of them .</tokentext>
<sentencetext>Of course, I think anyone who uses Windows for web services get what they deserve.
Windows might be good for some things; serving the Web is not one of them.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676899</id>
	<title>All you need to know:</title>
	<author>Godeke</author>
	<datestamp>1247502000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><blockquote><div><p>I know of only two instances where I've ever definitely been infected with spyware. I don't do stupid things like downloading and running strange programs from third-party sites, so I think both infections were probably caused by a site exploiting a security hole in Internet Explorer, or in a plug-in like Adobe Acrobat or the Flash player. Both times, once I noticed I was infected, I got rid of the infection with Malwarebytes, but I don't know how much damage the spyware did in the meantime.</p></div></blockquote><p>Malwarebytes is good software, but as you point out you don't know how much damage was done. Secondary infections can easily be missed, and many malware programs open your machine to further exploitation. As tired as the suggestion is, you needed to do what you did with your website: revert the machine to a known good backup of the system state, formatting first. Anything less and you *should* have that nagging doubt that you haven't actually cleaned everything up. There are ways to diminish the concern: inspecting the machine for unexpected packet flows, using anti-rootkit tool, etc... but only by formatting and restoring a know clean state or formatting and just restoring your data files will you be confident).</p></div>
	</htmltext>
<tokenext>I know of only two instances where I 've ever definitely been infected with spyware .
I do n't do stupid things like downloading and running strange programs from third-party sites , so I think both infections were probably caused by a site exploiting a security hole in Internet Explorer , or in a plug-in like Adobe Acrobat or the Flash player .
Both times , once I noticed I was infected , I got rid of the infection with Malwarebytes , but I do n't know how much damage the spyware did in the meantime.Malwarebytes is good software , but as you point out you do n't know how much damage was done .
Secondary infections can easily be missed , and many malware programs open your machine to further exploitation .
As tired as the suggestion is , you needed to do what you did with your website : revert the machine to a known good backup of the system state , formatting first .
Anything less and you * should * have that nagging doubt that you have n't actually cleaned everything up .
There are ways to diminish the concern : inspecting the machine for unexpected packet flows , using anti-rootkit tool , etc... but only by formatting and restoring a know clean state or formatting and just restoring your data files will you be confident ) .</tokentext>
<sentencetext>I know of only two instances where I've ever definitely been infected with spyware.
I don't do stupid things like downloading and running strange programs from third-party sites, so I think both infections were probably caused by a site exploiting a security hole in Internet Explorer, or in a plug-in like Adobe Acrobat or the Flash player.
Both times, once I noticed I was infected, I got rid of the infection with Malwarebytes, but I don't know how much damage the spyware did in the meantime.Malwarebytes is good software, but as you point out you don't know how much damage was done.
Secondary infections can easily be missed, and many malware programs open your machine to further exploitation.
As tired as the suggestion is, you needed to do what you did with your website: revert the machine to a known good backup of the system state, formatting first.
Anything less and you *should* have that nagging doubt that you haven't actually cleaned everything up.
There are ways to diminish the concern: inspecting the machine for unexpected packet flows, using anti-rootkit tool, etc... but only by formatting and restoring a know clean state or formatting and just restoring your data files will you be confident).
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681221</id>
	<title>Re:Amusingly..</title>
	<author>Anonymous</author>
	<datestamp>1247517120000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p><div class="quote"><p>I made it a point to try to educate people in the class as to the proper protocols to use for uploading content.</p></div><p>
&nbsp; <br>I bet you are a fucking riot at parties.  Do you wear a trenchcoat and carry a cudgel as well?  <i>I knew people like you in college, and they were MIT-fags back then, too.</i></p></div>
	</htmltext>
<tokenext>I made it a point to try to educate people in the class as to the proper protocols to use for uploading content .
  I bet you are a fucking riot at parties .
Do you wear a trenchcoat and carry a cudgel as well ?
I knew people like you in college , and they were MIT-fags back then , too .</tokentext>
<sentencetext>I made it a point to try to educate people in the class as to the proper protocols to use for uploading content.
  I bet you are a fucking riot at parties.
Do you wear a trenchcoat and carry a cudgel as well?
I knew people like you in college, and they were MIT-fags back then, too.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677829</id>
	<title>Re:Keyloggers don't care</title>
	<author>Abcd1234</author>
	<datestamp>1247505240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous....</i></p><p>Oh please, that's bullshit.  Keyloggers a) need to get installed in the first place, b) need to not get detected by a virus scanner or malware detector, and then c) need to be installed on a machine where the user accesses a sensitive site.  And most of those issues can be mitigated with a properly secured OS.</p><p>A broken daemon configuration or protocol simply requires the hacker to exploit it.</p><p>So you're telling me those are equivalent?  Please...</p></htmltext>
<tokenext>Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous....Oh please , that 's bullshit .
Keyloggers a ) need to get installed in the first place , b ) need to not get detected by a virus scanner or malware detector , and then c ) need to be installed on a machine where the user accesses a sensitive site .
And most of those issues can be mitigated with a properly secured OS.A broken daemon configuration or protocol simply requires the hacker to exploit it.So you 're telling me those are equivalent ?
Please.. .</tokentext>
<sentencetext>Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous....Oh please, that's bullshit.
Keyloggers a) need to get installed in the first place, b) need to not get detected by a virus scanner or malware detector, and then c) need to be installed on a machine where the user accesses a sensitive site.
And most of those issues can be mitigated with a properly secured OS.A broken daemon configuration or protocol simply requires the hacker to exploit it.So you're telling me those are equivalent?
Please...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678539</id>
	<title>Re:Users can't tell the difference</title>
	<author>vslashg</author>
	<datestamp>1247507520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>If you don't know that FTP refers to a specific protocol, you don't know enough to be running a web site.</p></div></blockquote><p>This is akin to saying if you don't know what a carburetor does, you don't know enough to be driving a car.  Now, some people believe this, too, but this statement, and yours, are wrong.</p><p>Hey, look, I made a Slashdot car analogy!</p></div>
	</htmltext>
<tokenext>If you do n't know that FTP refers to a specific protocol , you do n't know enough to be running a web site.This is akin to saying if you do n't know what a carburetor does , you do n't know enough to be driving a car .
Now , some people believe this , too , but this statement , and yours , are wrong.Hey , look , I made a Slashdot car analogy !</tokentext>
<sentencetext>If you don't know that FTP refers to a specific protocol, you don't know enough to be running a web site.This is akin to saying if you don't know what a carburetor does, you don't know enough to be driving a car.
Now, some people believe this, too, but this statement, and yours, are wrong.Hey, look, I made a Slashdot car analogy!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678035</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28696113</id>
	<title>Re:Missing the point...</title>
	<author>Anonymous</author>
	<datestamp>1247565120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Ya because everybody doing web sites is a developer. What about suzy homemaker with her yarn and kittens site? The girl at the local dog pound posting pics of the puppies? Grandma's bridge club calender? Etc. etc.</p><p>These people haven't a clue what FTP is, or even what a web browser is. They know that the internet is that thing you click on, and to put stuff on the internet you use this other thing someone showed them how to use 8 years ago.</p></htmltext>
<tokenext>Ya because everybody doing web sites is a developer .
What about suzy homemaker with her yarn and kittens site ?
The girl at the local dog pound posting pics of the puppies ?
Grandma 's bridge club calender ?
Etc. etc.These people have n't a clue what FTP is , or even what a web browser is .
They know that the internet is that thing you click on , and to put stuff on the internet you use this other thing someone showed them how to use 8 years ago .</tokentext>
<sentencetext>Ya because everybody doing web sites is a developer.
What about suzy homemaker with her yarn and kittens site?
The girl at the local dog pound posting pics of the puppies?
Grandma's bridge club calender?
Etc. etc.These people haven't a clue what FTP is, or even what a web browser is.
They know that the internet is that thing you click on, and to put stuff on the internet you use this other thing someone showed them how to use 8 years ago.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28790863</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>Trogre</author>
	<datestamp>1248277080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You only need a SFTP server running on the web server, which will (should) be a Unix type system anyway.  If you're running a Windows workstation, then there's plenty of clients that support SFTP, such as Filezilla.</p></htmltext>
<tokenext>You only need a SFTP server running on the web server , which will ( should ) be a Unix type system anyway .
If you 're running a Windows workstation , then there 's plenty of clients that support SFTP , such as Filezilla .</tokentext>
<sentencetext>You only need a SFTP server running on the web server, which will (should) be a Unix type system anyway.
If you're running a Windows workstation, then there's plenty of clients that support SFTP, such as Filezilla.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679281</id>
	<title>FTPS, SFTP, FTP over SSH, ...</title>
	<author>rabun\_bike</author>
	<datestamp>1247509980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Good lord.
<br> <br>
FTPS = FTP over SSL or TLS<br>
SFTP = Totally different protocol from FTP and is unique unto itself.  Bears no resemblance to FTP protocol except you are moving files to and from.<br>
FTP over SSH = FTP over SSH where the FTP commands are tunneled inside an SSH session.<br>
<br> <br>
FTPS still uses passive ports to push data but FTPS client has to negotiate yet another TLS handshake which means you or the FTPS client has to re-authenticate or chain up the certificate every time a passive port is open.  If your firewall allows clients to make passive connections to your FTP server then FTPS will work just fine.  From the clients perspective, passive connections are the way to go since the client originates all connections to the server.
<br> <br>
There are two modes of operation for FTPS - explicit and implicit.  Implicit is weak because you can send you username and password in clear and then secure the connection.  It should even be supported by FTPS clients but it is for legacy purposes.  Explicit FTPS means right when the FTP connection is made from the client to the server, a TLS handshake and connection is created and then your credentials are passed in.  All communications after the AUTH TLS command are secured within the TLS protocol.
<br> <br>
There is a LOT of confusion when talking about FTP, SFTP, FTPS, FTP over SSH, or FTP over X.
<br> <br>
<a href="http://en.wikipedia.org/wiki/FTPS" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/FTPS</a> [wikipedia.org] <br>
<a href="http://en.wikipedia.org/wiki/File\_Transfer\_Protocol" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/File\_Transfer\_Protocol</a> [wikipedia.org]</htmltext>
<tokenext>Good lord .
FTPS = FTP over SSL or TLS SFTP = Totally different protocol from FTP and is unique unto itself .
Bears no resemblance to FTP protocol except you are moving files to and from .
FTP over SSH = FTP over SSH where the FTP commands are tunneled inside an SSH session .
FTPS still uses passive ports to push data but FTPS client has to negotiate yet another TLS handshake which means you or the FTPS client has to re-authenticate or chain up the certificate every time a passive port is open .
If your firewall allows clients to make passive connections to your FTP server then FTPS will work just fine .
From the clients perspective , passive connections are the way to go since the client originates all connections to the server .
There are two modes of operation for FTPS - explicit and implicit .
Implicit is weak because you can send you username and password in clear and then secure the connection .
It should even be supported by FTPS clients but it is for legacy purposes .
Explicit FTPS means right when the FTP connection is made from the client to the server , a TLS handshake and connection is created and then your credentials are passed in .
All communications after the AUTH TLS command are secured within the TLS protocol .
There is a LOT of confusion when talking about FTP , SFTP , FTPS , FTP over SSH , or FTP over X . http : //en.wikipedia.org/wiki/FTPS [ wikipedia.org ] http : //en.wikipedia.org/wiki/File \ _Transfer \ _Protocol [ wikipedia.org ]</tokentext>
<sentencetext>Good lord.
FTPS = FTP over SSL or TLS
SFTP = Totally different protocol from FTP and is unique unto itself.
Bears no resemblance to FTP protocol except you are moving files to and from.
FTP over SSH = FTP over SSH where the FTP commands are tunneled inside an SSH session.
FTPS still uses passive ports to push data but FTPS client has to negotiate yet another TLS handshake which means you or the FTPS client has to re-authenticate or chain up the certificate every time a passive port is open.
If your firewall allows clients to make passive connections to your FTP server then FTPS will work just fine.
From the clients perspective, passive connections are the way to go since the client originates all connections to the server.
There are two modes of operation for FTPS - explicit and implicit.
Implicit is weak because you can send you username and password in clear and then secure the connection.
It should even be supported by FTPS clients but it is for legacy purposes.
Explicit FTPS means right when the FTP connection is made from the client to the server, a TLS handshake and connection is created and then your credentials are passed in.
All communications after the AUTH TLS command are secured within the TLS protocol.
There is a LOT of confusion when talking about FTP, SFTP, FTPS, FTP over SSH, or FTP over X.
 
http://en.wikipedia.org/wiki/FTPS [wikipedia.org] 
http://en.wikipedia.org/wiki/File\_Transfer\_Protocol [wikipedia.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678719</id>
	<title>Re:Amusingly..</title>
	<author>HogGeek</author>
	<datestamp>1247508120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Personally I use, and recommend a <a href="http://subversion.tigris.org/" title="tigris.org">version control system</a> [tigris.org]...</p></htmltext>
<tokenext>Personally I use , and recommend a version control system [ tigris.org ] .. .</tokentext>
<sentencetext>Personally I use, and recommend a version control system [tigris.org]...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678373</id>
	<title>Re:FTPS</title>
	<author>fnj</author>
	<datestamp>1247506920000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Horse shit.  chroot is a tool.  Used properly, where applicable, it can greatly enhance security.  Used improperly, it does little or no good.  It doesn't matter what it was invented for; it doesn't matter how many times people make blanket statements about it; the fact is that it can be used as a useful security tool.</p><p>Some of the other commenters point you to sources detailing chroot's weaknesses and pitfalls, and how to avoid them.</p><p>There is no perfect, cure-all security measure.  That doesn't mean you don't use available tools to enhance security as much as possible.  The world is not black and white.  It is shades of grey.</p><p>I'm not quite sure where you're aiming with the statement "FTP without a chroot is not really any different than ssh without a chroot.", but it strikes me as utter nonsense.</p><p>Pardon my French, but your sweeping statements are just out of control, beginning with where you call your parent's post silly.</p></htmltext>
<tokenext>Horse shit .
chroot is a tool .
Used properly , where applicable , it can greatly enhance security .
Used improperly , it does little or no good .
It does n't matter what it was invented for ; it does n't matter how many times people make blanket statements about it ; the fact is that it can be used as a useful security tool.Some of the other commenters point you to sources detailing chroot 's weaknesses and pitfalls , and how to avoid them.There is no perfect , cure-all security measure .
That does n't mean you do n't use available tools to enhance security as much as possible .
The world is not black and white .
It is shades of grey.I 'm not quite sure where you 're aiming with the statement " FTP without a chroot is not really any different than ssh without a chroot .
" , but it strikes me as utter nonsense.Pardon my French , but your sweeping statements are just out of control , beginning with where you call your parent 's post silly .</tokentext>
<sentencetext>Horse shit.
chroot is a tool.
Used properly, where applicable, it can greatly enhance security.
Used improperly, it does little or no good.
It doesn't matter what it was invented for; it doesn't matter how many times people make blanket statements about it; the fact is that it can be used as a useful security tool.Some of the other commenters point you to sources detailing chroot's weaknesses and pitfalls, and how to avoid them.There is no perfect, cure-all security measure.
That doesn't mean you don't use available tools to enhance security as much as possible.
The world is not black and white.
It is shades of grey.I'm not quite sure where you're aiming with the statement "FTP without a chroot is not really any different than ssh without a chroot.
", but it strikes me as utter nonsense.Pardon my French, but your sweeping statements are just out of control, beginning with where you call your parent's post silly.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678953</id>
	<title>Re:FTPS</title>
	<author>ppanon</author>
	<datestamp>1247508780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I am under the impression that OpenBSD's chroot jails are reasonably secure when used in conjunction with OpenBSD's privilege separation and privilege revocation.</htmltext>
<tokenext>I am under the impression that OpenBSD 's chroot jails are reasonably secure when used in conjunction with OpenBSD 's privilege separation and privilege revocation .</tokentext>
<sentencetext>I am under the impression that OpenBSD's chroot jails are reasonably secure when used in conjunction with OpenBSD's privilege separation and privilege revocation.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677667</id>
	<title>Not every machine is on teh webs</title>
	<author>spungo</author>
	<datestamp>1247504700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I spend a lot of time on working on closed subnets -- ftp is v useful for systems when there's only one or two users with access -- and everything is done in a secure room. Do we really need to sledgehammer of ssh? Admittedly I didn't RTFA (on principle, you understand), so why should everyone be denied ftp when it is not dangerous to all?</htmltext>
<tokenext>I spend a lot of time on working on closed subnets -- ftp is v useful for systems when there 's only one or two users with access -- and everything is done in a secure room .
Do we really need to sledgehammer of ssh ?
Admittedly I did n't RTFA ( on principle , you understand ) , so why should everyone be denied ftp when it is not dangerous to all ?</tokentext>
<sentencetext>I spend a lot of time on working on closed subnets -- ftp is v useful for systems when there's only one or two users with access -- and everything is done in a secure room.
Do we really need to sledgehammer of ssh?
