|
 |
Thursday, June 12, 2008 |
... get in the habit of quickly installing all software program updates ... beyond that also consider:
Certified e-mail [?? Seems off the point since these services are directed at businesses not individuals]
Web page scanners ... tools using varying technologies to gauge the reputation of most Web pages. EG AVG's LinkScanner, ScanSafe's Scandoo, Trend Micro's TrendProtect, McAfee's SiteAdvisor [which I use] and Finjan's SecureBrowsing grade Web pages as safe, unsafe or questionable.
Browser security tools ... anti phishing filters
[In other words a toolbox instead of a tool.]
9:37:58 PM 
|
|
OUCH!
SANS Institute Security Newsletter for Computer Users
Volume 5, Number 5 May 2008
************************************************************************
In This Issue
1. Eight Surefire Ways to Become an Identity Theft Victim - 2. Malware
- - 3. Scams and Hoaxes - 4. Microsoft and Apple Security Updates - 5.
Security Newsbytes
************************************************************************
A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch.
You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.
************************************************************************
1. Eight Surefire Ways to Become an Identity Theft Victim
- --Practice unsafe surfing. When you purchase a new computer, go online without activating the firewall, or purchasing protective software.
Further expose yourself digitally by sharing a wireless connection with the entire neighborhood. Without digital encryption, you can share the contents of your hard drive with anyone on the street. For maximum risk, do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions.
- --Skimp on anti-virus and anti-spyware protection. Courting disaster online is easy. Invite malicious code to attack your computer simply by doing nothing. Antivirus programs can be pricey, and the maintenance of constantly downloading updates is time-consuming. Combine that with the security updates from Microsoft or Apple and it's enough to seriously annoy anyone.
- --Passwords are a pain! Make life easy for yourself by using the same password for EVERYTHING, and make it something easy to remember, like your first name or 'password'. Just in case, make sure you write it down on a yellow sticky and put it somewhere easy to see.
And don't forget to have your browser set to 'remember password' to make life easy for you - and the cyberthief.
- --Peek at junk email and open attachments from unknown sources. Open attachments from strangers, secret crushes, long-lost friends saying "what's up," or strangers hawking cheap drugs -- you'll never know unless you peek at that email. One of the many fun things that can happen when you open an attachment containing malicious code is infecting your computer with a Trojan horse or virus, which can easily lead to identity theft.
- --Stuff your wallet with juicy identifying tidbits. Wallets and purses are more than just handy cash-carrying devices. They often have credit cards, identification, insurance information and even Social Security cards. Obviously, more is better if you'd like to become the prey of fraudsters. Losing or misplacing a wallet or purse can cause more problems than just the hassle of replacing all those cards and buying a new bag. Armed with your date of birth, Social Security number and mailing address, there's no limit to the damage thieves could cause.
- --Make your checks payable to criminals. If you're like most people, you wouldn't post your checking account information on your front door, though you should if you'd like to be a victim of fraud. Similarly, checks reflecting the same information can be dropped casually into unsecured mailboxes. Statistically the chances of your mailbox being targeted by criminal elements are low, but not that low. According to the 2008 Identity Fraud Survey Report from Javelin Strategy and Research, almost 1 in 10 victims of identity theft who can pinpoint the scene of the crime say that it happened at the mailbox.
- --Opt out? Opt in! While you're mailing checks from the unlocked mailbox, go ahead and get credit card companies to send you all the pre-approved offers that the postman can cram into the box. Similarly, don't get credit card statements online; leave them on the side of the road so that they're more convenient for fraudsters who lack the technical knowledge or follow-through to launch complicated hacking schemes.
- --Nothing is too good to be true. Everyone wants to feel special and maybe more importantly, filthy rich. When reading an emailed proposition from an African business tycoon, an imperiled prince or downtrodden heiress offering millions of dollars in exchange for some small measure of assistance, it's difficult not to wish it were true. Falling for the story will undoubtedly lead to unpleasantness.
