Spliced feed for Security Bloggers Network |
| Posted: 09 Jul 2008 07:44 AM CDT With the release of Firefox 3.0 there has been a bit of controversy over how it handles self-signed certificates. It seems that Firefox makes it difficult to use self-signed certificates and some people are complaining about it. Here at StillSecure we use self-signed certs in our products and we had to change how we do things to make it work. However, there are than people like Lauren Weinstein who says that this is a step backward for Firefox because it makes it harder to send encrypted traffic. While I understand that it does make it harder, I think Lauren misses the forest for the trees here. The whole point of certificates are to prove identity. In fact they are called identity certificates. The underlying reason for certificates is to ensure that the identity of the person or entity sending it is in fact genuine. It enables the the encryption function. In Weinstein's rant, somehow he has this bass akwards. Identity is secondary to encryption. He says, "Firefox is now putting so much emphasis on identity confirmation". For good reason I say! If we allow the whole idea of identity certs to be subverted for ease of encryption we are opening ourselves up to a whole range of bad things like phishing attacks, man in the middle, etc.. I say in our fervor to encrypt everything, lets not forget the importance of trust of identity that certificates enable. Without that the whole system crumbles. Now that being said, I agree that Firefox's GUI around handling these certificates could be better. It appears to be confusing to say the least. But again we can fix that without sacrificing the validity of certificates. I should mention that I ran some of my ideas on this issue by Joel Snyder and StillSecure's own Andrew Grealy.
 |
| Posted: 09 Jul 2008 07:06 AM CDT The SEC published their report as to why the credit rating companies not only missed but totally screwed up before and during the subprime crisis (which could last another year after it has been declared over already a few times). the Staff’s examinations revealed that:
|
| Red flags should limit identity theft or abuse [belsec] [Belgian Security Blognetwork] Posted: 09 Jul 2008 07:01 AM CDT The Federal Trade Commission and the federal financial institution regulatory agencies have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. According to a report of the President’s Identity Theft Task Force, identity theft (a fraud attempted or committed using identifying information of another person without authority), results in billions of dollars in losses each year to individuals and businesses. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft and enable a financial institution or creditor to:
The agencies also issued guidelines to assist financial institutions and creditors in developing and implementing a Program, including a supplement that provides examples of red flags. (source) |
| archving of email will be exploding market in the US [belsec] [Belgian Security Blognetwork] Posted: 09 Jul 2008 06:57 AM CDT The reason is that the House is on the brink of enacting legislation that will make it a legal obligation to archive the emails. The status of the law http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.05811: The law itself as it is being debated http://thomas.loc.gov/cgi-bin/cpquery/R?cp110:FLD010:@1(hr709) but for the moment there is not one agency doing what it should, so they lawmakers may even feel more the necessity to do at least something, even more as the Democratic Congress is still asking questions about the millions of emails the Republican White House lost before an investigation. http://oversight.house.gov/documents/20080708093459.pdf
|
| Fun Europe's Internet turns chinese one star after another [belsec] [Belgian Security Blognetwork] Posted: 09 Jul 2008 06:44 AM CDT
the animation :http://amsterdam1.plunder.com/146759/flash.swf download the file http://www.plunder.com/flash-swf-download-146759.htm
|
| This is not the Europe we asked for [belsec] [Belgian Security Blognetwork] Posted: 09 Jul 2008 06:16 AM CDT If we start putting it all on a list, it begins to seem as there is something that is becoming rotten in Europe. * The EU is in negotiation with the US to deliver them all kinds of private information about travellers, citizens and 'suspects' without much guarantees about the use of it. Those data would have less protection in the US than the data of the US citizens themselves. * The EU is busy with setting up all kinds of european justice and police networks but without any public debate - worth that name or without the necessary guarantees of oversight, audit, security and privacy * The EU wants to make the rule "three warnings and you lose your internet connection" general. The European parliament has voted this way. * The EU wants to make anonymous blogging and