Admittedly I didn't RTFA (on principle, you understand), so why should everyone be denied ftp when it is not dangerous to all?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678035</id>
	<title>Re:Users can't tell the difference</title>
	<author>Hatta</author>
	<datestamp>1247505780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you don't know that FTP refers to a specific protocol, you don't know enough to be running a web site.</p></htmltext>
<tokenext>If you do n't know that FTP refers to a specific protocol , you do n't know enough to be running a web site .</tokentext>
<sentencetext>If you don't know that FTP refers to a specific protocol, you don't know enough to be running a web site.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</id>
	<title>Keyloggers don't care</title>
	<author>Anonymous</author>
	<datestamp>1247503140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>SSH, SFTP, SCP, FTP, ZMODEM, KERMIT, AND ALL THAT CRAP MEANS NOTHING!</p><p>Why? because moron employees surfing for p0rn at work will get a keylogger by accident installed and grab more information then packet sniffers EVER will. Regardless of how well the encryption is the keylogger and malware will trump all measure if employees are careless.</p><p>You can get a silent VNC session going and lockout the physical keyboard and mouse and by the time they figure out what has happened you have enough control to grab what you need.</p><p>Hell just track the next time they go to amazon.com or any onther online site. Who gives a rats ass about SSL when you are seeing them type in their info?!</p><p>FTP vulnerable? No more then your home phone line or cell phone. The problem is and always will be PEOPLE. One they have control of the physical machine all bets are off for ANY security measure.</p><p>Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous....</p></htmltext>
<tokenext>SSH , SFTP , SCP , FTP , ZMODEM , KERMIT , AND ALL THAT CRAP MEANS NOTHING ! Why ?
because moron employees surfing for p0rn at work will get a keylogger by accident installed and grab more information then packet sniffers EVER will .
Regardless of how well the encryption is the keylogger and malware will trump all measure if employees are careless.You can get a silent VNC session going and lockout the physical keyboard and mouse and by the time they figure out what has happened you have enough control to grab what you need.Hell just track the next time they go to amazon.com or any onther online site .
Who gives a rats ass about SSL when you are seeing them type in their info ?
! FTP vulnerable ?
No more then your home phone line or cell phone .
The problem is and always will be PEOPLE .
One they have control of the physical machine all bets are off for ANY security measure.Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous... .</tokentext>
<sentencetext>SSH, SFTP, SCP, FTP, ZMODEM, KERMIT, AND ALL THAT CRAP MEANS NOTHING!Why?
because moron employees surfing for p0rn at work will get a keylogger by accident installed and grab more information then packet sniffers EVER will.
Regardless of how well the encryption is the keylogger and malware will trump all measure if employees are careless.You can get a silent VNC session going and lockout the physical keyboard and mouse and by the time they figure out what has happened you have enough control to grab what you need.Hell just track the next time they go to amazon.com or any onther online site.
Who gives a rats ass about SSL when you are seeing them type in their info?
!FTP vulnerable?
No more then your home phone line or cell phone.
The problem is and always will be PEOPLE.
One they have control of the physical machine all bets are off for ANY security measure.Arguing protocols being secure or not is like arguing which unloaded gun is more dangerous....</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678259</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Anonymous</author>
	<datestamp>1247506440000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>FTP is actually not that simple to administer, in some ways. FTP is constantly creating new TCP connections for each directory listing or file transfer, and the new connections have a different destination port than your original connection. This fact makes FTP difficult to proxy.</p><p>For example, this dialogue could occur in an FTP session:<br>Client: PASV     (Request PASV mode)<br>Server: 227 OK (192,168,1,1,123,456)   (I'm listening on a new port at 192.168.1.1:31944) (because 31944 == 1238 + 456)</p><p>So your proxy software would have to see and understand this exchange, and begin proxying port 31944 also. Your proxy has to be "FTP-aware." If you were using putty to proxy your FTP control connection, this new connection would not use the SSH tunnel, and you probably wouldn't even notice.</p><p>The alternative would be to use PORT mode, which requires a new connection from the *server to the client,* with the obvious security risks and firewall/NAT problems that implies.</p><p>Yes, FTP is a silly protocol, but it dates from simpler times when NAT didn't exist and security wasn't the huge problem it is today. Daniel J. Bernstein wrote a good mid-level description of FTP at http://cr.yp.to/ftp.html .</p><p>-D</p></htmltext>
<tokenext>FTP is actually not that simple to administer , in some ways .
FTP is constantly creating new TCP connections for each directory listing or file transfer , and the new connections have a different destination port than your original connection .
This fact makes FTP difficult to proxy.For example , this dialogue could occur in an FTP session : Client : PASV ( Request PASV mode ) Server : 227 OK ( 192,168,1,1,123,456 ) ( I 'm listening on a new port at 192.168.1.1 : 31944 ) ( because 31944 = = 1238 + 456 ) So your proxy software would have to see and understand this exchange , and begin proxying port 31944 also .
Your proxy has to be " FTP-aware .
" If you were using putty to proxy your FTP control connection , this new connection would not use the SSH tunnel , and you probably would n't even notice.The alternative would be to use PORT mode , which requires a new connection from the * server to the client , * with the obvious security risks and firewall/NAT problems that implies.Yes , FTP is a silly protocol , but it dates from simpler times when NAT did n't exist and security was n't the huge problem it is today .
Daniel J. Bernstein wrote a good mid-level description of FTP at http : //cr.yp.to/ftp.html .-D</tokentext>
<sentencetext>FTP is actually not that simple to administer, in some ways.
FTP is constantly creating new TCP connections for each directory listing or file transfer, and the new connections have a different destination port than your original connection.
This fact makes FTP difficult to proxy.For example, this dialogue could occur in an FTP session:Client: PASV     (Request PASV mode)Server: 227 OK (192,168,1,1,123,456)   (I'm listening on a new port at 192.168.1.1:31944) (because 31944 == 1238 + 456)So your proxy software would have to see and understand this exchange, and begin proxying port 31944 also.
Your proxy has to be "FTP-aware.
" If you were using putty to proxy your FTP control connection, this new connection would not use the SSH tunnel, and you probably wouldn't even notice.The alternative would be to use PORT mode, which requires a new connection from the *server to the client,* with the obvious security risks and firewall/NAT problems that implies.Yes, FTP is a silly protocol, but it dates from simpler times when NAT didn't exist and security wasn't the huge problem it is today.
Daniel J. Bernstein wrote a good mid-level description of FTP at http://cr.yp.to/ftp.html .-D</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28691767</id>
	<title>Re:It doesn't matter</title>
	<author>wurp</author>
	<datestamp>1247589480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Either your passwords are stored on your harddisk or you're going to have to type them in at a later point. In both cases software is going to be able to get your passwords. And they have that they can get in without a problem, regardless of protocol used.</p></div></blockquote><p>Unless and until someone develops all these systems (starting with file transfer) to operate on challenge &amp; response using pub/priv key systems.  Hmm, in fact I suspect ssh does work that way when you use keys.  I need to look into that...</p><p>Anyway, if you use such a system, then you can have a token (physical key) which contains your private key in an inaccessible way, but can provide the public key on demand or can be asked to sign a piece of text using your private key.  Then the authenticating system sends you random text, your token signs it &amp; sends it back, and the authenticating system validates the signature using your public key.</p><p>Then, regardless of the security of the system you're using, your identity is secure.  Someone may steal your session and do Bad Things, but they can't ever login again as you once you're logged out on that session.  For very dangerous operations, the authenticating system just requests you to authorize the operation explicitly, so even session hijacking won't let an attacker screw you.  If necessary your token can provide a way to display a simple message about what operation you're authenticating by pressing OK.</p><p>Ideally, the physical key has a way for you to enter a password directly into it.  Then someone would have to not only steal your key, but also learn your password to be able to hijack your identity.</p><p>If you need to invalidate an old token and migrate to a new one, you can allow a request signed by some authority to invalidate the old key and inject a new one.  If you don't like central authorities, web of trust can be used in the same way.</p></div>
	</htmltext>
<tokenext>Either your passwords are stored on your harddisk or you 're going to have to type them in at a later point .
In both cases software is going to be able to get your passwords .
And they have that they can get in without a problem , regardless of protocol used.Unless and until someone develops all these systems ( starting with file transfer ) to operate on challenge &amp; response using pub/priv key systems .
Hmm , in fact I suspect ssh does work that way when you use keys .
I need to look into that...Anyway , if you use such a system , then you can have a token ( physical key ) which contains your private key in an inaccessible way , but can provide the public key on demand or can be asked to sign a piece of text using your private key .
Then the authenticating system sends you random text , your token signs it &amp; sends it back , and the authenticating system validates the signature using your public key.Then , regardless of the security of the system you 're using , your identity is secure .
Someone may steal your session and do Bad Things , but they ca n't ever login again as you once you 're logged out on that session .
For very dangerous operations , the authenticating system just requests you to authorize the operation explicitly , so even session hijacking wo n't let an attacker screw you .
If necessary your token can provide a way to display a simple message about what operation you 're authenticating by pressing OK.Ideally , the physical key has a way for you to enter a password directly into it .
Then someone would have to not only steal your key , but also learn your password to be able to hijack your identity.If you need to invalidate an old token and migrate to a new one , you can allow a request signed by some authority to invalidate the old key and inject a new one .
If you do n't like central authorities , web of trust can be used in the same way .</tokentext>
<sentencetext>Either your passwords are stored on your harddisk or you're going to have to type them in at a later point.
In both cases software is going to be able to get your passwords.
And they have that they can get in without a problem, regardless of protocol used.Unless and until someone develops all these systems (starting with file transfer) to operate on challenge &amp; response using pub/priv key systems.
Hmm, in fact I suspect ssh does work that way when you use keys.
I need to look into that...Anyway, if you use such a system, then you can have a token (physical key) which contains your private key in an inaccessible way, but can provide the public key on demand or can be asked to sign a piece of text using your private key.
Then the authenticating system sends you random text, your token signs it &amp; sends it back, and the authenticating system validates the signature using your public key.Then, regardless of the security of the system you're using, your identity is secure.
Someone may steal your session and do Bad Things, but they can't ever login again as you once you're logged out on that session.
For very dangerous operations, the authenticating system just requests you to authorize the operation explicitly, so even session hijacking won't let an attacker screw you.
If necessary your token can provide a way to display a simple message about what operation you're authenticating by pressing OK.Ideally, the physical key has a way for you to enter a password directly into it.
Then someone would have to not only steal your key, but also learn your password to be able to hijack your identity.If you need to invalidate an old token and migrate to a new one, you can allow a request signed by some authority to invalidate the old key and inject a new one.
If you don't like central authorities, web of trust can be used in the same way.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28685187</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Anonymous</author>
	<datestamp>1247495040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>amazingly simple protocol</p></div><p>Not.</p></div>
	</htmltext>
<tokenext>amazingly simple protocolNot .</tokentext>
<sentencetext>amazingly simple protocolNot.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678507</id>
	<title>Re:FTPS</title>
	<author>palegray.net</author>
	<datestamp>1247507460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Spoken like someone who hasn't been able to figure out how to use chroot properly for several years.</htmltext>
<tokenext>Spoken like someone who has n't been able to figure out how to use chroot properly for several years .</tokentext>
<sentencetext>Spoken like someone who hasn't been able to figure out how to use chroot properly for several years.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680107</id>
	<title>Re:Not just unknown, incompatible</title>
	<author>neoform</author>
	<datestamp>1247512500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I've worked with many different FTPS server and they're all very easy to use. Mind you, I was always using windows (FileZilla server, Ability FTP Server).</htmltext>
<tokenext>I 've worked with many different FTPS server and they 're all very easy to use .
Mind you , I was always using windows ( FileZilla server , Ability FTP Server ) .</tokentext>
<sentencetext>I've worked with many different FTPS server and they're all very easy to use.
Mind you, I was always using windows (FileZilla server, Ability FTP Server).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677435</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411</id>
	<title>securing ftp</title>
	<author>Anonymous</author>
	<datestamp>1247507040000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>There are many ways of securing plain ftp</p><p>1. FTPS</p><p>2. OpenVPN</p><p>3. IPSEC (I use transport mode)</p><p>4. GSSAPI authentication</p><p>Those are just a few.</p><p>SFTP is nice but does not have as many features as fanilla FTP</p></htmltext>
<tokenext>There are many ways of securing plain ftp1 .
FTPS2. OpenVPN3 .
IPSEC ( I use transport mode ) 4 .
GSSAPI authenticationThose are just a few.SFTP is nice but does not have as many features as fanilla FTP</tokentext>
<sentencetext>There are many ways of securing plain ftp1.
FTPS2. OpenVPN3.
IPSEC (I use transport mode)4.
GSSAPI authenticationThose are just a few.SFTP is nice but does not have as many features as fanilla FTP</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677595</id>
	<title>The security lie</title>
	<author>Lord Bitman</author>
	<datestamp>1247504400000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Once you have discovered you are infected, the ONLY way to be safe is to assume that you have also been infected in at least 100 other, undiscovered, ways.<br>Security companies like to sell the lie of "buy our product! Be safe! And if something slips through, just hit "delete" and be safe again!" but it really doesn't work like that: If there's one, there's three, and those three turn into a hundred very easily.</p><p>The only way to be safe is not "buy some guy's security software" (you're machine's been compromised, how the hell is running something else on the same machine supposed to help??), it's "reformat, treat every backed-up file as compromised". Sad, annoying, true.</p><p>In summary: when you found out you were infected, you did the equivalent of nothing at all, then were surprised when a password was stolen several months later.</p></htmltext>
<tokenext>Once you have discovered you are infected , the ONLY way to be safe is to assume that you have also been infected in at least 100 other , undiscovered , ways.Security companies like to sell the lie of " buy our product !
Be safe !
And if something slips through , just hit " delete " and be safe again !
" but it really does n't work like that : If there 's one , there 's three , and those three turn into a hundred very easily.The only way to be safe is not " buy some guy 's security software " ( you 're machine 's been compromised , how the hell is running something else on the same machine supposed to help ? ?
) , it 's " reformat , treat every backed-up file as compromised " .
Sad , annoying , true.In summary : when you found out you were infected , you did the equivalent of nothing at all , then were surprised when a password was stolen several months later .</tokentext>
<sentencetext>Once you have discovered you are infected, the ONLY way to be safe is to assume that you have also been infected in at least 100 other, undiscovered, ways.Security companies like to sell the lie of "buy our product!
Be safe!
And if something slips through, just hit "delete" and be safe again!
" but it really doesn't work like that: If there's one, there's three, and those three turn into a hundred very easily.The only way to be safe is not "buy some guy's security software" (you're machine's been compromised, how the hell is running something else on the same machine supposed to help??
), it's "reformat, treat every backed-up file as compromised".
Sad, annoying, true.In summary: when you found out you were infected, you did the equivalent of nothing at all, then were surprised when a password was stolen several months later.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683249</id>
	<title>Re:securing ftp</title>
	<author>raju1kabir</author>
	<datestamp>1247482260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>SFTP is nice but does not have as many features as fanilla FTP</p></div></blockquote><p>What's a feature of fanilla FTP that you find missing in sftp?</p></div>
	</htmltext>
<tokenext>SFTP is nice but does not have as many features as fanilla FTPWhat 's a feature of fanilla FTP that you find missing in sftp ?</tokentext>
<sentencetext>SFTP is nice but does not have as many features as fanilla FTPWhat's a feature of fanilla FTP that you find missing in sftp?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680921</id>
	<title>Re:Missing the point...</title>
	<author>nine-times</author>
	<datestamp>1247515800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.</p></div><p>Well what really does verify the authenticity of the host you're connecting to?  SFTP doesn't really, it only verifies that the host you're connecting to is the same as the host you connected to before.  SSL CAs sort of do, but most of them don't really work that hard to verify who they're giving certs to.</p></div>
	</htmltext>
<tokenext>Secure-FTP ( over SSL ) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.Well what really does verify the authenticity of the host you 're connecting to ?
SFTP does n't really , it only verifies that the host you 're connecting to is the same as the host you connected to before .
SSL CAs sort of do , but most of them do n't really work that hard to verify who they 're giving certs to .</tokentext>
<sentencetext>Secure-FTP (over SSL) is not sufficient as it only encrypts things without verifying the authenticity of the host you are connecting to.Well what really does verify the authenticity of the host you're connecting to?
SFTP doesn't really, it only verifies that the host you're connecting to is the same as the host you connected to before.
SSL CAs sort of do, but most of them don't really work that hard to verify who they're giving certs to.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</id>
	<title>Users can't tell the difference</title>
	<author>Anonymous</author>
	<datestamp>1247502780000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Our end users keep asking and referring to FTP, when all they need is a way to transfer files temporarily (especially when the email server doesn't like 2 gig attachments).  So we setup a web interface to post files, download them, and autodelete.  They have been happy with it since then.  What do they call it? The FTP server.</p><p>The FTP term has lost its meaning to represent a protocol (which is what the IT staff thinks of it as) vs the end users with think of FTP as a generic term to transfer files.</p></htmltext>
<tokenext>Our end users keep asking and referring to FTP , when all they need is a way to transfer files temporarily ( especially when the email server does n't like 2 gig attachments ) .
So we setup a web interface to post files , download them , and autodelete .
They have been happy with it since then .
What do they call it ?
The FTP server.The FTP term has lost its meaning to represent a protocol ( which is what the IT staff thinks of it as ) vs the end users with think of FTP as a generic term to transfer files .</tokentext>
<sentencetext>Our end users keep asking and referring to FTP, when all they need is a way to transfer files temporarily (especially when the email server doesn't like 2 gig attachments).
So we setup a web interface to post files, download them, and autodelete.
