Twitter Implements Passkeys After High Profile Twitter Account Hacks

Posted in Commentary with tags on January 25, 2024 by itnerd

Recently Twitter made passkeys available as a login option for US-based users.

This announcement follows recent Twitter account hacks of high-profile organizations, including Hyundai,Netgear and the SEC.

Kevin Vreeland, General Manager of North America, Veridas had this to say:

“The shift towards passwordless authentication is a necessary step for enhanced security. As we’ve seen with the most recent account hacks, passwords, even for high-profile organizations, are not an effective method for keeping credentials safe.  

In today’s predominantly digital landscape, users frequently reuse passwords due to the challenge and frustration of memorizing numerous combinations. This universal practice makes password theft an easy avenue for fraud, identity theft, and in more recent cases, the spread of misinformation. Passkeys, such as face and voice verification, are significantly more difficult to steal, as they are linked to a user’s physical identity. Needless to say, they provide a much more enjoyable login experience for users, as users can be verified in seconds and don’t have to jump through hoops with lengthy dual authentication processes.  

Some vendors are developing their biometric technology on the premise of shifting the paradigm away from the presumption of “what we know” or “what we have,” which is how passwords have worked so far, to “who we are,” people with unique qualities that cannot be duplicated. With Amazon, Google and now X all making passkeys available as a sign-in method, more companies need to be making this shift to keep up with the evolving threat landscape.” 

Paswordless authentication is the future. Full stop. If you or your organization rely on passwords you need to make shift sooner rather than later to avoid getting pwned like the SEC did.

Leave a comment »

OVHcloud Enhances Its AI Offer with a Complete Range of Innovative Serverless Solutions

Posted in Commentary with tags on January 24, 2024 by itnerd

 OVHcloud, the European Cloud leader, today confirms it ambitions for AI, answering skyrocketing demand from its customer base, through an approach that makes AI simple and affordable. In an unprecedented context where generative AI has arguably taken the world by storm, OVHcloud has set itself on a mission to help customers grow their businesses by providing easy and affordable AI solutions, fueled by the latest GPU, all with the ultimate goal of democratizing AI. To make this AI revolution comes true, OVHcloud’s AI strategy focuses on offering four key items starting with efficient yet powerful compute resources, streamlined datasets, tooling in the form of software and cutting-edge skillsets.


Offering compute resources with a broad range of datacenter GPUs

To help organisations gain access to easy and affordable AI, OVHcloud leverages 20 years of expertise in infrastructure, through its unique vertically integrated model. As such, the Group provides eco-friendly compute resources benefiting from its bespoke watercooling system. Adding to previously announced NVIDIA DGX H100 available to select customers, the Group today launches new Compute GPU instances with 1x to 4x NVIDIA H100 PCIe GPU, high RAM allocation and local high-performance storage. Immediately available, the NVIDIA H100 PCIe joins existing NVIDIA A100 offer as well as new and forthcoming NVIDIA L40S, NVIDIA L4 and NVIDIA A10 options.

For customers in need of dedicated Bare Metal servers with GPU horsepower for use cases like Machine Learning, deep learning or deployment of LLM models, OVHcloud today unveils new HGR-AI-2 references powered by NVIDIA L40S GPU. Available this spring, new Bare Metal HGR-AI-2 leverages NVIDIA L40S GPU that benefits from fourth-generation Tensor Cores and FP8 Transformer Engine providing robust performance for AI workloads both in training and inferencing.

Customers looking for GPU-equipped Bare Metal servers can benefit from the new Bare Metal SCALE GPU launching later this year. With three new references in the SCALE GPU line, the Group is addressing use cases such as 3D Rendering, video processing and data inference all powered by NVIDIA L4 Datacenter GPU. Based on the NVIDIA Ada Lovelace GPU architecture, the NVIDIA L4 is a universal GPU for every workload with enhanced AI and video capabilities providing efficient compute resources for graphics, simulation, data science and data analytics.


Streamlining datasets with OVHcloud Data Platform maximizing data privacy

In addition to these technical resources, OVHcloud is making further data, tooling and skills assets available, in alignment with its vision for AI. The OVHcloud Data Platform is a new end-to-end data platform announced at OVHcloud Summit and provides a low code solution for management of the data pipeline and analytics. It provides customers with a complete and easy experience for their data journey offering the availability to collect (with more than 50 available connectors), store, manage, analyze, and visualize data.

