|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: The SANS Institute (sans
sans.org)Date: Wed Jun 19 2002 - 12:08:31 CDT
To: Security Express (SD397643)
From: Alan for the SANS NewsBites service
Re: June 19 SANS NewsBites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you are thinking about attending a security conference this
fall, a great choice is SANS Network Security 2002 in Washington
October 18-25 (http://www.sans.org/NS2002/).It's by far the largest
security training conference, and offers multi-day training programs
in everything from security basics to security management to hacker
exploits, from firewalls to intrusion detection, from auditing to
honeypots to forensics, plus a wealth of special networking and bonus
programs and an enormous exhibition. This year, all five branches
of the US military are co-hosting the National Information Assurance
Leadership Conference for their information security officers as an
integral part of SANS Network Security 2002. More intimate programs
are available in Boston, New York, Denver (http://www.sans/org) and
several other cities, but the Washington conference combines it all
in the major event of the year.
For those who cannot take the time away for a full week of classes,
SANS Mentor-Led Security Essentials training programs start in August
and early September in 40 cities from Calgary, CA to Mexico City.
The Cities are listed, along with the mentors, at the end of this
issue.
Alan
**********************************************************************
SANS NEWSBITES
The SANS Weekly Security News Overview
Volume 4, Number 25 June 19, 2002
Editorial Team:
Kathy Bradford, Dorothy Denning, Roland Grefer,
Bill Murray, Stephen Northcutt, Alan Paller,
Marcus Ranum, Eugene Schultz
*********************************************************************
TOP OF THE NEWS
17 June 2002 Push for Software Manufacturing Liability
14 & 16 June 2002 FoxNews.com Hit With Denial of Service Attacks
14 June 2002 Three Men Arrested for Cyber Extortion
12 & 13 June 2002 Four More Microsoft Holes and Patches
10 June 2002 Forcing Private Industry's Hand to Protect Critical
Infrastructure
THE REST OF THE WEEK'S NEWS
[[05]] - 17 June 2002 Dueling Apache Security Alerts
17 June 2002 Password Not Hidden from Earthlink Support Staff
17 June 2002 Scalpers Hack World Cup Reservation System
17 June 2002 eMap Site Defaced
14 June 2002 Korean Microsoft Developer Tool Carries Nimda-Infected
File
14 June 2002 Best Buy Beefs Up Security and Uses Wireless LANs Again
10 June 2002 Companies Not Employing LAN Security
14 June 2002 Internet Piracy Ring Members Face Charges
14 June 2002 Austrian Teen Allegedly Broke Into Pentagon Sites
13 June 2002 Spy Plane Surveillance Photos Exposed
14 June 2002 Spanish Legislature to Vote on Data retention Law
13 & 14 June 2002 Perrun Virus Infects JPEG Files
13 June 2002 Former Employee Allegedly Broke Into Boss's Computer
Account
13 June 2002 Texas Library Suffers Computer Intrusion
12 June 2002 Gopher Hole Bigger Than Originally Thought
12 June 2002 A Model for Cyber Incident Cost Assessment
12 June 2002 KPNQwest Loses Data
12 June 2002 Phony Press Release Generates Increased Trading
10 June 2002 DoD Purchasing Bound by Common Criteria Standard
10 June 2002 Audit Finds Army Web Sites Display Sensitive Information
10 June 2002 Chief Information Security Officers Face Job Uncertainty
3 June 2002 Surreptitious Back Door Installations May be Related
[[280]] -1 June 2002 Disgruntled (Former) Employees Cause Problems
IN-DEPTH TECHNICAL SECURITY TRAINING (AND SECURITY MANAGEMENT COURSES)
IN THE NEXT 90 DAYS
*SANSFire (Boston, June 27) classes in Forensics and Intrusion
Detection near capacity. Seven other tracks (Hacker Exploits,
SANS Security Essentials, Auditing, more) still have space.
*Large SANS Training programs: Boston, Denver, Marina Del Ray, New York
*Smaller SANS programs: Chicago, Detroit, San Antonio, Virginia Beach,
St. Louis, San Diego, Vienna, VA, Omaha, London, Vancouver,
Kuala Lumpur.
