Ben Rooney of cnnmoney.com reports that the Google has admitted that it's Streetview cars have been collecting data from open WiFi hotspots. Google first admitted to collecting the publicly broadcast information of open hotspots, things like the network names and router numbers, on April 27th. But after being asked for more information, Google says that they discovered more data was being collected - private data in the packets being transmitted across the network. Supposedly the code that gathered data packets was accidentally entered into software used to gather public information on WiFi.
The software changes channels five times a second, so only bits and pieces of data would be gathered. Encrypted data, like the communications between you and your bank account, cannot be read, so it won't have been compromised by Google's illicit scans.
Google is, of course saying that it was an accident. In response they have stopped all scanning of open WiFi by their streetview cars until they can repair and replace the faulty software. They have arranged for a third party to review the software and the data collected from public WiFi networks.
This is a major blunder by Google. Whether it was a case of pushing the envelope to see what the reaction would be or an honest mistake, it's going to hurt Google's reputation. This one I tend to believe was an accident. In many nations it is illegal to tamper with electronic communications. Google may want to gather and use information, but breaking the law to do it isn't good business.
Showing posts with label Public Relations. Show all posts
Showing posts with label Public Relations. Show all posts
Monday, May 17, 2010
Wednesday, May 12, 2010
Could Buzz become Facebook for education?
In his blog entry on ZDNet, "A social networking call to arms" Christopher Dawson looked at Google as the potential social networking provider for education and business. He makes some good points. In the past Google has been considered a nemesis of personal privacy for their retention of user search and email data long after the fact. But they have responded to their users concerns by limiting the time data is kept, and when they made the major blunder at the introduction of Buzz were quick to fix the problem. Facebook, on the other hand, is continually expanding what user information is considered public without consulting users or seeming to care about their wishes. Schools have to keep certain data private, and Facebook does not allow that.
There was a time when Facebook might have been useful as a tool for teachers. That time is long past. But a social network run by Google could work. Google does not make change their privacy policy every six months (or less) in an effort to make more of the user data public. And Google has experience providing secure services in the cloud to businesses already. They already have most of the ingredients of a successful social media site if they can find a way to tie them all together. Google Search, Google Reader, Youtube, Blogger and Google's handling of privacy issues are some pieces of the puzzle. All Google needs is a way to package them together that satisfies the privacy and security needs of educational institutions while providing the social experience people want.
There was a time when Facebook might have been useful as a tool for teachers. That time is long past. But a social network run by Google could work. Google does not make change their privacy policy every six months (or less) in an effort to make more of the user data public. And Google has experience providing secure services in the cloud to businesses already. They already have most of the ingredients of a successful social media site if they can find a way to tie them all together. Google Search, Google Reader, Youtube, Blogger and Google's handling of privacy issues are some pieces of the puzzle. All Google needs is a way to package them together that satisfies the privacy and security needs of educational institutions while providing the social experience people want.
Friday, April 30, 2010
Choosing to host malware
ZDNet's Dancho Danchev report on a disturbing development in activism; the opt-in botnet.
In case you don't know what a botnet is, it is a group of computers that have been taken over by malware that allows someone besides the computers owner to take control and/or use the computer to attack other computers, servers, and even botnets. Usually the people hosting the computers in the botnet don't know they've been infected. In the case of an opt-in botnet, though, they do. Not only do they know, they've intentionally infected their computers so a coordinated attack against an entity their activist group doesn't like can be launched. This is similar to activists chaining themselves to trees, vandalizing government (or other) buildings, or bombing whatever they don't like.
This kind of activity is illegal, but most people who become part of opt-in botnets either don't know this, don't care, or think that, as part of a large group, they are less likely to be singled out. They may or may not be right about that last one.
One of the things that make opt-in botnets feasible is the rise of social networking sites such as Facebook and Twitter. But while they make such things easier, they don't guarantee success. The article examines some successful and not so successful opt-in botnets. It's interesting reading. If you find such things interesting, check it out.