Furthermore, the new solution also ensures that data is secure from unauthorized accesses and breaches while complying with laws and regulations. With the OVHcloud Data Platform, data scientists and business analysts can start new projects in just a few clicks by selecting information of interest in the Data Lakehouse. The solution is aimed at use cases like CRM enhancement or streamlined inventory management.

Providing tooling with serverless solutions for AI and a supporting ecosystem

To further help organizations in their data journey from ideation to production, OVHcloud has developed a complete set of serverless tools with AI Notebooks, AI Training and AI Deploy. OVHcloud AI solutions act as a complete set of tools that are easy to use, and designed to experiment with data, train models and put them into production.

Relying on high specification OVHcloud AI infrastructure, including recently announced NVIDIA H100 PCIe, A100, V100S and upcoming L40S and L4, these high-level software solutions leveraging industry standard technologies. They are designed to quickly and accessibly empower data scientists and machine learning engineers.

Additionally, OVHcloud is developing AI Endpoints, a new serverless solution targeted at developers and integrators. With OVHcloud AI Endpoints, the Group will enable access to diverse and various AI models with simple API endpoints that require little to no knowledge on the user side. Leveraging the Group’s infrastructure, OVHcloud AI Endpoints will fully respect data privacy (in/out) and will provide developers with a playground to test the Endpoints before placing API calls. With access to a number of market leading AI models such as BERT, YOLO or Mistral 7B, OVHcloud AI Endpoints is expected to offer a wide range of models when it launches.

OVHcloud is also launching AI App Builder, which is a fully managed serverless solution providing an easy way to build contextualized generative AI assistants. The tool allows customers to input their private datasets in a secured cloud environment, select cutting-edge LLM with just a single click and finally deploy code ready to use for their application. It is available today as an Alpha version here.

Finally, to support the broader ecosystem in the development of high-level AI skills, OVHcloud is working with a number of integrators and partners. The group is offering webinars and will attend the World AI Cannes Festival taking place in Cannes, France from February 8th to 10th

Pricing and availability

OVHcloud GPU instances based on NVIDIA H100 PCIe are available now on Public Cloud starting at CAD 4.05 per hour. Managed AI solutions based on H100 PCIe are available now at CAD 4.48 per hour (billing granularity per minute).

NVIDIA L40S, L4 and A10 GPU instances will be available this spring on Public Cloud starting at CAD 2.02 per hour for L40S instances and CAD 1.08 per hour for L4. New HGR-AI-2 Bare Metal Servers are expected to be available as build to order references in March in Canada (in Beauharnois and in a new data center located in Cambridge, Ontario), Europe and the United States before reaching Asia. New SCALE-GPU are launching later this year in the same geographical regions.

Resources

Leave a comment »

Cisco Launches Smart Agent For Cisco AppDynamics

Posted in Commentary with tags on January 24, 2024 by itnerd

Cisco today launched Smart Agent for Cisco AppDynamics, enabling agent lifecycle management, dramatically simplifying application instrumentation for full-stack observability through intelligent agent automation and management, and helping customers onboard new applications faster. Customers can identify out-of-date agents and upgrade them in minutes with an easy-to-use centralized agent management user interface. 

As applications become more distributed, modular and scalable, technologists find themselves managing an explosion in the number of agents. While in many companies, the operations teams are dealing with agents in the tens of thousands, those at large enterprises often handle hundreds of thousands of agents, depending on the number and type of applications being observed. Due to the sheer volume of agents — and the time-consuming and complex nature of updating them — many organizations fail to upgrade to the latest versions in a timely fashion. This leaves them with old and unsupported agents, without the latest functionality, and at risk from security vulnerabilities that have been mitigated in the most recent agent releases.  

