<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article09_10_23_1212248</id>
	<title>Of Encrypted Hard Drives and "Evil Maids"</title>
	<author>kdawson</author>
	<datestamp>1256305020000</datestamp>
	<htmltext>Schneier has a blog piece about <a href="http://www.schneier.com/blog/archives/2009/10/evil\_maid\_attac.html">Joanna Rutkowska's "evil maid" attack</a>, demonstrated earlier this month against TrueCrypt. <i>"The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker. ... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. ... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe. It protects against someone confiscating or stealing their computer and then trying to get at the data. It does not protect against an attacker who has access to your computer over a period of time during which you use it, too."</i></htmltext>
<tokenext>Schneier has a blog piece about Joanna Rutkowska 's " evil maid " attack , demonstrated earlier this month against TrueCrypt .
" The same kind of attack should work against any whole-disk encryption , including PGP Disk and BitLocker .
... [ A ] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner , and the maid sneaks in and installs the hacked bootloader .
... [ P ] eople who encrypt their hard drives , or partitions on their hard drives , have to realize that the encryption gives them less protection than they probably believe .
It protects against someone confiscating or stealing their computer and then trying to get at the data .
It does not protect against an attacker who has access to your computer over a period of time during which you use it , too .
"</tokentext>
<sentencetext>Schneier has a blog piece about Joanna Rutkowska's "evil maid" attack, demonstrated earlier this month against TrueCrypt.
"The same kind of attack should work against any whole-disk encryption, including PGP Disk and BitLocker.
... [A] likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader.
... [P]eople who encrypt their hard drives, or partitions on their hard drives, have to realize that the encryption gives them less protection than they probably believe.
It protects against someone confiscating or stealing their computer and then trying to get at the data.
It does not protect against an attacker who has access to your computer over a period of time during which you use it, too.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845775</id>
	<title>Re:And that's the lesser evil</title>
	<author>rcamans</author>
	<datestamp>1256311320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Wait a minute. I like the sound of this. Where can I get me a whole bunch of evil bartenders? Please?</p></htmltext>
<tokenext>Wait a minute .
I like the sound of this .
Where can I get me a whole bunch of evil bartenders ?
Please ?</tokentext>
<sentencetext>Wait a minute.
I like the sound of this.
Where can I get me a whole bunch of evil bartenders?
Please?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29855489</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256387520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yes... But for this to happens, your BIOS needs to be unprotected and/or allows for external device booting for the boot loader to be installed in the first place. That's like begging for trouble with a portable device.</p></htmltext>
<tokenext>Yes... But for this to happens , your BIOS needs to be unprotected and/or allows for external device booting for the boot loader to be installed in the first place .
That 's like begging for trouble with a portable device .</tokentext>
<sentencetext>Yes... But for this to happens, your BIOS needs to be unprotected and/or allows for external device booting for the boot loader to be installed in the first place.
That's like begging for trouble with a portable device.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848087</id>
	<title>Re:Easily foiled</title>
	<author>joebagodonuts</author>
	<datestamp>1256322180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Modded "Insightful"?. Mods need to get out more... only on<nobr> <wbr></nobr>./</htmltext>
<tokenext>Modded " Insightful " ? .
Mods need to get out more... only on ./</tokentext>
<sentencetext>Modded "Insightful"?.
Mods need to get out more... only on ./</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>zippthorne</author>
	<datestamp>1256311620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem with bitlocker is that it's only part of the ultimatextremeultra most expensive version of Windows.  Most people would be too cheap to get that version, even if they knew what the benefit was.  So your home computer probably doesn't have it.  Your company provided laptop probably <em>also</em> doesn't have it, unless you're fairly high up in importance.</p></htmltext>
<tokenext>The problem with bitlocker is that it 's only part of the ultimatextremeultra most expensive version of Windows .
Most people would be too cheap to get that version , even if they knew what the benefit was .
So your home computer probably does n't have it .
Your company provided laptop probably also does n't have it , unless you 're fairly high up in importance .</tokentext>
<sentencetext>The problem with bitlocker is that it's only part of the ultimatextremeultra most expensive version of Windows.
Most people would be too cheap to get that version, even if they knew what the benefit was.
So your home computer probably doesn't have it.
Your company provided laptop probably also doesn't have it, unless you're fairly high up in importance.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846273</id>
	<title>What is the evil maid going to do...</title>
	<author>Chris Mattern</author>
	<datestamp>1256314020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...if you locked your computer's screen before you walked away from it?  You know, like YOU SHOULD ALWAYS DO?</p><p>The ones that get me are the encrypted disks that unlock themselves (no user supplied password) on boot-up.  Don't people realize that they're taping the key underneath the lock in that sort of configuration?</p></htmltext>
<tokenext>...if you locked your computer 's screen before you walked away from it ?
You know , like YOU SHOULD ALWAYS DO ? The ones that get me are the encrypted disks that unlock themselves ( no user supplied password ) on boot-up .
Do n't people realize that they 're taping the key underneath the lock in that sort of configuration ?</tokentext>
<sentencetext>...if you locked your computer's screen before you walked away from it?
You know, like YOU SHOULD ALWAYS DO?The ones that get me are the encrypted disks that unlock themselves (no user supplied password) on boot-up.
Don't people realize that they're taping the key underneath the lock in that sort of configuration?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846905</id>
	<title>Re:And how exactly...</title>
	<author>mlts</author>
	<datestamp>1256317260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If physical security on TPM chips even becomes more than a slight issue, most likely what will happen is that the TPM functionality will move from today's existing chip that doesn't have physical protection, to chips which are epoxy potted onto motherboards (like any video chips that deal with Blu-Ray.  The spec requires the maker to drop a blob on epoxy on them to prevent reverse engineering).  For high security, I'm sure that the TPM and critical parts of the machine's BIOS will be moved into a metal security container with epoxy potting, as well as multiple tamper mechanisms that will zero out the contents should the case be breached, similar to how smart cards and PCI based key storage modules work today.</p></htmltext>
<tokenext>If physical security on TPM chips even becomes more than a slight issue , most likely what will happen is that the TPM functionality will move from today 's existing chip that does n't have physical protection , to chips which are epoxy potted onto motherboards ( like any video chips that deal with Blu-Ray .
The spec requires the maker to drop a blob on epoxy on them to prevent reverse engineering ) .
For high security , I 'm sure that the TPM and critical parts of the machine 's BIOS will be moved into a metal security container with epoxy potting , as well as multiple tamper mechanisms that will zero out the contents should the case be breached , similar to how smart cards and PCI based key storage modules work today .</tokentext>
<sentencetext>If physical security on TPM chips even becomes more than a slight issue, most likely what will happen is that the TPM functionality will move from today's existing chip that doesn't have physical protection, to chips which are epoxy potted onto motherboards (like any video chips that deal with Blu-Ray.
The spec requires the maker to drop a blob on epoxy on them to prevent reverse engineering).
For high security, I'm sure that the TPM and critical parts of the machine's BIOS will be moved into a metal security container with epoxy potting, as well as multiple tamper mechanisms that will zero out the contents should the case be breached, similar to how smart cards and PCI based key storage modules work today.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851525</id>
	<title>BIOS Password!</title>
	<author>Anonymous</author>
	<datestamp>1256291760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>BIOS Password!   BIOS Password!  BIOS Password!<br>What I am trying to tell you all, is that it is critical that your laptop (and even desktops, really) need to have a BIOS password entered so that the evil maid cannot reboot your computer to any external device such as a USB without knowing your BIOS password.  So you first configure your BIOS so that no external devices are bootable; then you set the BIOS password to something non-guessable.  Even this does not guarantee hacking, because if the thief has long-term access to your laptop, and the willpower, they will open your laptop and disconnect your BIOS settings battery so that your BIOS settings are reset.  But, if you are sharp then you will realize upon a reboot or awakening from hibernation that the system is no longer querying you for the password, which means you have been hacked!  Then again, a genius thief might have a mock BIOS password query screen, but that starts to enter the realm of paranoia.  But . . . am I paranoid *enough*?</p></htmltext>
<tokenext>BIOS Password !
BIOS Password !
BIOS Password ! What I am trying to tell you all , is that it is critical that your laptop ( and even desktops , really ) need to have a BIOS password entered so that the evil maid can not reboot your computer to any external device such as a USB without knowing your BIOS password .
So you first configure your BIOS so that no external devices are bootable ; then you set the BIOS password to something non-guessable .
Even this does not guarantee hacking , because if the thief has long-term access to your laptop , and the willpower , they will open your laptop and disconnect your BIOS settings battery so that your BIOS settings are reset .
But , if you are sharp then you will realize upon a reboot or awakening from hibernation that the system is no longer querying you for the password , which means you have been hacked !
Then again , a genius thief might have a mock BIOS password query screen , but that starts to enter the realm of paranoia .
But .
. .
am I paranoid * enough * ?</tokentext>
<sentencetext>BIOS Password!
BIOS Password!
BIOS Password!What I am trying to tell you all, is that it is critical that your laptop (and even desktops, really) need to have a BIOS password entered so that the evil maid cannot reboot your computer to any external device such as a USB without knowing your BIOS password.
So you first configure your BIOS so that no external devices are bootable; then you set the BIOS password to something non-guessable.
Even this does not guarantee hacking, because if the thief has long-term access to your laptop, and the willpower, they will open your laptop and disconnect your BIOS settings battery so that your BIOS settings are reset.
But, if you are sharp then you will realize upon a reboot or awakening from hibernation that the system is no longer querying you for the password, which means you have been hacked!
Then again, a genius thief might have a mock BIOS password query screen, but that starts to enter the realm of paranoia.
But .
. .
am I paranoid *enough*?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29854365</id>
	<title>Hardware security is the answer</title>
	<author>jonwil</author>
	<datestamp>1256320620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Have a hardware or BIOS-level password. If you dont have the password, you cant even boot the machine on any medium. Combine this with a screen lock (where the screen will lock if the screensaver/blanker activates) and it should protect things. If the bad guy doesn't have the password, they cant unlock the machine. They cant reboot either due to the</p><p>To prevent someone simply opening up the machine and installing a hardware keylogger, fit some sort of sticker that cant easily be forged/replaced and that easily indicates the machine has been opened.</p></htmltext>
<tokenext>Have a hardware or BIOS-level password .
If you dont have the password , you cant even boot the machine on any medium .
Combine this with a screen lock ( where the screen will lock if the screensaver/blanker activates ) and it should protect things .
If the bad guy does n't have the password , they cant unlock the machine .
They cant reboot either due to theTo prevent someone simply opening up the machine and installing a hardware keylogger , fit some sort of sticker that cant easily be forged/replaced and that easily indicates the machine has been opened .</tokentext>
<sentencetext>Have a hardware or BIOS-level password.
If you dont have the password, you cant even boot the machine on any medium.
Combine this with a screen lock (where the screen will lock if the screensaver/blanker activates) and it should protect things.
If the bad guy doesn't have the password, they cant unlock the machine.
They cant reboot either due to theTo prevent someone simply opening up the machine and installing a hardware keylogger, fit some sort of sticker that cant easily be forged/replaced and that easily indicates the machine has been opened.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29863785</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256478000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Wouldn't they have to be logged in, in order to install it? and still further, wouldn't it have to be someone that has access to the boot sectors or can priv up to it?</p></htmltext>
<tokenext>Would n't they have to be logged in , in order to install it ?
and still further , would n't it have to be someone that has access to the boot sectors or can priv up to it ?</tokentext>
<sentencetext>Wouldn't they have to be logged in, in order to install it?
and still further, wouldn't it have to be someone that has access to the boot sectors or can priv up to it?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845477</id>
	<title>BIOS passwd might help</title>
	<author>redelm</author>
	<datestamp>1256309760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It is very hard to prevent compromises when the attacker has physical access to the machine.</p><p>One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd.  This denies the maid a boot or any disk access (respectively).  Of course, she could always pop the disk out and write it on her own machine.  Unless key [boot] parts were BIOS encrypted.</p><p>As usual, security always has some cost for the user and has to be balanced against benefits [reduced risk of loss].</p></htmltext>
<tokenext>It is very hard to prevent compromises when the attacker has physical access to the machine.One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd .
This denies the maid a boot or any disk access ( respectively ) .
Of course , she could always pop the disk out and write it on her own machine .
Unless key [ boot ] parts were BIOS encrypted.As usual , security always has some cost for the user and has to be balanced against benefits [ reduced risk of loss ] .</tokentext>
<sentencetext>It is very hard to prevent compromises when the attacker has physical access to the machine.One thing that might slow/stop the evil maid is a BIOS boot passwd or BIOS disk passwd.
This denies the maid a boot or any disk access (respectively).
Of course, she could always pop the disk out and write it on her own machine.
Unless key [boot] parts were BIOS encrypted.As usual, security always has some cost for the user and has to be balanced against benefits [reduced risk of loss].</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845959</id>
	<title>Re:And that's the lesser evil</title>
	<author>oldspewey</author>
	<datestamp>1256312160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This story is either completely made up, or you've also been on business trips to Manila.</htmltext>
<tokenext>This story is either completely made up , or you 've also been on business trips to Manila .</tokentext>
<sentencetext>This story is either completely made up, or you've also been on business trips to Manila.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845921</id>
	<title>Re:Who cares?</title>
	<author>elsJake</author>
	<datestamp>1256311980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yes , one can abuse the DMA subsystem though firewire/usb and read/write to system memory. That way you can recover encryption keys and/or unlock the "locked" system.
If you leave your laptop with the screen locked but on in your hotel room you have the cold boot attack for your encryption keys.</htmltext>
<tokenext>Yes , one can abuse the DMA subsystem though firewire/usb and read/write to system memory .
That way you can recover encryption keys and/or unlock the " locked " system .
If you leave your laptop with the screen locked but on in your hotel room you have the cold boot attack for your encryption keys .</tokentext>
<sentencetext>Yes , one can abuse the DMA subsystem though firewire/usb and read/write to system memory.
That way you can recover encryption keys and/or unlock the "locked" system.
If you leave your laptop with the screen locked but on in your hotel room you have the cold boot attack for your encryption keys.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848151</id>
	<title>Re:Oh, I am soooooo glad...</title>
	<author>mr exploiter</author>
	<datestamp>1256322360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Yeah more "marketing' than research. What is she selling?</htmltext>
<tokenext>Yeah more " marketing ' than research .
What is she selling ?</tokentext>
<sentencetext>Yeah more "marketing' than research.
What is she selling?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845667</id>
	<title>This is why</title>
	<author>Anonymous</author>
	<datestamp>1256310780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I do an md5checksum of grub and<nobr> <wbr></nobr>/boot from a USB key which on me at all times every time I boot my computer.

Seriously, I don't know of any other foolproof way to defend against this.  I do know where my encrypted laptop hard drive is most of the time.</htmltext>
<tokenext>I do an md5checksum of grub and /boot from a USB key which on me at all times every time I boot my computer .
Seriously , I do n't know of any other foolproof way to defend against this .
I do know where my encrypted laptop hard drive is most of the time .</tokentext>
<sentencetext>I do an md5checksum of grub and /boot from a USB key which on me at all times every time I boot my computer.
Seriously, I don't know of any other foolproof way to defend against this.
I do know where my encrypted laptop hard drive is most of the time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29850849</id>
	<title>NEWSFLASH..\_\_..\_\_...</title>
	<author>Anonymous</author>
	<datestamp>1256289240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This just in...<br>Someone discovered how to pick a lock...<br>Strangely, people are still locking their doors!</p><p>Seriously, man has created nothing that another man could not destroy or subvert. Get used to it folks.</p></htmltext>
<tokenext>This just in...Someone discovered how to pick a lock...Strangely , people are still locking their doors ! Seriously , man has created nothing that another man could not destroy or subvert .
Get used to it folks .</tokentext>
<sentencetext>This just in...Someone discovered how to pick a lock...Strangely, people are still locking their doors!Seriously, man has created nothing that another man could not destroy or subvert.
Get used to it folks.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517</id>
	<title>Best solution - take the darn laptop with you</title>
	<author>Anonymous</author>
	<datestamp>1256309940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway, encrypted disk or not?</p><p>This is a non story - as everyone has known for decades , someone with access to the machine can do what they like. And they probably will.</p></htmltext>
<tokenext>What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway , encrypted disk or not ? This is a non story - as everyone has known for decades , someone with access to the machine can do what they like .
And they probably will .</tokentext>
<sentencetext>What brainless clod would leave a laptop with sensitive data on it lying around in a hotel room anyway, encrypted disk or not?This is a non story - as everyone has known for decades , someone with access to the machine can do what they like.
And they probably will.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849763</id>
	<title>Re:Easily foiled</title>
	<author>Anonymous</author>
	<datestamp>1256328180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I kill you!!!!</p></htmltext>
<tokenext>I kill you ! ! !
!</tokentext>
<sentencetext>I kill you!!!
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846099</id>
	<title>Re:And how exactly...</title>
	<author>russotto</author>
	<datestamp>1256313060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control? (Something possible with the Lenovo ThinkPads for example. In which case it is a good concept, as opposed to what the media companies planned to do with it.)</p></div></blockquote><p>I think you're right that Trusted Computing could secure against this attack.  But an "evil maid" need not mess around with bootloaders.  She'll install a hardware keylogger.  Or maybe a few microphones... I'll bet it's possible for the TLAs to figure out what you're typing from the sound recorded from several microphones, plus they get your conversations as well.</p></div>
	</htmltext>
<tokenext>...will she install that bootloader , when there in no BIOS , but an encrypted coreboot or EFI system , that is protected against meddling with , by a TPM ( chip ) under YOUR control ?
( Something possible with the Lenovo ThinkPads for example .
In which case it is a good concept , as opposed to what the media companies planned to do with it .
) I think you 're right that Trusted Computing could secure against this attack .
But an " evil maid " need not mess around with bootloaders .
She 'll install a hardware keylogger .
Or maybe a few microphones... I 'll bet it 's possible for the TLAs to figure out what you 're typing from the sound recorded from several microphones , plus they get your conversations as well .</tokentext>
<sentencetext>...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control?
(Something possible with the Lenovo ThinkPads for example.
In which case it is a good concept, as opposed to what the media companies planned to do with it.
)I think you're right that Trusted Computing could secure against this attack.
But an "evil maid" need not mess around with bootloaders.
She'll install a hardware keylogger.
Or maybe a few microphones... I'll bet it's possible for the TLAs to figure out what you're typing from the sound recorded from several microphones, plus they get your conversations as well.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359</id>
	<title>My bootloader is on USB</title>
	<author>Anonymous</author>
	<datestamp>1256309160000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>1</modscore>
	<htmltext><p>Sorry, but my bootloader, GRUB, kernel and boot partition are on USB. The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.</p><p>The evil maid will thus have to work harder: devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.</p><p>With TrueCrypt, which doesn't put any identifiable information in partition headers, the job might be harder still.</p></htmltext>
<tokenext>Sorry , but my bootloader , GRUB , kernel and boot partition are on USB .