In case you don't know what a botnet is, it is a group of computers that have been taken over by malware that allows someone besides the computers owner to take control and/or use the computer to attack other computers, servers, and even botnets. Usually the people hosting the computers in the botnet don't know they've been infected. In the case of an opt-in botnet, though, they do. Not only do they know, they've intentionally infected their computers so a coordinated attack against an entity their activist group doesn't like can be launched. This is similar to activists chaining themselves to trees, vandalizing government (or other) buildings, or bombing whatever they don't like.
This kind of activity is illegal, but most people who become part of opt-in botnets either don't know this, don't care, or think that, as part of a large group, they are less likely to be singled out. They may or may not be right about that last one.
One of the things that make opt-in botnets feasible is the rise of social networking sites such as Facebook and Twitter. But while they make such things easier, they don't guarantee success. The article examines some successful and not so successful opt-in botnets. It's interesting reading. If you find such things interesting, check it out.
Thursday, April 29, 2010
A blip from Blippy
A few months ago a new social networking service started up, one with a model I thought would never take off. Blippy posts your credit card purchases online in short, twitterlike 'blips'. The information posted includes what was purchased, where, and for how much. It's not supposed to include your credit card number. But according to Gigaom.com's Liz Gannes, for 196 transactions last week that's exactly what happened. According to Philip Kaplan, cofounder of Blippy, the transactions were from early in the services beta period, but was still being cached by Google. The problem has since been fixed - the search that had revealed credit card numbers doesn't now.
But this just brings us to the burning question in my mind. Why would you want this information to be published online, even without the credit card number? I do see a bright spot, however. Whenever I tried to use Blippy NONE of my accounts showed up to be shared. I guess they know how I really feel about their service.
Update: Blippy has since apologized, contacted affected users and promised to help them with any issues that might come up from the exposed data. They have also commited to hiring a Chief Security Officer (they didn't have one?!!!).
But this just brings us to the burning question in my mind. Why would you want this information to be published online, even without the credit card number? I do see a bright spot, however. Whenever I tried to use Blippy NONE of my accounts showed up to be shared. I guess they know how I really feel about their service.
Update: Blippy has since apologized, contacted affected users and promised to help them with any issues that might come up from the exposed data. They have also commited to hiring a Chief Security Officer (they didn't have one?!!!).
Thursday, April 22, 2010
Facebook to users: Screw privacy
Facebook proposed changes to it's privacy policy and put them online for people to comment on. After reviewing all of the comments, Facebook posted a response here. I would recommend that you read the response, even if you never read the new policy. It is full of information that I'm sure Facebook never intended to release, the biggest revelation being that Facebook considers it their right to use your content - although they claim the privacy policy limits how they can use it. Two of the responses seem to reveal the lie in that to me - I'm going to deconstruct them as I go:
And the second section that bothers me:
Who am I kidding. I didn't like any of the replies to users objections. Mark Zuckerbergs announcement yesterday just reinforces my belief that Facebook is not responding to changing social norms, but is trying to push those norms in a direction that benefits Facebooks bottom line, not the interests users of the service.
David Goldman, staff writer for cnn.money.com, covered Facebooks f8 developers conference Wednesday and saw a number of problematic privacy changes. However much more control you may have to make things more private, that control is easily lost: Users will be asked to convert their interests into fan pages:
Goody! I can create fan pages, but only if I'm willing to give up control of my own information. That's extortion - although in my case they wouldn't find much on my pages, but they shouldn't have the opportunity unless I explicitly give it to them. Facebook is starting to change their privacy policy on an almost monthly basis. Privacy policies should be relatively static, only changing when not changing would cause problems. In light of Facebooks continuing push to take control of my data I've deactivated my Facebook account. If I try to do anything beyond exchanging messages with friends I negate the privacy settings, and it's only a matter of time before Facebook gives up any pretense and says, "To use our site you grant us full use of your content." I'm not willing to do that.
Will Facebook take my creative works and use them for profit?
A number of users raised concerns similar to the following comment: “I am an artist. This section makes me nervous. Does this mean that Facebook plans to sell the artwork, photos or music that I post?” Facebook has never sold its users’ creative works, and has no intention of doing so in the future.
That's cool. Just the way it should be.
But you should be aware that Facebook does try to derive revenue from its website – such as through advertising – and your content appears on our website.
There shouldn't be a butt I mean but, here.