posting difficult to illegal. * The EU is limiting the publicity of its own policy and administrative documents and there is surely no Freedom of Information Act. * The EU has a commission that is not controlled by a parliament that has the full powers a parliament should have, even if that parliament does sometimes things that we can't support. There are maybe things that the parliament and the commission are doing and are doing well, but freedoms and privacy are dare to me and it makes me angry that the Europan parliament is moving in the wrong direction step by step without ever stopping and thinking it over again. (Unless there is some stupid small country that still has a referendum, they should have a commission to decide, not the people) Oh and don't send any more mails, some are receiving 50 mails an hour and find that absolutely scandalous (an emailbombardement he calls it). Makes you wander how much input they get from the people they are supposed to elect and represent..... |
| Posted: 09 Jul 2008 05:30 AM CDT Some people still think that dns traffic and resolution only comes through 1) I can change the host file and block for example access to the normal server or get a domainname hardencoded to another IP address with the phish site 2) I can change the Ip address of the DNS server on the PC in the networksoftware and that dns server brings me to the phish site 3) I can install a small proxy or dns server on the PC that will tunnel all the traffic to wherever I would like to (if the person has also a modem than I could also use a dialer to do that) 4) I could change the DNS on the homerouter (recent virus) 5) I could set up a rogue hotspot (in a targeted attack taking the credentials of the normal hotspot) and intercept all traffic and passwords 6) I could attack the dns server of the provider and change the ip address of a given name 7) I could attack the dns server responsable for the domain or network, eventually only changing every 10th visit 8) I could change the domainregistration details and change those 9) I could change the links behind the advertising online 10) I could just publish the malicious link in the email, webforum, change the text on an information page (sql injection),....... So if you have a big operation with millions of people visiting and leaving financial or personal information, a complete overview and securisation of all the different possiblities is not a luxury. DNS expertise and security is becoming ever more important. I think personally vulnerable and overtaken dns servers should be taken off air as fast as smoking airplanes and leaking nuclear installations are stopped. If I am wrong somewhere or I have forgotten some, please tell. |
| June Commenter of the Month Competition Winner! [Darknet - The Darkside] Posted: 09 Jul 2008 02:50 AM CDT Competition time again! As you know we started the Darknet Commenter of the Month Competition on June 1st 2007 and it’s been running since then! We have just finished the thirteenth month of the competition in June and are now in the fourteenth, starting a few days ago on July 1st - Sponsored by GFI. We’ve successfully... Read the full post at darknet.org.uk |
| Posted: 09 Jul 2008 12:30 AM CDT Heise did not only release a webtool that will check for weak SSL certificates (see Debian openssl issue), they also released Heise SSL Guardian that will work realtime on your PC and warn you if a... |
| GMail now shows IP address log [Errata Security] Posted: 08 Jul 2008 11:41 PM CDT Google is updating Gmail to allow users to see if anybody else is reading their e-mail. This is one of the things I recommended for dealing with SideJacking. When hackers steal your password or your session-id, there is no way for you to know that they are reading your e-mail. It's the scariest sort of hacker attack since it's completely invisible. Now, apparently, Google has made this visible.  I'm constantly sidejacking Dave's Gmail session cookies. We connect to the same network, I'm always sniffing the network, and Gmail will sometimes disclose session cookies in the clear even when using SSL (there is no way to use Gmail securely in a way that cannot be sniffed). I've never actually used the session-ids to log onto Dave's account, but how can he trust me?With this feature, he'll know. He can use this feature to verify that nobody else has accessed his account. The Gmail blog post does not mention "hackers". This is for a good reason. About 20% of the population is stupid and paranoid. When they see information on Google's page they don't understand, they will assume it's a hacker. Worse, a certain percentage of hard-core paranoids will fit this into their conspiracies no matter how benign the information. As a result, this is going to become a headache for Google as people call them about hackers in their account. If you suspect that somebody else has been accessing your