They have been happy with it since then.
What do they call it?
The FTP server.The FTP term has lost its meaning to represent a protocol (which is what the IT staff thinks of it as) vs the end users with think of FTP as a generic term to transfer files.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677111</id>
	<title>These aren't average users, are they?</title>
	<author>Sockatume</author>
	<datestamp>1247502660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>(What percent of users ever change the default set of toolbars that are displayed at the top of their Web browser window?) </i> </p><p>I'm guessing that when it comes to users who administer their own websites, and do it through FTP rather than the Geocities page builder, it's actually pretty high. This is a group of people that could probably navigate a simple menu to the SSH toggle intuitively. Now, the whole phone-number-PIN rigmarole is an un-necessary headache, but generally this isn't an end-user usability issue, it's an end-user risk assessment issue. They assume that because SFTP is an obscure, buried option, then it's not necessary for their everyday work, and ordinary FTP is sufficient. This leads to the same set of solutions - make SFTP default and bury the ability to disable it, or make it hard for the user not to notice that they can secure the connection - but for different reasons.</p></htmltext>
<tokenext>( What percent of users ever change the default set of toolbars that are displayed at the top of their Web browser window ?
) I 'm guessing that when it comes to users who administer their own websites , and do it through FTP rather than the Geocities page builder , it 's actually pretty high .
This is a group of people that could probably navigate a simple menu to the SSH toggle intuitively .
Now , the whole phone-number-PIN rigmarole is an un-necessary headache , but generally this is n't an end-user usability issue , it 's an end-user risk assessment issue .
They assume that because SFTP is an obscure , buried option , then it 's not necessary for their everyday work , and ordinary FTP is sufficient .
This leads to the same set of solutions - make SFTP default and bury the ability to disable it , or make it hard for the user not to notice that they can secure the connection - but for different reasons .</tokentext>
<sentencetext>(What percent of users ever change the default set of toolbars that are displayed at the top of their Web browser window?
)  I'm guessing that when it comes to users who administer their own websites, and do it through FTP rather than the Geocities page builder, it's actually pretty high.
This is a group of people that could probably navigate a simple menu to the SSH toggle intuitively.
Now, the whole phone-number-PIN rigmarole is an un-necessary headache, but generally this isn't an end-user usability issue, it's an end-user risk assessment issue.
They assume that because SFTP is an obscure, buried option, then it's not necessary for their everyday work, and ordinary FTP is sufficient.
This leads to the same set of solutions - make SFTP default and bury the ability to disable it, or make it hard for the user not to notice that they can secure the connection - but for different reasons.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680931</id>
	<title>Re:Whaaaaaa!</title>
	<author>Anonymous</author>
	<datestamp>1247515860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Used *extensively* in industry as an easy way to transport files between organizations that are PGP encrypted.</p></htmltext>
<tokenext>Used * extensively * in industry as an easy way to transport files between organizations that are PGP encrypted .</tokentext>
<sentencetext>Used *extensively* in industry as an easy way to transport files between organizations that are PGP encrypted.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678985</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</id>
	<title>Re:FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247504640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So many reasons why this post is silly:</p><p>chroot is not a jail, its a hack to make shitty software work in a specially constructed enviroment.  It does not in any way prevent a malicious program from breaking out of the chroot, it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.</p><p>FTP without a chroot is not really any different than ssh without a chroot.  If you're just depending on the authors of your ftp daemon to protect you then your an idiot.</p><p>Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.</p><p>CHROOT IS NOT A FUCKING SECURITY FENCE, NOT INTENDED TO BE, DOESN'T ACT LIKE ONE, WILL NEVER BE ONE.</p></htmltext>
<tokenext>So many reasons why this post is silly : chroot is not a jail , its a hack to make shitty software work in a specially constructed enviroment .
It does not in any way prevent a malicious program from breaking out of the chroot , it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.FTP without a chroot is not really any different than ssh without a chroot .
If you 're just depending on the authors of your ftp daemon to protect you then your an idiot.Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.CHROOT IS NOT A FUCKING SECURITY FENCE , NOT INTENDED TO BE , DOES N'T ACT LIKE ONE , WILL NEVER BE ONE .</tokentext>
<sentencetext>So many reasons why this post is silly:chroot is not a jail, its a hack to make shitty software work in a specially constructed enviroment.
It does not in any way prevent a malicious program from breaking out of the chroot, it just makes a poorly written one have the option of working in a special section of the filesystem where you can put specific versions of files without effecting the entire system.FTP without a chroot is not really any different than ssh without a chroot.
If you're just depending on the authors of your ftp daemon to protect you then your an idiot.Let me say this one more time since no one ever gets it an every year we see a new slashdot article about it.CHROOT IS NOT A FUCKING SECURITY FENCE, NOT INTENDED TO BE, DOESN'T ACT LIKE ONE, WILL NEVER BE ONE.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677299</id>
	<title>So basically...</title>
	<author>Mr. DOS</author>
	<datestamp>1247503380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...user gets infected with spyware, is surprised when information is stolen as a result? Y'know, it's called <strong>spy</strong>ware for a reason.</p><p>
&nbsp; &nbsp; &nbsp; --- Mr. DOS</p></htmltext>
<tokenext>...user gets infected with spyware , is surprised when information is stolen as a result ?
Y'know , it 's called spyware for a reason .
      --- Mr. DOS</tokentext>
<sentencetext>...user gets infected with spyware, is surprised when information is stolen as a result?
Y'know, it's called spyware for a reason.
      --- Mr. DOS</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680567</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>DavidTC</author>
	<datestamp>1247514180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Both SFTP and FTP[S] are stupid damn standards.</p><p>
What we need is a single port (Which lets out FTP[S]) protocol with optional encryption of the password, the control channel, and/or the data channel, to whatever level you want. It should be able to be used unencrypted (Which lets out SFTP), and shouldn't be commonly tied to actual account logins (Which more SFTP is.).</p><p>
This is, in fact, what WebDAV is suppose to do, but WebDAV is just an incredibly crappy implementation, and it brings in its own problems by tying it to an HTTP server, as many people are already running HTTP servers with the wrong permissions for this, and HTTP POST is a spectacularly poorly-made protocol to start with.</p><p>
In only partial jest, I suggest using IMAP, which seems to manage all this stuff without any problems at all.<nobr> <wbr></nobr>;)</p><p>
Oh, and it also needs 'finished the upload' support, where files get uploaded in their entirely and then atomically replace existing files. As part of the protocol, if you turn it on, not via clients doing an 'upload and then rename'.</p><p>
Also needs good resume support with CRC checking server-side, so that clients can check that a file that's partially uploaded or downloaded is the right one by asking for a CRC of the already transferred part.</p></htmltext>
<tokenext>Both SFTP and FTP [ S ] are stupid damn standards .
What we need is a single port ( Which lets out FTP [ S ] ) protocol with optional encryption of the password , the control channel , and/or the data channel , to whatever level you want .
It should be able to be used unencrypted ( Which lets out SFTP ) , and should n't be commonly tied to actual account logins ( Which more SFTP is. ) .
This is , in fact , what WebDAV is suppose to do , but WebDAV is just an incredibly crappy implementation , and it brings in its own problems by tying it to an HTTP server , as many people are already running HTTP servers with the wrong permissions for this , and HTTP POST is a spectacularly poorly-made protocol to start with .
In only partial jest , I suggest using IMAP , which seems to manage all this stuff without any problems at all .
; ) Oh , and it also needs 'finished the upload ' support , where files get uploaded in their entirely and then atomically replace existing files .
As part of the protocol , if you turn it on , not via clients doing an 'upload and then rename' .
Also needs good resume support with CRC checking server-side , so that clients can check that a file that 's partially uploaded or downloaded is the right one by asking for a CRC of the already transferred part .</tokentext>
<sentencetext>Both SFTP and FTP[S] are stupid damn standards.
What we need is a single port (Which lets out FTP[S]) protocol with optional encryption of the password, the control channel, and/or the data channel, to whatever level you want.
It should be able to be used unencrypted (Which lets out SFTP), and shouldn't be commonly tied to actual account logins (Which more SFTP is.).
This is, in fact, what WebDAV is suppose to do, but WebDAV is just an incredibly crappy implementation, and it brings in its own problems by tying it to an HTTP server, as many people are already running HTTP servers with the wrong permissions for this, and HTTP POST is a spectacularly poorly-made protocol to start with.
In only partial jest, I suggest using IMAP, which seems to manage all this stuff without any problems at all.
;)
Oh, and it also needs 'finished the upload' support, where files get uploaded in their entirely and then atomically replace existing files.
As part of the protocol, if you turn it on, not via clients doing an 'upload and then rename'.
Also needs good resume support with CRC checking server-side, so that clients can check that a file that's partially uploaded or downloaded is the right one by asking for a CRC of the already transferred part.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677559</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676987</id>
	<title>Hmm</title>
	<author>Anonymous</author>
	<datestamp>1247502240000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>Is this a plea for everyone on<nobr> <wbr></nobr>/. to come look at your site?</p></htmltext>
<tokenext>Is this a plea for everyone on / .
to come look at your site ?</tokentext>
<sentencetext>Is this a plea for everyone on /.
to come look at your site?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683011</id>
	<title>Re:FTPS</title>
	<author>raju1kabir</author>
	<datestamp>1247481180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>You do not need root privileges to break out of a chroot. If you can find a file descriptor which was opened before the call to chroot() you can break out of the chroot. That is only one example</p></div></blockquote><p>It's more of a notion than an example. Given an open file descriptor and no root privileges, how exactly would you break out of a chroot on a reasonably common and up-to-date system?</p></div>
	</htmltext>
<tokenext>You do not need root privileges to break out of a chroot .
If you can find a file descriptor which was opened before the call to chroot ( ) you can break out of the chroot .
That is only one exampleIt 's more of a notion than an example .
Given an open file descriptor and no root privileges , how exactly would you break out of a chroot on a reasonably common and up-to-date system ?</tokentext>
<sentencetext>You do not need root privileges to break out of a chroot.
If you can find a file descriptor which was opened before the call to chroot() you can break out of the chroot.
That is only one exampleIt's more of a notion than an example.
Given an open file descriptor and no root privileges, how exactly would you break out of a chroot on a reasonably common and up-to-date system?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680665</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678179</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>LordLimecat</author>
	<datestamp>1247506200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I take issue with the term "well-regarded, commercial".  It seems to imply that they would be more reliable than opensource software, for some vague "its not enterprisey" reason, when the opensource programs are just plain better.  Stupid attitudes like this lead to reliance on big name vendors with shitty products just because its a big name vendor...which seems backwards to me (i would hope theyd be big name vendors BECAUSE of their product!).</htmltext>
<tokenext>I take issue with the term " well-regarded , commercial " .
It seems to imply that they would be more reliable than opensource software , for some vague " its not enterprisey " reason , when the opensource programs are just plain better .
Stupid attitudes like this lead to reliance on big name vendors with shitty products just because its a big name vendor...which seems backwards to me ( i would hope theyd be big name vendors BECAUSE of their product !
) .</tokentext>
<sentencetext>I take issue with the term "well-regarded, commercial".
It seems to imply that they would be more reliable than opensource software, for some vague "its not enterprisey" reason, when the opensource programs are just plain better.
Stupid attitudes like this lead to reliance on big name vendors with shitty products just because its a big name vendor...which seems backwards to me (i would hope theyd be big name vendors BECAUSE of their product!
).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677221</id>
	<title>FTP is not dead, nor it will be for a long time.</title>
	<author>Anonymous</author>
	<datestamp>1247503020000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Shocking. At 10 O'clock: why telnet should not be used.</p><blockquote><div><p>One of them even infected a spare WinXP computer (with Gumblar) to test the consequences. On the infected computer he created a new account in a popular FTP client and saved it. The server address was correct (his server) and the username/password pair was not valid. A few hours later in FTP logs, he discovered login attempts that used that invalid username/password pair from a Singapore IP, then from a Florida IP, the some other country's IP. Apparently the FTP credentials were somehow stolen from that infected computer.</p></div></blockquote><p>A much better test would have been to create the account first in the client, and then infect the computer. How do you know the malware was sniffing the traffic and not capturing the credentials when the account was being created?</p><p>The author's personal experience aside, unless customers ask for it, hosting companies will not change it. And customers will not ask for it because most web editing programs have FTP support built in, but not SFTP.</p><p>Yes, we tell people to not use FTP (I run a security consulting company), and despite that I see major financial services companies with lots of business-critical processes built around FTP.</p><p>Bottom line: there is no business case, until a lot more people get burned.</p><p>And then of course there is the minor matters that [a] SFTP is not immune to keyloggers and [b] once you get a trojan like that on your computer, all bets are off.</p></div>
	</htmltext>
<tokenext>Shocking .
At 10 O'clock : why telnet should not be used.One of them even infected a spare WinXP computer ( with Gumblar ) to test the consequences .
On the infected computer he created a new account in a popular FTP client and saved it .
The server address was correct ( his server ) and the username/password pair was not valid .
A few hours later in FTP logs , he discovered login attempts that used that invalid username/password pair from a Singapore IP , then from a Florida IP , the some other country 's IP .
Apparently the FTP credentials were somehow stolen from that infected computer.A much better test would have been to create the account first in the client , and then infect the computer .
How do you know the malware was sniffing the traffic and not capturing the credentials when the account was being created ? The author 's personal experience aside , unless customers ask for it , hosting companies will not change it .
And customers will not ask for it because most web editing programs have FTP support built in , but not SFTP.Yes , we tell people to not use FTP ( I run a security consulting company ) , and despite that I see major financial services companies with lots of business-critical processes built around FTP.Bottom line : there is no business case , until a lot more people get burned.And then of course there is the minor matters that [ a ] SFTP is not immune to keyloggers and [ b ] once you get a trojan like that on your computer , all bets are off .</tokentext>
<sentencetext>Shocking.
At 10 O'clock: why telnet should not be used.One of them even infected a spare WinXP computer (with Gumblar) to test the consequences.
On the infected computer he created a new account in a popular FTP client and saved it.
The server address was correct (his server) and the username/password pair was not valid.
A few hours later in FTP logs, he discovered login attempts that used that invalid username/password pair from a Singapore IP, then from a Florida IP, the some other country's IP.
Apparently the FTP credentials were somehow stolen from that infected computer.A much better test would have been to create the account first in the client, and then infect the computer.
How do you know the malware was sniffing the traffic and not capturing the credentials when the account was being created?The author's personal experience aside, unless customers ask for it, hosting companies will not change it.
And customers will not ask for it because most web editing programs have FTP support built in, but not SFTP.Yes, we tell people to not use FTP (I run a security consulting company), and despite that I see major financial services companies with lots of business-critical processes built around FTP.Bottom line: there is no business case, until a lot more people get burned.And then of course there is the minor matters that [a] SFTP is not immune to keyloggers and [b] once you get a trojan like that on your computer, all bets are off.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678867</id>
	<title>What to replace ftp?</title>
	<author>tc3driver</author>
	<datestamp>1247508540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>That is the real question.
<br>
<br>
Considering that windows will not natively run ssh, sftp, scp, etc...  That leaves millions of site owners with no way to upload content.  Unless they want to run cygwin, or pay for programs, and this is all assuming that they are connecting to a *nix server from a windows machine... what do you do on a windows server?  IIS? even Apache on a windows server, as far as I know windows servers still tout telnet, ftp, and rtp as the methods of remotely manipulating files.  So as it comes down... I still have to blame windows... for once I would like to be able to blame something other than windows, or some Microsoft product... but it seems that I always have to come to the same conclusion.
<br>
<br>
Please note that the last IIS server or windows server I worked with was a SB2k3 server about 4 years ago, so something may have changed.</htmltext>
<tokenext>That is the real question .
Considering that windows will not natively run ssh , sftp , scp , etc... That leaves millions of site owners with no way to upload content .
Unless they want to run cygwin , or pay for programs , and this is all assuming that they are connecting to a * nix server from a windows machine... what do you do on a windows server ?
IIS ? even Apache on a windows server , as far as I know windows servers still tout telnet , ftp , and rtp as the methods of remotely manipulating files .
So as it comes down... I still have to blame windows... for once I would like to be able to blame something other than windows , or some Microsoft product... but it seems that I always have to come to the same conclusion .
Please note that the last IIS server or windows server I worked with was a SB2k3 server about 4 years ago , so something may have changed .</tokentext>
<sentencetext>That is the real question.
Considering that windows will not natively run ssh, sftp, scp, etc...  That leaves millions of site owners with no way to upload content.
Unless they want to run cygwin, or pay for programs, and this is all assuming that they are connecting to a *nix server from a windows machine... what do you do on a windows server?
IIS? even Apache on a windows server, as far as I know windows servers still tout telnet, ftp, and rtp as the methods of remotely manipulating files.
So as it comes down... I still have to blame windows... for once I would like to be able to blame something other than windows, or some Microsoft product... but it seems that I always have to come to the same conclusion.