IT infrastructure and operations teams require powerful insights to help cut through this increasing complexity, and with Smart Agent for Cisco AppDynamics, customers can: 

  • Simplify the process of installing and upgrading agents: New UI-driven process intelligently automates the installation and upgrade of agents, simplifying the process to just a few clicks. This allows customers to upgrade multiple agents at one time, freeing up resources and talent to focus on the management of application performance. 
  • Access new capabilities faster with push-button upgrades: Smart Agent makes it easy to maintain compliance and upgrade agents on a regular basis, ensuring customers have the latest versions and access to new functionality, while minimizing risk of security vulnerabilities. Smart Agent can roll-back or upgrade agents at scale with speed and agility, allowing operations teams to perform these tasks through the UI rather than manual actions on each host. 
  • Gain valuable application performance and business insights at speed: Complicated process discovery and time-consuming agent deployments can make it challenging to obtain the visibility and insight into application performance that is needed to deliver optimal user experience and business outcomes. Smart Agent automates the new application instrumentation process with a single agent install that discovers all the processes running on the host, and automatically instruments the full-stack with the agents needed, as governed by a company’s own policies. Smart Agent auto-discovery and auto-deployment enables customers to start collecting data and visualize application topography in minutes instead of days. 

Smart Agent for Cisco AppDynamics is now generally available. Customers can visit our Smart Agent webpage for more information or schedule a time to speak with us. The auto-deployment functionality will be generally available in CYQ2 2024.  

Register here for the Smart Agent for Cisco AppDynamics webinar on February 14 to learn more.

Leave a comment »

Horizon3.ai Publishes POC Exploit For Fortra GoAnywhere MFT Authentication Bypass

Posted in Commentary with tags on January 24, 2024 by itnerd

Horizon3.ai Chief Attack Engineer Zach Hanley and the Horizon3.ai Red Team have just published “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive,” which includes a proof-of concept-exploit (POC) on the widely-used managed file transfer software along with indicators of compromise (IOCs).

Fortra’s GoAnywhere MFT file transfer software is widely used in finance, finance, healthcare, engineering, gaming, logistics, manufacturing, public sector/government, higher education and other sectors to automate and encrypt data between an organization and its trading partners, centralizing file transfer activity and monitoring while improving costs. 

On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, warning of an authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 that allows an unauthorized user to remotely create an admin user via the administration portal. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x and Islam Elrfai were originally credited with the discovery. In 2023, file transfer applications were a top target by threat actors.

Links

Horizon3.ai’s “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” also includes indicators of compromise (IOCs) and remediation recommendations.

Horizon3.ai “CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive” (January 23, 2024): https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/

Horizon3.ai Proof of Concept for CVE-2024-0204: https://github.com/horizon3ai/CVE-2024-0204

Fortra “FI-2024-001 – Authentication Bypass in GoAnywhere MFT” (January 22, 2024): https://www.fortra.com/security/advisory/fi-2024-001

Leave a comment »

Aptum Forms Partnership with AVANT

Posted in Commentary with tags on January 24, 2024 by itnerd

 Aptum, a global cloud solutions provider specializing in technology consulting and managed services, today announced a strategic partnership agreement with AVANT, a platform for IT decision-making and a premier distributor for next-generation technologies. 

This collaboration makes Aptum’s comprehensive cloud solutions available to AVANT clients, and enables the companies to align their sales and support organizations in the U.S., Canada, and the UK.   

Now with more than a decade of experience, AVANT was born at the onset of hyper-accelerating technology. Its mission is to build a platform that navigates the relentless pace of change for Trusted Advisors and their customers. This enables business transformation and establishes an effective, efficient ecosystem for Trusted Advisors to leverage. With those goals in mind, AVANT works with partners to solve complex technology challenges with market-leading solutions. 

The company will offer Aptum’s Advisory & Consulting ServicesPrivate Cloud Managed Services, and Public Cloud Managed Services; plus Application Modernization & DevOps, all to bring best-in-class solutions to their team and customers. 

The agreement is effective immediately, with Aptum solutions now available to AVANT’s Trusted Advisors and their customers in the U.S., Canada and the UK.

Leave a comment »

Rogers Is Now Blaming Yahoo For The Ongoing Email Disaster

Posted in Commentary with tags on January 23, 2024 by itnerd

Since March of 2023, Rogers has had an ongoing email issue that is affecting a whole lot of their users. Let me get you up to speed so that you can see what a disaster this is for Rogers customers:

  • I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th.  
  • While this issue dragged on, there is a workaround involving using webmail, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as their email provider.
  • Rogers has sort of admitted that there is an issue. But it took them a very long time to do that.
  • It then seemed that Rogers or more accurately Yahoo was rolling out OAuth to replace the need to generate app specific passwords. But the catch was that not all email clients support OAuth. To date, only the Outlook 365 email client supports this (if you have that client, this will help you to set up your Rogers email account). Which means that Rogers users using many other email clients, or those who weren’t willing to pay Microsoft every month for Office 365 were still stuck.
  • Rogers then started to shift the blame for their email issues to Microsoft.