account, there are a number of other things you should look at. First, look at your password. If you are like most people, you use the same password for everything. A lot of hackers get into your Gmail because they've hacked some other website were you've created an account (with your e-mail address and password), and simply checked to see if the passwords work for Gmail as well. Change your password to something unique that you only use for Gmail. Second, check your "Filters" and "Forwarding" account settings. A lot of hackers aren't going to read your e-mail through your account, but are instead going to configure Gmail to forward copies to another account. Third, check your "POP/IMAP" account settings. It's easier for hackers to download all your e-mail through POP/IMAP because it only takes a few minutes, rather than spend days browning through your mail by hand. I think POP and IMAP might be enabled by default, so you should disable them. If these get re-enabled, then it might mean somebody has hacked your account. Fourth, I suggest that you use "https" instead of "http" so that your sessions are encrypted most of the time. Google will still sometimes send things unencrypted, but at least this will reduce your exposure. Showing concurrent and past logons is such a useful feature, it should be considered a requirement for all Web 2.0 applications, whether they are PHPBB, eBay, your local bank, or your online e-mail. If you suspect a hacker, it's a sure fire way to see if something unusual is going on -- despite the ignorant paranoids that will confuse everyone by insisting there's evidence for a hacker where none exists. |
| A Change at the Top [BumpInTheWire.com] Posted: 08 Jul 2008 11:09 PM CDT A well covered event today was the ousting of Diane Greene, VMware CEO and Co-founder. She was replaced by somebody from Microsoft yada, yada, yada. About the only thing I see this affecting is one less mind numbing key note speech at VMworld this year. VMware will be kicking and slapping at Microsoft & Hyper-V regardless of who the captain of the ship is. What really catches me is the Co-founder being kicked off the thrown. I guess that is the life you live when you sell out to “the man” and then go public. You’ll notice at the top I’ve added a page to BITW. You can now contact Mr. Bump via a form! I’m really classing things up around here. |
| New security feature in Gmail [Security4all] [Belgian Security Blognetwork] Posted: 08 Jul 2008 11:00 PM CDT Did you ever notice that you could use Gmail from multiple PC's at the same time? Since there is no warning message, how can you be sure that other people aren't reading your email? Password... |
| Metadirectories: What's left to say? [Matt Flynn's Identity Management Blog] Posted: 08 Jul 2008 10:44 PM CDT If you haven't been following the flurry of conversation since my post last week stating that metadirectories aren't dead, well you're in luck. We couldn't have asked for a better recap of the conversation than the one provided by Ian Yip (although I think he gave Nishant a bum rap on this one). There were so many different angles explored that I'm not really sure where to start or what's left for me to say.
[UPDATE] - forgot one:
OK, now I'm really done for the night. |
| Podcasters Meetup @ DEFCON 16 [Room362.com] Posted: 08 Jul 2008 10:13 PM CDT To All, To Podcasters, To Potential Sponsors, As information is updated and confirmations come in, I will be updating the collaboration site: http://www.podcastersmeetup.com/ . Feel free to post or forward this information on to who every you like. If you would like an account in order to broadcast your presence at the event, please signup and I will upgrade your user level. For those who may not know: DEFCON 16: August 8-10, 2008 Thank you for your time, and I look forward to hearing from you, |
| Enterprise Role Management Article [The IT Security Guy] Posted: 08 Jul 2008 08:28 PM CDT My article on enterprise role management (ERM) came out today on TechTarget's SearchSecurity web site. I gave a brief explanation about ERM with some best practices and vendors. |
| Posted: 08 Jul 2008 07:19 PM CDT Well, not just the 3G model but this will be the first time that the iPhone will be officially available in Belgium. More then a year after the release of the first iPhone. Just crazy. After a... |
| EPIC FAIL FOR ALL [Vitalsecurity.org - A Revolution is the Solution] Posted: 08 Jul 2008 05:27 PM CDT "The reality is though that in most cases, an IP address without additional information cannot (identify you)." Google Public Policy Blog Wow, that came around and bit everyone on the ass, didn't it? Such a cacophony of disasters, I'm not sure what to roll my eyes at first - the mass treasure trove of data hoarded under the stairs, or Viacoms grab for the cookie jar. Maybe it's the fact that the Judge ruling over this case is about six thousand years old and clearly wouldn't know what an Internet was if it hit him in the face, which I strongly suspect is about to happen. The EFF blog has an update where Viacom claim they don't intend to go harassing individual Youtube users, but we've seen stuff like this enough times to know everything has a huge potential to go entirely tits up further down the line. Samwell sums this up far better than I ever could: |