Please note that the last IIS server or windows server I worked with was a SB2k3 server about 4 years ago, so something may have changed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677973</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Abcd1234</author>
	<datestamp>1247505660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I think there is a packaged app out there somewhere (sftp?),</i></p><p>Ah, no.  SFTP is a completely different protocol, a file transfer protocol layered over SSH that's separate and distinct from FTP.  In fact, tunneling FTP over anything is non-trivial, thanks to FTP's dual-channel nature.</p><p><i>Concerned about security? Tunnel it with SSH.</i></p><p>But... if you're going to tunnel with SSH anyway, why wouldn't you just use (the real) SCP/SFTP?  It's even more easily secured, and it's firewall friendly, too.  For Gnome/KDE users, you can then access the sites directly using the sftp:// protocol in Nautilus/Konqueror, and for Windows users, they can just grab themselves a copy of WinSCP.</p></htmltext>
<tokenext>I think there is a packaged app out there somewhere ( sftp ?
) ,Ah , no .
SFTP is a completely different protocol , a file transfer protocol layered over SSH that 's separate and distinct from FTP .
In fact , tunneling FTP over anything is non-trivial , thanks to FTP 's dual-channel nature.Concerned about security ?
Tunnel it with SSH.But... if you 're going to tunnel with SSH anyway , why would n't you just use ( the real ) SCP/SFTP ?
It 's even more easily secured , and it 's firewall friendly , too .
For Gnome/KDE users , you can then access the sites directly using the sftp : // protocol in Nautilus/Konqueror , and for Windows users , they can just grab themselves a copy of WinSCP .</tokentext>
<sentencetext>I think there is a packaged app out there somewhere (sftp?
),Ah, no.
SFTP is a completely different protocol, a file transfer protocol layered over SSH that's separate and distinct from FTP.
In fact, tunneling FTP over anything is non-trivial, thanks to FTP's dual-channel nature.Concerned about security?
Tunnel it with SSH.But... if you're going to tunnel with SSH anyway, why wouldn't you just use (the real) SCP/SFTP?
It's even more easily secured, and it's firewall friendly, too.
For Gnome/KDE users, you can then access the sites directly using the sftp:// protocol in Nautilus/Konqueror, and for Windows users, they can just grab themselves a copy of WinSCP.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678863</id>
	<title>They steal passwords from config files</title>
	<author>UnmaskParasites</author>
	<datestamp>1247508540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Hi,</p><p>I'm Denis Sinegubko. The one quoted in this article.</p><p>I want to clarify one thing about how malware steals passwords from webmasters' computers.</p><p>TCP traffic sniffing was only one of possible vectors.</p><p>However, now I have more proofs that malicious programs just read configuration files and registry settings.</p><p>Just check how this trojan steals FTP, email and IM credentials:<br><a href="http://www.viruslist.com/en/viruses/encyclopedia?virusid=147349" title="viruslist.com" rel="nofollow">http://www.viruslist.com/en/viruses/encyclopedia?virusid=147349</a> [viruslist.com]</p><p>I checked programs, installed on my computer and indeed many of them store passwords in \_plain text\_, not encrypted. And those that encrypt<br>passwords use very weak algorithms.</p><p>FileZilla stores FTP credentials (including passwords) in<nobr> <wbr></nobr>.xml files in plain text. And this is "by design"! Check this thread:<br><a href="http://forum.filezilla-project.org/viewtopic.php?f=2&amp;t=12280" title="filezilla-project.org" rel="nofollow">http://forum.filezilla-project.org/viewtopic.php?f=2&amp;t=12280</a> [filezilla-project.org]</p><p>So why would malware bother with sniffing traffic or key logging (this activity can be detected by antivirus), when it can simply read everything it needs from files and Windows registry?</p></htmltext>
<tokenext>Hi,I 'm Denis Sinegubko .
The one quoted in this article.I want to clarify one thing about how malware steals passwords from webmasters ' computers.TCP traffic sniffing was only one of possible vectors.However , now I have more proofs that malicious programs just read configuration files and registry settings.Just check how this trojan steals FTP , email and IM credentials : http : //www.viruslist.com/en/viruses/encyclopedia ? virusid = 147349 [ viruslist.com ] I checked programs , installed on my computer and indeed many of them store passwords in \ _plain text \ _ , not encrypted .
And those that encryptpasswords use very weak algorithms.FileZilla stores FTP credentials ( including passwords ) in .xml files in plain text .
And this is " by design " !
Check this thread : http : //forum.filezilla-project.org/viewtopic.php ? f = 2&amp;t = 12280 [ filezilla-project.org ] So why would malware bother with sniffing traffic or key logging ( this activity can be detected by antivirus ) , when it can simply read everything it needs from files and Windows registry ?</tokentext>
<sentencetext>Hi,I'm Denis Sinegubko.
The one quoted in this article.I want to clarify one thing about how malware steals passwords from webmasters' computers.TCP traffic sniffing was only one of possible vectors.However, now I have more proofs that malicious programs just read configuration files and registry settings.Just check how this trojan steals FTP, email and IM credentials:http://www.viruslist.com/en/viruses/encyclopedia?virusid=147349 [viruslist.com]I checked programs, installed on my computer and indeed many of them store passwords in \_plain text\_, not encrypted.
And those that encryptpasswords use very weak algorithms.FileZilla stores FTP credentials (including passwords) in .xml files in plain text.
And this is "by design"!
Check this thread:http://forum.filezilla-project.org/viewtopic.php?f=2&amp;t=12280 [filezilla-project.org]So why would malware bother with sniffing traffic or key logging (this activity can be detected by antivirus), when it can simply read everything it needs from files and Windows registry?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677759</id>
	<title>well then the answer is simple</title>
	<author>circletimessquare</author>
	<datestamp>1247505000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>get rid of the people</p><p>all joking aside, people are people. they are a known quantity. as such, they are the yardstick against which we judge securability, not to which we assign blame. and since this whole intarwebs thing is relatively new, then the obvious answer is we have a long way to go to fix the TECHNOLOGY so that the people in the equation can't cause as much damage as they are now doing</p><p>its very easy to blame the lusers. your post means nothing</p></htmltext>
<tokenext>get rid of the peopleall joking aside , people are people .
they are a known quantity .
as such , they are the yardstick against which we judge securability , not to which we assign blame .
and since this whole intarwebs thing is relatively new , then the obvious answer is we have a long way to go to fix the TECHNOLOGY so that the people in the equation ca n't cause as much damage as they are now doingits very easy to blame the lusers .
your post means nothing</tokentext>
<sentencetext>get rid of the peopleall joking aside, people are people.
they are a known quantity.
as such, they are the yardstick against which we judge securability, not to which we assign blame.
and since this whole intarwebs thing is relatively new, then the obvious answer is we have a long way to go to fix the TECHNOLOGY so that the people in the equation can't cause as much damage as they are now doingits very easy to blame the lusers.
your post means nothing</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677165</id>
	<title>here's a thought</title>
	<author>juanhf</author>
	<datestamp>1247502840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>one of our clients web hosting company was the victim of a similar attack.  we were able to trace the attack back to an extremely out of date version of PHP.</p><p>check the versions of the software your web hosting company is running.</p></htmltext>
<tokenext>one of our clients web hosting company was the victim of a similar attack .
we were able to trace the attack back to an extremely out of date version of PHP.check the versions of the software your web hosting company is running .</tokentext>
<sentencetext>one of our clients web hosting company was the victim of a similar attack.
we were able to trace the attack back to an extremely out of date version of PHP.check the versions of the software your web hosting company is running.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151</id>
	<title>Authentication goes both ways.</title>
	<author>skeeto</author>
	<datestamp>1247502780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>With SSH you also know you are talking to the right server, not a man-in-the-middle or a DNS hijack.</htmltext>
<tokenext>With SSH you also know you are talking to the right server , not a man-in-the-middle or a DNS hijack .</tokentext>
<sentencetext>With SSH you also know you are talking to the right server, not a man-in-the-middle or a DNS hijack.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680607</id>
	<title>Re:FTP should be going away for just this reason</title>
	<author>cppmonkey</author>
	<datestamp>1247514300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><tt>Have you tried tunneling ftp with it's bizarre two port usage? Tunneling is harder than the average bear can comprehend to begin with but tunneling two ports is silly. sftp which is not just a tunnel is a better way of handling file transfers kinda like a prius is better than a K car.</tt></htmltext>
<tokenext>Have you tried tunneling ftp with it 's bizarre two port usage ?
Tunneling is harder than the average bear can comprehend to begin with but tunneling two ports is silly .
sftp which is not just a tunnel is a better way of handling file transfers kinda like a prius is better than a K car .</tokentext>
<sentencetext>Have you tried tunneling ftp with it's bizarre two port usage?
Tunneling is harder than the average bear can comprehend to begin with but tunneling two ports is silly.
sftp which is not just a tunnel is a better way of handling file transfers kinda like a prius is better than a K car.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683543</id>
	<title>Re:securing ftp</title>
	<author>bigbird</author>
	<datestamp>1247483700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <i>SFTP is nice but does not have as many features as fanilla FTP</i>
</p><p>
What features are missing?
</p></htmltext>
<tokenext>SFTP is nice but does not have as many features as fanilla FTP What features are missing ?</tokentext>
<sentencetext> SFTP is nice but does not have as many features as fanilla FTP

What features are missing?
</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680665</id>
	<title>Re:FTPS</title>
	<author>phantomcircuit</author>
	<datestamp>1247514720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have moderator points, but I decided to reply instead.</p><p>There are several ways to break out of a chroot'ed environment.</p><p>You do not need root privileges to break out of a chroot.  If you can find a file descriptor which was opened before the call to chroot() you can break out of the chroot. That is only one example, but it gives a good idea of how complex compartmentalization of an entire operating system is.  It is important to realize that chroot is <strong>not</strong> a security mechanism.</p></htmltext>
<tokenext>I have moderator points , but I decided to reply instead.There are several ways to break out of a chroot'ed environment.You do not need root privileges to break out of a chroot .
If you can find a file descriptor which was opened before the call to chroot ( ) you can break out of the chroot .
That is only one example , but it gives a good idea of how complex compartmentalization of an entire operating system is .
It is important to realize that chroot is not a security mechanism .</tokentext>
<sentencetext>I have moderator points, but I decided to reply instead.There are several ways to break out of a chroot'ed environment.You do not need root privileges to break out of a chroot.
If you can find a file descriptor which was opened before the call to chroot() you can break out of the chroot.
That is only one example, but it gives a good idea of how complex compartmentalization of an entire operating system is.
It is important to realize that chroot is not a security mechanism.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28690853</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>Anonymous</author>
	<datestamp>1247585460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Switching from FTP to SFTP on the server side is great, in theory, but it's really only a trivial task for people running Unix type operating systems.</p><p>SSH isn't an integral part of most Windows operating systems, and nearly all of the well-regarded, commercial FTP servers for Windows have no SFTP support in them.</p><p>(I understand the Serv-U FTPD for Windows does support it, but it's an exception to the rule.)</p><p>I recently ran into this at my workplace. We've run the commercial WFTPD product (from Texas Imperial software) for years, but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits.</p></div><p>Serv-U has supported FTPS out of the box since their really early releases. They added support for SFTP v3 and v4 in version 7, and recently added support for SFTP versions 5 and 6 in their most recent major refresh. They also have a built-in web client that is accessible via HTTPS.</p></div>
	</htmltext>
<tokenext>Switching from FTP to SFTP on the server side is great , in theory , but it 's really only a trivial task for people running Unix type operating systems.SSH is n't an integral part of most Windows operating systems , and nearly all of the well-regarded , commercial FTP servers for Windows have no SFTP support in them .
( I understand the Serv-U FTPD for Windows does support it , but it 's an exception to the rule .
) I recently ran into this at my workplace .
We 've run the commercial WFTPD product ( from Texas Imperial software ) for years , but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits.Serv-U has supported FTPS out of the box since their really early releases .
They added support for SFTP v3 and v4 in version 7 , and recently added support for SFTP versions 5 and 6 in their most recent major refresh .
They also have a built-in web client that is accessible via HTTPS .</tokentext>
<sentencetext>Switching from FTP to SFTP on the server side is great, in theory, but it's really only a trivial task for people running Unix type operating systems.SSH isn't an integral part of most Windows operating systems, and nearly all of the well-regarded, commercial FTP servers for Windows have no SFTP support in them.
(I understand the Serv-U FTPD for Windows does support it, but it's an exception to the rule.
)I recently ran into this at my workplace.
We've run the commercial WFTPD product (from Texas Imperial software) for years, but I had to get rid of it when our bank started requiring SFTP connections to send us electronic scans of daily check deposits.Serv-U has supported FTPS out of the box since their really early releases.
They added support for SFTP v3 and v4 in version 7, and recently added support for SFTP versions 5 and 6 in their most recent major refresh.
They also have a built-in web client that is accessible via HTTPS.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678311</id>
	<title>Re:FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247506680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>First: It's not just "shitty software". It can be very useful for things like installation. I always like the Gentoo Linux approach -- format the disk yourself, mount it, untar one tarball, and chroot for the rest of the installation.</p><p>Second, every single security "problem" with chroot is based on the root user breaking out. Non-root users cannot break out of a chroot'ed environment. It therefore <i>does</i> add some additional security.</p><p>And finally:</p><p><div class="quote"><p>If you're just depending on the authors of your ftp daemon to protect you then your an idiot.</p></div><p>If you don't see the difference between <b>explicitly allowing</b> any user to run any command on your system via ssh, and the possibility that a <b>bug</b> in your FTP software might lead to the same problem, you're an idiot.</p></div>
	</htmltext>
<tokenext>First : It 's not just " shitty software " .
It can be very useful for things like installation .
I always like the Gentoo Linux approach -- format the disk yourself , mount it , untar one tarball , and chroot for the rest of the installation.Second , every single security " problem " with chroot is based on the root user breaking out .
Non-root users can not break out of a chroot'ed environment .
It therefore does add some additional security.And finally : If you 're just depending on the authors of your ftp daemon to protect you then your an idiot.If you do n't see the difference between explicitly allowing any user to run any command on your system via ssh , and the possibility that a bug in your FTP software might lead to the same problem , you 're an idiot .</tokentext>
<sentencetext>First: It's not just "shitty software".
It can be very useful for things like installation.
I always like the Gentoo Linux approach -- format the disk yourself, mount it, untar one tarball, and chroot for the rest of the installation.Second, every single security "problem" with chroot is based on the root user breaking out.
Non-root users cannot break out of a chroot'ed environment.
It therefore does add some additional security.And finally:If you're just depending on the authors of your ftp daemon to protect you then your an idiot.If you don't see the difference between explicitly allowing any user to run any command on your system via ssh, and the possibility that a bug in your FTP software might lead to the same problem, you're an idiot.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681669</id>
	<title>Re:The security lie</title>
	<author>iGoMogul</author>
	<datestamp>1247518680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Very true.<br> <br>

This is the biggest issue, really. Honestly, the only way to truly be safe is to throw out your Ethernet cables and never install your Wi-Fi drivers. You can have plenty of fun playing Solitaire and sweeping mines!<br> <br>

All jokes aside, if you have even an inkling that you could be infected by malware, the only truly safe route is to format the box. Security measures mean nothing when the system has already been compromised. Of course, it's easy for people to let it slide when they have their system configured to their liking and don't want to put the effort into truly resolving the issue.<br> <br>

FTP isn't completely secure, that's a fact. But that lies alongside the real problem: nothing is really secure. If they got your login information for your FTP, they can get your login information for nearly any other application you happen to run. Preparation (fixing security holes as much as possible) and proper resolution (in the case of infection, formatting) are the only ways to truly solve the issue before it progresses into a real problem. That being said, it is true that people should use SSH, if only to add another security measure to the protocol.<br> <br>

I guess it boils down to the fact that it's more important to be safe than to be lazy.<br> <br>

- Kevin @ iGoMogul</htmltext>
<tokenext>Very true .
This is the biggest issue , really .
Honestly , the only way to truly be safe is to throw out your Ethernet cables and never install your Wi-Fi drivers .
You can have plenty of fun playing Solitaire and sweeping mines !
All jokes aside , if you have even an inkling that you could be infected by malware , the only truly safe route is to format the box .
Security measures mean nothing when the system has already been compromised .
Of course , it 's easy for people to let it slide when they have their system configured to their liking and do n't want to put the effort into truly resolving the issue .
FTP is n't completely secure , that 's a fact .
But that lies alongside the real problem : nothing is really secure .
If they got your login information for your FTP , they can get your login information for nearly any other application you happen to run .
Preparation ( fixing security holes as much as possible ) and proper resolution ( in the case of infection , formatting ) are the only ways to truly solve the issue before it progresses into a real problem .
That being said , it is true that people should use SSH , if only to add another security measure to the protocol .
I guess it boils down to the fact that it 's more important to be safe than to be lazy .
- Kevin @ iGoMogul</tokentext>
<sentencetext>Very true.
This is the biggest issue, really.
Honestly, the only way to truly be safe is to throw out your Ethernet cables and never install your Wi-Fi drivers.
You can have plenty of fun playing Solitaire and sweeping mines!
All jokes aside, if you have even an inkling that you could be infected by malware, the only truly safe route is to format the box.
Security measures mean nothing when the system has already been compromised.
Of course, it's easy for people to let it slide when they have their system configured to their liking and don't want to put the effort into truly resolving the issue.
FTP isn't completely secure, that's a fact.
But that lies alongside the real problem: nothing is really secure.
If they got your login information for your FTP, they can get your login information for nearly any other application you happen to run.
Preparation (fixing security holes as much as possible) and proper resolution (in the case of infection, formatting) are the only ways to truly solve the issue before it progresses into a real problem.