The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.The evil maid will thus have to work harder : devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.With TrueCrypt , which does n't put any identifiable information in partition headers , the job might be harder still .</tokentext>
<sentencetext>Sorry, but my bootloader, GRUB, kernel and boot partition are on USB.
The hard drive really is wholly encrypted... except a few hundred bytes in LUKS partition headers.The evil maid will thus have to work harder: devise a LUKS partition header which will thoroughly corrupt my copy of cryptsetup as it tries to decrypt the partition.With TrueCrypt, which doesn't put any identifiable information in partition headers, the job might be harder still.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851033</id>
	<title>Re:BIOS password</title>
	<author>afidel</author>
	<datestamp>1256289900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>IBM laptop's and HDD's have an additional HDD level password which won't allow access to the HDD without a separate password and AFAIK it's based on part of the SATA/ATAPI standard so you would have to replace the controller (I think it's stored in the controller not on the platter) to get around it (doable but not exactly fast or convenient).</htmltext>
<tokenext>IBM laptop 's and HDD 's have an additional HDD level password which wo n't allow access to the HDD without a separate password and AFAIK it 's based on part of the SATA/ATAPI standard so you would have to replace the controller ( I think it 's stored in the controller not on the platter ) to get around it ( doable but not exactly fast or convenient ) .</tokentext>
<sentencetext>IBM laptop's and HDD's have an additional HDD level password which won't allow access to the HDD without a separate password and AFAIK it's based on part of the SATA/ATAPI standard so you would have to replace the controller (I think it's stored in the controller not on the platter) to get around it (doable but not exactly fast or convenient).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845659</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29852729</id>
	<title>to keep the content of your netbook/laptop secure</title>
	<author>alizard</author>
	<datestamp>1256299260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>the <b>only</b> confidential content on it should be the crypto key your remote control client uses to access your home/office computer on which the actual confidential information is. Which shouldn't do the aspiring data thief any good minus the password. Carry your portable entertainment content on the computer instead.
<br> <br>While this means that you don't get access to your own confo information unless you're hooked up to the Net via wifi or 3G wireless dongle, it also means that if you lose your computer, the expensive part is replacing the hardware, not the much more expensive job of attempting to find or recreate the actual data. And data that never was on your computer can't be stolen either by a random thief, the "bad guys", or the Feds when you cross an international border.</htmltext>
<tokenext>the only confidential content on it should be the crypto key your remote control client uses to access your home/office computer on which the actual confidential information is .
Which should n't do the aspiring data thief any good minus the password .
Carry your portable entertainment content on the computer instead .
While this means that you do n't get access to your own confo information unless you 're hooked up to the Net via wifi or 3G wireless dongle , it also means that if you lose your computer , the expensive part is replacing the hardware , not the much more expensive job of attempting to find or recreate the actual data .
And data that never was on your computer ca n't be stolen either by a random thief , the " bad guys " , or the Feds when you cross an international border .</tokentext>
<sentencetext>the only confidential content on it should be the crypto key your remote control client uses to access your home/office computer on which the actual confidential information is.
Which shouldn't do the aspiring data thief any good minus the password.
Carry your portable entertainment content on the computer instead.
While this means that you don't get access to your own confo information unless you're hooked up to the Net via wifi or 3G wireless dongle, it also means that if you lose your computer, the expensive part is replacing the hardware, not the much more expensive job of attempting to find or recreate the actual data.
And data that never was on your computer can't be stolen either by a random thief, the "bad guys", or the Feds when you cross an international border.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007</id>
	<title>Re:surprise</title>
	<author>MikeURL</author>
	<datestamp>1256312400000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext>To be fair, this news may have come as quite a shock to kdawson.  I guess maybe he thought that TrueCrypt used a psychic link to determine who was accessing the hardware.
<br> <br>
To help kdawson I present the following:
<ol>
<li>If your PC will not power up--make sure it is plugged in</li>
<li>Double-clicking<nobr> <wbr></nobr>.exe files can be risky</li>
<li>Back up your data</li>
</ol><p>
Please feel free to add others.  i think we need to take kdawson under our wing and help him out with the rudiments of technology.  Some may suggest that a<nobr> <wbr></nobr>/. ed should know these things already but that is retrograde thinking.</p></htmltext>
<tokenext>To be fair , this news may have come as quite a shock to kdawson .
I guess maybe he thought that TrueCrypt used a psychic link to determine who was accessing the hardware .
To help kdawson I present the following : If your PC will not power up--make sure it is plugged in Double-clicking .exe files can be risky Back up your data Please feel free to add others .
i think we need to take kdawson under our wing and help him out with the rudiments of technology .
Some may suggest that a / .
ed should know these things already but that is retrograde thinking .</tokentext>
<sentencetext>To be fair, this news may have come as quite a shock to kdawson.
I guess maybe he thought that TrueCrypt used a psychic link to determine who was accessing the hardware.
To help kdawson I present the following:

If your PC will not power up--make sure it is plugged in
Double-clicking .exe files can be risky
Back up your data

Please feel free to add others.
i think we need to take kdawson under our wing and help him out with the rudiments of technology.
Some may suggest that a /.
ed should know these things already but that is retrograde thinking.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845993</id>
	<title>Re:And how exactly...</title>
	<author>Anonymous</author>
	<datestamp>1256312340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>     No, the whole point of all this was to be able to compromise your data WITHOUT ANYONE KNOWING IT.  Beating a key out of you kind of defeats that purpose.  Otherwise, why not just have a maid deliver towels (so they can verify you are on your laptop), then break in with guns and take it - long AFTER you've decrypted the volumes they want?  I've worked on things classified Secret and Top Secret.  Everyone knows they cannot truly protect such data - but they take great pains to KNOW when it may have been leaked or stolen.  Once you know that, you can defuse most of the damage.   The real trick is to steal it without anyone knowing.</htmltext>
<tokenext>No , the whole point of all this was to be able to compromise your data WITHOUT ANYONE KNOWING IT .
Beating a key out of you kind of defeats that purpose .
Otherwise , why not just have a maid deliver towels ( so they can verify you are on your laptop ) , then break in with guns and take it - long AFTER you 've decrypted the volumes they want ?
I 've worked on things classified Secret and Top Secret .
Everyone knows they can not truly protect such data - but they take great pains to KNOW when it may have been leaked or stolen .
Once you know that , you can defuse most of the damage .
The real trick is to steal it without anyone knowing .</tokentext>
<sentencetext>     No, the whole point of all this was to be able to compromise your data WITHOUT ANYONE KNOWING IT.
Beating a key out of you kind of defeats that purpose.
Otherwise, why not just have a maid deliver towels (so they can verify you are on your laptop), then break in with guns and take it - long AFTER you've decrypted the volumes they want?
I've worked on things classified Secret and Top Secret.
Everyone knows they cannot truly protect such data - but they take great pains to KNOW when it may have been leaked or stolen.
Once you know that, you can defuse most of the damage.
The real trick is to steal it without anyone knowing.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848791</id>
	<title>Re:surprise</title>
	<author>talcite</author>
	<datestamp>1256324580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>A secure system should also have a BIOS password and a locked down boot sequence that doesn't let you insert arbitrary CDs/USB keys.

It's a lot more difficult to reset the BIOS on a laptop.</htmltext>
<tokenext>A secure system should also have a BIOS password and a locked down boot sequence that does n't let you insert arbitrary CDs/USB keys .
It 's a lot more difficult to reset the BIOS on a laptop .</tokentext>
<sentencetext>A secure system should also have a BIOS password and a locked down boot sequence that doesn't let you insert arbitrary CDs/USB keys.
It's a lot more difficult to reset the BIOS on a laptop.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845797</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>Anonymous</author>
	<datestamp>1256311440000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Yes. You can have almost perfect \_physical\_ security with TPM.</p><p>Alas, most of developers are allergic to it, even if it has good uses.</p></htmltext>
<tokenext>Yes .
You can have almost perfect \ _physical \ _ security with TPM.Alas , most of developers are allergic to it , even if it has good uses .</tokentext>
<sentencetext>Yes.
You can have almost perfect \_physical\_ security with TPM.Alas, most of developers are allergic to it, even if it has good uses.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851169</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256290320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>+ That little tray that sticks out of the computer is not a cup holder.</p></htmltext>
<tokenext>+ That little tray that sticks out of the computer is not a cup holder .</tokentext>
<sentencetext>+ That little tray that sticks out of the computer is not a cup holder.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847653</id>
	<title>Re:Why are we talking about this?</title>
	<author>Anonymous</author>
	<datestamp>1256320740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>She's not wasting her time.  I have the advantage of being a regular reader of her blog--but it's harsh to call it a waste.  She whipped it up over the course of a day or two.  Why?  Because "everybody knows about it"--but nobody is doing anything.  They'd rather give up and call it a lost cause than improve the situation.</p><p>There *ARE* decent fixes to this.  Not perfect--yes, somebody could always replace my entire CPU.  She wrote it trying to get people to use TPM for the one thing it's actually good for, and to encourage dual factor authentication by releasing a tool that *easily* exploits the problem.  Sometimes in order to get a problem fixed--you've gotta release the attack.</p></htmltext>
<tokenext>She 's not wasting her time .
I have the advantage of being a regular reader of her blog--but it 's harsh to call it a waste .
She whipped it up over the course of a day or two .
Why ? Because " everybody knows about it " --but nobody is doing anything .
They 'd rather give up and call it a lost cause than improve the situation.There * ARE * decent fixes to this .
Not perfect--yes , somebody could always replace my entire CPU .
She wrote it trying to get people to use TPM for the one thing it 's actually good for , and to encourage dual factor authentication by releasing a tool that * easily * exploits the problem .
Sometimes in order to get a problem fixed--you 've got ta release the attack .</tokentext>
<sentencetext>She's not wasting her time.
I have the advantage of being a regular reader of her blog--but it's harsh to call it a waste.
She whipped it up over the course of a day or two.
Why?  Because "everybody knows about it"--but nobody is doing anything.
They'd rather give up and call it a lost cause than improve the situation.There *ARE* decent fixes to this.
Not perfect--yes, somebody could always replace my entire CPU.
She wrote it trying to get people to use TPM for the one thing it's actually good for, and to encourage dual factor authentication by releasing a tool that *easily* exploits the problem.
Sometimes in order to get a problem fixed--you've gotta release the attack.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423</id>
	<title>Bootloader? BitLocker?</title>
	<author>Anonymous</author>
	<datestamp>1256309460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext>I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?</htmltext>
<tokenext>I did n't read the RTFA , but are n't MSFT 's BitLocker supposes to validate the boot path ( from BIOS code to bootloader up to the BitLocker decrypter ) with the help of the TPM chip ?</tokentext>
<sentencetext>I didn't read the RTFA, but aren't MSFT's BitLocker supposes to validate the boot path (from BIOS code to bootloader up to the BitLocker decrypter) with the help of the TPM chip?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845803</id>
	<title>MITM?</title>
	<author>Anonymous</author>
	<datestamp>1256311500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So this could be considered a type of maid-in-the-middle attack?</p></htmltext>
<tokenext>So this could be considered a type of maid-in-the-middle attack ?</tokentext>
<sentencetext>So this could be considered a type of maid-in-the-middle attack?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849251</id>
	<title>Re:My bootloader is on USB</title>
	<author>yanyan</author>
	<datestamp>1256326260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Workaround: Move for legislation that will outlaw pliers.</p></htmltext>
<tokenext>Workaround : Move for legislation that will outlaw pliers .</tokentext>
<sentencetext>Workaround: Move for legislation that will outlaw pliers.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845499</id>
	<title>Paranoia</title>
	<author>Gudeldar</author>
	<datestamp>1256309880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive.</htmltext>
<tokenext>If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive .</tokentext>
<sentencetext>If you are paranoid enough to be worried about ninja maids then you probably boot off a Live CD and keep all your data on the encrypted drive.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845675</id>
	<title>Best security</title>
	<author>Luxifer</author>
	<datestamp>1256310840000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>The best security is to pick an obscure poison. Take it in small doses until you're immune. Coat the keyboard with it. Better yet, get a keyboard that automatically dispenses the poison.<br>Evil maid now equals dead maid.</p><p>My only problem is, now that the maid is dead, who's gonna hide the body?</p></htmltext>
<tokenext>The best security is to pick an obscure poison .
Take it in small doses until you 're immune .
Coat the keyboard with it .
Better yet , get a keyboard that automatically dispenses the poison.Evil maid now equals dead maid.My only problem is , now that the maid is dead , who 's gon na hide the body ?</tokentext>
<sentencetext>The best security is to pick an obscure poison.
Take it in small doses until you're immune.
Coat the keyboard with it.
Better yet, get a keyboard that automatically dispenses the poison.Evil maid now equals dead maid.My only problem is, now that the maid is dead, who's gonna hide the body?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845475</id>
	<title>Just use a CD</title>
	<author>AmiMoJo</author>
	<datestamp>1256309760000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue). This CD contains a copy of the bootloader and encryption key. If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.</p><p>Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.</p></htmltext>
<tokenext>When you encrypt your system partition with Truecrypt it forces you to make a CD ( you actually have to burn and mount it before it will let you continue ) .
This CD contains a copy of the bootloader and encryption key .
If you always boot off that CD it wo n't help to attacker to replace the bootloader on the HDD.Of course they could target the CD but at least you can keep a mini CD in your wallet at all times .</tokentext>
<sentencetext>When you encrypt your system partition with Truecrypt it forces you to make a CD (you actually have to burn and mount it before it will let you continue).
This CD contains a copy of the bootloader and encryption key.
If you always boot off that CD it won't help to attacker to replace the bootloader on the HDD.Of course they could target the CD but at least you can keep a mini CD in your wallet at all times.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848413</id>
	<title>Something you have, something you know.</title>
	<author>ACMENEWSLLC</author>
	<datestamp>1256323320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>For that matter, the guys video taping the room to sell you and your wife's activities to that voyeur site aims the camera at your laptop, watches your keystrokes, and boom - he has all you passwords you type in.  Banking?  PayPal?  E-Mail.</p><p>You really need to use both a password and a physical device.  Such as RSA tokens.   My bank offers this for online banking.   I have several for different things.</p></htmltext>
<tokenext>For that matter , the guys video taping the room to sell you and your wife 's activities to that voyeur site aims the camera at your laptop , watches your keystrokes , and boom - he has all you passwords you type in .
Banking ? PayPal ?
E-Mail.You really need to use both a password and a physical device .
Such as RSA tokens .
My bank offers this for online banking .
I have several for different things .</tokentext>
<sentencetext>For that matter, the guys video taping the room to sell you and your wife's activities to that voyeur site aims the camera at your laptop, watches your keystrokes, and boom - he has all you passwords you type in.
Banking?  PayPal?
E-Mail.You really need to use both a password and a physical device.
Such as RSA tokens.
My bank offers this for online banking.
I have several for different things.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525</id>
	<title>Who cares?</title>
	<author>Anonymous</author>
	<datestamp>1256310000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked?

Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about?  If you're answer this you may as well also include Windows, can you gain access to Windows after it's been locked?

What are they going to do?  The second they bounce it the data is useless.</htmltext>
<tokenext>Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked ?
Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about ?
If you 're answer this you may as well also include Windows , can you gain access to Windows after it 's been locked ?
What are they going to do ?
The second they bounce it the data is useless .</tokentext>
<sentencetext>Why is this an issue for us who lock our workstations or logoff before we leave it on and unlocked?
Has someone found a vulnerability with gaining access to a live Linux file system via console or via SSH that we should know about?
If you're answer this you may as well also include Windows, can you gain access to Windows after it's been locked?
What are they going to do?
The second they bounce it the data is useless.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847647</id>
	<title>Re:BIOS passwd might help</title>
	<author>Anonymous</author>
	<datestamp>1256320680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The problem with using a BIOS password is that the disk could be removed from the machine.  This can be solved by one or both of the following solutions:</p><p>
&nbsp; 1. JB-Weld or similar epoxy.  Getting the disk out of the laptop will require destroying it, and possibly damaging the data.  This doesn't make covert operations impossible, but makes it a lot harder.<br>
&nbsp; 2. A latch-triggered combustion mechanism.  Try pulling the disk out and *poof*.  Maybe this could be accomplished through a simple spring-loaded latch and some wires to the laptop battery?</p></htmltext>
<tokenext>The problem with using a BIOS password is that the disk could be removed from the machine .
This can be solved by one or both of the following solutions :   1 .
JB-Weld or similar epoxy .
Getting the disk out of the laptop will require destroying it , and possibly damaging the data .
This does n't make covert operations impossible , but makes it a lot harder .
  2 .
A latch-triggered combustion mechanism .
Try pulling the disk out and * poof * .
Maybe this could be accomplished through a simple spring-loaded latch and some wires to the laptop battery ?</tokentext>
<sentencetext>The problem with using a BIOS password is that the disk could be removed from the machine.
This can be solved by one or both of the following solutions:
  1.
JB-Weld or similar epoxy.
Getting the disk out of the laptop will require destroying it, and possibly damaging the data.
This doesn't make covert operations impossible, but makes it a lot harder.
  2.
A latch-triggered combustion mechanism.
Try pulling the disk out and *poof*.
Maybe this could be accomplished through a simple spring-loaded latch and some wires to the laptop battery?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845477</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629</id>
	<title>Re:surprise</title>
	<author>ByOhTek</author>
	<datestamp>1256310600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Expanding on the other reply - physical access with (sorry for the car analogy) the key in the ignition &gt; all.</p><p>Basically, they need physical access with the machine ON (and a way to bypass any locking mechanism that is in place)</p></htmltext>
<tokenext>Expanding on the other reply - physical access with ( sorry for the car analogy ) the key in the ignition &gt; all.Basically , they need physical access with the machine ON ( and a way to bypass any locking mechanism that is in place )</tokentext>
<sentencetext>Expanding on the other reply - physical access with (sorry for the car analogy) the key in the ignition &gt; all.Basically, they need physical access with the machine ON (and a way to bypass any locking mechanism that is in place)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846739</id>
	<title>Re:bootloader checksum</title>
	<author>Terrasque</author>
	<datestamp>1256316480000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext><p>That won't work if the attacker use a hardware keylogger (which can be inserted under a laptop's keyboard - how often do you check there?).</p><p>An easier way to checksum bootloader is via a tamper-proof hash stored in the encrypted area. But that require that the computer is actually telling you the truth, which is doubtful if they already went far enough to change the bootloader. But then again, your idea also require that the computer is honest... They could have replaced the bios itself, or made a small bootloader that worked its magic fast and silent, and then proceeded like a normal boot, starting from usb like bios would do..</p><p>I was thinking of this a few months ago, actually, and the only solution I found was to either always have it with you (impractical), or store it in a trustworthy safe (could also be slightly impractical to haul around). And still you have to be certain of your environment (spy cameras, tempest type snooping, in some cases recording the sound of your key clicks...).</p><p>Also, if you want it connected to a network, well darnit, you got another can of worms.. First, you need to update it, or else its vulnerable fast. Second, you need to trust the OS providers and the actual update. Could someone have stolen the signing key and faked an update? Is the company / employees really trustworthy? Are you sure the developer's machine isn't hacked and is used to spread dangerous code?</p><p>I tried to make a system where I (if I had a lot of resources) couldn't possibly find any way around. I just couldn't find any. All of them had a potential loophole.</p><p>My conclusion was : Pick an approperiate level of paranoia and go from there. And never expect it to be 100\% secure.</p></htmltext>
<tokenext>That wo n't work if the attacker use a hardware keylogger ( which can be inserted under a laptop 's keyboard - how often do you check there ?