| Technical hitch [Vitalsecurity.org - A Revolution is the Solution] Posted: 08 Jul 2008 05:24 PM CDT I just noticed a bunch of recent posts have vanished along with the entire "Conferences" category and one or two other bits. I'll try and get them back, but for now, if you strain hard enough you can probably hear me swear in fifteen different languages. |
| Posted: 08 Jul 2008 05:08 PM CDT Today, we felt a "disturbance in the Force". The discussion on my Twitter network lead me to the disclosure of this CERT alert. Earlier this year, researcher Dan Kaminsky discovered a basic flaw in... |
| DNS trouble in the offing [IT Security, Windows Scripting and other matters] Posted: 08 Jul 2008 03:52 PM CDT Dan Kaminsky released information today about a rather serious vulnerability in the implementation of DNS on most major platforms. Microsoft has posted information about it on its site here. Rich Mogul has an interview with Dan here. Arthur over at Emergent Chaos has posted here Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability. Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this 192.168.140.25 The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business. What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you. Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com (64.236.91.23) your DNS server has been given spoofed information to send you to a malicious website at 172.16.91.23. If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems. Be safe out there, James (Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability. (Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748 |
| A Little Poll [Didier Stevens] [Belgian Security Blognetwork] Posted: 08 Jul 2008 03:45 PM CDT According to you, what’s the single most-downloaded file from my site http://DidierStevens.com? It’s neither welcome.html nor robots.txt. Post your guess as a comment.         |
| Posted: 08 Jul 2008 01:48 PM CDT |
| Posted: 08 Jul 2008 01:47 PM CDT This is nothing malware/security related - but I'm sure it will interest people who encountered the same issue, or helped someone with the same issue. So, for the uninterested ones, skip this section and read another blog. :-) If I encounter Windows issues, I always want to figure out what's causing this, so I could learn from it. In this case, when you try to launch the Internet explorer options via IE > Tools menu, you get the hourglass, but nothing happens. I've researched this issue via search engines and couldn't find a proper solution (most probably I've missed it). This is not a policy related issue where the Internet Explorer options are disabled, otherwise you should get an error message. The same is when you do this via start > control panel > Internet Options. Also, when you enter inetcpl.cpl via start > run, (command prompt), you see the hourglass, but nothing happens. And that's why I wanted to figure out what's causing this and how to solve it since this is actually a common issue in IE7 (since I've researched this via searchengines). A solution I found was to replace the inetcpl.cpl file from the C:\WINDOWS\ie7 folder. So the inetcpl.cpl from the ie7 folder should be replaced with the one present in the system32 folder. It works, but doesn't make sense since the inetcpl.cpl file present in the IE7 folder is the previous version and shouldn't be used anyway. Also, Windows Updates contains a lot of IE updates as well which patches the inetcpl.cpl file, so you should think that an update may fix this issue.... Well, it doesn't, since it's actually not an issue with inetcpl.cpl itself. So, time to test what could cause this, launch inetcpl.cpl and see what other files are launched as well... and one of them was inetcpl.cpl.mui. This file is present by default in the %Windir%\system32\nl-nl (in case you have a dutch version of IE), or %Windir%\system32\en-US folder (in case you have an english version of IE), or any other language dependent subfolder there. Reference thread here btw, http://support.bluemedicine.be/mybb/showthread.php?tid=2268&page=1 (Sorry, only Dutch). And.. in this case, the inetcpl.cpl.mui file was missing. I actually really had no clue that this could be the main cause, until I asked the user to replace/restore the file again and place it in the correct folder. After all, if you don't try, you won't know. And this actually worked! The Internet Explorer options could be launched again. This helped in this situation, so not sure if that's actually the solution in general for the same issue (IE Options won't load - nothing policy related). So if anyone has encountered the same issue and above solution worked (inetcpl.cpl.mui was missing and you "restored" it), let me know. :) |