That said, this section limits our use of your content in two important ways that protect you. First, the rights you give Facebook are “subject to your Privacy Settings.” This means, for example, that if you set your privacy settings so that only your friends can see a photo, we cannot show that photo to anyone but your friends.
Hmmm...but in the past the default is to share with everyone. So Facebook is setting the default to share only with friends? Somehow I doubt it.
Similarly, if you opt out of Social Ads in your Privacy Settings, we will respect your decision.
You'd better, but will I ever know?
Second, the license you give us ends when you delete your copyrighted content. This means that the minute you delete it, we will no longer use your content except in the ways we articulate in section 2.
Hold up. Once I delete it, you shouldn't have any rights to my content. Also, unless you take the steps to copyright your Facebook content, it's not copyrighted, which means Facebook can use it. Facebook, you can delete section 2 right now!
And the second section that bothers me:
How will Facebook use, share, and store my content?
Facebook needs the right to use, share, and store your content in order to provide Facebook to you and your friends.
No, you could have chosen another business model. But you chose to use a model that requires you to trick us into releasing data we might not want released.
Our Privacy Policy explains what content we use, share, and store, and includes a number of examples (as do some of our responses to this section). In addition, your Privacy Settings give you the ability to direct and control how we use and share your content.
But only if we hunt them down and change them and never do anything that negates those settings. The default should be not to share - but Mr. Zuckerberg knows that the default setting is the one that most people will keep without thinking, so opt-out gives him more moneymaking power than opt-in.
Who am I kidding. I didn't like any of the replies to users objections. Mark Zuckerbergs announcement yesterday just reinforces my belief that Facebook is not responding to changing social norms, but is trying to push those norms in a direction that benefits Facebooks bottom line, not the interests users of the service.
David Goldman, staff writer for cnn.money.com, covered Facebooks f8 developers conference Wednesday and saw a number of problematic privacy changes. However much more control you may have to make things more private, that control is easily lost: Users will be asked to convert their interests into fan pages:
"Is one of your interests "The Beatles?" Well, now you're a fan of The Beatles. By default, users will receive notifications from their fan pages in their news feed.
Doesn't sound like such a big deal, but here's the kicker: Users who choose to convert their interests to "pages" will lose privacy control with the new changes. Many parts of users' profiles, including hometowns, birthdays, education, religion and work interests would be considered "connections" if a user converts them, making them public to anyone."
Goody! I can create fan pages, but only if I'm willing to give up control of my own information. That's extortion - although in my case they wouldn't find much on my pages, but they shouldn't have the opportunity unless I explicitly give it to them. Facebook is starting to change their privacy policy on an almost monthly basis. Privacy policies should be relatively static, only changing when not changing would cause problems. In light of Facebooks continuing push to take control of my data I've deactivated my Facebook account. If I try to do anything beyond exchanging messages with friends I negate the privacy settings, and it's only a matter of time before Facebook gives up any pretense and says, "To use our site you grant us full use of your content." I'm not willing to do that.
Wednesday, April 21, 2010
Message to Google: Respect our citizens privacy
In a story published in the Avalanche-Journal, Barbara Ortutay, AP technology writer reports that 10 nations have written a joint letter to Google CEO Eric Schmidt expressing their concern over the way Google Buzz and Google Streetview handle privacy.
It's good to see that the privacy of citizens is important to their governments. It's sad that the US wasn't represented, but we don't have a privacy commissioner, and anyone who's been paying even mediocre attention to the news for the last 5 years should know that US government isn't exactly worried about citizens privacy.
The letter pulled no punches, saying in part:
The other service being referred to was, of course, Google Streetview. Google streetview has been plagued with privacy issues such as pictures of the interior of houses, backyards behind privacy fences, and unobscured pictures of peoples faces without permission.
The commissioners expressed concern that Google was making it a standard business practice to roll out new services without adequate planning and privacy protections:
I only wish we could convince the US government of the importance of the citizens right to privacy. If we all contact our congressman and tell them, maybe we can.
The text of the letter is here.
It's good to see that the privacy of citizens is important to their governments. It's sad that the US wasn't represented, but we don't have a privacy commissioner, and anyone who's been paying even mediocre attention to the news for the last 5 years should know that US government isn't exactly worried about citizens privacy.