) .An easier way to checksum bootloader is via a tamper-proof hash stored in the encrypted area .
But that require that the computer is actually telling you the truth , which is doubtful if they already went far enough to change the bootloader .
But then again , your idea also require that the computer is honest... They could have replaced the bios itself , or made a small bootloader that worked its magic fast and silent , and then proceeded like a normal boot , starting from usb like bios would do..I was thinking of this a few months ago , actually , and the only solution I found was to either always have it with you ( impractical ) , or store it in a trustworthy safe ( could also be slightly impractical to haul around ) .
And still you have to be certain of your environment ( spy cameras , tempest type snooping , in some cases recording the sound of your key clicks... ) .Also , if you want it connected to a network , well darnit , you got another can of worms.. First , you need to update it , or else its vulnerable fast .
Second , you need to trust the OS providers and the actual update .
Could someone have stolen the signing key and faked an update ?
Is the company / employees really trustworthy ?
Are you sure the developer 's machine is n't hacked and is used to spread dangerous code ? I tried to make a system where I ( if I had a lot of resources ) could n't possibly find any way around .
I just could n't find any .
All of them had a potential loophole.My conclusion was : Pick an approperiate level of paranoia and go from there .
And never expect it to be 100 \ % secure .</tokentext>
<sentencetext>That won't work if the attacker use a hardware keylogger (which can be inserted under a laptop's keyboard - how often do you check there?
).An easier way to checksum bootloader is via a tamper-proof hash stored in the encrypted area.
But that require that the computer is actually telling you the truth, which is doubtful if they already went far enough to change the bootloader.
But then again, your idea also require that the computer is honest... They could have replaced the bios itself, or made a small bootloader that worked its magic fast and silent, and then proceeded like a normal boot, starting from usb like bios would do..I was thinking of this a few months ago, actually, and the only solution I found was to either always have it with you (impractical), or store it in a trustworthy safe (could also be slightly impractical to haul around).
And still you have to be certain of your environment (spy cameras, tempest type snooping, in some cases recording the sound of your key clicks...).Also, if you want it connected to a network, well darnit, you got another can of worms.. First, you need to update it, or else its vulnerable fast.
Second, you need to trust the OS providers and the actual update.
Could someone have stolen the signing key and faked an update?
Is the company / employees really trustworthy?
Are you sure the developer's machine isn't hacked and is used to spread dangerous code?I tried to make a system where I (if I had a lot of resources) couldn't possibly find any way around.
I just couldn't find any.
All of them had a potential loophole.My conclusion was : Pick an approperiate level of paranoia and go from there.
And never expect it to be 100\% secure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846611</id>
	<title>Re:Easily foiled</title>
	<author>snspdaarf</author>
	<datestamp>1256315820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Evil maids are easy to spot because of their goatees.</p></div><p>Like Flexo in drag.</p></div>
	</htmltext>
<tokenext>Evil maids are easy to spot because of their goatees.Like Flexo in drag .</tokentext>
<sentencetext>Evil maids are easy to spot because of their goatees.Like Flexo in drag.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848037</id>
	<title>Re:bootloader checksum</title>
	<author>mr exploiter</author>
	<datestamp>1256322060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>This wouldn't detect a hacked bios. I'm not saying it's easy to do only that it's possible.</htmltext>
<tokenext>This would n't detect a hacked bios .
I 'm not saying it 's easy to do only that it 's possible .</tokentext>
<sentencetext>This wouldn't detect a hacked bios.
I'm not saying it's easy to do only that it's possible.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845791</id>
	<title>TrueCrypt can fingerprint encrypted volume</title>
	<author>TechForensics</author>
	<datestamp>1256311380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed.  It should notice if the bootloader no longer checksums the same (so far as I understand).</p></htmltext>
<tokenext>This means on boot a checker runs from * inside the encrypted volume * to see if anything has changed .
It should notice if the bootloader no longer checksums the same ( so far as I understand ) .</tokentext>
<sentencetext>This means on boot a checker runs from *inside the encrypted volume* to see if anything has changed.
It should notice if the bootloader no longer checksums the same (so far as I understand).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847587</id>
	<title>old truisms never die</title>
	<author>fulldecent</author>
	<datestamp>1256320500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If someone else has unrestricted physical access to your computer, it's not your computer anymore.</p></htmltext>
<tokenext>If someone else has unrestricted physical access to your computer , it 's not your computer anymore .</tokentext>
<sentencetext>If someone else has unrestricted physical access to your computer, it's not your computer anymore.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256311620000</datestamp>
	<modclass>Offtopic</modclass>
	<modscore>0</modscore>
	<htmltext><p>So, if I'm paranoid enough to use whole disk encryption, why am I not paranoid enough to log out of my session when I'm away or have a screen saver password?</p></htmltext>
<tokenext>So , if I 'm paranoid enough to use whole disk encryption , why am I not paranoid enough to log out of my session when I 'm away or have a screen saver password ?</tokentext>
<sentencetext>So, if I'm paranoid enough to use whole disk encryption, why am I not paranoid enough to log out of my session when I'm away or have a screen saver password?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851743</id>
	<title>No mentions of custom firmware?</title>
	<author>jeffliott</author>
	<datestamp>1256292780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>It might not be easy to prep, but you could have your firmware checksum the bootloader before it executes.</p></htmltext>
<tokenext>It might not be easy to prep , but you could have your firmware checksum the bootloader before it executes .</tokentext>
<sentencetext>It might not be easy to prep, but you could have your firmware checksum the bootloader before it executes.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29859867</id>
	<title>Re:My bootloader is on USB</title>
	<author>Anonymous</author>
	<datestamp>1256380080000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I've booted the same way you described since 2006, but with LILO rather than GRUB. My usb key also has a gpg-encrypted keyfile that my initramfs uses to opens the LUKS partition.</p><p>The next step is to create a  "small" (for some value of "small") Windows XP partition at the front of the drive and make it bootable. Put some games and other bullshit there to make it look used. Without the key, it's a Windows laptop that, at least at first glance, looks nothing but ordinary.</p></htmltext>
<tokenext>I 've booted the same way you described since 2006 , but with LILO rather than GRUB .
My usb key also has a gpg-encrypted keyfile that my initramfs uses to opens the LUKS partition.The next step is to create a " small " ( for some value of " small " ) Windows XP partition at the front of the drive and make it bootable .
Put some games and other bullshit there to make it look used .
Without the key , it 's a Windows laptop that , at least at first glance , looks nothing but ordinary .</tokentext>
<sentencetext>I've booted the same way you described since 2006, but with LILO rather than GRUB.
My usb key also has a gpg-encrypted keyfile that my initramfs uses to opens the LUKS partition.The next step is to create a  "small" (for some value of "small") Windows XP partition at the front of the drive and make it bootable.
Put some games and other bullshit there to make it look used.
Without the key, it's a Windows laptop that, at least at first glance, looks nothing but ordinary.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846181</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>Anonymous</author>
	<datestamp>1256313540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well if you think the price of BitLocker is higher than the value of its protection you are probably not the target of ninja maids.</p></htmltext>
<tokenext>Well if you think the price of BitLocker is higher than the value of its protection you are probably not the target of ninja maids .</tokentext>
<sentencetext>Well if you think the price of BitLocker is higher than the value of its protection you are probably not the target of ninja maids.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845811</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>rcamans</author>
	<datestamp>1256311500000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext><p>A lot of designs do not have the tpm chip implemented. I know, because I am a designer, and most of the design requirements I fill do not include or want a tpm chp. This will only be in all systems when Intel makes it a part of their system chips (what used to be the north bridge / south bridge combination, and is now the PCH or silverthorne).</p></htmltext>
<tokenext>A lot of designs do not have the tpm chip implemented .
I know , because I am a designer , and most of the design requirements I fill do not include or want a tpm chp .
This will only be in all systems when Intel makes it a part of their system chips ( what used to be the north bridge / south bridge combination , and is now the PCH or silverthorne ) .</tokentext>
<sentencetext>A lot of designs do not have the tpm chip implemented.
I know, because I am a designer, and most of the design requirements I fill do not include or want a tpm chp.
This will only be in all systems when Intel makes it a part of their system chips (what used to be the north bridge / south bridge combination, and is now the PCH or silverthorne).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845689</id>
	<title>Put the boot loader on a stick!</title>
	<author>Seth Kriticos</author>
	<datestamp>1256310900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you are really a paranoid traveler, then you should put the bootloader on a stick (and possibly one half of the key too, the other in your head).</p><p>I read a description somewhere how to make it work best. Install a bare bone windows OS on one partition, put on some icons for crap so it does not look too shrink wrapped. Put your real OS (preferably not a Windows one, as this would make security mostly futile anyway) on a second partition.</p><p>Then make your stick the primary boot medium, hdd the second one. Maid comes in and finds just a diversion OS with no data to compromise (as this boots when the stick is not inserted). Even if the bootloader is played with, once you put in your stick and boot up, your real and encrypted OS will be booted from stick, which had no manipulation what so ever.</p><p>Add some individual touch to make it harder to compromise.</p><p>You also evade stupid border guards stupid questions this way, as your real OS stays kind of camouflaged (well, not really, but more than enough for people with no clue).</p><p>And be careful of those flashable BIOS'es.</p></htmltext>
<tokenext>If you are really a paranoid traveler , then you should put the bootloader on a stick ( and possibly one half of the key too , the other in your head ) .I read a description somewhere how to make it work best .
Install a bare bone windows OS on one partition , put on some icons for crap so it does not look too shrink wrapped .
Put your real OS ( preferably not a Windows one , as this would make security mostly futile anyway ) on a second partition.Then make your stick the primary boot medium , hdd the second one .
Maid comes in and finds just a diversion OS with no data to compromise ( as this boots when the stick is not inserted ) .
Even if the bootloader is played with , once you put in your stick and boot up , your real and encrypted OS will be booted from stick , which had no manipulation what so ever.Add some individual touch to make it harder to compromise.You also evade stupid border guards stupid questions this way , as your real OS stays kind of camouflaged ( well , not really , but more than enough for people with no clue ) .And be careful of those flashable BIOS'es .</tokentext>
<sentencetext>If you are really a paranoid traveler, then you should put the bootloader on a stick (and possibly one half of the key too, the other in your head).I read a description somewhere how to make it work best.
Install a bare bone windows OS on one partition, put on some icons for crap so it does not look too shrink wrapped.
Put your real OS (preferably not a Windows one, as this would make security mostly futile anyway) on a second partition.Then make your stick the primary boot medium, hdd the second one.
Maid comes in and finds just a diversion OS with no data to compromise (as this boots when the stick is not inserted).
Even if the bootloader is played with, once you put in your stick and boot up, your real and encrypted OS will be booted from stick, which had no manipulation what so ever.Add some individual touch to make it harder to compromise.You also evade stupid border guards stupid questions this way, as your real OS stays kind of camouflaged (well, not really, but more than enough for people with no clue).And be careful of those flashable BIOS'es.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846957</id>
	<title>one question</title>
	<author>prozaker</author>
	<datestamp>1256317620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>if the whole disk is encrypted how is the data from the usb stored in the hard drive in the first place?</htmltext>
<tokenext>if the whole disk is encrypted how is the data from the usb stored in the hard drive in the first place ?</tokentext>
<sentencetext>if the whole disk is encrypted how is the data from the usb stored in the hard drive in the first place?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845361</id>
	<title>hotel room?</title>
	<author>Anonymous</author>
	<datestamp>1256309220000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>1. who leaves their computer in the room when going "out" (isnt that why we all bought netbooks to take with us in our pocket/bag?<br>2. who does not put the "do not disturb" when going to a hotel room (yea, yea, not secure...)<br>3. cant do this to a linux livecd (unless they replace your cdr)</p></htmltext>
<tokenext>1. who leaves their computer in the room when going " out " ( isnt that why we all bought netbooks to take with us in our pocket/bag ? 2 .
who does not put the " do not disturb " when going to a hotel room ( yea , yea , not secure... ) 3. cant do this to a linux livecd ( unless they replace your cdr )</tokentext>
<sentencetext>1. who leaves their computer in the room when going "out" (isnt that why we all bought netbooks to take with us in our pocket/bag?2.
who does not put the "do not disturb" when going to a hotel room (yea, yea, not secure...)3. cant do this to a linux livecd (unless they replace your cdr)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847997</id>
	<title>Re:And how exactly...</title>
	<author>Anonymous</author>
	<datestamp>1256321940000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Step 1) Boot Linux distro from CD into RAM completely, with no hard drive attached to machine<br>Step 2) Remove battery from laptop<br>Step 3) Store everything on remote b0xen using VPN</p></htmltext>
<tokenext>Step 1 ) Boot Linux distro from CD into RAM completely , with no hard drive attached to machineStep 2 ) Remove battery from laptopStep 3 ) Store everything on remote b0xen using VPN</tokentext>
<sentencetext>Step 1) Boot Linux distro from CD into RAM completely, with no hard drive attached to machineStep 2) Remove battery from laptopStep 3) Store everything on remote b0xen using VPN</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845993</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849263</id>
	<title>Information wants to be free</title>
	<author>rwa2</author>
	<datestamp>1256326320000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Well, #1... security measures only serve as deterrents.  There will be a way around every security device, the only metric you really need to worry about is whether your:</p><p>
&nbsp; (cost to circumvent) / (value of assets + cost to secure)</p><p>ratio is conveniently higher than your neighbors (ha ha, security people hate any mention of "convenience").</p><p>So... #2:  by far the best thing you can do is to make sure your assets are relatively worthless compared to what other "target" have.  Live a frugal life.  Keep offsite backups of your photo albums.  Don't keep secrets.  And if you do, bury them with enough other crap (maybe using steganography if necessary) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know.  Maybe you have lots of invalid bank and credit card information lying around.  Or put a whole bunch of passwords in your secret password vault, in case it gets compromised (good sites will eventually lock them out for trying them all, and failed attempts will also tip you off and give you time to respond).</p><p>Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes, far above what they'd gain by stealing your assets.</p><p>Cheap deterrents first:  live up a flight of stairs... thieves are inherently lazy and will go for the "low hanging fruit" instead of you.  In the context of this article, put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.</p><p>The best society wouldn't need any security at all... if there was enough transparency and free flow of information, all thieves would get caught and reprimanded.  So participate in the whole neighborhood watch thing, make sure your perp has to perform his act in very public settings, uniquely tag your stuff, and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.</p><p>Finally, we get to the part of the equation where you actually have to actively do something for extra security measures.</p><p>First, make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you.  Deadbolt is much better than the handle switch, and also helps insure that you remembered your keys.  I involuntarily lock my house and car doors now, and always brush my pockets with my hands to check that my keys and wallet are still there.  At this point, I usually notice within 5 minutes if something's missing.</p><p>Passwords and encryption are just more sophisticated keys and locks.  Not uncircumventable, but much better than nothing.  But before spending lots of money on more complex 2- &amp; 3-factor keys and locks<nobr> <wbr></nobr>...  especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures<nobr> <wbr></nobr>...  alarms and security cameras that would increase the chances of the perp getting caught.  I haven't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that, but I figure it would be much more productive to concentrate on these kinds of security measures in the near term.</p></htmltext>
<tokenext>Well , # 1... security measures only serve as deterrents .
There will be a way around every security device , the only metric you really need to worry about is whether your :   ( cost to circumvent ) / ( value of assets + cost to secure ) ratio is conveniently higher than your neighbors ( ha ha , security people hate any mention of " convenience " ) .So... # 2 : by far the best thing you can do is to make sure your assets are relatively worthless compared to what other " target " have .
Live a frugal life .
Keep offsite backups of your photo albums .
Do n't keep secrets .
And if you do , bury them with enough other crap ( maybe using steganography if necessary ) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know .
Maybe you have lots of invalid bank and credit card information lying around .
Or put a whole bunch of passwords in your secret password vault , in case it gets compromised ( good sites will eventually lock them out for trying them all , and failed attempts will also tip you off and give you time to respond ) .Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes , far above what they 'd gain by stealing your assets.Cheap deterrents first : live up a flight of stairs... thieves are inherently lazy and will go for the " low hanging fruit " instead of you .
In the context of this article , put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.The best society would n't need any security at all... if there was enough transparency and free flow of information , all thieves would get caught and reprimanded .
So participate in the whole neighborhood watch thing , make sure your perp has to perform his act in very public settings , uniquely tag your stuff , and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.Finally , we get to the part of the equation where you actually have to actively do something for extra security measures.First , make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you .
Deadbolt is much better than the handle switch , and also helps insure that you remembered your keys .
I involuntarily lock my house and car doors now , and always brush my pockets with my hands to check that my keys and wallet are still there .
At this point , I usually notice within 5 minutes if something 's missing.Passwords and encryption are just more sophisticated keys and locks .
Not uncircumventable , but much better than nothing .
But before spending lots of money on more complex 2- &amp; 3-factor keys and locks ... especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures ... alarms and security cameras that would increase the chances of the perp getting caught .
I have n't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that , but I figure it would be much more productive to concentrate on these kinds of security measures in the near term .</tokentext>
<sentencetext>Well, #1... security measures only serve as deterrents.
There will be a way around every security device, the only metric you really need to worry about is whether your:
  (cost to circumvent) / (value of assets + cost to secure)ratio is conveniently higher than your neighbors (ha ha, security people hate any mention of "convenience").So... #2:  by far the best thing you can do is to make sure your assets are relatively worthless compared to what other "target" have.
Live a frugal life.
Keep offsite backups of your photo albums.
Don't keep secrets.
And if you do, bury them with enough other crap (maybe using steganography if necessary) to decrease the signal/noise enough to make finding and sorting through the information kind of useless to those not in the know.
Maybe you have lots of invalid bank and credit card information lying around.
Or put a whole bunch of passwords in your secret password vault, in case it gets compromised (good sites will eventually lock them out for trying them all, and failed attempts will also tip you off and give you time to respond).Next measure in the equation is to increase the cost of your perpetrator to circumvent security measures or commit crimes, far above what they'd gain by stealing your assets.Cheap deterrents first:  live up a flight of stairs... thieves are inherently lazy and will go for the "low hanging fruit" instead of you.
In the context of this article, put your laptop up high in a closet or stash it in a drawer... make them search through dirty laundry for it.The best society wouldn't need any security at all... if there was enough transparency and free flow of information, all thieves would get caught and reprimanded.
So participate in the whole neighborhood watch thing, make sure your perp has to perform his act in very public settings, uniquely tag your stuff, and post warnings to remind them and make them nervous about getting arrested / shot / going to hell etc.Finally, we get to the part of the equation where you actually have to actively do something for extra security measures.First, make it a habit to perform the rudimentary simple steps of locking your door and always having your keys on you.