That being said, it is true that people should use SSH, if only to add another security measure to the protocol.
I guess it boils down to the fact that it's more important to be safe than to be lazy.
- Kevin @ iGoMogul</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677595</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677199</id>
	<title>Not FTP, but any -- especially on IpowerWeb</title>
	<author>www.sorehands.com</author>
	<datestamp>1247502960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Any credentials being stolen is a security Risk. I had some sites on Ipowerweb, which the credentials were stolen. They deny all knowledge of it, but it was the only source of the leak. I tracked this when I moved a site to my own server, but used the same credentials.</p></htmltext>
<tokenext>Any credentials being stolen is a security Risk .
I had some sites on Ipowerweb , which the credentials were stolen .
They deny all knowledge of it , but it was the only source of the leak .
I tracked this when I moved a site to my own server , but used the same credentials .</tokentext>
<sentencetext>Any credentials being stolen is a security Risk.
I had some sites on Ipowerweb, which the credentials were stolen.
They deny all knowledge of it, but it was the only source of the leak.
I tracked this when I moved a site to my own server, but used the same credentials.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681655</id>
	<title>Re:Users can't tell the difference</title>
	<author>socsoc</author>
	<datestamp>1247518620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>So you built a web interface to an FTP server?</htmltext>
<tokenext>So you built a web interface to an FTP server ?</tokentext>
<sentencetext>So you built a web interface to an FTP server?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677437</id>
	<title>Hello...mcfly...</title>
	<author>furby076</author>
	<datestamp>1247503860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>SFTP...use it.  That or make a torrent and set it so only those given the torrent can access it.  Different torrnet programs have different privacy capabilities to allow you to utilize their program to transfer files, securely, from your computer to a specific recipient.</htmltext>
<tokenext>SFTP...use it .
That or make a torrent and set it so only those given the torrent can access it .
Different torrnet programs have different privacy capabilities to allow you to utilize their program to transfer files , securely , from your computer to a specific recipient .</tokentext>
<sentencetext>SFTP...use it.
That or make a torrent and set it so only those given the torrent can access it.
Different torrnet programs have different privacy capabilities to allow you to utilize their program to transfer files, securely, from your computer to a specific recipient.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679101</id>
	<title>It's not just a windows issue</title>
	<author>phorm</author>
	<datestamp>1247509260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I don't know about Vista, but even if Linux was ever targeted for this kind of attack/spyware, you would have to run the software as root to enable packet sniffing!</i> </p><p>As a service on the local machine perhaps, but thinking that Linux solves everything is a fairly head-in-the-sand approach in itself. There's always:</p><p>a) In-transit packet sniffing. Plenty of places between your PC and the destination server for your unencrypted traffic to be sniffed.</p><p>b) Local password caches: Plenty of users locally store their passwords for convenience. It's not impossible or even that difficult to pull them. The "wallets" may to some extent work to protect these, but an infected user account could still happily launch a background service that politely asks for the password at a convenient time</p><p>c) Config files: Local infected accounts can have local configuration files (firefox, etc) overwritten without the user knowing. Will you notice if your proxy is set to funky server for a few days?</p><p>d) Menu items, etc: When you click on the firefox icon, are you really running what you think? What if it's a wrapper with a 3rd-party app? OK, you run from commandline... is your $PATH set to run<nobr> <wbr></nobr>/usr/bin before "./.hiddenvirusdir/usr/bin" ?</p><p>There are PLENTY of ways to compromise a 'nix desktop without root access. Yes, windows is less secure in many ways, but 'nix is far from invulnerable, because at some point it all comes down to the fine balance between security an convenience. My former co-worker and I use to play what was essentially "security wars." We would find fun ways to get into each others systems and muck things up. In the process we learned how easy it is, and migrated some of our practises to the web.</p><p>Actually (d) was my favorite, as before I left he asked me "why is it when I sometimes start my firefox it still goes to mylittlepony.com" (or whatever it was I'd set). Other fun tricks include a<nobr> <wbr></nobr>.tar.bz in a convenience location, sourced when they load a particular app, to overwrite their SSH authorized\_keys or some other fun files. Having the data compressed means that they can't grep for expected items</p><p>Yes, windows has issues. For the experienced, so does Linux. If fact, short of writing actual trojans or binaries, I generally managed to more easily subvert my friend's 'nix machine more often than our other co-workers windows box.</p></htmltext>
<tokenext>I do n't know about Vista , but even if Linux was ever targeted for this kind of attack/spyware , you would have to run the software as root to enable packet sniffing !
As a service on the local machine perhaps , but thinking that Linux solves everything is a fairly head-in-the-sand approach in itself .
There 's always : a ) In-transit packet sniffing .
Plenty of places between your PC and the destination server for your unencrypted traffic to be sniffed.b ) Local password caches : Plenty of users locally store their passwords for convenience .
It 's not impossible or even that difficult to pull them .
The " wallets " may to some extent work to protect these , but an infected user account could still happily launch a background service that politely asks for the password at a convenient timec ) Config files : Local infected accounts can have local configuration files ( firefox , etc ) overwritten without the user knowing .
Will you notice if your proxy is set to funky server for a few days ? d ) Menu items , etc : When you click on the firefox icon , are you really running what you think ?
What if it 's a wrapper with a 3rd-party app ?
OK , you run from commandline... is your $ PATH set to run /usr/bin before " ./.hiddenvirusdir/usr/bin " ? There are PLENTY of ways to compromise a 'nix desktop without root access .
Yes , windows is less secure in many ways , but 'nix is far from invulnerable , because at some point it all comes down to the fine balance between security an convenience .
My former co-worker and I use to play what was essentially " security wars .
" We would find fun ways to get into each others systems and muck things up .
In the process we learned how easy it is , and migrated some of our practises to the web.Actually ( d ) was my favorite , as before I left he asked me " why is it when I sometimes start my firefox it still goes to mylittlepony.com " ( or whatever it was I 'd set ) .
Other fun tricks include a .tar.bz in a convenience location , sourced when they load a particular app , to overwrite their SSH authorized \ _keys or some other fun files .
Having the data compressed means that they ca n't grep for expected itemsYes , windows has issues .
For the experienced , so does Linux .
If fact , short of writing actual trojans or binaries , I generally managed to more easily subvert my friend 's 'nix machine more often than our other co-workers windows box .</tokentext>
<sentencetext>I don't know about Vista, but even if Linux was ever targeted for this kind of attack/spyware, you would have to run the software as root to enable packet sniffing!
As a service on the local machine perhaps, but thinking that Linux solves everything is a fairly head-in-the-sand approach in itself.
There's always:a) In-transit packet sniffing.
Plenty of places between your PC and the destination server for your unencrypted traffic to be sniffed.b) Local password caches: Plenty of users locally store their passwords for convenience.
It's not impossible or even that difficult to pull them.
The "wallets" may to some extent work to protect these, but an infected user account could still happily launch a background service that politely asks for the password at a convenient timec) Config files: Local infected accounts can have local configuration files (firefox, etc) overwritten without the user knowing.
Will you notice if your proxy is set to funky server for a few days?d) Menu items, etc: When you click on the firefox icon, are you really running what you think?
What if it's a wrapper with a 3rd-party app?
OK, you run from commandline... is your $PATH set to run /usr/bin before "./.hiddenvirusdir/usr/bin" ?There are PLENTY of ways to compromise a 'nix desktop without root access.
Yes, windows is less secure in many ways, but 'nix is far from invulnerable, because at some point it all comes down to the fine balance between security an convenience.
My former co-worker and I use to play what was essentially "security wars.
" We would find fun ways to get into each others systems and muck things up.
In the process we learned how easy it is, and migrated some of our practises to the web.Actually (d) was my favorite, as before I left he asked me "why is it when I sometimes start my firefox it still goes to mylittlepony.com" (or whatever it was I'd set).
Other fun tricks include a .tar.bz in a convenience location, sourced when they load a particular app, to overwrite their SSH authorized\_keys or some other fun files.
Having the data compressed means that they can't grep for expected itemsYes, windows has issues.
For the experienced, so does Linux.
If fact, short of writing actual trojans or binaries, I generally managed to more easily subvert my friend's 'nix machine more often than our other co-workers windows box.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683313</id>
	<title>Forest for the trees...</title>
	<author>dr00g911</author>
	<datestamp>1247482560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Do I get a medal for reading that thing?</p><p>At any rate, railing against FTP is kinda quaint seeing as how there are lots and lots of other ways to intercept the data if you've been pwned.</p><p>If you've got a keylogger (or registry scraping malware in the case of Win), it doesn't matter if you're got some outlandish quantum encryption link between machines.</p><p>The real story here is:</p><p>- Wordpress is insecure, news at 11. Lots of injection attacks happen, interestingly they're disproportionately successful on newer versions of Wordpress.<br>- Substitute "Wordpress" for your favorite off the shelf blog/forum/cms script.<br>- If you're on a shared hosting plan and one box/instance/etc at the facility has been pwned, it's likely able to capture data going to other machines/VMs on the same subnet, particularly if you're using a ghetto-tastic shared Win server (there are no other kinds... all shared Win-based hosts suck ass on all fronts due to incompetent administration and terrible cpanels).<br>- If your workstation has been pwned, your FTP passwords are the least of your concerns. Trust me.</p><p>I mean, it's nice that the author decided that the world needs a little bit of edumacation, but the big picture is more important than "FTP bad"</p></htmltext>
<tokenext>Do I get a medal for reading that thing ? At any rate , railing against FTP is kinda quaint seeing as how there are lots and lots of other ways to intercept the data if you 've been pwned.If you 've got a keylogger ( or registry scraping malware in the case of Win ) , it does n't matter if you 're got some outlandish quantum encryption link between machines.The real story here is : - Wordpress is insecure , news at 11 .
Lots of injection attacks happen , interestingly they 're disproportionately successful on newer versions of Wordpress.- Substitute " Wordpress " for your favorite off the shelf blog/forum/cms script.- If you 're on a shared hosting plan and one box/instance/etc at the facility has been pwned , it 's likely able to capture data going to other machines/VMs on the same subnet , particularly if you 're using a ghetto-tastic shared Win server ( there are no other kinds... all shared Win-based hosts suck ass on all fronts due to incompetent administration and terrible cpanels ) .- If your workstation has been pwned , your FTP passwords are the least of your concerns .
Trust me.I mean , it 's nice that the author decided that the world needs a little bit of edumacation , but the big picture is more important than " FTP bad "</tokentext>
<sentencetext>Do I get a medal for reading that thing?At any rate, railing against FTP is kinda quaint seeing as how there are lots and lots of other ways to intercept the data if you've been pwned.If you've got a keylogger (or registry scraping malware in the case of Win), it doesn't matter if you're got some outlandish quantum encryption link between machines.The real story here is:- Wordpress is insecure, news at 11.
Lots of injection attacks happen, interestingly they're disproportionately successful on newer versions of Wordpress.- Substitute "Wordpress" for your favorite off the shelf blog/forum/cms script.- If you're on a shared hosting plan and one box/instance/etc at the facility has been pwned, it's likely able to capture data going to other machines/VMs on the same subnet, particularly if you're using a ghetto-tastic shared Win server (there are no other kinds... all shared Win-based hosts suck ass on all fronts due to incompetent administration and terrible cpanels).- If your workstation has been pwned, your FTP passwords are the least of your concerns.
Trust me.I mean, it's nice that the author decided that the world needs a little bit of edumacation, but the big picture is more important than "FTP bad"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678421</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Anonymous</author>
	<datestamp>1247507100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>FTP expects the server to connect back to the client to run. That's not a simple protocol for something as simple as file-transfer.</htmltext>
<tokenext>FTP expects the server to connect back to the client to run .
That 's not a simple protocol for something as simple as file-transfer .</tokentext>
<sentencetext>FTP expects the server to connect back to the client to run.
That's not a simple protocol for something as simple as file-transfer.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679149</id>
	<title>Re:here's a thought</title>
	<author>Anonymous</author>
	<datestamp>1247509440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>PHP, IMO, is an absolute nightmare for a hosting company.  Particularly if you have a lot of customers who have been with you for years using the same shitty web apps as they did when they first signed up.</p><p>The main problem is that the developers of PHP only started paying any attention to security relatively late on in the development of the language.  They've added all sorts of things to make PHP more secure, but quite often they have to be specifically enabled and <b>will</b> break some code.</p><p>OK if you've got a relatively well managed corporate site with a single team dealing with any PHP applications.  What if you've got a few thousand customers,  many of whom don't actually know the first thing about their site because they paid someone else to set it up three years ago?</p><p>OTOH, what sort of hosting company is going to turn around and say "Sorry, we don't offer PHP"?</p></htmltext>
<tokenext>PHP , IMO , is an absolute nightmare for a hosting company .
Particularly if you have a lot of customers who have been with you for years using the same shitty web apps as they did when they first signed up.The main problem is that the developers of PHP only started paying any attention to security relatively late on in the development of the language .
They 've added all sorts of things to make PHP more secure , but quite often they have to be specifically enabled and will break some code.OK if you 've got a relatively well managed corporate site with a single team dealing with any PHP applications .
What if you 've got a few thousand customers , many of whom do n't actually know the first thing about their site because they paid someone else to set it up three years ago ? OTOH , what sort of hosting company is going to turn around and say " Sorry , we do n't offer PHP " ?</tokentext>
<sentencetext>PHP, IMO, is an absolute nightmare for a hosting company.
Particularly if you have a lot of customers who have been with you for years using the same shitty web apps as they did when they first signed up.The main problem is that the developers of PHP only started paying any attention to security relatively late on in the development of the language.
They've added all sorts of things to make PHP more secure, but quite often they have to be specifically enabled and will break some code.OK if you've got a relatively well managed corporate site with a single team dealing with any PHP applications.
What if you've got a few thousand customers,  many of whom don't actually know the first thing about their site because they paid someone else to set it up three years ago?OTOH, what sort of hosting company is going to turn around and say "Sorry, we don't offer PHP"?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677165</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677511</id>
	<title>store</title>
	<author>Anonymous</author>
	<datestamp>1247504160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I still don't understand why slashdot's CSS designer, having apparently never heard of the &lt;blockquote&gt; tag, turned &lt;i&gt; tags into block level elements that aren't even italicized. TFA is a good example of why not to do that (see "store", "could", "same")</div>
	</htmltext>
<tokenext>I still do n't understand why slashdot 's CSS designer , having apparently never heard of the tag , turned tags into block level elements that are n't even italicized .
TFA is a good example of why not to do that ( see " store " , " could " , " same " )</tokentext>
<sentencetext>I still don't understand why slashdot's CSS designer, having apparently never heard of the  tag, turned  tags into block level elements that aren't even italicized.
TFA is a good example of why not to do that (see "store", "could", "same")
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28690301</id>
	<title>Demise greatly exagerated</title>
	<author>ebvwfbw</author>
	<datestamp>1247582940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yet another dumb death announcement.  FTP will be here for years to come, probably long after anyone reading this right now has passed on.  Want to announce a death? How about twitter.  Only a twit uses twitter.  You don't want to be a twit do you?</htmltext>
<tokenext>Yet another dumb death announcement .
FTP will be here for years to come , probably long after anyone reading this right now has passed on .
Want to announce a death ?
How about twitter .
Only a twit uses twitter .
You do n't want to be a twit do you ?</tokentext>
<sentencetext>Yet another dumb death announcement.
FTP will be here for years to come, probably long after anyone reading this right now has passed on.
Want to announce a death?
How about twitter.
Only a twit uses twitter.
You don't want to be a twit do you?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679375</id>
	<title>Suggestion: Just Deal with those who get hit</title>
	<author>Anonymous</author>
	<datestamp>1247510280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Nice Article.  I wonder about a strategy for Hosting Providers that changes to SFTP for just those sites that are affected.  Those people who do a poor job of protecting their own pc's should be the ones who you work at minimizing the problem. I don't know if both FTP and SFTP can be supported for the same server, but I would think that they can.</p></htmltext>
<tokenext>Nice Article .
I wonder about a strategy for Hosting Providers that changes to SFTP for just those sites that are affected .
Those people who do a poor job of protecting their own pc 's should be the ones who you work at minimizing the problem .
I do n't know if both FTP and SFTP can be supported for the same server , but I would think that they can .</tokentext>
<sentencetext>Nice Article.
I wonder about a strategy for Hosting Providers that changes to SFTP for just those sites that are affected.
Those people who do a poor job of protecting their own pc's should be the ones who you work at minimizing the problem.
I don't know if both FTP and SFTP can be supported for the same server, but I would think that they can.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677121</id>
	<title>that's why</title>
	<author>Anonymous</author>
	<datestamp>1247502720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>And that's why I bought a Saturn.</htmltext>
<tokenext>And that 's why I bought a Saturn .</tokentext>
<sentencetext>And that's why I bought a Saturn.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677711</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>Corporate Troll</author>
	<datestamp>1247504880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>I think there is a packaged app out there somewhere (sftp?)</p></div></blockquote><p>Not really, no....  <a href="http://en.wikipedia.org/wiki/SSH\_file\_transfer\_protocol#Capabilities" title="wikipedia.org" rel="nofollow">From Wikipedia</a> [wikipedia.org]: <i>SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group.</i> </p></div>
	</htmltext>
<tokenext>I think there is a packaged app out there somewhere ( sftp ?