More information:
http://finance.yahoo.com/banking-budgeting/article/104894/7-Surefire-Ways-to
-Become-an-ID-Theft-Victim
************************************************************************
2. Malware
- --Zeus. A Trojan being spread by the so-called "Rock Phish" group of Russian criminals through phishing scams. Zeus is designed not only to trick victims into clicking on a link in a phishing email to give up personal information, but also to drop a Trojan on the victim's computer at the same time. The new attacks combine phishing and the Zeus Trojan to steal personal information and spread financial crimeware. Zeus can steal personal data such as usernames, passwords and Social Security numbers entered by the user while interacting with other websites.
More information:
http://www.scmagazineus.com/Rock-Phish-gang-adds-malware-download-to-attacks
/article/109240/
- -- RaceForTibet. Rootkit* malware that surreptitiously installs a keystroke logger on end users' PCs once they open a Flash movie file which uses a cartoon to mask its malware payload. The captured data is reportedly sent to a computer in China. The cartoon ridicules the effort of a Chinese gymnast and then displays images supporting a free Tibet.
The malware is being distributed as an attachment called RaceForTibet.exe.
More information:
http://www.itpro.co.uk/wireless/news/187935/tibet-supporters-targeted-by-tro
jans.html
* Rootkit: http://en.wikipedia.org/wiki/Rootkit
- -- OSX.RSPlug.A. A Mac Trojan that spreads by spam emails designed to lure users to pornography sites. Visitors are presented with a still image from a salacious video. Clicking on the image to play the video returns the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec." After the linked page loads, malware is downloaded and launches an installer. The installer requires the user to enter the admin password. Once the password has been entered, the malware infection is complete. The Trojan alters network settings, redirecting webpages and funneling advertisements for porn sites to your Mac.
More information:
http://www.geekstogo.com/2007/10/31/osxrspluga-trojan-info-and-removal/
************************************************************************
3. Scams and Hoaxes
- --Economic Stimulus Refund Phishing Scam A number of phishing scam emails are currently targeting US taxpayers by offering bogus refund payments as bait. This email, purporting to be from the Internal Revenue Service (IRS), claims that the recipient is qualified to receive the 2008 Economic Stimulus Refund. The recipient is instructed to follow a link in the message in order to fill in an online form, ostensibly to allow the refund to be processed. The email includes the IRS logo and copyright notice and is from a seemingly genuine IRS email address. However, the email is not from the IRS.
More information:
http://www.hoax-slayer.com/economic-stimulus-refund-scam.shtml
- --United States District Court Subpoena Malware Email This seemingly official email purports to be a subpoena sent by the United States District Court. The message claims that the recipient must testify before a Grand Jury at a specified place and time. The recipient is instructed to follow a link in the message to download and print a complete copy of the subpoena document. However, the message is not from the United States District Court. In fact, the message is an attempt to trick recipients into installing information-stealing malware on their computers.
More information: http://www.uscourts.gov/newsroom/2008/alert.cfm
http://www.hoax-slayer.com/subpoena-phishing-scam.shtml
- --Visa Personal Password Phishing Scam An email claiming that recipients can protect their Visa credit card for online purchases by clicking a link in the message and creating a personal password. However, the message is just another phishing scam and was not sent by Visa. Those who fall for the ruse and click the link will be taken to a very sophisticated, but fraudulent, website that has been designed to closely resemble the genuine Visa website.
More information: http://www.hoax-slayer.com/visa-password-scam.shtml
- --Mail Server Report
According to this warning message, a dangerous virus is being distributed via emails with the subject line "Mail Server Report". The warning claims that opening attachments that come with the email will first display a message saying "It is too late now, your life is no longer beautiful" before destroying all files on the infected computer and stealing personal information. However these claims are untrue.
There is not, nor has there ever been, a virus like the one described in this bogus warning message.
More information: http://www.hoax-slayer.com/mail-server-report-hoax.shtml
************************************************************************
4. Microsoft and Apple Security Updates
Microsoft and Apple provide free security updates for their software products.
Windows: Microsoft issues patches for all Microsoft products on the second Tuesday of each month as well as out-of-cycle patches on any day of the month. The next scheduled release date is May 13th. Check manually too, once every two weeks, to make sure all of the updates have been installed.