Deadbolt is much better than the handle switch, and also helps insure that you remembered your keys.
I involuntarily lock my house and car doors now, and always brush my pockets with my hands to check that my keys and wallet are still there.
At this point, I usually notice within 5 minutes if something's missing.Passwords and encryption are just more sophisticated keys and locks.
Not uncircumventable, but much better than nothing.
But before spending lots of money on more complex 2- &amp; 3-factor keys and locks ...  especially those that can completely shoot you in the foot and result in losing all your data... most people invest in other measures ...  alarms and security cameras that would increase the chances of the perp getting caught.
I haven't seen a whole lot that focuses on this area yet... the phone home mechanisms and stuff like that, but I figure it would be much more productive to concentrate on these kinds of security measures in the near term.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845709</id>
	<title>Look at the big picture</title>
	<author>mathimus1863</author>
	<datestamp>1256310960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>To say that this is pointless because "no one" would ever be the target of such an attack, is just silly.
<br> <br>
99.99999\% of people would never be targeted by this kind of attack.  But the 0.00001\% for whom it matters (CIA operatives, for instance), it's in everyone's best interest that such attacks are known about and avoided (or at least for the government who is sponsoring the operative).  A million unimportant, paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field, and dissolving a political landscape, or a source of critical intelligence that keeps us safe.
<br> <br>
Luckily, we have millions of paranoid nerds to find these flaws so that the people who <i>really do</i> need it are better prepared.</htmltext>
<tokenext>To say that this is pointless because " no one " would ever be the target of such an attack , is just silly .
99.99999 \ % of people would never be targeted by this kind of attack .
But the 0.00001 \ % for whom it matters ( CIA operatives , for instance ) , it 's in everyone 's best interest that such attacks are known about and avoided ( or at least for the government who is sponsoring the operative ) .
A million unimportant , paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field , and dissolving a political landscape , or a source of critical intelligence that keeps us safe .
Luckily , we have millions of paranoid nerds to find these flaws so that the people who really do need it are better prepared .</tokentext>
<sentencetext>To say that this is pointless because "no one" would ever be the target of such an attack, is just silly.
99.99999\% of people would never be targeted by this kind of attack.
But the 0.00001\% for whom it matters (CIA operatives, for instance), it's in everyone's best interest that such attacks are known about and avoided (or at least for the government who is sponsoring the operative).
A million unimportant, paranoid nerds getting hacked b/c they did full-disk encryption improperly is nothing compared to a single operative being discovered in the field, and dissolving a political landscape, or a source of critical intelligence that keeps us safe.
Luckily, we have millions of paranoid nerds to find these flaws so that the people who really do need it are better prepared.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397</id>
	<title>BIOS password</title>
	<author>Fackamato</author>
	<datestamp>1256309340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?</p><p>You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.</p><p>Really, if you have physical access to the machine, it's got no chance.</p></htmltext>
<tokenext>If the computer is shut down , and you 've a BIOS password enabled - you would n't be able to do this , right ? You 'd first have to enter the BIOS password to boot the system , then press a key to boot from external media and do your mischief .
But , if you had physical access to the machine , I suppose you could take it apart and reset the BIOS password anyway.Really , if you have physical access to the machine , it 's got no chance .</tokentext>
<sentencetext>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief.
But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.Really, if you have physical access to the machine, it's got no chance.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847703</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>Voyager529</author>
	<datestamp>1256320860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The problem with bitlocker is that it's only part of the ultimatextremeultra most expensive version of Windows.  Most people would be too cheap to get that version, even if they knew what the benefit was.  So your home computer probably doesn't have it.</p></div><p>You say that like it's a bad thing. Which do you think is a more likely scenario:</p><p>1.) Home user has valuable data on their machine that cannot fall into the &quot;wrong hands&quot; (personally identifiable information in the browser cache notwithstanding).</p><p>2.) User has lots of data that is valuable TO THEM, but not worth stealing for anyone else (i.e. photos, school projects, music library), doesn't back up their data, and doesn't surf safely.</p><p>In every case of every home PC I have ever worked on, there has been exactly one person who has fit into category number one, and that's because he owned his own company and had his Quickbooks data on it. Everyone else has fit into the second category.</p><p>I've had dozens of machines over the years that I've had to rescue from a defective hard drive or malware attack. Recovering their data usually involves either booting from a BartPE/Acronis/Knoppix disc and transferring it to an external hard drive or LAN location, or popping out the drive and sticking an IDE/SATA-to-USB tether device on it and migrating it that way. If home users were given the option to encrypt their data in the event of an Evil Maid, the majority wouldn't use it anyway, but a few would. The few who would are no more likely to keep a data backup (or encrypt that backup, defeating the purpose of encrypting the drive in the first place), and if one of THEM ends up with a corrupted boot sector or malware attack, their family photos, school projects, and Limewire music are completely hosed with no chance of recovery...because that is the entire point of the encryption.</p><p>The way I figure it, if the data is important enough to encrypt, it's too important to be on your home computer. If it must be worked on at home, and it's important enough to encrypt, then it's important enough to get a company issued laptop to do it. </p></div>
	</htmltext>
<tokenext>The problem with bitlocker is that it 's only part of the ultimatextremeultra most expensive version of Windows .
Most people would be too cheap to get that version , even if they knew what the benefit was .
So your home computer probably does n't have it.You say that like it 's a bad thing .
Which do you think is a more likely scenario : 1 .
) Home user has valuable data on their machine that can not fall into the " wrong hands " ( personally identifiable information in the browser cache notwithstanding ) .2 .
) User has lots of data that is valuable TO THEM , but not worth stealing for anyone else ( i.e .
photos , school projects , music library ) , does n't back up their data , and does n't surf safely.In every case of every home PC I have ever worked on , there has been exactly one person who has fit into category number one , and that 's because he owned his own company and had his Quickbooks data on it .
Everyone else has fit into the second category.I 've had dozens of machines over the years that I 've had to rescue from a defective hard drive or malware attack .
Recovering their data usually involves either booting from a BartPE/Acronis/Knoppix disc and transferring it to an external hard drive or LAN location , or popping out the drive and sticking an IDE/SATA-to-USB tether device on it and migrating it that way .
If home users were given the option to encrypt their data in the event of an Evil Maid , the majority would n't use it anyway , but a few would .
The few who would are no more likely to keep a data backup ( or encrypt that backup , defeating the purpose of encrypting the drive in the first place ) , and if one of THEM ends up with a corrupted boot sector or malware attack , their family photos , school projects , and Limewire music are completely hosed with no chance of recovery...because that is the entire point of the encryption.The way I figure it , if the data is important enough to encrypt , it 's too important to be on your home computer .
If it must be worked on at home , and it 's important enough to encrypt , then it 's important enough to get a company issued laptop to do it .</tokentext>
<sentencetext>The problem with bitlocker is that it's only part of the ultimatextremeultra most expensive version of Windows.
Most people would be too cheap to get that version, even if they knew what the benefit was.
So your home computer probably doesn't have it.You say that like it's a bad thing.
Which do you think is a more likely scenario:1.
) Home user has valuable data on their machine that cannot fall into the "wrong hands" (personally identifiable information in the browser cache notwithstanding).2.
) User has lots of data that is valuable TO THEM, but not worth stealing for anyone else (i.e.
photos, school projects, music library), doesn't back up their data, and doesn't surf safely.In every case of every home PC I have ever worked on, there has been exactly one person who has fit into category number one, and that's because he owned his own company and had his Quickbooks data on it.
Everyone else has fit into the second category.I've had dozens of machines over the years that I've had to rescue from a defective hard drive or malware attack.
Recovering their data usually involves either booting from a BartPE/Acronis/Knoppix disc and transferring it to an external hard drive or LAN location, or popping out the drive and sticking an IDE/SATA-to-USB tether device on it and migrating it that way.
If home users were given the option to encrypt their data in the event of an Evil Maid, the majority wouldn't use it anyway, but a few would.
The few who would are no more likely to keep a data backup (or encrypt that backup, defeating the purpose of encrypting the drive in the first place), and if one of THEM ends up with a corrupted boot sector or malware attack, their family photos, school projects, and Limewire music are completely hosed with no chance of recovery...because that is the entire point of the encryption.The way I figure it, if the data is important enough to encrypt, it's too important to be on your home computer.
If it must be worked on at home, and it's important enough to encrypt, then it's important enough to get a company issued laptop to do it. 
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845767</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256311260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If they can compromise the bootloader or BIOS, then they can do it with the machine off.  But I believe that Rutkowska realized the implications after moving from Windows to OS X.  OS X does not offer full disk encryption--rather, it encrypts your home directory.  Thus it's likely still possible to compromise in this manner.</p><p>And of course, she focuses on Truecrypt, which also doesn't do whole disk encryption.  However it's a popular geek tool for encryption, and as such it's pretty relevant.</p></htmltext>
<tokenext>If they can compromise the bootloader or BIOS , then they can do it with the machine off .
But I believe that Rutkowska realized the implications after moving from Windows to OS X. OS X does not offer full disk encryption--rather , it encrypts your home directory .
Thus it 's likely still possible to compromise in this manner.And of course , she focuses on Truecrypt , which also does n't do whole disk encryption .
However it 's a popular geek tool for encryption , and as such it 's pretty relevant .</tokentext>
<sentencetext>If they can compromise the bootloader or BIOS, then they can do it with the machine off.
But I believe that Rutkowska realized the implications after moving from Windows to OS X.  OS X does not offer full disk encryption--rather, it encrypts your home directory.
Thus it's likely still possible to compromise in this manner.And of course, she focuses on Truecrypt, which also doesn't do whole disk encryption.
However it's a popular geek tool for encryption, and as such it's pretty relevant.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847093</id>
	<title>Always boot from external media</title>
	<author>dotmar</author>
	<datestamp>1256318280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If you always boot from an external media, let's say truecrypt bootable CD-R, wouldn't this solve the problem?</htmltext>
<tokenext>If you always boot from an external media , let 's say truecrypt bootable CD-R , would n't this solve the problem ?</tokentext>
<sentencetext>If you always boot from an external media, let's say truecrypt bootable CD-R, wouldn't this solve the problem?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848101</id>
	<title>bios password</title>
	<author>Anonymous</author>
	<datestamp>1256322240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>been around for decades...</p></htmltext>
<tokenext>been around for decades.. .</tokentext>
<sentencetext>been around for decades...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846003</id>
	<title>Re:Best solution - take the darn laptop with you</title>
	<author>Sancho</author>
	<datestamp>1256312400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The whole point is that people think that encryption is some sort of magic bullet that will prevent them from having to think about security.  So if they think that they're secure, they think that there's no need to lug the laptop around.  If it gets stolen, who cares?  The thieves won't get any information off of it.</p><p>This story is trying to promote the fact that there's more to it.</p></htmltext>
<tokenext>The whole point is that people think that encryption is some sort of magic bullet that will prevent them from having to think about security .
So if they think that they 're secure , they think that there 's no need to lug the laptop around .
If it gets stolen , who cares ?
The thieves wo n't get any information off of it.This story is trying to promote the fact that there 's more to it .</tokentext>
<sentencetext>The whole point is that people think that encryption is some sort of magic bullet that will prevent them from having to think about security.
So if they think that they're secure, they think that there's no need to lug the laptop around.
If it gets stolen, who cares?
The thieves won't get any information off of it.This story is trying to promote the fact that there's more to it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845743</id>
	<title>Re:My bootloader is on USB</title>
	<author>Anonymous</author>
	<datestamp>1256311140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>No, what you have on USB is just one bootloader. There's another one in the BIOS which runs first. How do you know the evil maid didn't compromise that, too? Maybe she included an invisible virtual machine monitor that appears to boot your machine normally while logging keystrokes.</p><p>They might already be watching you! Just waiting until they've captured enough information about your contacts, waiting to capture enough evidence against you to be sure of a conviction.</p></htmltext>
<tokenext>No , what you have on USB is just one bootloader .
There 's another one in the BIOS which runs first .
How do you know the evil maid did n't compromise that , too ?
Maybe she included an invisible virtual machine monitor that appears to boot your machine normally while logging keystrokes.They might already be watching you !
Just waiting until they 've captured enough information about your contacts , waiting to capture enough evidence against you to be sure of a conviction .</tokentext>
<sentencetext>No, what you have on USB is just one bootloader.
There's another one in the BIOS which runs first.
How do you know the evil maid didn't compromise that, too?
Maybe she included an invisible virtual machine monitor that appears to boot your machine normally while logging keystrokes.They might already be watching you!
Just waiting until they've captured enough information about your contacts, waiting to capture enough evidence against you to be sure of a conviction.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29857557</id>
	<title>Re:hotel room?</title>
	<author>metrix007</author>
	<datestamp>1256406840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>netbooks are not a laptop replacement. Of course you would leave your laptop in your room, because there is an expectation of security, close to that ofy our own home. Or, there should be.</p></htmltext>
<tokenext>netbooks are not a laptop replacement .
Of course you would leave your laptop in your room , because there is an expectation of security , close to that ofy our own home .
Or , there should be .</tokentext>
<sentencetext>netbooks are not a laptop replacement.
Of course you would leave your laptop in your room, because there is an expectation of security, close to that ofy our own home.
Or, there should be.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845361</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847829</id>
	<title>Simple: Boot with USB key</title>
	<author>Anonymous</author>
	<datestamp>1256321400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The USB key fits in your pocket and can be kept safe with your other keys. Don't lose your keys; just like a car, if you don't have the key, you can't start it.</p><p>In Linux, this is easily implemented with the bootloader, kernel and initial ramdisk setup/installed on the key. Without the key, the laptop will "hang" at boot and appear to be "broken" by the casual observer.</p><p>This approach seems safer than approaches that require validating the bootloader, kernel and initial ramdisk. YMMV.</p></htmltext>
<tokenext>The USB key fits in your pocket and can be kept safe with your other keys .
Do n't lose your keys ; just like a car , if you do n't have the key , you ca n't start it.In Linux , this is easily implemented with the bootloader , kernel and initial ramdisk setup/installed on the key .
Without the key , the laptop will " hang " at boot and appear to be " broken " by the casual observer.This approach seems safer than approaches that require validating the bootloader , kernel and initial ramdisk .
YMMV .</tokentext>
<sentencetext>The USB key fits in your pocket and can be kept safe with your other keys.
Don't lose your keys; just like a car, if you don't have the key, you can't start it.In Linux, this is easily implemented with the bootloader, kernel and initial ramdisk setup/installed on the key.
Without the key, the laptop will "hang" at boot and appear to be "broken" by the casual observer.This approach seems safer than approaches that require validating the bootloader, kernel and initial ramdisk.
YMMV.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847561</id>
	<title>Mandatory XKCD</title>
	<author>Anonymous</author>
	<datestamp>1256320380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>http://xkcd.com/538/</p></htmltext>
<tokenext>http : //xkcd.com/538/</tokentext>
<sentencetext>http://xkcd.com/538/</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849093</id>
	<title>Re:Oh, I am soooooo glad...</title>
	<author>chrb</author>
	<datestamp>1256325660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>And here we are, in year 2009, reading "research" telling us things we all already know.</p></div><p>To be fair, Rutkowska does <a href="http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html" title="blogspot.com">acknowledge</a> [blogspot.com] this <i>"Q: Is this Evil Maid Attack some l33t new h4ck?<br>Nope, the concept behind the Evil Maid Attack is neither new, nor l33t in any way."</i></p></div>
	</htmltext>
<tokenext>And here we are , in year 2009 , reading " research " telling us things we all already know.To be fair , Rutkowska does acknowledge [ blogspot.com ] this " Q : Is this Evil Maid Attack some l33t new h4ck ? Nope , the concept behind the Evil Maid Attack is neither new , nor l33t in any way .
"</tokentext>
<sentencetext>And here we are, in year 2009, reading "research" telling us things we all already know.To be fair, Rutkowska does acknowledge [blogspot.com] this "Q: Is this Evil Maid Attack some l33t new h4ck?Nope, the concept behind the Evil Maid Attack is neither new, nor l33t in any way.
"
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845443</id>
	<title>Nope, won't work with Bitlocker</title>
	<author>afidel</author>
	<datestamp>1256309580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>At least not with TPM hardware store, that's kind of the whole point. I'm surprised Bruce isn't aware of this combination.</htmltext>
<tokenext>At least not with TPM hardware store , that 's kind of the whole point .
I 'm surprised Bruce is n't aware of this combination .</tokentext>
<sentencetext>At least not with TPM hardware store, that's kind of the whole point.
I'm surprised Bruce isn't aware of this combination.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846291</id>
	<title>Problem Solved...</title>
	<author>Itninja</author>
	<datestamp>1256314080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Whenever I travel, I changed my splash screen graphic to a simple red-on-black message that reads:<br> <br>
"Dear Housekeeping,<br> <br>
Use of this system is monitored and you intrusion attempt has been reported to the system owner. The time has been recorded and the built-in webcam has taken your picture. Stop now and no charges will be filed."<br> <br>
Another method would be working for an under-funded government agency (like me). That last time I went to a conference I had to bring a 'company laptop'. Since the system was impressively 'designed for Windows 2000', I just took the battery out of the laptop when I was away from the room (along with the AC adaptor). I doubt anyone could find a retail outlet that sold nearly decade-old laptop batteries. SUck on that super maid spies!</htmltext>
<tokenext>Whenever I travel , I changed my splash screen graphic to a simple red-on-black message that reads : " Dear Housekeeping , Use of this system is monitored and you intrusion attempt has been reported to the system owner .
The time has been recorded and the built-in webcam has taken your picture .
Stop now and no charges will be filed .
" Another method would be working for an under-funded government agency ( like me ) .
That last time I went to a conference I had to bring a 'company laptop' .
Since the system was impressively 'designed for Windows 2000 ' , I just took the battery out of the laptop when I was away from the room ( along with the AC adaptor ) .
I doubt anyone could find a retail outlet that sold nearly decade-old laptop batteries .
SUck on that super maid spies !</tokentext>
<sentencetext>Whenever I travel, I changed my splash screen graphic to a simple red-on-black message that reads: 
"Dear Housekeeping, 
Use of this system is monitored and you intrusion attempt has been reported to the system owner.
The time has been recorded and the built-in webcam has taken your picture.
Stop now and no charges will be filed.
" 
Another method would be working for an under-funded government agency (like me).
That last time I went to a conference I had to bring a 'company laptop'.
Since the system was impressively 'designed for Windows 2000', I just took the battery out of the laptop when I was away from the room (along with the AC adaptor).
I doubt anyone could find a retail outlet that sold nearly decade-old laptop batteries.
SUck on that super maid spies!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845659</id>
	<title>Re:BIOS password</title>
	<author>EsbenMoseHansen</author>
	<datestamp>1256310720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?</p><p>You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.</p><p>Really, if you have physical access to the machine, it's got no chance.</p></div><p>BIOS passwords are easy.. simply remove the harddrive and install in another laptop.</p></div>
	</htmltext>
<tokenext>If the computer is shut down , and you 've a BIOS password enabled - you would n't be able to do this , right ? You 'd first have to enter the BIOS password to boot the system , then press a key to boot from external media and do your mischief .