Details and registration information: www.sans.org
************************* Sponsored by McAfee ************************
SAFEGUARD DATA TRANSFER AND STORAGE WITH E-BUSINESS SERVER.
Protect sensitive data with the power of 128-bit PGP encryption. McAfee
Security's E-Business Server automates the encryption process. It
works on Windows to mainframes with any business application. It
requires no programming skills. Easy for users, fast for IT.
Visit http://click.atdmt.com/HNY/go/snsnknwk00300031hny/direct/01/
for a free info kit.
**********************************************************************
TOP OF THE NEWS
--17 June 2002 Push for Software Manufacturing Liability
Support is growing for software companies to be held to the same
liability standards as other manufacturing businesses. Microsoft,
with its plethora of software holes and "deep pocket[s]" is a likely
target for a liability suit. Air Force CIO John Gilligan says patches
and fixes for the Microsoft products they use have cost more than
the software itself.
http://www.usatoday.com/life/cyber/tech/2002/06/17/microsoft-security.htm
[Editor's Note: In an interview in CIO Magazine this week, Presidential
Cyber Security Advisor Richard A. Clarke says, "We're in favor of
holding vendors accountable. When a product fails, the vendor has a
responsibility to quickly identify a way of fixing it and getting that
patch out, and the patch not only should fix the problem, it should not
interact badly with other widely utilized applications. But we don't
think it's terribly valuable to litigate such problems. We'd like to
try to find solutions that are quicker than long, multiyear litigation.
(http://www.cio.com/archive/061502/safer.html)]
--14 & 16 June 2002 FoxNews.com Hit With Denial of Service Attacks
Denial-of-service (DoS) attacks aimed at FoxNew.com began on Thursday,
June 13 and continued until the site restored normal services the
following evening. The attacks also affected ABCNews.com, the
weatherchannel.com and ESPN.com. Federal law enforcement officials
have been notified and the incidents are under investigation.
http://news.com.com/2100-1023-936084.html
http://www.foxnews.com/story/0,2933,55380,00.html
--14 June 2002 Three Men Arrested for Cyber Extortion
Three men have been arrested for extorting money from people who
visited a child pornography web site. The men allegedly visited
chat rooms and offered what appeared to be a link to a web site.
When people clicked on it, they received an e-mail message that said
"Going to Jail." The message said the group was going to report
their activity to the police, but they would keep the information
private for payment. If convicted of conspiracy and extortion
through interstate commerce, the men could face sentences of up to
seven years and fines of up to $500,000.
http://www.usatoday.com/life/cyber/tech/2002/06/14/extortion-internet.htm
[Editor's (Schultz) Note: What next? This represents a new low as
far as cybercrime goes.]
--12 & 13 June 2002 Four More Microsoft Holes and Patches
Microsoft issued advisories and patches for a quartet of security
vulnerabilities. A buffer overflow vulnerability in the phone book
of the Remote Access Service (RAS) of Windows NT, 2000 and XP could
allow an attacker to gain control of the machine. A flaw in IIS 4.0
and 5.0 and a pair of holes in SQL Server 2000 could let an attacker
run code on a targeted machine.
http://www.wired.com/news/technology/0,1282,53173,00.html
http://www.searchsecurity.com/originalContent/0,289142,sid14_gci832915,00.html
http://www.usatoday.com/life/cyber/tech/2002/06/13/microsoft-flaw.htm
http://zdnet.com.com/2100-1105-935563.html
http://microsoft.com/technet/security/bulletin/MS02-029.asp
http://microsoft.com/technet/security/bulletin/MS02-028.asp
http://microsoft.com/technet/security/bulletin/MS02-030.asp
--10 June 2002 Forcing Private Industry's Hand to Protect Critical
Infrastructure
The Bush administration may consider using "unorthodox" tactics to
encourage the private sector to bolster cyber security on the portions
of the nation's critical infrastructure it controls. For instance,
the administration has been discussing with insurance industry the
possibility of writing insurance policies only for those companies
whose security meets certain standards.
http://www.washingtonpost.com/wp-dyn/articles/A27682-2002Jun10.html
*************************** SPONSORED LINKS **************************
Privacy notice: These links redirect to non-SANS web pages.