The letter pulled no punches, saying in part:
"However, we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications. We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws. Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services."
The other service being referred to was, of course, Google Streetview. Google streetview has been plagued with privacy issues such as pictures of the interior of houses, backyards behind privacy fences, and unobscured pictures of peoples faces without permission.
The commissioners expressed concern that Google was making it a standard business practice to roll out new services without adequate planning and privacy protections:
"It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world."
I only wish we could convince the US government of the importance of the citizens right to privacy. If we all contact our congressman and tell them, maybe we can.
The text of the letter is here.
Monday, April 19, 2010
Bad security a financial industry issue, not just banks
Alan of Sun Country's Weblog reports that FINRA (the Financial Industry Regulatory Authority) recently fined the brokerage firm Davidson & Co. $375,000 for failing to use adequate security measures to protect customers information.
The breach occurred in 2007, but Davidson & Co. didn't find out until 2008. To make it worse, they didn't find it, one of the hackers tried to extort money in return for not releasing the stolen data to the public.
According to FINRA, Davidson made such basic security blunders as not encrypting customer data, keeping the customer data on a web server with default admin password, and keeping the insecure webserver online 24 hours a day. The company also failed to follow a 2006 auditors recommendations that it implement an intrusion detection system and review server logs so that they could have detected the breach sooner.
According to a Davidson spokeswoman the FINRA statement ignored some pertinent information, such as a third party auditor being unable to break into their systems shortly before the breach, and the attack using what were, at the time, very cutting edge techniques.
What the FINRA report does tell us is that the attack was a SQL injection attack. In 2007 SQL injection was going on 10 years old, hardly cutting edge. Changing the default admin password is basic security. So is encrypting your customer data and not placing the database on a server directly connected to the web. Different companies use different terminology for the same tasks, so I suspect Davidson was looking for a pentester and hired something else, but I can't be sure. Any pentester should have hacked a server using the default admin password in no time. But an auditor might not even try.
These types of problems are coming to light often enough to show that a large segment of the financial sector has major security problems. I would like to see the industry police itself, but the stakes are too high, and the industry moves too slow. It's time for regulatory involvement.
The breach occurred in 2007, but Davidson & Co. didn't find out until 2008. To make it worse, they didn't find it, one of the hackers tried to extort money in return for not releasing the stolen data to the public.
According to FINRA, Davidson made such basic security blunders as not encrypting customer data, keeping the customer data on a web server with default admin password, and keeping the insecure webserver online 24 hours a day. The company also failed to follow a 2006 auditors recommendations that it implement an intrusion detection system and review server logs so that they could have detected the breach sooner.
According to a Davidson spokeswoman the FINRA statement ignored some pertinent information, such as a third party auditor being unable to break into their systems shortly before the breach, and the attack using what were, at the time, very cutting edge techniques.
What the FINRA report does tell us is that the attack was a SQL injection attack. In 2007 SQL injection was going on 10 years old, hardly cutting edge. Changing the default admin password is basic security. So is encrypting your customer data and not placing the database on a server directly connected to the web. Different companies use different terminology for the same tasks, so I suspect Davidson was looking for a pentester and hired something else, but I can't be sure. Any pentester should have hacked a server using the default admin password in no time. But an auditor might not even try.
These types of problems are coming to light often enough to show that a large segment of the financial sector has major security problems. I would like to see the industry police itself, but the stakes are too high, and the industry moves too slow. It's time for regulatory involvement.
Thursday, April 15, 2010
Online Privacy: Ebay steps up
On the eBay Ink blog Richard Brewer-Hay tells us about the new tweak to AdChoice. Now AdChoice has a nifty new icon, and that icon will appear on ads on ebay and on ebay ads on other sites. Click on the icon and you are presented with opt-out choices. That's pretty nifty, but the really neat thing is that the program is being implemented as an industry standard. Creating privacy policies and privacy customization for one site is a job. Creating something that is recognized as revolutionary and needed that others will use is a herculean task. Ebay has succesfully marked itsself as a security aware privacy guarding online company. That is almost as impressive as the standard and the example they have set.