But , if you had physical access to the machine , I suppose you could take it apart and reset the BIOS password anyway.Really , if you have physical access to the machine , it 's got no chance.BIOS passwords are easy.. simply remove the harddrive and install in another laptop .</tokentext>
<sentencetext>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief.
But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.Really, if you have physical access to the machine, it's got no chance.BIOS passwords are easy.. simply remove the harddrive and install in another laptop.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845927</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256311980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Shouldn't be. Encryption has to keep secrets secret. What is proposed in the article is technically feasible, I don't see in the name of what we should abandon it</htmltext>
<tokenext>Should n't be .
Encryption has to keep secrets secret .
What is proposed in the article is technically feasible , I do n't see in the name of what we should abandon it</tokentext>
<sentencetext>Shouldn't be.
Encryption has to keep secrets secret.
What is proposed in the article is technically feasible, I don't see in the name of what we should abandon it</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846437</id>
	<title>more likely...</title>
	<author>Anonymous</author>
	<datestamp>1256314860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The maid would be more likely to just steal the laptop, especially since most hotels/motels do not (and cannot) guarantee that items will not be stolen from your room.  So they disclaim any responsibility for any items left in the rooms. The best security is not let anyone else have physical acess to your computer, and to NOT use any version of Windows!</p></htmltext>
<tokenext>The maid would be more likely to just steal the laptop , especially since most hotels/motels do not ( and can not ) guarantee that items will not be stolen from your room .
So they disclaim any responsibility for any items left in the rooms .
The best security is not let anyone else have physical acess to your computer , and to NOT use any version of Windows !</tokentext>
<sentencetext>The maid would be more likely to just steal the laptop, especially since most hotels/motels do not (and cannot) guarantee that items will not be stolen from your room.
So they disclaim any responsibility for any items left in the rooms.
The best security is not let anyone else have physical acess to your computer, and to NOT use any version of Windows!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846069</id>
	<title>Missing the point</title>
	<author>Tim82</author>
	<datestamp>1256312820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Pretty much all the responses so far completely miss the point.<br> <br>
I work for a large finiancial institution - one of the biggest. Plenty of folks here have sensitive client information on their laptops, which they take with them on business trips to see clients, technology partners etc. We have some extremely large clients (all the major banks, US and worldwide) and the client information could include contacts, details of trading, holdings in various stocks, etc. This information can be worth millions of dollars, and the company could be fined similar amounts if it was stolen from their posession.<br> <br>
Most of the employees/managers/sales guys etc that go on business trips are not particularly technically savvy. All they know is that they have their laptop, and it is encrypted, and they have been told that their laptop is safe because the evil h4xx0rz can't decrupt the 124-byte RSM keylock. This will give them a false sense of security, and will leave their laptop in their hotel room, safe in the knowledge that it has a kingston lock on it and no-one can walk off with it.<br> <br>
The data on some of these machines is valuable enough that people certainly would think about trying to get their hands on it.<br> <br>
This needs to be a wakeup call to the big banks that they need to educate their staff - simply telling them "your laptop is encrypted, you are safe" is not good enough. They need to keep the machine with them at all times<br> <br>
All the talk of "boot from liveCD" or BIOS passwords, or hidden TrueCrypt volumes, simply are not feasible on a large corporate scale, and are certainly above your average client portfolio manager.</htmltext>
<tokenext>Pretty much all the responses so far completely miss the point .
I work for a large finiancial institution - one of the biggest .
Plenty of folks here have sensitive client information on their laptops , which they take with them on business trips to see clients , technology partners etc .
We have some extremely large clients ( all the major banks , US and worldwide ) and the client information could include contacts , details of trading , holdings in various stocks , etc .
This information can be worth millions of dollars , and the company could be fined similar amounts if it was stolen from their posession .
Most of the employees/managers/sales guys etc that go on business trips are not particularly technically savvy .
All they know is that they have their laptop , and it is encrypted , and they have been told that their laptop is safe because the evil h4xx0rz ca n't decrupt the 124-byte RSM keylock .
This will give them a false sense of security , and will leave their laptop in their hotel room , safe in the knowledge that it has a kingston lock on it and no-one can walk off with it .
The data on some of these machines is valuable enough that people certainly would think about trying to get their hands on it .
This needs to be a wakeup call to the big banks that they need to educate their staff - simply telling them " your laptop is encrypted , you are safe " is not good enough .
They need to keep the machine with them at all times All the talk of " boot from liveCD " or BIOS passwords , or hidden TrueCrypt volumes , simply are not feasible on a large corporate scale , and are certainly above your average client portfolio manager .</tokentext>
<sentencetext>Pretty much all the responses so far completely miss the point.
I work for a large finiancial institution - one of the biggest.
Plenty of folks here have sensitive client information on their laptops, which they take with them on business trips to see clients, technology partners etc.
We have some extremely large clients (all the major banks, US and worldwide) and the client information could include contacts, details of trading, holdings in various stocks, etc.
This information can be worth millions of dollars, and the company could be fined similar amounts if it was stolen from their posession.
Most of the employees/managers/sales guys etc that go on business trips are not particularly technically savvy.
All they know is that they have their laptop, and it is encrypted, and they have been told that their laptop is safe because the evil h4xx0rz can't decrupt the 124-byte RSM keylock.
This will give them a false sense of security, and will leave their laptop in their hotel room, safe in the knowledge that it has a kingston lock on it and no-one can walk off with it.
The data on some of these machines is valuable enough that people certainly would think about trying to get their hands on it.
This needs to be a wakeup call to the big banks that they need to educate their staff - simply telling them "your laptop is encrypted, you are safe" is not good enough.
They need to keep the machine with them at all times 
All the talk of "boot from liveCD" or BIOS passwords, or hidden TrueCrypt volumes, simply are not feasible on a large corporate scale, and are certainly above your average client portfolio manager.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846221</id>
	<title>checksum your bootloader</title>
	<author>Anonymous</author>
	<datestamp>1256313720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>As part of my init script, I've hashed the data in my boot partition and I am alerted if there is a change. You should all do the same.</p></htmltext>
<tokenext>As part of my init script , I 've hashed the data in my boot partition and I am alerted if there is a change .
You should all do the same .</tokentext>
<sentencetext>As part of my init script, I've hashed the data in my boot partition and I am alerted if there is a change.
You should all do the same.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846955</id>
	<title>Re:This is why</title>
	<author>wurp</author>
	<datestamp>1256317620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The easiest, most foolproof way for someone determined to scam your password is to put a keylogger physically inline with your keyboard.  I suspect one could be made small enough to fit inside the connector.</p><p>If the device you use to access your encrypted drive is accessible for 10 minutes, you are vulnerable.  It doesn't matter what the software is or how you use *that device* to validate anything.</p></htmltext>
<tokenext>The easiest , most foolproof way for someone determined to scam your password is to put a keylogger physically inline with your keyboard .
I suspect one could be made small enough to fit inside the connector.If the device you use to access your encrypted drive is accessible for 10 minutes , you are vulnerable .
It does n't matter what the software is or how you use * that device * to validate anything .</tokentext>
<sentencetext>The easiest, most foolproof way for someone determined to scam your password is to put a keylogger physically inline with your keyboard.
I suspect one could be made small enough to fit inside the connector.If the device you use to access your encrypted drive is accessible for 10 minutes, you are vulnerable.
It doesn't matter what the software is or how you use *that device* to validate anything.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845667</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845881</id>
	<title>this is old news</title>
	<author>Anonymous</author>
	<datestamp>1256311800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This is really old news and too many windows 7 fanboys are turning a blind eye to it as well..</p><p>I'll be yelling at the walls for a long time to come just so self absorbed supposed<br>'superior tech' morons can catch up to the obvious..<br>Paranoid security people like myself will always be<br>of value, but when you asshats don't listen to us, the joke is on YOU!!</p><p>The rest of the lamers<br>can fade away in the background for all I care, fruity asshat fanboys<br>and pretend security 'know it all's' suck!! as usual..</p></htmltext>
<tokenext>This is really old news and too many windows 7 fanboys are turning a blind eye to it as well..I 'll be yelling at the walls for a long time to come just so self absorbed supposed'superior tech ' morons can catch up to the obvious..Paranoid security people like myself will always beof value , but when you asshats do n't listen to us , the joke is on YOU !
! The rest of the lamerscan fade away in the background for all I care , fruity asshat fanboysand pretend security 'know it all 's ' suck ! !
as usual. .</tokentext>
<sentencetext>This is really old news and too many windows 7 fanboys are turning a blind eye to it as well..I'll be yelling at the walls for a long time to come just so self absorbed supposed'superior tech' morons can catch up to the obvious..Paranoid security people like myself will always beof value, but when you asshats don't listen to us, the joke is on YOU!
!The rest of the lamerscan fade away in the background for all I care, fruity asshat fanboysand pretend security 'know it all's' suck!!
as usual..</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848133</id>
	<title>Re:surprise</title>
	<author>GravityStar</author>
	<datestamp>1256322300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>TPM is supposed to be able to defend against this exact scenario.</p><p>I believe I read that Vista's Full Disk Encryption does exactly this. Not sure though.</p></htmltext>
<tokenext>TPM is supposed to be able to defend against this exact scenario.I believe I read that Vista 's Full Disk Encryption does exactly this .
Not sure though .</tokentext>
<sentencetext>TPM is supposed to be able to defend against this exact scenario.I believe I read that Vista's Full Disk Encryption does exactly this.
Not sure though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846059</id>
	<title>Its a plausible attack</title>
	<author>interval1066</author>
	<datestamp>1256312700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>And for cases where national security is concerned, probably more a likely attack vector than any other. So the likely defense is some kind of boot-time check of the loader's integrity, which is just as possible. For example, a utility to do this on a USB fob. Then of course the you have to remember to take your fob with you...</p></htmltext>
<tokenext>And for cases where national security is concerned , probably more a likely attack vector than any other .
So the likely defense is some kind of boot-time check of the loader 's integrity , which is just as possible .
For example , a utility to do this on a USB fob .
Then of course the you have to remember to take your fob with you.. .</tokentext>
<sentencetext>And for cases where national security is concerned, probably more a likely attack vector than any other.
So the likely defense is some kind of boot-time check of the loader's integrity, which is just as possible.
For example, a utility to do this on a USB fob.
Then of course the you have to remember to take your fob with you...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848147</id>
	<title>Evil Maid?</title>
	<author>PPH</author>
	<datestamp>1256322360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><a href="http://media.photobucket.com/image/\%25252Bmaid\%25252Bkinky/Candy908/maid.jpg" title="photobucket.com">This</a> [photobucket.com] evil maid can do anything she wants on my laptop!</htmltext>
<tokenext>This [ photobucket.com ] evil maid can do anything she wants on my laptop !</tokentext>
<sentencetext>This [photobucket.com] evil maid can do anything she wants on my laptop!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303</id>
	<title>surprise</title>
	<author>Anonymous</author>
	<datestamp>1256308800000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>physical access &gt; digital security</p></htmltext>
<tokenext>physical access &gt; digital security</tokentext>
<sentencetext>physical access &gt; digital security</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521</id>
	<title>Easily foiled</title>
	<author>Hogwash McFly</author>
	<datestamp>1256310000000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Evil maids are easy to spot because of their goatees.</p></htmltext>
<tokenext>Evil maids are easy to spot because of their goatees .</tokentext>
<sentencetext>Evil maids are easy to spot because of their goatees.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</id>
	<title>And how exactly...</title>
	<author>Hurricane78</author>
	<datestamp>1256311620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control? (Something possible with the Lenovo ThinkPads for example. In which case it is a good concept, as opposed to what the media companies planned to do with it.)</p><p>Hardware security against hardware meddling. Simple as that.</p><p>Now the next level would be physically modifying the motherboard. But even against that you can protect yourself. By using the TPM to check the trustworthiness of the components, encrypting bus communication, etc. (Which the TPM platform, if I'm correct, is doing already) and using a hardware dongle key, that is itself encrypted. That you both take with you. Perhaps only working with a class 3 USB dongle (included key reader, keypad and display).</p><p>I want to see you crack <em>that</em> system then. ^^</p><p>Of course, in reality, they will simply give you a good old-fashioned beating (or modern waterboarding), until you tell them the password and give them the key and class 3 device.<br>Which will only help them, if you did not destroy the key dongle beforehand. (Or had it split, and one of the parts is out of reach.) But the beating will always be yours to take. ^^</p></htmltext>
<tokenext>...will she install that bootloader , when there in no BIOS , but an encrypted coreboot or EFI system , that is protected against meddling with , by a TPM ( chip ) under YOUR control ?
( Something possible with the Lenovo ThinkPads for example .
In which case it is a good concept , as opposed to what the media companies planned to do with it .
) Hardware security against hardware meddling .
Simple as that.Now the next level would be physically modifying the motherboard .
But even against that you can protect yourself .
By using the TPM to check the trustworthiness of the components , encrypting bus communication , etc .
( Which the TPM platform , if I 'm correct , is doing already ) and using a hardware dongle key , that is itself encrypted .
That you both take with you .
Perhaps only working with a class 3 USB dongle ( included key reader , keypad and display ) .I want to see you crack that system then .
^ ^ Of course , in reality , they will simply give you a good old-fashioned beating ( or modern waterboarding ) , until you tell them the password and give them the key and class 3 device.Which will only help them , if you did not destroy the key dongle beforehand .
( Or had it split , and one of the parts is out of reach .
) But the beating will always be yours to take .
^ ^</tokentext>
<sentencetext>...will she install that bootloader, when there in no BIOS, but an encrypted coreboot or EFI system, that is protected against meddling with, by a TPM (chip) under YOUR control?
(Something possible with the Lenovo ThinkPads for example.
In which case it is a good concept, as opposed to what the media companies planned to do with it.
)Hardware security against hardware meddling.
Simple as that.Now the next level would be physically modifying the motherboard.
But even against that you can protect yourself.
By using the TPM to check the trustworthiness of the components, encrypting bus communication, etc.
(Which the TPM platform, if I'm correct, is doing already) and using a hardware dongle key, that is itself encrypted.
That you both take with you.
Perhaps only working with a class 3 USB dongle (included key reader, keypad and display).I want to see you crack that system then.
^^Of course, in reality, they will simply give you a good old-fashioned beating (or modern waterboarding), until you tell them the password and give them the key and class 3 device.Which will only help them, if you did not destroy the key dongle beforehand.
(Or had it split, and one of the parts is out of reach.
) But the beating will always be yours to take.
^^</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846189</id>
	<title>Just use an external boot device</title>
	<author>Anonymous</author>
	<datestamp>1256313540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Boot from a memory stick, CD, whatever. This way you won't have to run code that wasn't encrypted, from the internal harddrive (i.e. boot loader).</p></htmltext>
<tokenext>Boot from a memory stick , CD , whatever .
This way you wo n't have to run code that was n't encrypted , from the internal harddrive ( i.e .
boot loader ) .</tokentext>
<sentencetext>Boot from a memory stick, CD, whatever.
This way you won't have to run code that wasn't encrypted, from the internal harddrive (i.e.
boot loader).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845601</id>
	<title>Re:BIOS password</title>
	<author>Thoguth</author>
	<datestamp>1256310480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?</p><p>You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief. But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.</p><p>Really, if you have physical access to the machine, it's got no chance.</p></div><p>The difference is, if someone took it apart and reset the BIOS password, it would take a lot more time than just the 1-minute boot from USB stick, and more importantly, the next time you boot the machine, you'd see the password was reset, know it had been tampered, and not enter your decryption key.  Unless there's a more sophisticated BIOS password attack that I'm unaware of, this would keep your data private.</p><p>A bigger issue, though, is if you have information sensitive enough to require a BIOS password and full disk encryption, it's probably also sensitive enough to physically secure the machine and/or keep it on your person at all time.</p></div>
	</htmltext>
<tokenext>If the computer is shut down , and you 've a BIOS password enabled - you would n't be able to do this , right ? You 'd first have to enter the BIOS password to boot the system , then press a key to boot from external media and do your mischief .
But , if you had physical access to the machine , I suppose you could take it apart and reset the BIOS password anyway.Really , if you have physical access to the machine , it 's got no chance.The difference is , if someone took it apart and reset the BIOS password , it would take a lot more time than just the 1-minute boot from USB stick , and more importantly , the next time you boot the machine , you 'd see the password was reset , know it had been tampered , and not enter your decryption key .
Unless there 's a more sophisticated BIOS password attack that I 'm unaware of , this would keep your data private.A bigger issue , though , is if you have information sensitive enough to require a BIOS password and full disk encryption , it 's probably also sensitive enough to physically secure the machine and/or keep it on your person at all time .</tokentext>
<sentencetext>If the computer is shut down, and you've a BIOS password enabled - you wouldn't be able to do this, right?You'd first have to enter the BIOS password to boot the system, then press a key to boot from external media and do your mischief.
But, if you had physical access to the machine, I suppose you could take it apart and reset the BIOS password anyway.Really, if you have physical access to the machine, it's got no chance.The difference is, if someone took it apart and reset the BIOS password, it would take a lot more time than just the 1-minute boot from USB stick, and more importantly, the next time you boot the machine, you'd see the password was reset, know it had been tampered, and not enter your decryption key.
Unless there's a more sophisticated BIOS password attack that I'm unaware of, this would keep your data private.A bigger issue, though, is if you have information sensitive enough to require a BIOS password and full disk encryption, it's probably also sensitive enough to physically secure the machine and/or keep it on your person at all time.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846151</id>
	<title>Re:My bootloader is on USB</title>
	<author>russotto</author>
	<datestamp>1256313360000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><blockquote><div><p>If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.</p><p>1) Step one: apply pliers to target's scrotum.<br>2) Ask them once to access the laptop.<br>3) If any resistance is given, squeeze the pliers just a tad.</p><p>Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.</p></div></blockquote><p>Workaround 1) Make sure only women have the information.<br>Workaround 2) Preventative castration<br>Workaround 3) Shoot anyone with pliers who comes within 10 feet<br>Workaround 4) Duress code which releases false information.  (this one's likely practical but only as a delaying tactic; it's going to hurt a lot when the interrogator finds the information doesn't verify)</p></div>
	</htmltext>
<tokenext>If someone wants your information that bad , they just need a pair of pliers to succeed with the attack.1 ) Step one : apply pliers to target 's scrotum.2 ) Ask them once to access the laptop.3 ) If any resistance is given , squeeze the pliers just a tad.Now , leave it to a bunch of nerds to come up with technical workarounds and miss the real point.Workaround 1 ) Make sure only women have the information.Workaround 2 ) Preventative castrationWorkaround 3 ) Shoot anyone with pliers who comes within 10 feetWorkaround 4 ) Duress code which releases false information .