(1) A Cost-Benefit Analysis of Managed Security Services
http://www.sans.org/cgi-bin/sanspromo/NB43
(2) Stop Hackers Dead. How? See Top Layer SANSFire, Free White
Paper/Web Casts
http://www.sans.org/cgi-bin/sanspromo/NB44
(3) NO FALSE POSITIVES. Free white paper shows you how!
http://www.sans.org/cgi-bin/sanspromo/NB45
**********************************************************************
THE REST OF THE WEEK'S NEWS
[[05]] - 17 June 2002 Dueling Apache Security Alerts
The Apache Server Project team and ISS issued competing security
alerts for a DDoS vulnerability in Apache web servers. The Apache
team claimed the ISS patch did not correct the problem.
http://computerworld.com/securitytopics/security/story/0,10801,72074,00.html
http://www.usatoday.com/advertising/orbitz/orbitz-window.htm
[Editor's (Paller) Note: This story raises issues that several
thoughtful members of the security community have been debating all
day (Tuesday). Who is responsible for patching open source software?
If a third party provides a source code patch, what can people who
have embedded versions (without source) do to protect themselves? If
a flaw in open source code is discovered by a third party, should
it be shared with the entire open source project team? Is the whole
team trustworthy? Is there any way to tell? Does it matter? I am not
requesting answers, just sharing with you the questions being raised.]
--17 June 2002 Password Not Hidden from Earthlink Support Staff
Earthlink grants its support staff complete access to customer
passwords. While this approach may help with the common problem of
forgotten passwords, unethical employees could abuse the privilege.
Other ISPs' help staff do not have access to passwords; instead, they
issue temporary new passwords over the phone and instruct customers
to change them as soon as possible.
http://www.wired.com/news/privacy/0,1848,53208,00.html
--17 June 2002 Scalpers Hack World Cup Reservation System
Scalpers are hacking the World Cup soccer tournament phone reservation
system to place themselves at the front of the virtual line for
tickets to the matches; they are asking up to 150,000 yen (US$1200)
for the tickets.
http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8341
--17 June 2002 eMap Site Defaced
Hackers exploited a hole in Microsoft IIS 4.0 server to deface
www.emap.co.il, an Israeli mapping company web site.
[Editor's (Murray) Note: The (only) interesting thing about this
defacement is that it is the third time that it has happened to the
same site. Security is difficult but this abuses the excuse.]
--14 June 2002 Korean Microsoft Developer Tool Carries Nimda-Infected
File
About 50,000 copies of Microsoft's Korean language version of Visual
Studio .Net carried a Nimda-infected file; it sneaked in when a third
party company was translating the help system into Korean. Though MS
usually scans all files in its software that come from a third party,
this time it scanned only files on a certain list; because it was
not expecting the file infected with Nimda to be there, that file
wasn't scanned. In order to run, the file would need to be decompiled
and moved. Microsoft has notified all its affected customers and
has posted a patch for the problem on its website. It will send
replacement CDs to all registered customers, and is trying to contact
people who may have bought the software but not registered it.
http://www.msnbc.com/news/767054.asp?0dm=T21FT
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,72021,00.html
http://zdnet.com.com/2100-1105-935998.html
--14 June 2002 Best Buy Beefs Up Security and Uses Wireless LANs
Again
Best Buy has again started using wireless LAN cash registers; the
company had stopped using them about a month ago when they learned that
their networks were not secure and could be tapped into by anyone with
some relatively inexpensive hardware and the desire. The company says
it has improved the security of its wireless LAN systems, but would
not elucidate. Shortly after the Best Buy announcement, a posting
appeared on SecurityFocus.com's vuln-dev list: a war driver claims
he was again able to sniff Best Buy's wireless LANs.
http://www.computerworld.com/mobiletopics/mobile/story/0,10801,72024,00.html
--10 June 2002 Companies Not Employing LAN Security
Though there are security measures available for wireless LANs, many
companies are not using them, leaving sensitive customer information
open to "war drivers."
http://wirelessnewsfactor.com/perl/story/18134.html
--14 June 2002 Internet Piracy Ring Members Face Charges
Twenty-one people face charges for their roles in a piracy ring that
dealt in software, computer games and movies. If found guilty of
conspiracy to commit copyright infringement, the people could each
face a five-year prison sentence and be required to pay a fine of up
to $250,000.