| Network Security Podcast, Episode 111: Massive DNS multivendor patch [Network Security Blog] Posted: 08 Jul 2008 01:39 PM CDT If you’re using DNS, and we all are, prepare to patch every system you have. Not just your name servers, but any and all systems using DNS, which means virtually everything! This is a flaw discovered by Dan Kaminsky that affects the basic technology underlying DNS and effects all vendors. Dan took the road of responsible disclosure and worked with a large group of vendors to coordinate this patch. This may be one of the first successful examples of a large multivendor patch, and if ever there was a need for it, this is it. Rich was able to get an interview in anticipation of today’s announcement and you can hear about it straight from Dan himself. There are not a lot of technical details concerning the vulnerability in the interview and every effort is being made to give us as much time to patch before reverse engineering gives the bad guys the secret sauce to make this a weaponized vulnerability. Check the show notes for the CERT advisory and additional information. Network Security Podcasdt, Episode 111, July 8, 2008 ![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small} This posting includes an audio/video/photo media file: Download Now |
| When will VirusTotal add this one in? [The Security Shoggoth] Posted: 08 Jul 2008 01:35 PM CDT At first I thought it was a joke, but nope. Hello Kitty Firewall and Anti-virus software is real!  Download it from http://www.kittyav.com.tw/ and try it out. |
| Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released [securosis.com] Posted: 08 Jul 2008 01:28 PM CDT Today, CERT is issuing an advisory for a massive multivendor patch release to resolve a major issue in DNS that could allow attackers to easily compromise any name server (it also affects clients). Dan Kaminsky discovered the flaw early this year and has been working with a large group of vendors on a coordinated patch release. The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not immediately reveal the vulnerability and reverse engineering isn’t directly possible. Dan asked for some assistance in getting the word out and was kind enough to sit down with me for an interview. We discuss the importance of DNS, why this issue is such a problem, how he discovered it, and how such a large group of vendors was able to come together, decide on a fix, keep it secret, and all issue on the same day. Dan and the vendors, did an amazing job with this one. We’ve also attached the official CERT release and an Executive Overview document discussing the issue. Update: Dan just released a “DNS Checker” on his site doxpara.com to see if you are vulnerable to the issue. Network Security Podcast, Episode 111, July 8, 2008 And here’s the text of the Executive Overview: Fixes Released for Massive Internet Security IssueOn July 8th, technology vendors from across the industry will simultaneously release patches for their products to close a major vulnerability in the underpinnings of the Internet. While most home users will be automatically updated, it’s important for all businesses to immediately update their networks. This is the largest synchronized security update in the history of the Internet, and is the result of hard work and dedication across dozens of organizations. Earlier this year, professional security research Dan Kaminsky discovered a major issue in how Internet addresses are managed (Domain Name System, or DNS). This issue was in the design of DNS and not limited to any single product. DNS is used by every computer on the Internet to know where to find other computers. Using this issue, an attacker could easily take over portions of the Internet and redirect users to arbitrary, and malicious, locations. For example, an attacker could target an Internet Service Provider (ISP), replacing the entire web — all search engines, social networks, banks, and other sites — with their own malicious content. Against corporate environments, an attacker could disrupt or monitor operations by rerouting network traffic traffic, capturing emails and other sensitive business data. Mr. Kaminsky immediately reported the issue to major authorities, including the United States Computer Emergency Response Team (part of the Department of Homeland Security), and began working on a coordinated fix. Engineers from major technology vendors around the world converged on the Microsoft campus in March to coordinate their response. All of the vendors began repairing their products and agreed that a synchronized release, on a single day, would minimize the risk that malicious individuals could figure out the