( this one 's likely practical but only as a delaying tactic ; it 's going to hurt a lot when the interrogator finds the information does n't verify )</tokentext>
<sentencetext>If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.1) Step one: apply pliers to target's scrotum.2) Ask them once to access the laptop.3) If any resistance is given, squeeze the pliers just a tad.Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.Workaround 1) Make sure only women have the information.Workaround 2) Preventative castrationWorkaround 3) Shoot anyone with pliers who comes within 10 feetWorkaround 4) Duress code which releases false information.
(this one's likely practical but only as a delaying tactic; it's going to hurt a lot when the interrogator finds the information doesn't verify)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849725</id>
	<title>So Encryption does not protect against Trojans ?</title>
	<author>lbalbalba</author>
	<datestamp>1256328000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Duh. Move along, nothing to see here, news at eleven.</htmltext>
<tokenext>Duh .
Move along , nothing to see here , news at eleven .</tokentext>
<sentencetext>Duh.
Move along, nothing to see here, news at eleven.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845755</id>
	<title>Re:BIOS password</title>
	<author>Otter Popinski</author>
	<datestamp>1256311200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I think you've misunderstood. If the computer is shut down, the full-disk encryption will do its job as intended, even if -- as some other replies have suggested -- the HDD is removed and put into another computer. The attack discussed in the article assumes that you've left your computer on (so the HDD is "unlocked") and the attacker has physical access to it. At that point, they can install the hacked bootloader and *then* steal your computer or hard drive.

At least I'm assuming they'd steal something at that point, because if they just wanted your data, well... the computer was already on and they already had access to it.</htmltext>
<tokenext>I think you 've misunderstood .
If the computer is shut down , the full-disk encryption will do its job as intended , even if -- as some other replies have suggested -- the HDD is removed and put into another computer .
The attack discussed in the article assumes that you 've left your computer on ( so the HDD is " unlocked " ) and the attacker has physical access to it .
At that point , they can install the hacked bootloader and * then * steal your computer or hard drive .
At least I 'm assuming they 'd steal something at that point , because if they just wanted your data , well... the computer was already on and they already had access to it .</tokentext>
<sentencetext>I think you've misunderstood.
If the computer is shut down, the full-disk encryption will do its job as intended, even if -- as some other replies have suggested -- the HDD is removed and put into another computer.
The attack discussed in the article assumes that you've left your computer on (so the HDD is "unlocked") and the attacker has physical access to it.
At that point, they can install the hacked bootloader and *then* steal your computer or hard drive.
At least I'm assuming they'd steal something at that point, because if they just wanted your data, well... the computer was already on and they already had access to it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849451</id>
	<title>Re:surprise</title>
	<author>ArsonSmith</author>
	<datestamp>1256326980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I use my boot loader as part of my key material.  Change it and I'll know.  (and be pretty pissed)</p></htmltext>
<tokenext>I use my boot loader as part of my key material .
Change it and I 'll know .
( and be pretty pissed )</tokentext>
<sentencetext>I use my boot loader as part of my key material.
Change it and I'll know.
(and be pretty pissed)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846781</id>
	<title>well, duh!</title>
	<author>jipn4</author>
	<datestamp>1256316720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Has Schneier run out of real security problems?  Yeah, people with physical access to your hardware can break your encryption.  They can put a key logger in your machine.  They can bug your keyboard or your hotel room.  They can even spread LSD or strychnine on your keyboard.  Imagine that!</p></htmltext>
<tokenext>Has Schneier run out of real security problems ?
Yeah , people with physical access to your hardware can break your encryption .
They can put a key logger in your machine .
They can bug your keyboard or your hotel room .
They can even spread LSD or strychnine on your keyboard .
Imagine that !</tokentext>
<sentencetext>Has Schneier run out of real security problems?
Yeah, people with physical access to your hardware can break your encryption.
They can put a key logger in your machine.
They can bug your keyboard or your hotel room.
They can even spread LSD or strychnine on your keyboard.
Imagine that!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848455</id>
	<title>so lock the bootpath</title>
	<author>Johnny Mnemonic</author>
	<datestamp>1256323500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>
So lock the boot device to the FDE drive, and lock the hardware to the boot device.  You can (could on PPC, still true on Intel?) with Macs.

Sure, you can defeat it.  But you necessarily can't re-enable it with the same pasword.

So if you're this paranoid, lock booting to a particular device, and lock the boot device to full encryption.  Check your that your first lock is still in place from time to time, as regularly as you need.</htmltext>
<tokenext>So lock the boot device to the FDE drive , and lock the hardware to the boot device .
You can ( could on PPC , still true on Intel ?
) with Macs .
Sure , you can defeat it .
But you necessarily ca n't re-enable it with the same pasword .
So if you 're this paranoid , lock booting to a particular device , and lock the boot device to full encryption .
Check your that your first lock is still in place from time to time , as regularly as you need .</tokentext>
<sentencetext>
So lock the boot device to the FDE drive, and lock the hardware to the boot device.
You can (could on PPC, still true on Intel?
) with Macs.
Sure, you can defeat it.
But you necessarily can't re-enable it with the same pasword.
So if you're this paranoid, lock booting to a particular device, and lock the boot device to full encryption.
Check your that your first lock is still in place from time to time, as regularly as you need.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846617</id>
	<title>evil cook</title>
	<author>Anonymous</author>
	<datestamp>1256315820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The evil cook seems much more dangerous. How can I protect myself against him/her?</p></htmltext>
<tokenext>The evil cook seems much more dangerous .
How can I protect myself against him/her ?</tokentext>
<sentencetext>The evil cook seems much more dangerous.
How can I protect myself against him/her?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289</id>
	<title>Re:surprise</title>
	<author>Anonymous</author>
	<datestamp>1256319180000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext><p>My god the mod's today suck. All of these "Then don't leave yourself logged in" responses are getting +mod.</p><p>This attack has NOTHING to do with you leaving your session authenticated and open. It's about a boot-loader level phish scheme.</p><p>Basically, you come back to your laptop which you left off, you boot it up not noticing anything out of place, and you log in an unlock your drives. Meanwhile, little did you know that the intruder put a very small OS on to your laptop which runs your primary OS as a virtual OS. It's got low level hooks to all the basic INT's and can read any memory without chance of any program within your primary OS (now virtualized) detecting it.</p><p>Then you log off and go out to dinner. The maid comes in, boots up, hits a key-sequence, and dumps a log to a USB drive. In that log somewhere is your password to your encrypted drives. Game over dude... game fucking over.</p></htmltext>
<tokenext>My god the mod 's today suck .
All of these " Then do n't leave yourself logged in " responses are getting + mod.This attack has NOTHING to do with you leaving your session authenticated and open .
It 's about a boot-loader level phish scheme.Basically , you come back to your laptop which you left off , you boot it up not noticing anything out of place , and you log in an unlock your drives .
Meanwhile , little did you know that the intruder put a very small OS on to your laptop which runs your primary OS as a virtual OS .
It 's got low level hooks to all the basic INT 's and can read any memory without chance of any program within your primary OS ( now virtualized ) detecting it.Then you log off and go out to dinner .
The maid comes in , boots up , hits a key-sequence , and dumps a log to a USB drive .
In that log somewhere is your password to your encrypted drives .
Game over dude... game fucking over .</tokentext>
<sentencetext>My god the mod's today suck.
All of these "Then don't leave yourself logged in" responses are getting +mod.This attack has NOTHING to do with you leaving your session authenticated and open.
It's about a boot-loader level phish scheme.Basically, you come back to your laptop which you left off, you boot it up not noticing anything out of place, and you log in an unlock your drives.
Meanwhile, little did you know that the intruder put a very small OS on to your laptop which runs your primary OS as a virtual OS.
It's got low level hooks to all the basic INT's and can read any memory without chance of any program within your primary OS (now virtualized) detecting it.Then you log off and go out to dinner.
The maid comes in, boots up, hits a key-sequence, and dumps a log to a USB drive.
In that log somewhere is your password to your encrypted drives.
Game over dude... game fucking over.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845493</id>
	<title>I am thinking there is a different way.</title>
	<author>JDeane</author>
	<datestamp>1256309820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand.

This is why the best security is physical security and limiting access to you hardware.</htmltext>
<tokenext>Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand .
This is why the best security is physical security and limiting access to you hardware .</tokentext>
<sentencetext>Use a USB or PS2 key logging dongle to grab the passwords.... Finger print scanners are not really reliable from what I understand.
This is why the best security is physical security and limiting access to you hardware.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845507</id>
	<title>Use a bootdisk</title>
	<author>mysidia</author>
	<datestamp>1256309940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
Boot from read-only removable media.   Have a 'verification program'  in the boot loader that verifies a signature on the OS bootstrap
</p><p>
Digitally sign everything that isn't encrypted, and contain the proper signatures/keys on the removable media   that you always carry with you
</p></htmltext>
<tokenext>Boot from read-only removable media .
Have a 'verification program ' in the boot loader that verifies a signature on the OS bootstrap Digitally sign everything that is n't encrypted , and contain the proper signatures/keys on the removable media that you always carry with you</tokentext>
<sentencetext>
Boot from read-only removable media.
Have a 'verification program'  in the boot loader that verifies a signature on the OS bootstrap

Digitally sign everything that isn't encrypted, and contain the proper signatures/keys on the removable media   that you always carry with you
</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848131</id>
	<title>Re:Why are we talking about this?</title>
	<author>mr exploiter</author>
	<datestamp>1256322300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I'm curious of what are you calling "software encryption" . As opposed to what? Do you know about some computer that has some form of encryption that is totally hardware based, so much that the CPU even doesn't know that is there? I never heard of that.</htmltext>
<tokenext>I 'm curious of what are you calling " software encryption " .
As opposed to what ?
Do you know about some computer that has some form of encryption that is totally hardware based , so much that the CPU even does n't know that is there ?
I never heard of that .</tokentext>
<sentencetext>I'm curious of what are you calling "software encryption" .
As opposed to what?
Do you know about some computer that has some form of encryption that is totally hardware based, so much that the CPU even doesn't know that is there?
I never heard of that.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647</id>
	<title>Why are we talking about this?</title>
	<author>Anonymous</author>
	<datestamp>1256310720000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p><i>You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader. The same maid could even sneak back the next night and erase any traces of her actions.</i> </p><p>Maybe if she's an idiot.  Once you've installed your own bootloader, it can neatly remove itself.  (After installing malware, or transferring the encryption keys and data it needs over the network.)  Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?</p><p>But more to the point, it must be a slow week.  Why are "serious" security researchers even wasting time on something this obvious?  Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader.  Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky.  After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded).  A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.</p><p>Even trusted boot will only get you so far against a motivated adversary with this much sophistication.  Don't leave your vital computing equipment behind in your hotel room.</p></htmltext>
<tokenext>You can see why it 's called the " evil maid " attack ; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner , and the maid sneaks in and installs the hacked bootloader .
The same maid could even sneak back the next night and erase any traces of her actions .
Maybe if she 's an idiot .
Once you 've installed your own bootloader , it can neatly remove itself .
( After installing malware , or transferring the encryption keys and data it needs over the network .
) Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack ? But more to the point , it must be a slow week .
Why are " serious " security researchers even wasting time on something this obvious ?
Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader .
Hell , the really sophisticated bad guys are n't even going to do anything this difficult or risky .
After all , the encryption key has to be in RAM somewhere whenever you 're using software-based encryption ( hardware encryption excluded ) .
A well-engineered piece of malware will recover it , and two-factor authentication is n't going to help you.Even trusted boot will only get you so far against a motivated adversary with this much sophistication .
Do n't leave your vital computing equipment behind in your hotel room .</tokentext>
<sentencetext>You can see why it's called the "evil maid" attack; a likely scenario is that you leave your encrypted computer in your hotel room when you go out to dinner, and the maid sneaks in and installs the hacked bootloader.
The same maid could even sneak back the next night and erase any traces of her actions.
Maybe if she's an idiot.
Once you've installed your own bootloader, it can neatly remove itself.
(After installing malware, or transferring the encryption keys and data it needs over the network.
)  Why in the world would the maid unnecessarily repeat the riskiest part of the entire attack?But more to the point, it must be a slow week.
Why are "serious" security researchers even wasting time on something this obvious?
Of course your software-based hard disk encryption is hosed in the event that an attacker gets hold of your machine and can alter the bootloader.
Hell, the really sophisticated bad guys aren't even going to do anything this difficult or risky.
After all, the encryption key has to be in RAM somewhere whenever you're using software-based encryption (hardware encryption excluded).
A well-engineered piece of malware will recover it, and two-factor authentication isn't going to help you.Even trusted boot will only get you so far against a motivated adversary with this much sophistication.
Don't leave your vital computing equipment behind in your hotel room.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29853491</id>
	<title>Re:My bootloader is on USB</title>
	<author>SanityInAnarchy</author>
	<datestamp>1256307480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Step one: Place thermite above hard drive.</p><p>Step two: Construct laptop to ignite thermite on any attempt at tampering, or when the self-destruct happens.</p><p>Step three: Summon just enough courage to reveal the wrong password when it's convincing to do so. Yes, it's going to hurt, but now they <i>can't</i>get any more out of you, no matter how painful they make it. And if you were tempted to reveal the real password, realize that either way, they might keep torturing you anyway.</p><p>This could be scaled down -- rather than the laptop hard drive, it could be a small USB device which the keys never leave. I'm not sure what's known about recovering erased data from flash, but it wouldn't be hard to simply erase the block with the key on it.</p></htmltext>
<tokenext>Step one : Place thermite above hard drive.Step two : Construct laptop to ignite thermite on any attempt at tampering , or when the self-destruct happens.Step three : Summon just enough courage to reveal the wrong password when it 's convincing to do so .
Yes , it 's going to hurt , but now they can'tget any more out of you , no matter how painful they make it .
And if you were tempted to reveal the real password , realize that either way , they might keep torturing you anyway.This could be scaled down -- rather than the laptop hard drive , it could be a small USB device which the keys never leave .
I 'm not sure what 's known about recovering erased data from flash , but it would n't be hard to simply erase the block with the key on it .</tokentext>
<sentencetext>Step one: Place thermite above hard drive.Step two: Construct laptop to ignite thermite on any attempt at tampering, or when the self-destruct happens.Step three: Summon just enough courage to reveal the wrong password when it's convincing to do so.
Yes, it's going to hurt, but now they can'tget any more out of you, no matter how painful they make it.
And if you were tempted to reveal the real password, realize that either way, they might keep torturing you anyway.This could be scaled down -- rather than the laptop hard drive, it could be a small USB device which the keys never leave.
I'm not sure what's known about recovering erased data from flash, but it wouldn't be hard to simply erase the block with the key on it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846893</id>
	<title>Re:bootloader checksum</title>
	<author>Jesus\_666</author>
	<datestamp>1256317200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Actually, wouldn't it be a good idea to put the bootloader onto an EEPROM module with a password passively baked in? The computer password acts as the encryption key for the bootloader so without knowing the password you can't meaningfully replace the loader- if you do the computer can't be unlocked anymore. Unless, of course, you brute-force the bootloader encryption, which takes time. Still, replacing the bootloader is a fairly involved procedure in itself - easy to do for a company's IT department but not quite as easy to do stealthily.<br>
<br>
The system should be designed in such a way that the EEPROM is the only way to boot it. Of course this makes installing operating systems harder as they aren't aware of the EEPROM. On the other hand, what's your business installing a new operating system on a high-security computer anyway? Plus, I'd expect Linux to support the system in relatively short time.<br>
<br>
Granted, this is less likely to work with Windows (unless you use Vista/7 and the EEPROM is presented to the system as a ROM drive containing only the EFI System Partition containing the BCD, which contains entries for the windows partition and all other drives).</htmltext>
<tokenext>Actually , would n't it be a good idea to put the bootloader onto an EEPROM module with a password passively baked in ?
The computer password acts as the encryption key for the bootloader so without knowing the password you ca n't meaningfully replace the loader- if you do the computer ca n't be unlocked anymore .
Unless , of course , you brute-force the bootloader encryption , which takes time .
Still , replacing the bootloader is a fairly involved procedure in itself - easy to do for a company 's IT department but not quite as easy to do stealthily .
The system should be designed in such a way that the EEPROM is the only way to boot it .
Of course this makes installing operating systems harder as they are n't aware of the EEPROM .
On the other hand , what 's your business installing a new operating system on a high-security computer anyway ?
Plus , I 'd expect Linux to support the system in relatively short time .
Granted , this is less likely to work with Windows ( unless you use Vista/7 and the EEPROM is presented to the system as a ROM drive containing only the EFI System Partition containing the BCD , which contains entries for the windows partition and all other drives ) .</tokentext>
<sentencetext>Actually, wouldn't it be a good idea to put the bootloader onto an EEPROM module with a password passively baked in?
The computer password acts as the encryption key for the bootloader so without knowing the password you can't meaningfully replace the loader- if you do the computer can't be unlocked anymore.
Unless, of course, you brute-force the bootloader encryption, which takes time.
Still, replacing the bootloader is a fairly involved procedure in itself - easy to do for a company's IT department but not quite as easy to do stealthily.
The system should be designed in such a way that the EEPROM is the only way to boot it.
Of course this makes installing operating systems harder as they aren't aware of the EEPROM.
On the other hand, what's your business installing a new operating system on a high-security computer anyway?
Plus, I'd expect Linux to support the system in relatively short time.
Granted, this is less likely to work with Windows (unless you use Vista/7 and the EEPROM is presented to the system as a ROM drive containing only the EFI System Partition containing the BCD, which contains entries for the windows partition and all other drives).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</id>
	<title>Re:My bootloader is on USB</title>
	<author>Anonymous</author>
	<datestamp>1256310960000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.</p><p>1) Step one: apply pliers to target's scrotum.<br>2) Ask them once to access the laptop.<br>3) If any resistance is given, squeeze the pliers just a tad.</p><p>Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.</p></htmltext>
<tokenext>If someone wants your information that bad , they just need a pair of pliers to succeed with the attack.1 ) Step one : apply pliers to target 's scrotum.2 ) Ask them once to access the laptop.3 ) If any resistance is given , squeeze the pliers just a tad.Now , leave it to a bunch of nerds to come up with technical workarounds and miss the real point .</tokentext>
<sentencetext>If someone wants your information that bad, they just need a pair of pliers to succeed with the attack.1) Step one: apply pliers to target's scrotum.2) Ask them once to access the laptop.3) If any resistance is given, squeeze the pliers just a tad.Now, leave it to a bunch of nerds to come up with technical workarounds and miss the real point.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846057</id>
	<title>Black bag job</title>
	<author>Anonymous</author>
	<datestamp>1256312700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This isn't a new attack; it's just a specific variant of a "black bag" job; same idea as installing a hardware keylogger.  I think there's likely a way to use Trusted Computing to defeat this particular variant, basically the TCM wouldn't give out keys to an untrusted bootloader.</p></htmltext>
<tokenext>This is n't a new attack ; it 's just a specific variant of a " black bag " job ; same idea as installing a hardware keylogger .
I think there 's likely a way to use Trusted Computing to defeat this particular variant , basically the TCM would n't give out keys to an untrusted bootloader .</tokentext>
<sentencetext>This isn't a new attack; it's just a specific variant of a "black bag" job; same idea as installing a hardware keylogger.