Tuesday, March 30, 2010
Apple sprays for worms
In my inbox today I had an email from Apple detailing over 80 vulnerabilities plugged in their latest OS update - OSX 10.6.3. Included in the details are the people who reported the various vulnerabilities. It fixes everything from a bug that allows a Mac to be hijacked when a user performs a spell check to the Apache web server built into OS X. This is a large update, and it really covers a lot of stuff. If you want to learn more, you can check out Apple's page on it.
Apple also released a security update for Leopard (10.5).
If you have a Mac running OS X Leopard (10.5) or Snow Leopard (10.6) you can get the updates through Software Update (either automatically or under the Apple menu) or the Apple download page.
Apple also released a security update for Leopard (10.5).
If you have a Mac running OS X Leopard (10.5) or Snow Leopard (10.6) you can get the updates through Software Update (either automatically or under the Apple menu) or the Apple download page.
Friday, March 26, 2010
Full body scans can't be abused. Right.
Michael Holden reports in Reuters "Oddly Enough" news that a security worker at London's Heathrow airport is in hot water for looking at a coworker who "mistakenly strayed into the scanner."
The 25 year old man is not in deep trouble yet because the incident is still being investigated, but if the investigators conclude he actually did see things he shouldn't have it will put a whole new spin on full body scans. Citizens around the world have been assured repeatedly that security workers wouldn't be able to see their "naughty bits" on the scans. If the investigation proves they can, there could be a massive public outcry.
Of course, the investigation is being carried out by government employees, and the government has a vested interest in finding that nothing actually happened.
The 25 year old man is not in deep trouble yet because the incident is still being investigated, but if the investigators conclude he actually did see things he shouldn't have it will put a whole new spin on full body scans. Citizens around the world have been assured repeatedly that security workers wouldn't be able to see their "naughty bits" on the scans. If the investigation proves they can, there could be a massive public outcry.
Of course, the investigation is being carried out by government employees, and the government has a vested interest in finding that nothing actually happened.
Tuesday, March 23, 2010
OS X: Safer but less secure than Windows
Darren Murph at Endgadget reports that Charlie Miller is going to expose 20 zero day exploits for OS X at the upcoming CanSecWest. Mr. Miller has been exposing holes in OS X for years, and has twice won the PWN 2 OWN hacker contest by taking control of Apple computers. A third time he took control of an iPhone.
A zero day exploit is a piece of malware that takes advantage of a vulnerability that is not generally known, so there are no patches, updates, or workarounds to keep it from being used. Unless the person who discovers the zero day exploit informs the creators of the software being exploited the vulnerability probably won't patched until after someone writes some type of malware that takes advantage of the exploit.
If you, like me, are a big fan of Apple Macs, you know that Apple likes to tout the security of OS X and the Mac. If you are an honest Mac user you realize that OS X has vulnerabilities. Some have even been exploited, if not very successfully.
Charlie Miller is very good at what he does - find security holes so they can be patched before the bad guys can take advantage of them. His years of work in computer security have given him a good perspective on the state of Mac security vs Windows security, and that insight produced one of my favorite quotes on the subject:
In other words, Macs are safer, because there aren't that many people trying to break into them. Windows computers are more secure because the security holes are constantly being patched. As much as I wish it weren't so, the analogy works.
A zero day exploit is a piece of malware that takes advantage of a vulnerability that is not generally known, so there are no patches, updates, or workarounds to keep it from being used. Unless the person who discovers the zero day exploit informs the creators of the software being exploited the vulnerability probably won't patched until after someone writes some type of malware that takes advantage of the exploit.
If you, like me, are a big fan of Apple Macs, you know that Apple likes to tout the security of OS X and the Mac. If you are an honest Mac user you realize that OS X has vulnerabilities. Some have even been exploited, if not very successfully.
Charlie Miller is very good at what he does - find security holes so they can be patched before the bad guys can take advantage of them. His years of work in computer security have given him a good perspective on the state of Mac security vs Windows security, and that insight produced one of my favorite quotes on the subject:
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."
In other words, Macs are safer, because there aren't that many people trying to break into them. Windows computers are more secure because the security holes are constantly being patched. As much as I wish it weren't so, the analogy works.