) Not really , no.... From Wikipedia [ wikipedia.org ] : SFTP is not FTP run over SSH , but rather a new protocol designed from the ground up by the IETF SECSH working group .</tokentext>
<sentencetext>I think there is a packaged app out there somewhere (sftp?
)Not really, no....  From Wikipedia [wikipedia.org]: SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. 
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683255</id>
	<title>Re:Authentication goes both ways.</title>
	<author>rainmayun</author>
	<datestamp>1247482320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Ever heard of <a href="http://en.wikipedia.org/wiki/Transport\_Layer\_Security" title="wikipedia.org">TLS</a> [wikipedia.org]?  This is the "S" part of FTPS.  It does server and client authentication, with a built-in mechanism for establishing server identity and trust.

In my opinion, managing TLS certificates with a CA is a much better approach than shipping SSH keys around.</htmltext>
<tokenext>Ever heard of TLS [ wikipedia.org ] ?
This is the " S " part of FTPS .
It does server and client authentication , with a built-in mechanism for establishing server identity and trust .
In my opinion , managing TLS certificates with a CA is a much better approach than shipping SSH keys around .</tokentext>
<sentencetext>Ever heard of TLS [wikipedia.org]?
This is the "S" part of FTPS.
It does server and client authentication, with a built-in mechanism for establishing server identity and trust.
In my opinion, managing TLS certificates with a CA is a much better approach than shipping SSH keys around.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677559</id>
	<title>Re:SFTP support is still spotty ....</title>
	<author>Anonymous</author>
	<datestamp>1247504280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>SFTP isn't even a ratified standard; the IETF folks have wandered off into some esoteric debate about 'file systems' and dropped that ball.  Mickysoft ignores all things SSH.  SFTP windows clients suck; every single attempt I've made to get a windows user to operate their SFTP account it's been a support hassle; it never just works the first time, regardless of how much care I take to provide correct, concise account information.  Whatever secure client replaces FTP will need to be integrated into base OS tools that boneheads know they are expected to cope with; no extra downloads, creepy third party plugins, half baked shareware UI design, etc.  Since Mickysoft would rather piss away hundreds of millions inventing their own proprietary solutions you should not hold your breath.</p></htmltext>
<tokenext>SFTP is n't even a ratified standard ; the IETF folks have wandered off into some esoteric debate about 'file systems ' and dropped that ball .
Mickysoft ignores all things SSH .
SFTP windows clients suck ; every single attempt I 've made to get a windows user to operate their SFTP account it 's been a support hassle ; it never just works the first time , regardless of how much care I take to provide correct , concise account information .
Whatever secure client replaces FTP will need to be integrated into base OS tools that boneheads know they are expected to cope with ; no extra downloads , creepy third party plugins , half baked shareware UI design , etc .
Since Mickysoft would rather piss away hundreds of millions inventing their own proprietary solutions you should not hold your breath .</tokentext>
<sentencetext>SFTP isn't even a ratified standard; the IETF folks have wandered off into some esoteric debate about 'file systems' and dropped that ball.
Mickysoft ignores all things SSH.
SFTP windows clients suck; every single attempt I've made to get a windows user to operate their SFTP account it's been a support hassle; it never just works the first time, regardless of how much care I take to provide correct, concise account information.
Whatever secure client replaces FTP will need to be integrated into base OS tools that boneheads know they are expected to cope with; no extra downloads, creepy third party plugins, half baked shareware UI design, etc.
Since Mickysoft would rather piss away hundreds of millions inventing their own proprietary solutions you should not hold your breath.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677295</id>
	<title>Insecurities in ftp</title>
	<author>Cheech Wizard</author>
	<datestamp>1247503320000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext>My apologies, but you must be new at this if you are just now recognizing the insecurities in ftp. I've did what Sinegubko did on a VM and watched. All I had to do was visit an infected page with IE and the machine was infected. It then 'stole' the bogus ftp passwords I put in a Dreamweaver install and away things went. <br> <br>Sorry to hear you had a problem, but you really should have known better.</htmltext>
<tokenext>My apologies , but you must be new at this if you are just now recognizing the insecurities in ftp .
I 've did what Sinegubko did on a VM and watched .
All I had to do was visit an infected page with IE and the machine was infected .
It then 'stole ' the bogus ftp passwords I put in a Dreamweaver install and away things went .
Sorry to hear you had a problem , but you really should have known better .</tokentext>
<sentencetext>My apologies, but you must be new at this if you are just now recognizing the insecurities in ftp.
I've did what Sinegubko did on a VM and watched.
All I had to do was visit an infected page with IE and the machine was infected.
It then 'stole' the bogus ftp passwords I put in a Dreamweaver install and away things went.
Sorry to hear you had a problem, but you really should have known better.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677569</id>
	<title>Re:FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247504280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I actually only let people on my server, that I trust to have shell access, and to be able to properly use it in the first place. This gives them many advantages too.</p><p>Ok, I run SELinux on the box anyway. ^^</p></htmltext>
<tokenext>I actually only let people on my server , that I trust to have shell access , and to be able to properly use it in the first place .
This gives them many advantages too.Ok , I run SELinux on the box anyway .
^ ^</tokentext>
<sentencetext>I actually only let people on my server, that I trust to have shell access, and to be able to properly use it in the first place.
This gives them many advantages too.Ok, I run SELinux on the box anyway.
^^</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678351</id>
	<title>Re:FTPS</title>
	<author>SanityInAnarchy</author>
	<datestamp>1247506800000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Until FTP can let me use a keypair instead of a password, I'll stick with OpenSSH public key authentication.</p><p>Never mind that ssh only requires a single port to be open...</p><p>Of course, it depends on your goals, but there's also the fact that I wouldn't pay for a server that I didn't already have some sort of shell access to. Since I already have ssh access (I'm assuming we're not even considering telnet), I already have scp and probably sftp.</p></htmltext>
<tokenext>Until FTP can let me use a keypair instead of a password , I 'll stick with OpenSSH public key authentication.Never mind that ssh only requires a single port to be open...Of course , it depends on your goals , but there 's also the fact that I would n't pay for a server that I did n't already have some sort of shell access to .
Since I already have ssh access ( I 'm assuming we 're not even considering telnet ) , I already have scp and probably sftp .</tokentext>
<sentencetext>Until FTP can let me use a keypair instead of a password, I'll stick with OpenSSH public key authentication.Never mind that ssh only requires a single port to be open...Of course, it depends on your goals, but there's also the fact that I wouldn't pay for a server that I didn't already have some sort of shell access to.
Since I already have ssh access (I'm assuming we're not even considering telnet), I already have scp and probably sftp.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681343</id>
	<title>Re:FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247517600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>But the FTP server needs to recover root access, even for later use in the current session (bind() to port 20 locally).</p></htmltext>
<tokenext>But the FTP server needs to recover root access , even for later use in the current session ( bind ( ) to port 20 locally ) .</tokentext>
<sentencetext>But the FTP server needs to recover root access, even for later use in the current session (bind() to port 20 locally).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677385</id>
	<title>Only /.ers Care</title>
	<author>Dracos</author>
	<datestamp>1247503680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The reality is, only the kind of people who read this site actually give a damn, and I bet for at least some, it's an academic concern.</p><p>Hosting companies don't care.</p><p>Server management software vendors (CPanel, etc) don't care.</p><p>Other vendors whose software relies on FTP (Dreamweaver, etc) don't care.</p><p>Why don't they care?  Because retraining users and staff is something on which they can all put a reasonably certain dollar amount, which is almost certainly higher than maintaining the status quo of tedious disclaimers and putting out fires when they erupt.</p><p>The average user doesn't care, because they assume that a product or service is reasonably secure, and many of them can't be bothered with any technical details.</p><p>I agree, and have for years, that FTP should be unmercifully killed, certainly on public networks.  I'm no security zealot, but this is pretty basic stuff.</p></htmltext>
<tokenext>The reality is , only the kind of people who read this site actually give a damn , and I bet for at least some , it 's an academic concern.Hosting companies do n't care.Server management software vendors ( CPanel , etc ) do n't care.Other vendors whose software relies on FTP ( Dreamweaver , etc ) do n't care.Why do n't they care ?
Because retraining users and staff is something on which they can all put a reasonably certain dollar amount , which is almost certainly higher than maintaining the status quo of tedious disclaimers and putting out fires when they erupt.The average user does n't care , because they assume that a product or service is reasonably secure , and many of them ca n't be bothered with any technical details.I agree , and have for years , that FTP should be unmercifully killed , certainly on public networks .
I 'm no security zealot , but this is pretty basic stuff .</tokentext>
<sentencetext>The reality is, only the kind of people who read this site actually give a damn, and I bet for at least some, it's an academic concern.Hosting companies don't care.Server management software vendors (CPanel, etc) don't care.Other vendors whose software relies on FTP (Dreamweaver, etc) don't care.Why don't they care?
Because retraining users and staff is something on which they can all put a reasonably certain dollar amount, which is almost certainly higher than maintaining the status quo of tedious disclaimers and putting out fires when they erupt.The average user doesn't care, because they assume that a product or service is reasonably secure, and many of them can't be bothered with any technical details.I agree, and have for years, that FTP should be unmercifully killed, certainly on public networks.
I'm no security zealot, but this is pretty basic stuff.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679179</id>
	<title>Short and sweet summary</title>
	<author>Anonymous</author>
	<datestamp>1247509560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>1. Protect your computer from malware or your FTP credentials could be swiped. Then they will post junk on your web site.</p><p>2. Use FTPS, FTPES, or SFTP instead of straight FTP. It protects you from most or all FTP-credential-swiping malware.</p></htmltext>
<tokenext>1 .
Protect your computer from malware or your FTP credentials could be swiped .
Then they will post junk on your web site.2 .
Use FTPS , FTPES , or SFTP instead of straight FTP .
It protects you from most or all FTP-credential-swiping malware .</tokentext>
<sentencetext>1.
Protect your computer from malware or your FTP credentials could be swiped.
Then they will post junk on your web site.2.
Use FTPS, FTPES, or SFTP instead of straight FTP.
It protects you from most or all FTP-credential-swiping malware.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677641</id>
	<title>Re:FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247504640000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Try using FTPS through a reverse proxy or behind a VIP?  The header information that contains the server IP for the data channel gets encrypted, so unless the FTPS server has a method to inject the proxied or VIP address, you may get a failed connection since the client will try to connect directly to the host instead of the proxy or VIP.</p></htmltext>
<tokenext>Try using FTPS through a reverse proxy or behind a VIP ?
The header information that contains the server IP for the data channel gets encrypted , so unless the FTPS server has a method to inject the proxied or VIP address , you may get a failed connection since the client will try to connect directly to the host instead of the proxy or VIP .</tokentext>
<sentencetext>Try using FTPS through a reverse proxy or behind a VIP?
The header information that contains the server IP for the data channel gets encrypted, so unless the FTPS server has a method to inject the proxied or VIP address, you may get a failed connection since the client will try to connect directly to the host instead of the proxy or VIP.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676937</id>
	<title>Back we go then...</title>
	<author>Anonymous</author>
	<datestamp>1247502060000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>Back we go then to HTTP based web forms...</p></htmltext>
<tokenext>Back we go then to HTTP based web forms.. .</tokentext>
<sentencetext>Back we go then to HTTP based web forms...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679231</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>jackbird</author>
	<datestamp>1247509740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><i>Windows users, they can just grab themselves a copy of WinSCP.</i> <br> <br>FileZilla supports SFTP and FTPS out of the box.</htmltext>
<tokenext>Windows users , they can just grab themselves a copy of WinSCP .
FileZilla supports SFTP and FTPS out of the box .</tokentext>
<sentencetext>Windows users, they can just grab themselves a copy of WinSCP.
FileZilla supports SFTP and FTPS out of the box.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677973</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681205</id>
	<title>Symlink problem</title>
	<author>Antique Geekmeister</author>
	<datestamp>1247517060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>SFTP and SCP do not properly handle symlinks. It only takes one smart-aleck upstream to create a symlink, by any means, and make your SCP or SFTP duplication go \_insane\_. FTP could at least report these and attempt to handle them properly.

Frankly, I prefer rsync over SSH and even WebDAV over HTTPS: WebDAV over HTTPS is built into Microsoft's 'Network Neightborhood' and allows direct cut&amp;paste operations. It's also the underlying technology of Subversion's HTTP access, so it gets some attention to functionality and regular bugreports.</htmltext>
<tokenext>SFTP and SCP do not properly handle symlinks .
It only takes one smart-aleck upstream to create a symlink , by any means , and make your SCP or SFTP duplication go \ _insane \ _ .
FTP could at least report these and attempt to handle them properly .
Frankly , I prefer rsync over SSH and even WebDAV over HTTPS : WebDAV over HTTPS is built into Microsoft 's 'Network Neightborhood ' and allows direct cut&amp;paste operations .
It 's also the underlying technology of Subversion 's HTTP access , so it gets some attention to functionality and regular bugreports .</tokentext>
<sentencetext>SFTP and SCP do not properly handle symlinks.
It only takes one smart-aleck upstream to create a symlink, by any means, and make your SCP or SFTP duplication go \_insane\_.
FTP could at least report these and attempt to handle them properly.
Frankly, I prefer rsync over SSH and even WebDAV over HTTPS: WebDAV over HTTPS is built into Microsoft's 'Network Neightborhood' and allows direct cut&amp;paste operations.
It's also the underlying technology of Subversion's HTTP access, so it gets some attention to functionality and regular bugreports.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679807</id>
	<title>Re:FTP isn't going anywhere</title>
	<author>nine-times</author>
	<datestamp>1247511480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It really should just go away.  There's no excuse for using a protocol on the web that includes unencrypted authentication.  If you have to set up additional tunneling of one protocol through another protocol just to ensure secure authentication, then your first protocol isn't really doing its job.  FTP is simple?  I guess, but it stinks.  Even today, even using passive mode, you sometimes see weird/stupid problems with FTP going through firewalls and VPN tunnels.
</p><p>People really should be using SFTP, but it's suffered from some other problems.  For one, there hasn't traditionally been any easy/standard way to jail users once they log in.  OpenSSH has recently included jailing functionality, but it still requires that users home directories are read-only and owned by root.  Second, FTP clients all default to using FTP, and users who are just barely computer literate enough to put in hostname/username/password are put off by having to alter any other settings.</p></htmltext>
<tokenext>It really should just go away .
There 's no excuse for using a protocol on the web that includes unencrypted authentication .
If you have to set up additional tunneling of one protocol through another protocol just to ensure secure authentication , then your first protocol is n't really doing its job .
FTP is simple ?
I guess , but it stinks .
Even today , even using passive mode , you sometimes see weird/stupid problems with FTP going through firewalls and VPN tunnels .
People really should be using SFTP , but it 's suffered from some other problems .
For one , there has n't traditionally been any easy/standard way to jail users once they log in .
OpenSSH has recently included jailing functionality , but it still requires that users home directories are read-only and owned by root .
Second , FTP clients all default to using FTP , and users who are just barely computer literate enough to put in hostname/username/password are put off by having to alter any other settings .</tokentext>
<sentencetext>It really should just go away.
There's no excuse for using a protocol on the web that includes unencrypted authentication.
If you have to set up additional tunneling of one protocol through another protocol just to ensure secure authentication, then your first protocol isn't really doing its job.
FTP is simple?
I guess, but it stinks.
Even today, even using passive mode, you sometimes see weird/stupid problems with FTP going through firewalls and VPN tunnels.
People really should be using SFTP, but it's suffered from some other problems.
For one, there hasn't traditionally been any easy/standard way to jail users once they log in.
OpenSSH has recently included jailing functionality, but it still requires that users home directories are read-only and owned by root.
Second, FTP clients all default to using FTP, and users who are just barely computer literate enough to put in hostname/username/password are put off by having to alter any other settings.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28687781</id>
	<title>Re:Seriously people use anything but ssh/scp/sftp?</title>
	<author>IBBoard</author>
	<datestamp>1247563320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p> <i>Stealing</i> a key-pair is *so* much easier than <i>stealing</i> 47 different passwords I'm amazed people use anything else.</p></div></blockquote><p>There, fixed that for you<nobr> <wbr></nobr>;)</p><p>(Yes, you can put a pass-phrase on your key-pair, but then you're still either at the point of having one password for everything or having 47 key-pairs and 47 passwords<nobr> <wbr></nobr>;) )</p></div>
	</htmltext>
<tokenext>Stealing a key-pair is * so * much easier than stealing 47 different passwords I 'm amazed people use anything else.There , fixed that for you ; ) ( Yes , you can put a pass-phrase on your key-pair , but then you 're still either at the point of having one password for everything or having 47 key-pairs and 47 passwords ; ) )</tokentext>
<sentencetext> Stealing a key-pair is *so* much easier than stealing 47 different passwords I'm amazed people use anything else.There, fixed that for you ;)(Yes, you can put a pass-phrase on your key-pair, but then you're still either at the point of having one password for everything or having 47 key-pairs and 47 passwords ;) )
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680525</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677607</id>
	<title>Re:Keyloggers don't care</title>
	<author>Hurricane78</author>
	<datestamp>1247504460000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>Yeah! That's why I replaced all my employees by very small shell scripts.<nobr> <wbr></nobr>:P</p></htmltext>
<tokenext>Yeah !