More information: http://www.microsoft.com/athome/security/default.mspx
OS X: Updates are issued frequently, and their contents may differ depending on which processor is in your Mac (PPC or Intel).
More information: http://www.apple.com/support/downloads/
iPhones: Must be updated manually:
http://docs.info.apple.com/article.html?artnum=305744
************************************************************************
5. Security Newsbytes
- --Hannaford to Spend Millions on IT Security Upgrades After Breach Executives at Hannaford Bros. Co. have said that the grocer expects to spend millions of dollars on IT security upgrades in the wake of the recent network intrusion that resulted in the theft of up to 4.2 million credit and debit card numbers from its systems. The planned upgrades include the installation of new intrusion-prevention systems that will monitor activities on Hannaford's network and the individual systems at its stores, plus the deployment of PIN pad devices with encryption support in store checkout aisles. Hannaford also has signed on IBM to do around-the-clock network security monitoring.
More information:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&;arti
cleId=9079652
- --Microsoft Reports 300% Increase in Trojan Downloaders Computer users are increasingly at risk of being lured to websites that surreptitiously download malicious software onto their machines, but stolen or lost laptops still represent most of the security breaches reported, according to the latest six-month Microsoft Security Intelligence Report. Exploits, malicious software, and hacking accounted for 13% of all security breach notifications recorded in the second half of 2007, while 57% of the breaches publicly disclosed involved lost or stolen equipment. Malicious software attacks via Trojan downloaders and droppers increased by 300% during the same time period.
More information:
http://www.news.com/8301-10784_3-9925077-7.html?tag=nefd.only
- -- Firefox and Safari Updates Tackle "Alternative" Browser Bugs Mozilla has updated its Firefox web browser in response to the discovery of a vulnerability which allows miscreants to take control of vulnerable systems. Apple has pushed out an update for both the Windows and Mac versions of its Safari web browser. The more serious Mac flaws, if left unchecked, create a means for hackers to crash browsers or inject malicious code into vulnerable systems.
More information:
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
http://support.apple.com/kb/HT1467
************************************************************************
Copyright 2008, SANS Institute ( http://www.sans.org) Editorial Board: Bill Wyman, Alan Reichert, Barbara Rietveld, Alan Paller.
Permission is hereby granted for any person to redistribute this in whole or in part to any other persons as long as the distribution is not being made as part of any commercial service or as part of a promotion or marketing effort for any commercial service or product. Readers are invited to subscribe for free at https://www.sans.org/newsletters/ouch
5:30:35 PM
|
|
|
Monday, June 09, 2008 |
It can spot [all] rootkits [used in the tests] before they install. While only six of 30 rootkits could run on the OS, the testers had to turn off UAC to get even that far. Vista's UAC itself spotted everything thrown in front of it. [That alone got me to turn UAC back on although rootkit authors simply may not be interested in engineering for Vista.]. When testing Windows XP, of 30 rootkits thrown at XP anti-malware scanners, the best of the all-purpose suites was Avira AntiVir Premium Security Suite, which found 29 active rootkits. The anti-rootkit tools fared better with four achieving perfect scores but all failed to remove any of the rootkits they had found.
4:58:17 PM
|
|
|
Thursday, March 20, 2008 |
SANS Institute Security Newsletter for Computer Users
Volume 4, Number 11 November 2007
************************************************************************
A formatted version of the OUCH newsletter can be found at https://www.sans.org/newsletters/ouch. You can subscribe to OUCH on the same site. Send your comments to OUCH@sans.org.
************************************************************************
Spyware Mini-Quiz
(1) Approximately how many computers on the Internet are infected with spyware?
a. 25%
b. 45%
c. 60%
d. 80%
(2) What is the single best thing you can do to protect your computer against spyware?
a. Disable Active-X in Internet Explorer
b. Protect your computer with a firewall
c. Install anti-spyware and keep it updated
d. Only browse websites that you know and trust
************************************************************************
Answers
(1) d. While expert opinions vary, most sources agree that 80% is a reliable estimate.
(2) c. Antispyware is as important as antivirus software for protecting your computer.