vulnerability before all vendors were able to offer secure versions of their products. The vulnerability is a complex issue, and there is no evidence to suggest that anyone with malicious intent knows how it works. The good news is that due to the nature of this problem, it is extremely difficult to determine the vulnerability merely by analyzing the patches; a common technique malicious individuals use to figure out security weaknesses. Unfortunately, due to the scope of this update it’s highly likely that the vulnerability will become public within weeks of the coordinated release. As such, all individuals and organizations should apply the patches offered by their vendors as rapidly as possible. Since not every system can be patched automatically, and to provide security vendors and other organizations with the knowledge they need to detect and prevent attacks on systems that haven’t been updated, Mr. Kaminsky will publish the details of the vulnerability at a security conference on August 6th. It is expected by this point the details of the vulnerability will be independently discovered, potentially by malicious individuals, and it’s important to make the specific details public for our collective defense. We hope that by delaying full disclosure, organizations will have time to protect their most important systems, including testing and change management for the updates. Mr. Kaminsky has also developed a tool to help people determine if they are at risk from “upstream” name servers, such as their Internet Service Provider, and will be making this publicly available. Home users with their systems set to automatically update will be protected without any additional action. Vendor patches for software implementing DNS are being issued from major software manufacturers, but some extremely out of date systems may need to updated to current versions before the patches are applied. Executives need to work with their information technology teams to ensure the problem is promptly addressed. There is absolutely no reason to panic; there is no evidence of current malicious activity using this flaw, but it is important everyone follow their vendor’s guidelines to protect themselves and their organizations. This posting includes an audio/video/photo media file: Download Now |
| Nice Gimmick... [Vitalsecurity.org - A Revolution is the Solution] Posted: 08 Jul 2008 12:05 PM CDT |
| LaaS: Staking Our Claim [Alert Logic] Posted: 08 Jul 2008 10:52 AM CDT Okay, folks, it's about time we had a new acronym and a really cool trendy one at that! Althought we've been talking about this for some time now, and I've been using the term, I've never really put a stake in the ground. The hair on the camel's back was reading George [...] |
| Another good reason for going to Defcon [Network Security Blog] Posted: 08 Jul 2008 09:36 AM CDT If you’re sitting on the fence about going to Black Hat and Defcon, here’s another good reason to go: Podcasters meetup. Mubix has once again taken the initiative on this and is working on organizing a meetup one night at Defcon. It looks like he has a skybox lined up, it’s just the exact timing that still has to be worked out. This isn’t going to be invitation only like the meetup at RSA, it’s open to anyone who wants to attend. On the other hand, it also doesn’t have much in the way of sponsors at the moment either, so if you want to contribute to the delinquency of podcasters and bloggers, let me know and I’ll get you in touch with Mubix. I’ve helped organize both of the RSA Bloggers meetups, paid for a round of drinks at the first Shmoocon meetup and will quite likely be producing either streaming audio or video (with audio of course) from Defcon this year. It’s going to be a fun event and will have a very different feel from the meetup at RSA. There will be some of the same characters of course, but the crowd at Defcon is younger, more energetic and a little less … refined might be a good word for it. But not any less intellegent or knowledgable, for certain. I’ll post more information as it becomes available. If you’re already planning on going, contact Mubix to let him get an accurate headcount. If you can offer up some of your company’s money to help buy drinks, contact him even sooner! |
| Posted: 08 Jul 2008 08:24 AM CDT http://www.digitalbond.com/index.php/2008/07/08/why-do-binary-analysis-when-you-have-source/ Dan Peck has a good reaction to Rob's post on auditing. |
| You are subscribed to email updates from Black Hat Security Bloggers Network To stop receiving these emails, you may unsubscribe now. | Email Delivery powered by FeedBurner |
Inbox too full?  Subscribe to the feed version of Black Hat Security Bloggers Network in a feed reader. | |
| If you prefer to unsubscribe via postal mail, write to: Black Hat Security Bloggers Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610 | |
No comments:
Post a Comment