That 's why I replaced all my employees by very small shell scripts .
: P</tokentext>
<sentencetext>Yeah!
That's why I replaced all my employees by very small shell scripts.
:P</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677517</id>
	<title>Well, maybe Re:Authentication goes both ways.</title>
	<author>davidwr</author>
	<datestamp>1247504160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If the server's been compromised and it's key stolen and nobody in charge knows it's stolen, all bets are off.</p><p>PS: "It's been 4 minutes since you last successfully posted a comment" what happened to only waiting 1-2 minutes between postings?</p></htmltext>
<tokenext>If the server 's been compromised and it 's key stolen and nobody in charge knows it 's stolen , all bets are off.PS : " It 's been 4 minutes since you last successfully posted a comment " what happened to only waiting 1-2 minutes between postings ?</tokentext>
<sentencetext>If the server's been compromised and it's key stolen and nobody in charge knows it's stolen, all bets are off.PS: "It's been 4 minutes since you last successfully posted a comment" what happened to only waiting 1-2 minutes between postings?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678575</id>
	<title>RTFA!</title>
	<author>SanityInAnarchy</author>
	<datestamp>1247507640000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>From TFA:</p><p><div class="quote"><p>I figured this wasn't worth worrying about, because it was much more likely that an attacker would attempt to steal the password by installing spyware on my home computer.... So, I assumed it made no difference whether I used FTP or SFTP.</p><p>But according to what Sinegubko told me, this reasoning was probably wrong. The problem is that even though spyware installed on your machine could read passwords that are stored in configuration files, it would be a lot of work to write a spyware program that could do this, because every FTP program and SFTP program stores passwords according to a different algorithm. It's much simpler for spyware to simply watch the traffic sent and received from your machine, so that any unencrypted passwords will be spotted</p></div><p>Same goes for keyloggers, by the way. You can look at everything I type and hope you get a password, or you can just intercept FTP, where you know exactly where the password is being sent.</p><p>Not that we shouldn't protect against keyloggers, but why would you make it easy?</p><p><div class="quote"><p>FTP vulnerable? No more then your home phone line or cell phone.</p></div><p>Not true -- while eavesdropping is probably easier with a phone conversation, man-in-the-middle attacks are much harder. If you said something, I know it was you who said it, because it sounds like you -- whereas with FTP, the server doesn't know if I uploaded the file, or someone in the middle uploaded the file, or someone who stole my password uploaded the file.</p><p><div class="quote"><p>You can get a silent VNC session going.... Hell just track the next time they go to amazon.com or any onther online site. Who gives a rats ass about SSL when you are seeing them type in their info?!</p></div><p>Because you have to 0wn me first.</p><p>If you don't bother with SSL, then there's no way the user could be careful enough or savvy enough -- the next time they order something from a wireless hotspot, someone else's laptop will <i>automatically</i> pick out their credit card number.</p><p>If you do, they suddenly have to not only compromise your machine, but actively watch for you to hit amazon.com, or write a much more complex program that hooks into IE (but what if you're not using IE?) and watch for amazon.com, or search through pages and pages of keylogs.</p><p><div class="quote"><p>The problem is and always will be PEOPLE. One they have control of the physical machine all bets are off for ANY security measure.</p></div><p>Both very true. But until the person or the physical machine is compromised, all of these other things mean a good deal more than "nothing".</p><p>It sounds very much like you're suggesting that we ignore security and encryption, because it's all futile anyway -- you certainly haven't offered a better approach. Well, you know what? Fuck you and your defeatist attitude. The rest of us will be working to actually make things better.</p></div>
	</htmltext>
<tokenext>From TFA : I figured this was n't worth worrying about , because it was much more likely that an attacker would attempt to steal the password by installing spyware on my home computer.... So , I assumed it made no difference whether I used FTP or SFTP.But according to what Sinegubko told me , this reasoning was probably wrong .
The problem is that even though spyware installed on your machine could read passwords that are stored in configuration files , it would be a lot of work to write a spyware program that could do this , because every FTP program and SFTP program stores passwords according to a different algorithm .
It 's much simpler for spyware to simply watch the traffic sent and received from your machine , so that any unencrypted passwords will be spottedSame goes for keyloggers , by the way .
You can look at everything I type and hope you get a password , or you can just intercept FTP , where you know exactly where the password is being sent.Not that we should n't protect against keyloggers , but why would you make it easy ? FTP vulnerable ?
No more then your home phone line or cell phone.Not true -- while eavesdropping is probably easier with a phone conversation , man-in-the-middle attacks are much harder .
If you said something , I know it was you who said it , because it sounds like you -- whereas with FTP , the server does n't know if I uploaded the file , or someone in the middle uploaded the file , or someone who stole my password uploaded the file.You can get a silent VNC session going.... Hell just track the next time they go to amazon.com or any onther online site .
Who gives a rats ass about SSL when you are seeing them type in their info ?
! Because you have to 0wn me first.If you do n't bother with SSL , then there 's no way the user could be careful enough or savvy enough -- the next time they order something from a wireless hotspot , someone else 's laptop will automatically pick out their credit card number.If you do , they suddenly have to not only compromise your machine , but actively watch for you to hit amazon.com , or write a much more complex program that hooks into IE ( but what if you 're not using IE ?
) and watch for amazon.com , or search through pages and pages of keylogs.The problem is and always will be PEOPLE .
One they have control of the physical machine all bets are off for ANY security measure.Both very true .
But until the person or the physical machine is compromised , all of these other things mean a good deal more than " nothing " .It sounds very much like you 're suggesting that we ignore security and encryption , because it 's all futile anyway -- you certainly have n't offered a better approach .
Well , you know what ?
Fuck you and your defeatist attitude .
The rest of us will be working to actually make things better .</tokentext>
<sentencetext>From TFA:I figured this wasn't worth worrying about, because it was much more likely that an attacker would attempt to steal the password by installing spyware on my home computer.... So, I assumed it made no difference whether I used FTP or SFTP.But according to what Sinegubko told me, this reasoning was probably wrong.
The problem is that even though spyware installed on your machine could read passwords that are stored in configuration files, it would be a lot of work to write a spyware program that could do this, because every FTP program and SFTP program stores passwords according to a different algorithm.
It's much simpler for spyware to simply watch the traffic sent and received from your machine, so that any unencrypted passwords will be spottedSame goes for keyloggers, by the way.
You can look at everything I type and hope you get a password, or you can just intercept FTP, where you know exactly where the password is being sent.Not that we shouldn't protect against keyloggers, but why would you make it easy?FTP vulnerable?
No more then your home phone line or cell phone.Not true -- while eavesdropping is probably easier with a phone conversation, man-in-the-middle attacks are much harder.
If you said something, I know it was you who said it, because it sounds like you -- whereas with FTP, the server doesn't know if I uploaded the file, or someone in the middle uploaded the file, or someone who stole my password uploaded the file.You can get a silent VNC session going.... Hell just track the next time they go to amazon.com or any onther online site.
Who gives a rats ass about SSL when you are seeing them type in their info?
!Because you have to 0wn me first.If you don't bother with SSL, then there's no way the user could be careful enough or savvy enough -- the next time they order something from a wireless hotspot, someone else's laptop will automatically pick out their credit card number.If you do, they suddenly have to not only compromise your machine, but actively watch for you to hit amazon.com, or write a much more complex program that hooks into IE (but what if you're not using IE?
) and watch for amazon.com, or search through pages and pages of keylogs.The problem is and always will be PEOPLE.
One they have control of the physical machine all bets are off for ANY security measure.Both very true.
But until the person or the physical machine is compromised, all of these other things mean a good deal more than "nothing".It sounds very much like you're suggesting that we ignore security and encryption, because it's all futile anyway -- you certainly haven't offered a better approach.
Well, you know what?
Fuck you and your defeatist attitude.
The rest of us will be working to actually make things better.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678985</id>
	<title>Whaaaaaa!</title>
	<author>flajann</author>
	<datestamp>1247508900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why the hell would ANYONE still be using FTP these days? I don't even allow its mere existence on my servers!

sftp or scp is fine. Regular old FTP? This is NOT the 80's!</htmltext>
<tokenext>Why the hell would ANYONE still be using FTP these days ?
I do n't even allow its mere existence on my servers !
sftp or scp is fine .
Regular old FTP ?
This is NOT the 80 's !</tokentext>
<sentencetext>Why the hell would ANYONE still be using FTP these days?
I don't even allow its mere existence on my servers!
sftp or scp is fine.
Regular old FTP?
This is NOT the 80's!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681999</id>
	<title>WebDAV? FTP over SSL/TLS?</title>
	<author>stefanlasiewski</author>
	<datestamp>1247476980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Have many groups looked at WebSAV or FTPS (FTP over SSL/TLS) as a replacement for FTP?</p><p>1. Encrypted communication, using the industry standard TLS or SSL.<br>2. WebDAV offers the power and maturity of Apache HTTPD. I believe that several of the mature FTP packages also support FTPS.<br>3. Apache authentication options include Radius, LDAP, etc. and are generally easy to install, provided you have the infrastructure.</p><p>I still mostly use SFTP. However, the design of FTPS looks a little more elegant and standards-compliant.</p></htmltext>
<tokenext>Have many groups looked at WebSAV or FTPS ( FTP over SSL/TLS ) as a replacement for FTP ? 1 .
Encrypted communication , using the industry standard TLS or SSL.2 .
WebDAV offers the power and maturity of Apache HTTPD .
I believe that several of the mature FTP packages also support FTPS.3 .
Apache authentication options include Radius , LDAP , etc .
and are generally easy to install , provided you have the infrastructure.I still mostly use SFTP .
However , the design of FTPS looks a little more elegant and standards-compliant .</tokentext>
<sentencetext>Have many groups looked at WebSAV or FTPS (FTP over SSL/TLS) as a replacement for FTP?1.
Encrypted communication, using the industry standard TLS or SSL.2.
WebDAV offers the power and maturity of Apache HTTPD.
I believe that several of the mature FTP packages also support FTPS.3.
Apache authentication options include Radius, LDAP, etc.
and are generally easy to install, provided you have the infrastructure.I still mostly use SFTP.
However, the design of FTPS looks a little more elegant and standards-compliant.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680151</id>
	<title>Re:It doesn't matter</title>
	<author>DavidTC</author>
	<datestamp>1247512680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Yes, but sniffing FTP packets from a local traffic intercept is <b>much</b> easier to automate than sniffing passwords while typed, or trying to decrypt them from the myriad programs out there.</p><p>
All you have do is watch a known port for a known character pattern.</p><p>
Keystroke loggers, OTOH, require human intervention, unless you're trying to grab easily recognizable strings like credit card numbers. Stealing credentials from programs likewise requires supporting a bunch of different programs and formats.</p></htmltext>
<tokenext>Yes , but sniffing FTP packets from a local traffic intercept is much easier to automate than sniffing passwords while typed , or trying to decrypt them from the myriad programs out there .
All you have do is watch a known port for a known character pattern .
Keystroke loggers , OTOH , require human intervention , unless you 're trying to grab easily recognizable strings like credit card numbers .
Stealing credentials from programs likewise requires supporting a bunch of different programs and formats .</tokentext>
<sentencetext>Yes, but sniffing FTP packets from a local traffic intercept is much easier to automate than sniffing passwords while typed, or trying to decrypt them from the myriad programs out there.
All you have do is watch a known port for a known character pattern.
Keystroke loggers, OTOH, require human intervention, unless you're trying to grab easily recognizable strings like credit card numbers.
Stealing credentials from programs likewise requires supporting a bunch of different programs and formats.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677435</id>
	<title>Not just unknown, incompatible</title>
	<author>Anonymous</author>
	<datestamp>1247503800000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>I have <i>tried</i> to set up an FTPS site.</p><p>Even with vsftpd, I was unable to configure it with settings that allowed it to connect with more than 1 different type of client at a time.  So far as I can tell, there are a half-dozen different implementation of FTPS out there, none of which are able to interoperate properly.</p><p>SFTP is much more standard and well-supported, and more or less just works, and there are various tutorials out there for setting it up.</p><p>Dan Aris</p></htmltext>
<tokenext>I have tried to set up an FTPS site.Even with vsftpd , I was unable to configure it with settings that allowed it to connect with more than 1 different type of client at a time .
So far as I can tell , there are a half-dozen different implementation of FTPS out there , none of which are able to interoperate properly.SFTP is much more standard and well-supported , and more or less just works , and there are various tutorials out there for setting it up.Dan Aris</tokentext>
<sentencetext>I have tried to set up an FTPS site.Even with vsftpd, I was unable to configure it with settings that allowed it to connect with more than 1 different type of client at a time.
So far as I can tell, there are a half-dozen different implementation of FTPS out there, none of which are able to interoperate properly.SFTP is much more standard and well-supported, and more or less just works, and there are various tutorials out there for setting it up.Dan Aris</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680525</id>
	<title>Seriously people use anything but ssh/scp/sftp???</title>
	<author>nedlohs</author>
	<datestamp>1247514000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Using a key-pair is *so* much easier than remembering 47 different passwords I'm amazed people use anything else.</p></htmltext>
<tokenext>Using a key-pair is * so * much easier than remembering 47 different passwords I 'm amazed people use anything else .</tokentext>
<sentencetext>Using a key-pair is *so* much easier than remembering 47 different passwords I'm amazed people use anything else.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677617</id>
	<title>tl;dr</title>
	<author>olborer</author>
	<datestamp>1247504460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>tl;dr</htmltext>
<tokenext>tl ; dr</tokentext>
<sentencetext>tl;dr</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678241</id>
	<title>Re:Missing the point...</title>
	<author>The Cisco Kid</author>
	<datestamp>1247506440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>encrypting the connection isnt going to do you any good when the crapware is running *on* the client machine, which has to have the cleartext pasword and/or private key in order to establish the connection. Really 'packet sniffing' isn't really the big danger. ISP networks rarely have windows machines (at least not connected where they have access to sniff anything,) and the network routers and switches are rock solid.</p></htmltext>
<tokenext>encrypting the connection isnt going to do you any good when the crapware is running * on * the client machine , which has to have the cleartext pasword and/or private key in order to establish the connection .
Really 'packet sniffing ' is n't really the big danger .
ISP networks rarely have windows machines ( at least not connected where they have access to sniff anything , ) and the network routers and switches are rock solid .</tokentext>
<sentencetext>encrypting the connection isnt going to do you any good when the crapware is running *on* the client machine, which has to have the cleartext pasword and/or private key in order to establish the connection.
Really 'packet sniffing' isn't really the big danger.
ISP networks rarely have windows machines (at least not connected where they have access to sniff anything,) and the network routers and switches are rock solid.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678605</id>
	<title>Security through being different?</title>
	<author>Vellmont</author>
	<datestamp>1247507700000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>What I get from this overly long article is the author thinks that simply by not being the same as the herd (the herd being people who use FTP) that increases security.</p><p>While there's some truth to this, it's a lot less than you think.  Being different in one way doesn't save you from all the other ways you're the same.  If someone can install malware on your machine, a keylogger would grab ANYTHING you type in.  It's not too hard to parse out all of that for username/passwords.  It's like saying having a strange non-standard layout to your house keeps you safe from really dumb burglars that've already broken in.</p></htmltext>
<tokenext>What I get from this overly long article is the author thinks that simply by not being the same as the herd ( the herd being people who use FTP ) that increases security.While there 's some truth to this , it 's a lot less than you think .
Being different in one way does n't save you from all the other ways you 're the same .
If someone can install malware on your machine , a keylogger would grab ANYTHING you type in .
It 's not too hard to parse out all of that for username/passwords .
It 's like saying having a strange non-standard layout to your house keeps you safe from really dumb burglars that 've already broken in .</tokentext>
<sentencetext>What I get from this overly long article is the author thinks that simply by not being the same as the herd (the herd being people who use FTP) that increases security.While there's some truth to this, it's a lot less than you think.
Being different in one way doesn't save you from all the other ways you're the same.
If someone can install malware on your machine, a keylogger would grab ANYTHING you type in.
It's not too hard to parse out all of that for username/passwords.
It's like saying having a strange non-standard layout to your house keeps you safe from really dumb burglars that've already broken in.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678755</id>
	<title>FTP, rsync+ssh</title>
	<author>dwheeler</author>
	<datestamp>1247508240000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>
FTP is still fine for providing big files that don't need to be protected by a password. But yes, if you're CHANGING data, raw ftp is usually a bad idea.
</p><p>
If you're uploading files, I heartily recommend using rsync+ssh.  It's incredibly fast, since only the files that CHANGED are uploaded, and ssh makes it all secure.
It can be a pain to set up on some cheap hosting sites, but <a href="http://www.dwheeler.com/blog/2009/01/08/" title="dwheeler.com">I've figured out how to make rsync+ssh work even on some cheap hosting sites</a> [dwheeler.com].
Hope that helps.
</p></htmltext>
<tokenext>FTP is still fine for providing big files that do n't need to be protected by a password .
But yes , if you 're CHANGING data , raw ftp is usually a bad idea .
If you 're uploading files , I heartily recommend using rsync + ssh .
It 's incredibly fast , since only the files that CHANGED are uploaded , and ssh makes it all secure .
It can be a pain to set up on some cheap hosting sites , but I 've figured out how to make rsync + ssh work even on some cheap hosting sites [ dwheeler.com ] .