OS X: Safer but less secure than Windows for now
Darren Murph at Endgadget reports that Charlie Miller is going to expose 20 zero day exploits for OS X at the upcoming CanSecWest. Mr. Miller has been exposing holes in OS X for years, and has twice won the PWN 2 OWN hacker contest by taking control of Apple computers. A third time he took control of an iPhone.
A zero day exploit is a piece of malware that takes advantage of a vulnerability that is not generally known, so there are no patches, updates, or workarounds to keep it from being used. Unless the person who discovers the zero day exploit informs the creators of the software being exploited the vulnerability probably won’t patched until after someone writes some type of malware that takes advantage of the exploit.
If you, like me, are a big fan of Apple Macs, you know that Apple likes to tout the security of OS X and the Mac. If you are an honest Mac user you realize that OS X has vulnerabilities. Some have even been exploited, if not very successfully.
Charlie Miller is very good at what he does – find security holes so they can be patched before the bad guys can take advantage of them. His years of work in computer security have given him a good perspective on the state of Mac security vs Windows security, and that insight produced one of my favorite quotes on the subject:
In other words, Macs are safer, because there aren’t that many people trying to break into them. Windows computers are more secure because the security holes are constantly being patched. As much as I wish it weren’t so, the analogy works. Hopefully Apple is working to change that.
A zero day exploit is a piece of malware that takes advantage of a vulnerability that is not generally known, so there are no patches, updates, or workarounds to keep it from being used. Unless the person who discovers the zero day exploit informs the creators of the software being exploited the vulnerability probably won’t patched until after someone writes some type of malware that takes advantage of the exploit.
If you, like me, are a big fan of Apple Macs, you know that Apple likes to tout the security of OS X and the Mac. If you are an honest Mac user you realize that OS X has vulnerabilities. Some have even been exploited, if not very successfully.
Charlie Miller is very good at what he does – find security holes so they can be patched before the bad guys can take advantage of them. His years of work in computer security have given him a good perspective on the state of Mac security vs Windows security, and that insight produced one of my favorite quotes on the subject:
“Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”
In other words, Macs are safer, because there aren’t that many people trying to break into them. Windows computers are more secure because the security holes are constantly being patched. As much as I wish it weren’t so, the analogy works. Hopefully Apple is working to change that.
Monday, March 22, 2010
Facebook cloning plus Nestle: Facebook fanbango
Facebook Cloning
In a report on 39online.com out of Houston Mayra Moreno reports on Facebook cloning. She introduces us to Edna Canales, who has had her social networking profile cloned twice: once on Myspace and once on Facebook. Apparently both times the cloner harvested pictures of her from the pages of Edna's friends and put up a page claiming to be her. The last time on Facebook, she discovered the clone when she got notices that her friends had friended another Edna Canales.
Both incidents were reported to the police, but you can't do much to someone who's cloned your Facebook page unless you can prove slander or harm done. Ms. Canales was fortunate. Someone, for some unknown reason cloned her page, but apparently only wanted to be her online for a while. It could have been much worse. The could have posted anything, and if people believed it was her, it would have impacted her reputation, her employability, possibly her continued employment. It's important to keep an eye on what's going on with your name online. For most people it will never be a problem. For others, constant vigilance can catch bad things before they blow up. Speaking of blow-ups, next up is
Nestle, the unFanpage
Caroline McCarthy on CNET tells us about Nestle's Facebook Fiasco. It seems that Greenpeace, who has had a longtime fight with Nestle over environmental practices, ie the use of palm oil in Nestle products, encourages supporters to use altered Nestle logos for their Facebook pages. When Greenpeace discovered Nestle's Fanpage on Facebook, they encouraged people to tell Nestle exactly what they thought about using palm oil.
Nestle had created a Fan page. They were not ready for the reaction they got. Apparently in "OMG, how do I control this!" panic mode, the pages manager started deleting posts from the page if they had adulterated Nestle logos. In response to protests, they made the technically correct, but PR nightmare "we are protecting our trademark" statement. That made matters worse, and eventually Nestle apologized and quit deleting posts. Will Nestle see the negative feedback on it's fanpage as an important sign and removes palm oil from its recipes? Only time will tell, but given the current state of the Nestle wall, they may want to consider it.
Subscribe to:
Comments (Atom)