I think there's likely a way to use Trusted Computing to defeat this particular variant, basically the TCM wouldn't give out keys to an untrusted bootloader.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846583</id>
	<title>Quit making me post xkcd</title>
	<author>DarthVain</author>
	<datestamp>1256315640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><a href="http://xkcd.com/538/" title="xkcd.com">http://xkcd.com/538/</a> [xkcd.com]</p><p>Seriously. If someone wants in your computer, they are getting in. Period. Full stop.</p><p>However:</p><p>A) Likely you and your laptops super secret porn stash are not important enough to bother.<br>B) Most people are too stupid to care. 99 times out of 100 your laptop will be stolen, maybe wiped and sold on ebay or equivalent.</p></htmltext>
<tokenext>http : //xkcd.com/538/ [ xkcd.com ] Seriously .
If someone wants in your computer , they are getting in .
Period. Full stop.However : A ) Likely you and your laptops super secret porn stash are not important enough to bother.B ) Most people are too stupid to care .
99 times out of 100 your laptop will be stolen , maybe wiped and sold on ebay or equivalent .</tokentext>
<sentencetext>http://xkcd.com/538/ [xkcd.com]Seriously.
If someone wants in your computer, they are getting in.
Period. Full stop.However:A) Likely you and your laptops super secret porn stash are not important enough to bother.B) Most people are too stupid to care.
99 times out of 100 your laptop will be stolen, maybe wiped and sold on ebay or equivalent.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846173</id>
	<title>Re:BIOS password</title>
	<author>Anonymous</author>
	<datestamp>1256313480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Not sure what you mean by extended access...it would take less than a half a minute for someone who is moderately dextrous and has practiced a few times to add a keystroke logger/transmitter to my Asus netbook or to replace the keyboard with one that has been compromised, and I doubt that other laptops are much more difficult.</p></htmltext>
<tokenext>Not sure what you mean by extended access...it would take less than a half a minute for someone who is moderately dextrous and has practiced a few times to add a keystroke logger/transmitter to my Asus netbook or to replace the keyboard with one that has been compromised , and I doubt that other laptops are much more difficult .</tokentext>
<sentencetext>Not sure what you mean by extended access...it would take less than a half a minute for someone who is moderately dextrous and has practiced a few times to add a keystroke logger/transmitter to my Asus netbook or to replace the keyboard with one that has been compromised, and I doubt that other laptops are much more difficult.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845719</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847009</id>
	<title>Physical Security</title>
	<author>Anonymous</author>
	<datestamp>1256317920000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Physical Security can usually mitigate these types of risks. We all know that once an attacker has physical access to a device, all bets are off.</p><p>Lock your server room, lock your office. When in hotels put your laptop in the safe, all hotel rooms I've been to in the U.S. have had a safe.</p><p>Also things like setting the BIOS to boot only from HDD and add a pw to the BIOS can help mitigate this.</p></htmltext>
<tokenext>Physical Security can usually mitigate these types of risks .
We all know that once an attacker has physical access to a device , all bets are off.Lock your server room , lock your office .
When in hotels put your laptop in the safe , all hotel rooms I 've been to in the U.S. have had a safe.Also things like setting the BIOS to boot only from HDD and add a pw to the BIOS can help mitigate this .</tokentext>
<sentencetext>Physical Security can usually mitigate these types of risks.
We all know that once an attacker has physical access to a device, all bets are off.Lock your server room, lock your office.
When in hotels put your laptop in the safe, all hotel rooms I've been to in the U.S. have had a safe.Also things like setting the BIOS to boot only from HDD and add a pw to the BIOS can help mitigate this.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845719</id>
	<title>Re:BIOS password</title>
	<author>jandrese</author>
	<datestamp>1256311020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The point is that the encryption software itself is not encrypted (or is self-encrypted with it's own key, which is pointless), and you can replace it with a trojaned version, presumably by booting off of USB stick or CD or something and installing your hacked version.  That said, the BIOS password would actually be a pretty strong deterrent here, since even if they do reset it, you're going to notice when you come back and your BIOS password is not set.  This attack pretty much relies on you not noticing the compromise and start using your machine normally (entering passwords, etc...)<br>
<br>
Note that this attack doesn't work against the most common case:  someone stealing your laptop, since it requires you to operate the machine thinking it is uncompromised.  This is for the super-paranoid who think (or maybe HAVE) a government out to get them.<br>
<br>
Of course, as other people have pointed out, if someone has extended physical access to your machine, all bets are off.  You could have a dozen different hardware keyloggers, a trojaned HDD, automatic hardware screen capture, hidden webcam, anything really up to your level of paranoia.</htmltext>
<tokenext>The point is that the encryption software itself is not encrypted ( or is self-encrypted with it 's own key , which is pointless ) , and you can replace it with a trojaned version , presumably by booting off of USB stick or CD or something and installing your hacked version .
That said , the BIOS password would actually be a pretty strong deterrent here , since even if they do reset it , you 're going to notice when you come back and your BIOS password is not set .
This attack pretty much relies on you not noticing the compromise and start using your machine normally ( entering passwords , etc... ) Note that this attack does n't work against the most common case : someone stealing your laptop , since it requires you to operate the machine thinking it is uncompromised .
This is for the super-paranoid who think ( or maybe HAVE ) a government out to get them .
Of course , as other people have pointed out , if someone has extended physical access to your machine , all bets are off .
You could have a dozen different hardware keyloggers , a trojaned HDD , automatic hardware screen capture , hidden webcam , anything really up to your level of paranoia .</tokentext>
<sentencetext>The point is that the encryption software itself is not encrypted (or is self-encrypted with it's own key, which is pointless), and you can replace it with a trojaned version, presumably by booting off of USB stick or CD or something and installing your hacked version.
That said, the BIOS password would actually be a pretty strong deterrent here, since even if they do reset it, you're going to notice when you come back and your BIOS password is not set.
This attack pretty much relies on you not noticing the compromise and start using your machine normally (entering passwords, etc...)

Note that this attack doesn't work against the most common case:  someone stealing your laptop, since it requires you to operate the machine thinking it is uncompromised.
This is for the super-paranoid who think (or maybe HAVE) a government out to get them.
Of course, as other people have pointed out, if someone has extended physical access to your machine, all bets are off.
You could have a dozen different hardware keyloggers, a trojaned HDD, automatic hardware screen capture, hidden webcam, anything really up to your level of paranoia.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846187</id>
	<title>Re:bootloader checksum</title>
	<author>Anonymous</author>
	<datestamp>1256313540000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).</i></p><p>Which is why you want a blackberry. One of the common complaints about blackberries is that they take a very long time to turn on after a power cycle. Five minutes or longer to boot isn't uncommon. Compared to most cellphones which boot in a few seconds, this is very irritating.</p><p>The reason is that the blackberry is verifying the boot ROM, boot loader, OS, and firmware for signs of tampering.</p></htmltext>
<tokenext>If you are the kind of person that are in the danger zone of this happening ( not that you would leave a computer with such sensitive information in your hotel room .
) ; You would probably feel a lot better if you were able to checksum the bootloader when returning , maybe from an external usb drive .
This would offcourse run it 's own OS , not being done from the bootloader ( for obvious reasons ) .Which is why you want a blackberry .
One of the common complaints about blackberries is that they take a very long time to turn on after a power cycle .
Five minutes or longer to boot is n't uncommon .
Compared to most cellphones which boot in a few seconds , this is very irritating.The reason is that the blackberry is verifying the boot ROM , boot loader , OS , and firmware for signs of tampering .</tokentext>
<sentencetext>If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.
); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive.
This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).Which is why you want a blackberry.
One of the common complaints about blackberries is that they take a very long time to turn on after a power cycle.
Five minutes or longer to boot isn't uncommon.
Compared to most cellphones which boot in a few seconds, this is very irritating.The reason is that the blackberry is verifying the boot ROM, boot loader, OS, and firmware for signs of tampering.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846747</id>
	<title>Re:My bootloader is on USB</title>
	<author>ACalcutt</author>
	<datestamp>1256316540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Obligatory XKCD: <a href="http://xkcd.com/538/" title="xkcd.com" rel="nofollow">http://xkcd.com/538/</a> [xkcd.com]</htmltext>
<tokenext>Obligatory XKCD : http : //xkcd.com/538/ [ xkcd.com ]</tokentext>
<sentencetext>Obligatory XKCD: http://xkcd.com/538/ [xkcd.com]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846309</id>
	<title>Re:Best solution - take the darn laptop with you</title>
	<author>Tim C</author>
	<datestamp>1256314200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>as everyone has known for decades , someone with access to the machine can do what they like</i></p><p>I've met technical people (employed in technical positions, like sysadmins and programmers) who didn't really get that at first; expecting a typical businessman who's been assured that his new laptop "is encrypted" to realise that it's not perfectly safe is a little much.</p></htmltext>
<tokenext>as everyone has known for decades , someone with access to the machine can do what they likeI 've met technical people ( employed in technical positions , like sysadmins and programmers ) who did n't really get that at first ; expecting a typical businessman who 's been assured that his new laptop " is encrypted " to realise that it 's not perfectly safe is a little much .</tokentext>
<sentencetext>as everyone has known for decades , someone with access to the machine can do what they likeI've met technical people (employed in technical positions, like sysadmins and programmers) who didn't really get that at first; expecting a typical businessman who's been assured that his new laptop "is encrypted" to realise that it's not perfectly safe is a little much.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846461</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>smallfries</author>
	<datestamp>1256315040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Unfortunately in the security world you can drive a horse and carriage through "almost".</p><p>The remaining hole is that the TPM does not verify itself to the user and so you can't really believe that it is doing what it should be doing once it has left your possession. Of course you could make some sort of trusted module to verify the TPM, but it's turtles all the way down...</p></htmltext>
<tokenext>Unfortunately in the security world you can drive a horse and carriage through " almost " .The remaining hole is that the TPM does not verify itself to the user and so you ca n't really believe that it is doing what it should be doing once it has left your possession .
Of course you could make some sort of trusted module to verify the TPM , but it 's turtles all the way down.. .</tokentext>
<sentencetext>Unfortunately in the security world you can drive a horse and carriage through "almost".The remaining hole is that the TPM does not verify itself to the user and so you can't really believe that it is doing what it should be doing once it has left your possession.
Of course you could make some sort of trusted module to verify the TPM, but it's turtles all the way down...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845797</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847595</id>
	<title>Re:Oh, I am soooooo glad...</title>
	<author>Anonymous</author>
	<datestamp>1256320500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I keep hearing this argument...if you have physical access, all bets are off.  Well, what the hell else are you using full-disk encryption for?  Full-disk encryption isn't going to do anything for you if you get remotely exploited.  At this point, full-disk encryption has no credibility as a technology until these issues get addressed.</p><p>And how exactly are you going to install a keylogger on a laptop whose hard drive is completely encrypted, save for the boot sector?  What are your options?  You could put the keylogger in the boot sector, or in the BIOS, or...wait a minute, this is starting to sound like fancy shit.</p></htmltext>
<tokenext>I keep hearing this argument...if you have physical access , all bets are off .
Well , what the hell else are you using full-disk encryption for ?
Full-disk encryption is n't going to do anything for you if you get remotely exploited .
At this point , full-disk encryption has no credibility as a technology until these issues get addressed.And how exactly are you going to install a keylogger on a laptop whose hard drive is completely encrypted , save for the boot sector ?
What are your options ?
You could put the keylogger in the boot sector , or in the BIOS , or...wait a minute , this is starting to sound like fancy shit .</tokentext>
<sentencetext>I keep hearing this argument...if you have physical access, all bets are off.
Well, what the hell else are you using full-disk encryption for?
Full-disk encryption isn't going to do anything for you if you get remotely exploited.
At this point, full-disk encryption has no credibility as a technology until these issues get addressed.And how exactly are you going to install a keylogger on a laptop whose hard drive is completely encrypted, save for the boot sector?
What are your options?
You could put the keylogger in the boot sector, or in the BIOS, or...wait a minute, this is starting to sound like fancy shit.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845807</id>
	<title>Re:surprise</title>
	<author>prgammans</author>
	<datestamp>1256311500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Is that like a tech version of Rock-paper-scissors</p><p>physical access &gt; digital security<br>digital security &gt; Cowboy Neil<br>Cowboy Neil &gt; physical access</p></htmltext>
<tokenext>Is that like a tech version of Rock-paper-scissorsphysical access &gt; digital securitydigital security &gt; Cowboy NeilCowboy Neil &gt; physical access</tokentext>
<sentencetext>Is that like a tech version of Rock-paper-scissorsphysical access &gt; digital securitydigital security &gt; Cowboy NeilCowboy Neil &gt; physical access</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846677</id>
	<title>Re:Bootloader? BitLocker?</title>
	<author>mlts</author>
	<datestamp>1256316180000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>Windows 7 is different from Vista in the way businesses and enterprises use it.  Vista had two editions that were activated via an internal KMS system (very important when you have thousands of PCs and do not want them touching the Internet for activation).  Windows 7 has only one edition that has this functionality, the Enterprise edition.  This is available via volume license key agreements.  Other than the MAK/KMS model of activation, this edition is the exact same as Ultimate which has BitLocker, BranchCache, and the other items.</p><p>So, if a company is using a volume license of Windows 7, they will have access to BitLocker functionality.  Server-wise, Windows Server 2008 and Windows Server 2008 R2 both have BitLocker functionality built in.</p><p>This way, if a corporation that is running Windows 7 orders a bunch of laptops, they would be fools not to order ones with TPM chips because their OS will easily support this functionality.  If they have an Active Directory infrastructure and no existing encryption product (PGP, PointSec), getting BitLocker deployed enterprise wide wouldn't be too difficult with AD holding recovery keys to machines.</p><p>I'm glad Microsoft did this.  No worry if a company has Business or Enterprise editions for features (like the issues with Vista).  Now, if a company has a VLK and uses a key management server for internal activations [1], they have BitLocker available with W7.</p><p>[1]:  I'm not a fan of activation at all.  Personally, my wish is they would have gone back to how XP VLK editions handled this.  Businesses are not going to be pirating Windows because the BSA will come for a visit.  Pirates will crack any activation.  So, there is no real antipiracy benefit to Microsoft in forcing businesses to have an activation infrastructure.</p></htmltext>
<tokenext>Windows 7 is different from Vista in the way businesses and enterprises use it .
Vista had two editions that were activated via an internal KMS system ( very important when you have thousands of PCs and do not want them touching the Internet for activation ) .
Windows 7 has only one edition that has this functionality , the Enterprise edition .
This is available via volume license key agreements .
Other than the MAK/KMS model of activation , this edition is the exact same as Ultimate which has BitLocker , BranchCache , and the other items.So , if a company is using a volume license of Windows 7 , they will have access to BitLocker functionality .
Server-wise , Windows Server 2008 and Windows Server 2008 R2 both have BitLocker functionality built in.This way , if a corporation that is running Windows 7 orders a bunch of laptops , they would be fools not to order ones with TPM chips because their OS will easily support this functionality .
If they have an Active Directory infrastructure and no existing encryption product ( PGP , PointSec ) , getting BitLocker deployed enterprise wide would n't be too difficult with AD holding recovery keys to machines.I 'm glad Microsoft did this .
No worry if a company has Business or Enterprise editions for features ( like the issues with Vista ) .
Now , if a company has a VLK and uses a key management server for internal activations [ 1 ] , they have BitLocker available with W7 .
[ 1 ] : I 'm not a fan of activation at all .
Personally , my wish is they would have gone back to how XP VLK editions handled this .
Businesses are not going to be pirating Windows because the BSA will come for a visit .
Pirates will crack any activation .
So , there is no real antipiracy benefit to Microsoft in forcing businesses to have an activation infrastructure .</tokentext>
<sentencetext>Windows 7 is different from Vista in the way businesses and enterprises use it.
Vista had two editions that were activated via an internal KMS system (very important when you have thousands of PCs and do not want them touching the Internet for activation).
Windows 7 has only one edition that has this functionality, the Enterprise edition.
This is available via volume license key agreements.
Other than the MAK/KMS model of activation, this edition is the exact same as Ultimate which has BitLocker, BranchCache, and the other items.So, if a company is using a volume license of Windows 7, they will have access to BitLocker functionality.
Server-wise, Windows Server 2008 and Windows Server 2008 R2 both have BitLocker functionality built in.This way, if a corporation that is running Windows 7 orders a bunch of laptops, they would be fools not to order ones with TPM chips because their OS will easily support this functionality.
If they have an Active Directory infrastructure and no existing encryption product (PGP, PointSec), getting BitLocker deployed enterprise wide wouldn't be too difficult with AD holding recovery keys to machines.I'm glad Microsoft did this.
No worry if a company has Business or Enterprise editions for features (like the issues with Vista).
Now, if a company has a VLK and uses a key management server for internal activations [1], they have BitLocker available with W7.
[1]:  I'm not a fan of activation at all.
Personally, my wish is they would have gone back to how XP VLK editions handled this.
Businesses are not going to be pirating Windows because the BSA will come for a visit.
Pirates will crack any activation.
So, there is no real antipiracy benefit to Microsoft in forcing businesses to have an activation infrastructure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846835</id>
	<title>Re:Here we go again....</title>
	<author>mlts</author>
	<datestamp>1256316900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>FDE has been around since the days of Macs and FWB Hard Disk Toolkit doing a modified (2 rounds IIRC) version of DES on any external hard disks (or Casady and Greene's A. M. E. doing a full DES on disks).  It does have a performance it, but from what I've seen (and I've been using WDE in many platforms for a long time), the hit is not an issue with almost all FDE types of programs.</p><p>Encryption is a tradeoff.  Yes, you lose reliability.  However, if you have a decent backup mechanism (and you should regardless of the presence of encryption), the reliability loss isn't much, assuming you remember your password or keep your keyfiles safe.</p><p>The last assertion of being easier to break into encrypted data doesn't make sense.  I can see people installing a FDE utility then assuming they are safe from all attacks (including ones via remote).  If a person is concerned about data, perhaps it might be wise to install TrueCrypt in addition to the FDE security to only mount sensitive files when used and dismount them immediately.  This way, should the laptop be seized while on and the memory dumped, an attacker would not have access to the whole filesystem.  Similar functionality can be accomplished with multiple users on Windows and EFS.</p><p>Oh, the chosen plaintext attack would be a problem if people kept using 64 bit blocks and lame implementations of encryption like ECB.  However, with modern algorithms that use a bigger blocksize and a more advanced diffusion protocol which uses a different subkey per sector, an attacker can know all they want to about plaintext, but it will not help them discern the key.  The TrueCrypt manual has a good section on this.</p></htmltext>
<tokenext>FDE has been around since the days of Macs and FWB Hard Disk Toolkit doing a modified ( 2 rounds IIRC ) version of DES on any external hard disks ( or Casady and Greene 's A. M. E. doing a full DES on disks ) .
It does have a performance it , but from what I 've seen ( and I 've been using WDE in many platforms for a long time ) , the hit is not an issue with almost all FDE types of programs.Encryption is a tradeoff .