http://www.usatoday.com/life/cyber/tech/2002/06/14/piracy.htm
--14 June 2002 Austrian Teen Allegedly Broke Into Pentagon Sites
Seventeen-year-old Markus Hirsch of Austria allegedly hacked his way
into classified Pentagon sites, including one that contains information
about the location of multi-megaton warhead missile silos.
http://www.thisislondon.com/dynamic/news/story.html?in_review_id=613066&in_review_text_id=582545
--13 June 2002 Spy Plane Surveillance Photos Exposed
A UK man found that satellite television receivers can pick up
unencrypted US spy plane surveillance pictures taken while flying over
the Balkans. A more thorough analysis is provided in the second URL.
http://www.newscientist.com/news/news.jsp?id=ns99992405
http://story.news.yahoo.com/news?tmpl=story&cid=581&ncid=738&e=3&u=/nm/20020613/tc_nm/nato_surveillance_dc_7
--14 June 2002 Spanish Legislature to Vote on Data retention Law
The Spanish Senate will vote next week on a measure which would require
Internet service providers (ISPs) to keep records of customers'
Internet activities for one year; if passed, the legislation would
bring the country's laws in compliance with a European Parliament
directive aimed at foiling terrorist activity. Spanish ISP trade
groups say the requirement would be expensive, and a lawyer says the
legislation could run afoul of constitutional rights.
http://www.wired.com/news/business/0,1367,53195,00.html
--13 & 14 June 2002 Perrun Virus Infects JPEG Files
Perrun, a proof-of-concept virus that infects JPEG files, claims to
be the first known virus to infect data files. Though it does not
carry a malicious payload, anti-virus researchers are concerned that
future incarnations could harbor destructive payloads.
http://news.com.com/2100-1001-935746.html
http://www.cnn.com/2002/TECH/internet/06/13/picture.virus.ap/index.html
http://www.msnbc.com/news/766434.asp?0dm=C23FT
http://online.securityfocus.com/news/482
[Editor's (Murray) Note: Before the content of the JPG can be executed,
the target must also be infected with an interpreter or "helper."
If one can get the interpreter installed, one does not need the JPG.
(Schultz) Also, I do not believe that the claim in this one is correct.
There have been true data viruses before. What appears to be new
here is that there are viruses that purportedly infect image files]
--13 June 2002 Former Employee Allegedly Broke Into Boss's Computer
Account
Wendy Sholds has been charged with two counts of unauthorized access
to a computer system. The Massachusetts woman allegedly broke into
her former boss's computer and forwarded confidential e-mail to other
employees. Sholds also allegedly used the boss's username and password
to view private information on the company web site. The charges
are currently designated misdemeanors and carry a 30-day sentence.
Pending legislation would increase the penalties considerably.
http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,71972,00.html
--13 June 2002 Texas Library Suffers Computer Intrusion
Waco Police Department computer crimes section detectives are
investigating a computer intrusion at the Waco-McLennan county
library's automated card catalog and check-out system. The attack,
which may have been launched as a means of accessing something else,
took down the system, which isn't expected to be up for several days.
http://www.wacotrib.com/auto/feed/news/2002/06/13/1024027108.08594.5903.1674.html.
--12 June 2002 Gopher Hole Bigger Than Originally Thought
Microsoft has issued a security alert about the buffer overflow
vulnerability in the Gopher protocol in its IE web browser. The
vulnerability is more extensive that initially thought: it also exists
on computers running Internet Explorer (IE) 5.01. 5.5 and 6.0 and
servers running Proxy Server 2.0 and ISA Server 2000. Older versions
may be vulnerable as well, but because they are no longer supported,
Microsoft did not test them. In the cases of the server software,
attackers could attain complete control of the server, allowing for
the creation of new accounts or the reformatting of hard drives.
While a patch is not yet available, Microsoft recommends blocking
access to TCP port 70. IE users need to block gopher access manually.
http://zdnet.com.com/2100-1105-935363.html
Microsoft security bulletin: http://microsoft.com/technet/security/bulletin/MS02-027.asp
--12 June 2002 A Model for Cyber Incident Cost Assessment
The Incident Cost Analysis Modeling Project (I-CAMP) is a
multi-university project conducted in the 1990's; its aim is to
provide a means for assessing the costs of cyber security incidents.