Copyright 2007, SANS Institute (http://www.sans.org)
9:58:51 PM
|
|
|
Monday, January 30, 2006 |
Micorsoft Security At Home: "Browser hijacking" is a common type of online attack in which hackers take control of your computer's Internet browser and change how and what it displays when you're surfing the Web. [Included are: info for determining whether your browser has been hijacked; more importantly, preventing hijacks; and what you can do to restore a browser that's been hijacked. Once again the same basic steps apply: use your common sense about downloading executable code from "strangers"; keep your operating system up to date especially with security fixes, your MANDATORY protective / detective tools (anti mal/spy/ad ware) as well - same thing for your browser of course.]
2:44:23 PM
|
|
|
Saturday, May 14, 2005 |
Windows Secrets 5/12/05 (free) Newsletter: [Good review of recent security status of Internet Explorer versus Firefox browsers.]
8:43:53 PM
|
|
|
Friday, May 13, 2005 |
MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June (2004). The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.
10:59:18 PM
|
|
Microsoft is launching a PC "health service" that promises to deliver automated protection, maintenance and machine tune-ups in a single package. Windows OneCare initially is being distributed to company employees as part of a testing and development process before public beta availability later this year. The subscription service will be continually updated in an effort to address safety issues such as worms, viruses and spyware.
Micorosoft also is focused on broader PC health issues, including: the protection of digital photos, music, financial data and software, as well as system performance. Windows OneCare will provide updated antivirus, antispyware and two-way firewall protection. The package offers periodic disk cleanup, hard-drive defragmentation and file repair. Automated file backup also is offered, along with the option to back up all files on the system or only those that have changed since the last time the action was performed.
10:21:46 PM
|
|
According to Netcraft, some fraudsters are replacing text content on their phony sites with similar-looking images, "making it much more difficult for automated systems to detect the presence of keywords such as 'PayPal' and 'credit card.'"
In an online alert, Netcraft illustrated how a phisher could simply embed text within an image to hide it from filters. The text would still be readable by a possible victim, but not by a computer.
10:05:17 PM
|
|
Mainstream children's Web sites host a glut of adware Symantec, a security firm said this week, proof that spyware makers are targeting kids in an attempt to slip by parents and get their software onto home computers.
Over a three-month period, said Kraig Lane, a group product manager in Symantec's consumer division, his lab took new PCs out of the box, connected them to the Internet without monkeying with any of the default settings in Windows XP SP2, then surfed well-known sites in several categories, ranging from kids and sports to news and shopping. Interacting with each site's features, but not explicitly looking to accumulate files by downloading. Then they ran spyware detection software and counted up what kind of security risks and how many files had been installed on the machines ....
9:06:28 PM
|
|
|
Thursday, March 10, 2005 |
|
Wednesday, March 09, 2005 |
It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash. The security update, Firefox 1.0.1, can be downloaded immediately at www.mozilla.org. The update covers a handful of security vulnerabilities and approximately 40 other fixes related to browser performance based on user feedback to Mozilla. The security vulnerabilities range from "moderately critical" in nature to not critical. None of them are highly critical, and there are no known exploits for any of the vulnerabilities.
4:45:23 PM
|
|
|
Friday, March 04, 2005 |
The company, by midyear, plans to release a test version of a new Internet Explorer browser that better protects users from scams and malicious code while surfing the Web, Chairman and Chief Software Architect Bill Gates said in a keynote address at the RSA Conference 2005 in San Francisco.
Microsoft bought anti-spyware software maker Giant Company Software in December and released a beta of Windows AntiSpyware in January. In addition to its free consumer product, Microsoft will offer a for-pay anti-spyware product for corporate users that will support enterprise needs for management and deployment, said Amy Roberts, a director in Microsoft's Security Business and Technology Unit. Roberts would not say when the enterprise anti-spyware product will be available.
2:10:28 PM
|
|
|
Thursday, March 03, 2005 |
Scotty the Windows Watch Dog sniffs out malicious “mysteryware” and parasites that may assault your computer. WinPatrol puts you back in control of your computer so you’ll know what programs are and should be running at all times.