Yes , you lose reliability .
However , if you have a decent backup mechanism ( and you should regardless of the presence of encryption ) , the reliability loss is n't much , assuming you remember your password or keep your keyfiles safe.The last assertion of being easier to break into encrypted data does n't make sense .
I can see people installing a FDE utility then assuming they are safe from all attacks ( including ones via remote ) .
If a person is concerned about data , perhaps it might be wise to install TrueCrypt in addition to the FDE security to only mount sensitive files when used and dismount them immediately .
This way , should the laptop be seized while on and the memory dumped , an attacker would not have access to the whole filesystem .
Similar functionality can be accomplished with multiple users on Windows and EFS.Oh , the chosen plaintext attack would be a problem if people kept using 64 bit blocks and lame implementations of encryption like ECB .
However , with modern algorithms that use a bigger blocksize and a more advanced diffusion protocol which uses a different subkey per sector , an attacker can know all they want to about plaintext , but it will not help them discern the key .
The TrueCrypt manual has a good section on this .</tokentext>
<sentencetext>FDE has been around since the days of Macs and FWB Hard Disk Toolkit doing a modified (2 rounds IIRC) version of DES on any external hard disks (or Casady and Greene's A. M. E. doing a full DES on disks).
It does have a performance it, but from what I've seen (and I've been using WDE in many platforms for a long time), the hit is not an issue with almost all FDE types of programs.Encryption is a tradeoff.
Yes, you lose reliability.
However, if you have a decent backup mechanism (and you should regardless of the presence of encryption), the reliability loss isn't much, assuming you remember your password or keep your keyfiles safe.The last assertion of being easier to break into encrypted data doesn't make sense.
I can see people installing a FDE utility then assuming they are safe from all attacks (including ones via remote).
If a person is concerned about data, perhaps it might be wise to install TrueCrypt in addition to the FDE security to only mount sensitive files when used and dismount them immediately.
This way, should the laptop be seized while on and the memory dumped, an attacker would not have access to the whole filesystem.
Similar functionality can be accomplished with multiple users on Windows and EFS.Oh, the chosen plaintext attack would be a problem if people kept using 64 bit blocks and lame implementations of encryption like ECB.
However, with modern algorithms that use a bigger blocksize and a more advanced diffusion protocol which uses a different subkey per sector, an attacker can know all they want to about plaintext, but it will not help them discern the key.
The TrueCrypt manual has a good section on this.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29860143</id>
	<title>Re:My bootloader is on USB</title>
	<author>Anonymous</author>
	<datestamp>1256382240000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Workaround 5) I'm actually the interrogator, you insensitive clod!</p></htmltext>
<tokenext>Workaround 5 ) I 'm actually the interrogator , you insensitive clod !</tokentext>
<sentencetext>Workaround 5) I'm actually the interrogator, you insensitive clod!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846151</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357</id>
	<title>And that's the lesser evil</title>
	<author>Thanshin</author>
	<datestamp>1256309160000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>You could have found the evil bartender.</p><p>You leave your laptop at the hotel and you go out to take a beer. There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer. Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".</p><p>The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know. You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?".</p></htmltext>
<tokenext>You could have found the evil bartender.You leave your laptop at the hotel and you go out to take a beer .
There , you meet the evil bartender , who because of a common past becomes your friend and starts inviting you to more and more beer .
Then he closes the bar and you both go to a strip club where you meet the evil bartender 's girlfriend and her friend who we shall call " Foxette " .The next morning , you wake up in an unknown appartment with Foxette and a guy you do n't even know .
You quickly get out of there and go to work , with such a massive headache than when asked about the laptop 's full disk encription , you answer is " the what ?
" .</tokentext>
<sentencetext>You could have found the evil bartender.You leave your laptop at the hotel and you go out to take a beer.
There, you meet the evil bartender, who because of a common past becomes your friend and starts inviting you to more and more beer.
Then he closes the bar and you both go to a strip club where you meet the evil bartender's girlfriend and her friend who we shall call "Foxette".The next morning, you wake up in an unknown appartment with Foxette and a guy you don't even know.
You quickly get out of there and go to work, with such a massive headache than when asked about the laptop's full disk encription, you answer is "the what?
".</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846065</id>
	<title>Re:And how exactly...</title>
	<author>Hurricane78</author>
	<datestamp>1256312820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>That you [...] take with you.</p></div><p>That's what I meant. I deleted a sentence after previewing, and forgot to take the "both" out.</p><p>Oh, and of course, if someone kicks in the door while you are using the system, you have to rip out the card, lock the system down, and destroy the card, to be actually secure. (The full device-to-device encryption protects against RAM and cache attacks, if it's properly done (= the RAM and cache contents always being encrypted.)</p></div>
	</htmltext>
<tokenext>That you [ ... ] take with you.That 's what I meant .
I deleted a sentence after previewing , and forgot to take the " both " out.Oh , and of course , if someone kicks in the door while you are using the system , you have to rip out the card , lock the system down , and destroy the card , to be actually secure .
( The full device-to-device encryption protects against RAM and cache attacks , if it 's properly done ( = the RAM and cache contents always being encrypted .
)</tokentext>
<sentencetext>That you [...] take with you.That's what I meant.
I deleted a sentence after previewing, and forgot to take the "both" out.Oh, and of course, if someone kicks in the door while you are using the system, you have to rip out the card, lock the system down, and destroy the card, to be actually secure.
(The full device-to-device encryption protects against RAM and cache attacks, if it's properly done (= the RAM and cache contents always being encrypted.
)
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846107</id>
	<title>Re:Best solution - take the darn laptop with you</title>
	<author>John Hasler</author>
	<datestamp>1256313060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt; What brainless clod would leave a laptop with sensitive data on it lying<br>&gt; around in a hotel room anyway, encrypted disk or not?</p><p>Any "C-level" executive.  After all, he played golf with a senior marketing executive of the encryption system vendor just last week and was assured that it was absolutely secure.  And he knows that's true because  he is such a fine judge of character.  Besides, the guy let him win.</p></htmltext>
<tokenext>&gt; What brainless clod would leave a laptop with sensitive data on it lying &gt; around in a hotel room anyway , encrypted disk or not ? Any " C-level " executive .
After all , he played golf with a senior marketing executive of the encryption system vendor just last week and was assured that it was absolutely secure .
And he knows that 's true because he is such a fine judge of character .
Besides , the guy let him win .</tokentext>
<sentencetext>&gt; What brainless clod would leave a laptop with sensitive data on it lying&gt; around in a hotel room anyway, encrypted disk or not?Any "C-level" executive.
After all, he played golf with a senior marketing executive of the encryption system vendor just last week and was assured that it was absolutely secure.
And he knows that's true because  he is such a fine judge of character.
Besides, the guy let him win.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529</id>
	<title>Here we go again....</title>
	<author>Anonymous</author>
	<datestamp>1256310060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Yet another "if someone has complete unrestricted access to your computer they can own it" attacks. If someone has the kind of access that they suggest in the article then they could hook in a keylogger between your keyboard and USB port, wait a week, pickup their keylogger and get all of your passwords and private information anyway.</p><p>Encryption is there to protected the *data* it is not there to protect your *computer.*</p><p>Frankly whole drive encryption is a bad idea.<br>
&nbsp; - It slows stuff down.<br>
&nbsp; - Makes your computer more likely to malfunction (and to be more serious when it does).<br>
&nbsp; - But worst of all it makes it much easier to break into your encrypted data.</p><p>The more unencrypted data the attacker has, the easier it is to break the encryption. If you encrypt for example your Windows folder then you have just given the attacker a TON of information and while modern encryption cannot often be broken on PCs, the security services might be able to have a good shot at it.</p></htmltext>
<tokenext>Yet another " if someone has complete unrestricted access to your computer they can own it " attacks .
If someone has the kind of access that they suggest in the article then they could hook in a keylogger between your keyboard and USB port , wait a week , pickup their keylogger and get all of your passwords and private information anyway.Encryption is there to protected the * data * it is not there to protect your * computer .
* Frankly whole drive encryption is a bad idea .
  - It slows stuff down .
  - Makes your computer more likely to malfunction ( and to be more serious when it does ) .
  - But worst of all it makes it much easier to break into your encrypted data.The more unencrypted data the attacker has , the easier it is to break the encryption .
If you encrypt for example your Windows folder then you have just given the attacker a TON of information and while modern encryption can not often be broken on PCs , the security services might be able to have a good shot at it .</tokentext>
<sentencetext>Yet another "if someone has complete unrestricted access to your computer they can own it" attacks.
If someone has the kind of access that they suggest in the article then they could hook in a keylogger between your keyboard and USB port, wait a week, pickup their keylogger and get all of your passwords and private information anyway.Encryption is there to protected the *data* it is not there to protect your *computer.
*Frankly whole drive encryption is a bad idea.
  - It slows stuff down.
  - Makes your computer more likely to malfunction (and to be more serious when it does).
  - But worst of all it makes it much easier to break into your encrypted data.The more unencrypted data the attacker has, the easier it is to break the encryption.
If you encrypt for example your Windows folder then you have just given the attacker a TON of information and while modern encryption cannot often be broken on PCs, the security services might be able to have a good shot at it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347</id>
	<title>bootloader checksum</title>
	<author>Anonymous</author>
	<datestamp>1256309100000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive. This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).</p></htmltext>
<tokenext>If you are the kind of person that are in the danger zone of this happening ( not that you would leave a computer with such sensitive information in your hotel room .
) ; You would probably feel a lot better if you were able to checksum the bootloader when returning , maybe from an external usb drive .
This would offcourse run it 's own OS , not being done from the bootloader ( for obvious reasons ) .</tokentext>
<sentencetext>If you are the kind of person that are in the danger zone of this happening (not that you would leave a computer with such sensitive information in your hotel room.
); You would probably feel a lot better if you were able to checksum the bootloader when returning, maybe from an external usb drive.
This would offcourse run it's own OS, not being done from the bootloader(for obvious reasons).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845669</id>
	<title>TPM</title>
	<author>Anonymous</author>
	<datestamp>1256310780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><a href="http://www.truecrypt.org/faq#tpm" title="truecrypt.org" rel="nofollow">http://www.truecrypt.org/faq#tpm</a> [truecrypt.org]</p></htmltext>
<tokenext>http : //www.truecrypt.org/faq # tpm [ truecrypt.org ]</tokentext>
<sentencetext>http://www.truecrypt.org/faq#tpm [truecrypt.org]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29852081</id>
	<title>Pathetic attempt</title>
	<author>Anonymous</author>
	<datestamp>1256294700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>A pathetic attempt to give a cute name - and make it look like original research - to an incredibly simple attack.</p><p>Also, bootloader on USB thumb drive in pocket.<br>OR bootloader on USB thumb drive on keychain.<br>OR bootloader on USB thumb drive under skin.<br>OR bootloader on USB thumb drive in anus.</p></htmltext>
<tokenext>A pathetic attempt to give a cute name - and make it look like original research - to an incredibly simple attack.Also , bootloader on USB thumb drive in pocket.OR bootloader on USB thumb drive on keychain.OR bootloader on USB thumb drive under skin.OR bootloader on USB thumb drive in anus .</tokentext>
<sentencetext>A pathetic attempt to give a cute name - and make it look like original research - to an incredibly simple attack.Also, bootloader on USB thumb drive in pocket.OR bootloader on USB thumb drive on keychain.OR bootloader on USB thumb drive under skin.OR bootloader on USB thumb drive in anus.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845781</id>
	<title>Re:Who cares?</title>
	<author>Anonymous</author>
	<datestamp>1256311320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Um.. because the evil maid can just boot from external media with all the privileges she needs.</p></htmltext>
<tokenext>Um.. because the evil maid can just boot from external media with all the privileges she needs .</tokentext>
<sentencetext>Um.. because the evil maid can just boot from external media with all the privileges she needs.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846159</id>
	<title>Re:And how exactly...</title>
	<author>puthan</author>
	<datestamp>1256313360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>With hardware made mostly in China, how do you know the TPM chip does not have a back door?</p></htmltext>
<tokenext>With hardware made mostly in China , how do you know the TPM chip does not have a back door ?</tokentext>
<sentencetext>With hardware made mostly in China, how do you know the TPM chip does not have a back door?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846719</id>
	<title>Re:My bootloader is on USB</title>
	<author>idontgno</author>
	<datestamp>1256316360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p> <a href="http://xkcd.com/538/" title="xkcd.com">xkcd concurs.</a> [xkcd.com] </p><p>BTW, xkcd's implementation of this particular attack is superior to yours, because not all laptop owners have scroti.</p><p>(Is that even a word? High school Latin didn't discuss that. Stupid Bible belt.)</p></htmltext>
<tokenext>xkcd concurs .
[ xkcd.com ] BTW , xkcd 's implementation of this particular attack is superior to yours , because not all laptop owners have scroti .
( Is that even a word ?
High school Latin did n't discuss that .
Stupid Bible belt .
)</tokentext>
<sentencetext> xkcd concurs.
[xkcd.com] BTW, xkcd's implementation of this particular attack is superior to yours, because not all laptop owners have scroti.
(Is that even a word?
High school Latin didn't discuss that.
Stupid Bible belt.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846195</id>
	<title>xkcd</title>
	<author>f0rtytw0</author>
	<datestamp>1256313600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>what is more likely to happen<br><a href="http://xkcd.com/538/" title="xkcd.com">http://xkcd.com/538/</a> [xkcd.com]</p></htmltext>
<tokenext>what is more likely to happenhttp : //xkcd.com/538/ [ xkcd.com ]</tokentext>
<sentencetext>what is more likely to happenhttp://xkcd.com/538/ [xkcd.com]</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847721</id>
	<title>Leave your computer on while away?</title>
	<author>Culture20</author>
	<datestamp>1256320980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If it's been rebooted back to the truecrypt passphrase entry, then you know that someone's been monkeying with it.  If you notice that your bios password and settings are gone, you can assume the bios ROM has been replaced in hardware.  Or if you're sufficiently paranoid, you can assume the same just from the reboot, and junk the computer.</htmltext>
<tokenext>If it 's been rebooted back to the truecrypt passphrase entry , then you know that someone 's been monkeying with it .
If you notice that your bios password and settings are gone , you can assume the bios ROM has been replaced in hardware .
Or if you 're sufficiently paranoid , you can assume the same just from the reboot , and junk the computer .</tokentext>
<sentencetext>If it's been rebooted back to the truecrypt passphrase entry, then you know that someone's been monkeying with it.
If you notice that your bios password and settings are gone, you can assume the bios ROM has been replaced in hardware.
Or if you're sufficiently paranoid, you can assume the same just from the reboot, and junk the computer.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847075</id>
	<title>Re:My bootloader is on USB</title>
	<author>MiniMike</author>
	<datestamp>1256318220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Didn't that all already happen at the <a href="http://tech.slashdot.org/story/09/10/22/1232225/Yahoo-Offered-Lap-Dances-At-Hack-Event?art\_pos=24" title="slashdot.org">Yahoo convention</a> [slashdot.org] in Taiwan?</htmltext>
<tokenext>Did n't that all already happen at the Yahoo convention [ slashdot.org ] in Taiwan ?</tokentext>
<sentencetext>Didn't that all already happen at the Yahoo convention [slashdot.org] in Taiwan?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851791</id>
	<title>3 Words...</title>
	<author>hofmny</author>
	<datestamp>1256293080000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext>BIOS BOOT PASSWORD</htmltext>
<tokenext>BIOS BOOT PASSWORD</tokentext>
<sentencetext>BIOS BOOT PASSWORD</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846339</id>
	<title>Re:Here we go again....</title>
	<author>Anonymous</author>
	<datestamp>1256314380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>The last point you make is not necessarily true.  Yes knowing some plaintext has been useful in breaking some encryption schemes<nobr> <wbr></nobr>..... but it does not follow that this is true in every case.</htmltext>
<tokenext>The last point you make is not necessarily true .
Yes knowing some plaintext has been useful in breaking some encryption schemes ..... but it does not follow that this is true in every case .</tokentext>
<sentencetext>The last point you make is not necessarily true.
Yes knowing some plaintext has been useful in breaking some encryption schemes ..... but it does not follow that this is true in every case.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483</id>
	<title>Oh, I am soooooo glad...</title>
	<author>Anonymous</author>
	<datestamp>1256315160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>that I got out of that shithole called 'security world'.</p><p>It was really fun and interesting until 2003, but these days it's a joke.</p><p>Hey, even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.</p><p>And here we are, in year 2009, reading "research" telling us things we all already know.</p><p>Sigh...</p><p>P.S: maid doesn't need to install any fancy shit, a keylogger will do just fine.</p></htmltext>
<tokenext>that I got out of that shithole called 'security world'.It was really fun and interesting until 2003 , but these days it 's a joke.Hey , even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.And here we are , in year 2009 , reading " research " telling us things we all already know.Sigh...P.S : maid does n't need to install any fancy shit , a keylogger will do just fine .</tokentext>
<sentencetext>that I got out of that shithole called 'security world'.It was really fun and interesting until 2003, but these days it's a joke.Hey, even in year 1997 we all realized that once someone has physical access to your computer - you are fucked.And here we are, in year 2009, reading "research" telling us things we all already know.Sigh...P.S: maid doesn't need to install any fancy shit, a keylogger will do just fine.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848037
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848413
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846739
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848791
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846159
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845921
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845959
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29859867
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849451
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849251
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846003
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846611
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848151
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845927
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847595
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845767
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846187
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845781
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845775
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846151
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29860143
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847075
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851169
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845477
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847647
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848087
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848131
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849093
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845811
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846065
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845361
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29857557
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845667
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846955
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846107
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29863785
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845601
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845743
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846835
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846309
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847653
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846905
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846339
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848133
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29853491
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846099
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847703
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846747
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29855489
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845807
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845797
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846461
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846719
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845719
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846173
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846181
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845659
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851033
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845993
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847997
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849763
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846677
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848101
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845755
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_09_10_23_1212248_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846893
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845529
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846835
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846339
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846291
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845521
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849763
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848087
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846611
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845347
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846187
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846893
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846739
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848037
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845667
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846955
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846483
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848151
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849093
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847595
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846069
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845303
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845927
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845629
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845767
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845835
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847289
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848791
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848133
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29855489
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29863785
----http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848413
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846007
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848101
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851169
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849451
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845807
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845477
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847647
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846195
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845675
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845397
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845719
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846173
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845755
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845659
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29851033
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845601
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846057
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845493
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845423
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845841
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846181
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847703
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846677
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845797
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846461
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845811
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845803
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847093
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845359
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29859867
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845705
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29849251
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847075
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846719
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29853491
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846747
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846151
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29860143
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845743
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845525
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845921
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845781
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845647
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847653
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29848131
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845361
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29857557
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845791
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845881
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845517
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846003
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846107
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846309
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845819
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846905
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846159
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846065
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29846099
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845993
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29847997
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation09_10_23_1212248.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845357
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845775
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment09_10_23_1212248.29845959
</commentlist>
</conversation>