The formula includes determining who worked on the incident
investigation, how many hours they spent investigating, who was
unable to work because of the incident, for how long, and the costs
associated with that. The model does not take into account such
factors as insurance deductibles and loss of revenue and reputation.
http://online.securityfocus.com/infocus/1592
--12 June 2002 KPNQwest Loses Data
KPNQwest's fiber optic service loses as much as 5% of the data it
delivers, according to Matrix NetSystems. "Healthy" services will
lose only 0.1% of their data.
http://news.com.com/2100-1033-935456.html
[Editor's (Murray) Note: What is being measured and reported here is
"dropped packets." They are a measure of the health and efficiency
of the network. However, dropped packets do not result in data loss.
The TCP/IP protocol is designed to tolerate dropped packets.]
--12 June 2002 Phony Press Release Generates Increased Trading
Internet Wire was tricked into publishing a phony press release about
a small drug company because an employee did not follow authentication
procedures. The false information increased the trading volume of
the stock five-fold; it closed up almost 7%.
http://www.usatoday.com/life/cyber/invest/2002/06/12/phony-release.htm
--10 June 2002 DoD Purchasing Bound by Common Criteria Standard
The National Security Telecommunications and Information Systems
Security Policy 11 requires that as of July 1, 2002, the Defense
Department (DoD) will be allowed to purchase only those products that
meet the Common Criteria standard. Integration and configuration
are areas of concern because the evaluation was not made with those
considerations in mind.
http://www.fcw.com/fcw/articles/2002/0610/cov-lock-06-10-02.asp
[Editor's Note (Murray): The issue is not only whether or not a
product "meets the Common Criteria" but also whether or not it has
even been evaluated against the criteria. Most products are not.
Evaluations are very expensive even for products that were developed
with evaluation in mind. While it is assumed that evaluated products
will be more secure than unevaluated ones, this is less than certain.
(Grefer) Be careful what you ask for, you might get
it. Evaluation/certification is quite expensive, narrows down the
number of competitors.
(Paller): It is difficult to prove, in practice, that products meeting
the Common Criteria, reliably provide greater security than those that
do not. Unsafe configuration negates safe design. For the Common
Criteria to meet the goal of improving DoD Internet security, it needs
to be complemented with Common Configuration benchmarks like those
being developed by NSA, NIST and the Center for Internet Security.]
--10 June 2002 Audit Finds Army Web Sites Display Sensitive
Information
A Defense Department inspector general's audit found that many publicly
accessible Army web sites contain information not intended for public
viewing, including operation plans and documents labeled "For Official
Use Only." Suggestions for amending the situation include conducting
"periodic policy compliance reviews" and establishing a system to
resolve any problems found.
http://www.fcw.com/fcw/articles/2002/0610/web-army-06-10-02.asp
--10 June 2002 Chief Information Security Officers Face Job
Uncertainty
Many well-known CISOs have lost their jobs. Others are under increasing
pressure to prove the value of their programs based on actual security
improvements. Technical information security skills are becoming more
important for security managers.
http://www.computerworld.com/securitytopics/security/story/0,10801,71866,00.html
--3 June 2002 Surreptitious Back Door Installations May be Related
In mid-May, several network security tools available on Monkey.org
were contaminated with back doors nearly identical to the one covertly
installed in an IRC chat client in March. Nearly 2,000 copies of
the Dsniff, Fragroute and Fragrouter tools were downloaded before the
problem came to light; affected users are being contacted. Authors of
the tainted programs say they will employ new security measures.
http://online.securityfocus.com/news/462
[Editor's (Murray) Note: Will people never learn that free toys from
no-name sites are more likely than not to be contaminated?]
--1 June 2002 Disgruntled (Former) Employees Cause Problems
A man planted a logic bomb in his company's computer system when he was
demoted; it detonated months after he resigned, destroying part of the
program supporting the sales force's handheld computers. The company
went after the employee, and he has been sentenced to two years in
prison and ordered to pay restitution of $200,000. Other companies
are starting to step forward and prosecute saboteurs as well.
http://www.cio.com/archive/060102/doom_content.html
==end==
Please feel free to share this with interested parties via email,
but no posting is allowed on web sites. For a free subscription,
(and for free posters) e-mail sanssans.org with the subject:
Subscribe NewsBites
To change your subscription, address, or other information, visit
http://www.sans.org/sansurl and enter your SD number (from the
headers.) You will receive your personal URL via email.