10:47:19 PM
|
|
|
Wednesday, March 02, 2005 |
On January 11, Microsoft made available the Malicious Software Removal Tool, a free tool designed to check for and help remove infections by critical viruses and worms. In its initial release, the tool checks for the existence of malicious software (malware) on computers running the Windows 2000, Windows XP, or Windows Server 2003 operating systems.
9:48:50 PM
|
|
|
Saturday, December 11, 2004 |
Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause. We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness." Each of the ten spyware programs cited by Webroot was spotted at least 50,000 times in the scans that the Boulder, Colo.-based vendor does free of charge on its own Web site, or in conjunction with EarthLink.
Some of the software in Webroot's top 10 may be familiar to users, but most is a blur of anonymous titles that don't impart their potential impact.
Among the former is Gator (also known as GAIN), long infamous because it's bundled with the popular Kazaa peer-to-peer file sharing software. Gator/GAIN, said Webroot, made the top 10 list because it spews banner ads based on your surfing habits.
Others on the list, however, are unknown to all but the most dedicated follower of spyware. They include such programs as PurityScan, which puts up pop-up ads and tricks users into installation by claiming to find and delete porn on the PC; CoolWebSearch, which can hijack searches, browser home page, and IE's settings; and Perfect Keylogger, a spy that records all visited sites, keystrokes, and mouse clicks to, for instance, divine passwords, account numbers, and other sensitive information.
The rest of the list is fleshed out with the likes of n-CASE and KeenValue (adware), TIBS Dialer (software the usurps the modem and dials toll numbers, typically porn pay-by-the-minute phone sites), Transponder and ISTbar/AUpdate (spyware posing as browser assistants), and Internet Optimizer, which hijacks Web errors and re-directs them to its own site.
8:28:59 PM
|
|
|
Saturday, November 13, 2004 |
CipherTrust, the e-mail security company, in a survey this month of more than 4 million pieces of e-mail, found that nearly all of the phishing attacks came from about 1000 machines, mostly customers of DSL or cable modem services. Close to 28 percent of the IP addresses used in the phishing attacks during the two-week survey were from U.S. computers. Another 17 percent of the IP addresses were South Korean, and another 8 percent were Chinese.
8:49:43 AM
|
|
|
Friday, October 29, 2004 |
One of the "Internet's foremost experts in Web usability" (according to Business Week) and the man who ranks number six on ZDNet's "The Web's Ten Most Influential People" calls for a change in policy to thwart Internet scams, saying, "User education is not the answer to security problems." Jakob Nielsen says a strategy relying on user education puts the burden on the wrong shoulders. The only real solution, according to Nielsen, is to make security a built-in feature of all computing elements.
2:56:23 PM
|
|
|
Wednesday, October 27, 2004 |
In findings, from a detailed survey of 329 consumers that included inspections of each of their home computers, released Monday by America Online and the National Cyber Security Alliance (NCSA), a picture emerges of consumers increasingly using their home PCs for sensitive, online transactions without adequately protecting themselves from cybercrime.
While 77% of the survey respondents believed they were safe from online threats, two-thirds lacked current anti-virus software and did not use any firewall protection. More than half said they did not understand the difference between the two. Yet 84% stored personal data on their home PCs, and 72% routinely used the Internet for sensitive transactions, such as banking and medical data exchanges.
7:45:34 PM
|
|
|
Thursday, October 21, 2004 |
Security freeware is pretty popular. The price is right and everyone needs more security. What's the catch? But just because software is free doesn't exempt it from the requirements of paid software. Folks who write security tools should practice secure coding. Authors of security freeware should be accessible and accountable for the product they provide; in security-speak, the software should have readily identifiable, non-repudiable origins. Folks who make security software available should have competent, security-savvy staff to support and maintain it.
So if you are considering security freeware, remember the five Ws. Who wrote the software? Can you identify and trust the developer? What does the software do? When should you use security freeware? Why are you choosing freeware over commercial ware? Where do you intend to use security freeware?