Hope that helps .</tokentext>
<sentencetext>
FTP is still fine for providing big files that don't need to be protected by a password.
But yes, if you're CHANGING data, raw ftp is usually a bad idea.
If you're uploading files, I heartily recommend using rsync+ssh.
It's incredibly fast, since only the files that CHANGED are uploaded, and ssh makes it all secure.
It can be a pain to set up on some cheap hosting sites, but I've figured out how to make rsync+ssh work even on some cheap hosting sites [dwheeler.com].
Hope that helps.
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287</id>
	<title>FTP isn't going anywhere</title>
	<author>BigJClark</author>
	<datestamp>1247503260000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><br>
Its an amazingly simple protocol, lightweight, and easy to setup and administrate.  Concerned about security?  Tunnel it with SSH.  I think there is a packaged app out there somewhere (sftp?), but really, I tunnel all insecure protocols with SSH, using an incredibly simple, yet powerful app (putty).</htmltext>
<tokenext>Its an amazingly simple protocol , lightweight , and easy to setup and administrate .
Concerned about security ?
Tunnel it with SSH .
I think there is a packaged app out there somewhere ( sftp ?
) , but really , I tunnel all insecure protocols with SSH , using an incredibly simple , yet powerful app ( putty ) .</tokentext>
<sentencetext>
Its an amazingly simple protocol, lightweight, and easy to setup and administrate.
Concerned about security?
Tunnel it with SSH.
I think there is a packaged app out there somewhere (sftp?
), but really, I tunnel all insecure protocols with SSH, using an incredibly simple, yet powerful app (putty).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683485</id>
	<title>Re:Missing the point...</title>
	<author>Anonymous</author>
	<datestamp>1247483280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>To display the laughing cats download this file and type "sudo keylogger"</p></htmltext>
<tokenext>To display the laughing cats download this file and type " sudo keylogger "</tokentext>
<sentencetext>To display the laughing cats download this file and type "sudo keylogger"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681189</id>
	<title>Re:Hmm</title>
	<author>Anonymous</author>
	<datestamp>1247517000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Capsule summary of post:<br>Once I had a site, publiceditormyass.com, unfortunately the ftp password to publiceditormyass.com was sniffed and login credentials were stolen. Then publiceditormyass.com had all kinds of pwnage script tags inserted. What happened next to publiceditormyass.com was bad. Then I restored publiceditormyass.com and wrote an article for<nobr> <wbr></nobr>./ all about how publiceditormyass.com was hacked. The premise of the article about the publiceditormyass.com incident is that ftp is rip. Happily publiceditormyass.com lives on. I just want to conclude that publiceditormyass.com is not the subject of this article, cleartext passwords are. This is not a plug for publiceditormyass.com.</p></htmltext>
<tokenext>Capsule summary of post : Once I had a site , publiceditormyass.com , unfortunately the ftp password to publiceditormyass.com was sniffed and login credentials were stolen .
Then publiceditormyass.com had all kinds of pwnage script tags inserted .
What happened next to publiceditormyass.com was bad .
Then I restored publiceditormyass.com and wrote an article for ./ all about how publiceditormyass.com was hacked .
The premise of the article about the publiceditormyass.com incident is that ftp is rip .
Happily publiceditormyass.com lives on .
I just want to conclude that publiceditormyass.com is not the subject of this article , cleartext passwords are .
This is not a plug for publiceditormyass.com .</tokentext>
<sentencetext>Capsule summary of post:Once I had a site, publiceditormyass.com, unfortunately the ftp password to publiceditormyass.com was sniffed and login credentials were stolen.
Then publiceditormyass.com had all kinds of pwnage script tags inserted.
What happened next to publiceditormyass.com was bad.
Then I restored publiceditormyass.com and wrote an article for ./ all about how publiceditormyass.com was hacked.
The premise of the article about the publiceditormyass.com incident is that ftp is rip.
Happily publiceditormyass.com lives on.
I just want to conclude that publiceditormyass.com is not the subject of this article, cleartext passwords are.
This is not a plug for publiceditormyass.com.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676987</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677965</id>
	<title>FUD. Bullshit article.</title>
	<author>EddyPearson</author>
	<datestamp>1247505660000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'm sorry. Is this Slashdot? This articles reads like it was written for the idiots, by idiots.</p><p>I've only skim read this dross, but it doesn't seem to make any concrete points. It draws attention some stupifyingly obvious security considerations (I wouldn't go as far as to call them bugs), babbles on about Windows spyware and then has a short excerpt from the GoDaddy help (what the fuck?)</p><p>What a waste of text, this boils down to 4 things:</p><p>1. User chose an easily guessable user/password for FTP.<br>2. User left user/password for FTP somewhere world readable<br>3. User got spyware which stole FTP details stored on his machine.<br>4. MITM attack on FTP session, stealing user/password over the wire. (this one I assumed because it's recommending SFTP without tellings us WHY)</p><p>Let me cut this craptastic essay down to size:</p><p>Easy to crack passwords get cracked easily.<br>Spyware steals login credentials.<br>Hackers can use MITM attacks to intercept data.<br>People are stupid and sometimes leave login credentials in a public page.</p><p>Frankly the editors should be embarrassed.</p></htmltext>
<tokenext>I 'm sorry .
Is this Slashdot ?
This articles reads like it was written for the idiots , by idiots.I 've only skim read this dross , but it does n't seem to make any concrete points .
It draws attention some stupifyingly obvious security considerations ( I would n't go as far as to call them bugs ) , babbles on about Windows spyware and then has a short excerpt from the GoDaddy help ( what the fuck ?
) What a waste of text , this boils down to 4 things : 1 .
User chose an easily guessable user/password for FTP.2 .
User left user/password for FTP somewhere world readable3 .
User got spyware which stole FTP details stored on his machine.4 .
MITM attack on FTP session , stealing user/password over the wire .
( this one I assumed because it 's recommending SFTP without tellings us WHY ) Let me cut this craptastic essay down to size : Easy to crack passwords get cracked easily.Spyware steals login credentials.Hackers can use MITM attacks to intercept data.People are stupid and sometimes leave login credentials in a public page.Frankly the editors should be embarrassed .</tokentext>
<sentencetext>I'm sorry.
Is this Slashdot?
This articles reads like it was written for the idiots, by idiots.I've only skim read this dross, but it doesn't seem to make any concrete points.
It draws attention some stupifyingly obvious security considerations (I wouldn't go as far as to call them bugs), babbles on about Windows spyware and then has a short excerpt from the GoDaddy help (what the fuck?
)What a waste of text, this boils down to 4 things:1.
User chose an easily guessable user/password for FTP.2.
User left user/password for FTP somewhere world readable3.
User got spyware which stole FTP details stored on his machine.4.
MITM attack on FTP session, stealing user/password over the wire.
(this one I assumed because it's recommending SFTP without tellings us WHY)Let me cut this craptastic essay down to size:Easy to crack passwords get cracked easily.Spyware steals login credentials.Hackers can use MITM attacks to intercept data.People are stupid and sometimes leave login credentials in a public page.Frankly the editors should be embarrassed.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989</id>
	<title>Amusingly..</title>
	<author>grasshoppa</author>
	<datestamp>1247502240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This came up in a class I took at college.  It was a bullshit "internet concepts" class, where they talked about setting up a website, basically.  One of the things they talked about was ftp and how it's used to upload content to your "web host".  Needless to say I felt the need to hurt those responsible for promoting this crap.  While I did the assignments as they wanted, I made it a point to try to educate people in the class as to the proper protocols to use for uploading content.</p></htmltext>
<tokenext>This came up in a class I took at college .
It was a bullshit " internet concepts " class , where they talked about setting up a website , basically .
One of the things they talked about was ftp and how it 's used to upload content to your " web host " .
Needless to say I felt the need to hurt those responsible for promoting this crap .
While I did the assignments as they wanted , I made it a point to try to educate people in the class as to the proper protocols to use for uploading content .</tokentext>
<sentencetext>This came up in a class I took at college.
It was a bullshit "internet concepts" class, where they talked about setting up a website, basically.
One of the things they talked about was ftp and how it's used to upload content to your "web host".
Needless to say I felt the need to hurt those responsible for promoting this crap.
While I did the assignments as they wanted, I made it a point to try to educate people in the class as to the proper protocols to use for uploading content.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989</id>
	<title>Re:FTPS</title>
	<author>Hatta</author>
	<datestamp>1247505660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>How does one break out of <a href="http://www.linuxsecurity.com/content/view/117632/49/" title="linuxsecurity.com">chroot</a> [linuxsecurity.com]?</p><blockquote><div><p>Third, if there is no root user defined within the chroot environment, no SUID binaries, no devices, and the daemon itself dropped root privileges right after calling chroot() call (like in the code below), breaking out of chroot appears to be impossible. In other words, if there is no way to gain root shell or perform actions that only root can usually perform (e.g. create devices, or access raw memory) breaking chroot is not clearly possible. Ideally, if the custom software uses chroot for security the sequence of calls should be:</p><p>chdir("/home/safedir");<br>chroot("/home/safedir");<br>setuid(500);</p><p>Keep in mind, that after these lines are executed there will be no way for the program to regain root privileges.</p></div></blockquote><p>Chroot can clearly add to security if used correctly.</p></div>
	</htmltext>
<tokenext>How does one break out of chroot [ linuxsecurity.com ] ? Third , if there is no root user defined within the chroot environment , no SUID binaries , no devices , and the daemon itself dropped root privileges right after calling chroot ( ) call ( like in the code below ) , breaking out of chroot appears to be impossible .
In other words , if there is no way to gain root shell or perform actions that only root can usually perform ( e.g .
create devices , or access raw memory ) breaking chroot is not clearly possible .
Ideally , if the custom software uses chroot for security the sequence of calls should be : chdir ( " /home/safedir " ) ; chroot ( " /home/safedir " ) ; setuid ( 500 ) ; Keep in mind , that after these lines are executed there will be no way for the program to regain root privileges.Chroot can clearly add to security if used correctly .</tokentext>
<sentencetext>How does one break out of chroot [linuxsecurity.com]?Third, if there is no root user defined within the chroot environment, no SUID binaries, no devices, and the daemon itself dropped root privileges right after calling chroot() call (like in the code below), breaking out of chroot appears to be impossible.
In other words, if there is no way to gain root shell or perform actions that only root can usually perform (e.g.
create devices, or access raw memory) breaking chroot is not clearly possible.
Ideally, if the custom software uses chroot for security the sequence of calls should be:chdir("/home/safedir");chroot("/home/safedir");setuid(500);Keep in mind, that after these lines are executed there will be no way for the program to regain root privileges.Chroot can clearly add to security if used correctly.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680385</id>
	<title>Re:Missing the point...</title>
	<author>Alun Jones</author>
	<datestamp>1247513460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>FTP over SSL \_does\_ verify the authenticity of the host you are connecting to, in the same way that HTTPS does. Checks that the certificate is issued by a trusted root, and that its CN matches the domain name provided to the client. I agree with you that the bottom line is that companies must stop using unencrypted FTP - I disagree with your conclusion, that all FTP is therefore bad.</htmltext>
<tokenext>FTP over SSL \ _does \ _ verify the authenticity of the host you are connecting to , in the same way that HTTPS does .
Checks that the certificate is issued by a trusted root , and that its CN matches the domain name provided to the client .
I agree with you that the bottom line is that companies must stop using unencrypted FTP - I disagree with your conclusion , that all FTP is therefore bad .</tokentext>
<sentencetext>FTP over SSL \_does\_ verify the authenticity of the host you are connecting to, in the same way that HTTPS does.
Checks that the certificate is issued by a trusted root, and that its CN matches the domain name provided to the client.
I agree with you that the bottom line is that companies must stop using unencrypted FTP - I disagree with your conclusion, that all FTP is therefore bad.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679361</id>
	<title>Re:Users can't tell the difference</title>
	<author>CastrTroy</author>
	<datestamp>1247510220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Since most modern cars don't have carburetors, and instead have fuel injectors, I don't think most people should care about what it does.</htmltext>
<tokenext>Since most modern cars do n't have carburetors , and instead have fuel injectors , I do n't think most people should care about what it does .</tokentext>
<sentencetext>Since most modern cars don't have carburetors, and instead have fuel injectors, I don't think most people should care about what it does.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678539</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089</id>
	<title>FTPS</title>
	<author>Anonymous</author>
	<datestamp>1247502600000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>It's unfortunate that FTPS still seems to be widely unknown. FTPS is an extension of the FTP protocol which secures the control &amp; data channels with TLS. It's standardized in RFC 4217.</p><p>Restricting users to their home directory is much easier with FTPS than with SSH. The latter requires you to setup a chroot jail for each user. At least OpenSSH has built-in chroot support that allows you to specify a chroot environment for each user via<nobr> <wbr></nobr>/etc/passwd.</p><p>Many FTP clients and servers support the FTPS protocol, for example:<br>* FileZilla<br>* curl (and curlftpfs)<br>* lftp</p><p>Servers:<br>* vsftpd (can enforce encrypted FTP)</p></htmltext>
<tokenext>It 's unfortunate that FTPS still seems to be widely unknown .
FTPS is an extension of the FTP protocol which secures the control &amp; data channels with TLS .
It 's standardized in RFC 4217.Restricting users to their home directory is much easier with FTPS than with SSH .
The latter requires you to setup a chroot jail for each user .
At least OpenSSH has built-in chroot support that allows you to specify a chroot environment for each user via /etc/passwd.Many FTP clients and servers support the FTPS protocol , for example : * FileZilla * curl ( and curlftpfs ) * lftpServers : * vsftpd ( can enforce encrypted FTP )</tokentext>
<sentencetext>It's unfortunate that FTPS still seems to be widely unknown.
FTPS is an extension of the FTP protocol which secures the control &amp; data channels with TLS.
It's standardized in RFC 4217.Restricting users to their home directory is much easier with FTPS than with SSH.
The latter requires you to setup a chroot jail for each user.
At least OpenSSH has built-in chroot support that allows you to specify a chroot environment for each user via /etc/passwd.Many FTP clients and servers support the FTPS protocol, for example:* FileZilla* curl (and curlftpfs)* lftpServers:* vsftpd (can enforce encrypted FTP)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680133</id>
	<title>Re:All you need to know:</title>
	<author>clam666</author>
	<datestamp>1247512620000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>I told you people the God-damned internet was going to be a problem when you bought it, and now you're messed it up real good.</p><p>Next time listen to Daddy.  Your mother and I <i>told</i> you pr0n and dirty pictures would lead to nasty business.  Now we can add this one to the list.</p><ol>
<li>Blindness</li><li>Hairy Palms</li><li>Broke the God-damned internets</li></ol></htmltext>
<tokenext>I told you people the God-damned internet was going to be a problem when you bought it , and now you 're messed it up real good.Next time listen to Daddy .
Your mother and I told you pr0n and dirty pictures would lead to nasty business .
Now we can add this one to the list .
BlindnessHairy PalmsBroke the God-damned internets</tokentext>
<sentencetext>I told you people the God-damned internet was going to be a problem when you bought it, and now you're messed it up real good.Next time listen to Daddy.
Your mother and I told you pr0n and dirty pictures would lead to nasty business.
Now we can add this one to the list.
BlindnessHairy PalmsBroke the God-damned internets</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676899</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684181
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681655
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678259
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681343
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677559
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680567
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678575
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677973
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679231
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680741
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679123
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28696113
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679101
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680525
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28687781
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680151
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680063
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681221
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_65</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680861
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683485
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677679
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677435
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680107
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677641
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678985
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680931
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676899
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680133
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678953
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681479
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681579
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28691767
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680665
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683011
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_62</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678373
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680419
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678507
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678351
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28685187
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678311
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677829
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678179
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680385
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676987
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681189
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681555
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678035
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678539
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679361
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678421
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680607
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683619
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677205
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680143
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677595
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681669
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679923
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677711
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677569
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679969
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28790863
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_63</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677759
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28682775
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683565
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28690853
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680921
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679807
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683543
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678241
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_64</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677111
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681255
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677165
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679149
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684049
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677607
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677795
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683255
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_61</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677517
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678719
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_07_13_142210_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683249
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677137
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681555
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679969
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681655
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678035
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678539
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679361
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28682775
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677135
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680525
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28687781
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677287
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678259
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28685187
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678421
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680607
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679807
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677795
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677711
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677973
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679231
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678863
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677001
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676957
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28687807
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677111
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681255
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677151
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683255
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677517
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677005
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677089
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677639
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678507
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678373
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678953
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678311
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677989
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680665
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683011
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681343
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681579
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680741
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677435
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680107
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678351
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677641
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677569
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677173
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680419
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683565
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677559
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680567
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679123
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680063
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678179
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28690853
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28790863
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676989
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678719
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681221
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684181
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676899
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680133
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677667
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680173
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677511
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677789
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680385
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28696113
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678241
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680921
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679101
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683485
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683619
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678605
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681065
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679281
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678867
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678411
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683543
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28683249
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677385
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678985
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680931
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677253
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677607
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677759
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28678575
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681479
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677829
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679923
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677067
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28691767
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28684049
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677679
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680151
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680861
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677205
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28680143
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677595
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681669
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677165
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28679149
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681999
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28677221
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676987
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28681189
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_07_13_142210.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_07_13_142210.28676937
</commentlist>
</conversation>