You may also email <sanssans.org> with complete instructions and
your SD number for subscribe, unsubscribe, change address, add other
digests, or any other comments.
=============================================================
SANS Security Essentials - Mentor-Led Programs in 40 Cities
Combines self-paced on-line training with twenty hours of meetings with
your class and a mentor who has already achieved GSEC certification.
Save 20%
If you register by August 1, the tuition for this course is $2430.
For registration information, contact Scott Weil, sweilsans.org.
Locations beginning in August and September:
Alaska Fairbanks, AK
Liam Forbes, University of Alaska at Fairbanks
Arizona Phoenix, AZ
Lois Lehman, Arizona State University
Arizona Tucson, AZ
Mike Fleming, National Optical Astronomy Observatory
California Pleasanton, CA
Potheri Mohan, SanDisk Corporation
California San Jose, CA
(San Jose Statue University) Michele Guel, Cisco
California San Diego, CA
Mel Jackob, US Navy contractor
Colorado Denver, CO
Sanjeev Sood, AmerInfo, Inc.
Connecticut Hartford, CT
Tim Rogers, United Technologies Pratt & Witney
Florida Tampa, FL
Corey Pincock, Network Knowledge Systems (NKS), Inc.
Illinois Chicago area, IL
Patrick Wengert, Discover Financial Services
Kansas Lenexa (Kansas City), KS
John Mallery, Clarence M. Kelly & Associates
Kentucky Lexington, KY
Christopher Hayden, Ashland, Inc.
Massachusetts Boston, MA
Christopher Spirito, EMC Corporation
Maryland Baltimore, MD
Ted Mina, Independent information security consultant
Maryland Gaithersburg, MD
Carolyn Rowland, National Institute of Standards Testing
Michigan Grand Rapids, MI
Darrin Wassom, Spectrum Health
Minnesota Minneapolis, MN
Liz Stanton, Upstream Solutions, Inc.
Missouri Columbia, MO
Liviu Groza, University of Missouri Health Services
North Carolina Asheville, NC
Jim Hurst, Sonopress, Inc.
North Carolina Charlotte, NC
Chris Mahn, Duke Energy
North Carolina Research Triangle, NC
James Born, AT&T
New Jersey Bergen County, NJ
Megan Restuccia, Bergen Regional Academies
New York Albany area, NY
Patrick Nolan, Stormranger Computer Security
New York Rochester, NY
Ralph Durkee, Ralph Durkee Consultants
Ohio Cincinnati, OH
Kevin Van Dixon, Intrieve, Inc.
Ohio Cleveland, OH
Rockie Brockway, Totem Security
Ohio Dayton, OH
Phillip Conrad, Multimax
Oklahoma Tulsa, OK
Lloyd Ardoin, Mazzio's Corporation
Pennsylvania Philadelphia, PA
Bruce Diamond, Computer Helpline, Inc.
Texas College Station, TX
Kent Knudsen, Texas A&M University
Texas Richardson (Dallas area), TX
Brian Levasseur, Aegon USA
Virginia Dahlgren, VA
Paul Ford, Chugash Telecommunications & Computers, Inc.
Virginia Herndon, VA
Wayde York, EDS
Virginia Tysons Corner, VA
Angela Orebaugh, Booz Allen Hamilton
Washington Seattle, WA
David Severski, Lucent Technologies
Canada
Calgary
Kenton Smith, Chartwell Technology
Montreal
Patrick Boismenu, Royal Canadian Mounted Police
Ottawa
Guy Bruneau, Cornerstone Communications
Toronto
Chris Russel, York University
Mexico
Mexico City
Rafael Garcia, Symantec Corporation
Start in August/September in 40+ Locations
For registration information, contact Scott Weil, sweilsans.org.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9EKpB+LUG5KFpTkYRAixaAJ42PoIppOt5cQmCubYCFvTiAGGmLwCgmRWI
A0/hlOd8qH9FQ9y2AE359UM=
=+UNk
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]