6:21:07 PM
|
|
|
Tuesday, October 19, 2004 |
A new free SANS newsletter has gotten rave reviews from unsophisticated end users - they really appreciate the plain non-technical writing and the cool examples. It's called OUCH! More than 500 security awareness professionals from around the US and the world helped them get it right. If you want to redistribute it to your users, that' allowed. The newsletter includes a pointer to a great phishing quiz for anyone who thinks he or she can spot a phishing email. To subscribe go to the newsletter page at the SANS portal and choose it.
12:22:32 PM
|
|
|
Monday, October 11, 2004 |
The Federal Trade Committee has filed a complaint in federal court asking that two Internet advertising and software firms be shut down. The activities of New Hampshire resident Sanford Wallace and his two firms -- Seismic Entertainment Productions and SmartBot.Net -- are some of the most egregious in the spyware field, Ari Schwartz, associate director of the Center for Democracy and Technology, told NewsFactor.
The operation of the spyware distributed by Wallace is very complicated, Schwartz explained. In addition, it has operated in different ways over the months. Perhaps the worst allegation is that of direct fraud. Some consumers assert that they were asked to pay US$30 to stop the pop-up ads repeatedly appearing on their computers. Those pop-ups originated from the same web of companies and advertisements originating them. Spy Wiper and Spy Deleter are two of the software programs marketed by Wallace's firms. In some cases, said Schwartz, pieces of software were downloaded to consumer computers without their knowledge or purchase. The company used security holes in Internet Explorer to take control of some operations on computers of users who clicked on particular ads.
The case is the first in the spyware arena to target a company for downloading code to a user's machine without permission. There are no laws against spyware at the national level.
4:31:08 PM
|
|
|
Thursday, September 23, 2004 |
Ken Colburn of Data Doctors answers: The 'warnings' that you are referring to are nothing more than an aggressive advertising campaign to try to scare you into buying a product (a.k.a. 'Scare-ware').
There are no programs currently available that can actually check your computer for Adware and Spyware through a pop-up window, and even if they could, I would not trust them. The majority of anti-spyware programs are actually very questionable in their tactics to get you to buy. Many of them make it look like they are scanning your system and come up with concocted results to make you think that you are infected, because they know that virtually everyone online has some form of Adware or Spyware in their system.
A Web site known as Spyware Warrior currently lists 96 different spyware removal programs that are of questionable nature because of false-positives, poor results, or deceptive advertising. Some are actually spyware programs in disguise! In general, the best anti-spyware tools are free and have gained popularity through word of mouth, not pop-up ads. The two that I always recommend are Ad-aware Personal Edition and Spybot Search and Destroy.
4:27:22 PM
|
|
MessageGate has determined that spam featuring the domain xcelent.biz has gone beyond the usual rudeness of using a click on an unsubscribe link to confirm a warm body on the other side of the email inbox.
This badboy actually downloads an EXE file which takes advantage of a known bug in IE - namely that it treats any link containing the "IMG" tag as a valid image file, and, as the US-CERT tells us, "a drag and drop operation on an IMG element with an executable source file will copy the executable file without presenting a download dialog."
3:30:47 PM
|
|
|
Friday, September 17, 2004 |
The Mozilla Foundation has fixed 10 security bugs in its open-source Mozilla and Mozilla Firefox browsers and Thunderbird e-mail reader, with the release of new versions of all three products this week. Some of the vulnerabilities could allow attackers to run malicious code on a user's PC via a malicious e-mail, a specially crafted vCard, or a malformed graphic on a Web site, project leaders say.
12:45:50 PM
|
|
|
Tuesday, September 14, 2004 |
The company announced that the coming Windows XP Service Pack 2, which is focused on security, will allow consumers to block both pop-up ads and ActiveX scripting.
6:26:51 PM
|
|
Security software maker Zone Labs updated its desktop firewall adding new features that aim to stop viruses, the company said. The antivirus features will be offered in a commercial version of its basic free product, Zone Alarm, and as part of a comprehensive security suite.
6:23:11 PM
|
|
But users of the popular compression tool will need to upgrade to version 9 of the software.
6:19:39 PM
|
|
© Copyright 2008 iWay-Safety.com.
|
|
|