Well, Rogers has decided to shift the blame once again. This time they’re shifting it to Yahoo who is the company who actually provides their email services. I know this because a reader who has been following this story on my blog escalated this issue to Rogers Escalation Team and got this in response:

Hello,

I am contacting you from Rogers Technical Escalation Team regarding a concern you shared with us on our website. We appreciate your trust in our services and allowing us the opportunity to address your technical concern.

Currently, there is no update on if or when the feature to generate an app password on the Rogers Email Member Centre will be restored by Yahoo. We would like to apologize for any inconveniences. We recommend our customers to use the latest versions of Outlook that do not require the use of an app password, such as Outlook 365 or the new Outlook for Windows 11.

If you have any further questions or concerns, we recommend you contacting us at your earliest convenience using one of the following options:

Regards, 

Technical Escalation Management

He was so disgusted by this response that he flipped it to me so that I could post it to show how Rogers regards this issue. And he is now in the process of signing up for Bell Internet as he has given up on expecting Rogers to fix this.

Now to be fair, Yahoo does have to own this as this is their email platform. Which means that they need to address this. But the thing is, email addresses that are used by Rogers customers don’t say “yahoo.com”, they say “rogers.com”. Thus Rogers rather than pointing fingers at anyone but them need to dial up the right person at Yahoo and say “Look, what will take to make the app specific password functionality work? Failing that, how can we collectively get things to a place where any Rogers customer could use any email client with Rogers/Yahoo email?” Because there are going to be Rogers customers who simply can’t or won’t upgrade to the latest version of Outlook. Which means that telling said Rogers customers to simply upgrade to a newer version of Outlook or using webmail which was one of Rogers previous stock answers is simply a non-starter.

The bottom line is that we’re coming up to a year of this being an issue. And you have to wonder how much longer this will go on before there is a resolution. If there is one at all as I am starting to think that Rogers as an organization doesn’t consider this to be a priority. And if that’s the case, Rogers customers who are affected by this should be voting with their dollars just like the gentleman who sent this to me did.

Leave a comment »

EchoMark Customer Successfully Identifies Source of Sensitive Email Leak For The First Time

Posted in Commentary with tags on January 23, 2024 by itnerd

EchoMark, the company pioneering an unprecedented approach to information protection, announced a landmark achievement for its innovative solution to protect the confidentiality of corporate email and other content: An early EchoMark customer successfully identified the source of an ongoing online email leak.

EchoMark launched in late 2023, and this is the first time it was used in a live information breach situation. The company’s technology worked with flying colors, identifying the source of the leak in minutes.

EchoMark’s advanced, invisible, personalized forensic watermarking was seamlessly added to the company’s corporate emails after the organization saw evidence of a potential unauthorized exposure of confidential information. When one email was later disclosed online, the hidden and proprietary forensics markings positively identified the source of the leak.

EchoMark can be easily deployed with customizable policies across both Microsoft Exchange and Google Gmail, and does not require any client software. For organizations that desire more selective end-user control, EchoMark also announced the availability of optional Outlook and Gmail Add-Ons.

Insider risk management, including information leaks and intellectual property theft, is a big and growing problem. Responsible data sharing and trustful collaboration have emerged as a top concern, even among the world’s most sophisticated organizations. EchoMark’s solutions are designed to protect an organization’s intellectual property and support trustful collaboration. EchoMark represents a major advance in digital asset privacy and protection that helps organizations foster the seamless flow of information among legitimate participants and prevent and mitigate leaks so that everyone involved can do their best work.

Leave a comment »

Appdome Extends Mobile Bot Defense Leadership

Posted in Commentary with tags on January 23, 2024 by itnerd

Appdome announced extensions to its groundbreaking MOBILEBot Defense product, making it fully portable to any web application firewall (WAF). These extensions save mobile brands millions of dollars, extend the useful life of existing WAF infrastructures and drive down the cost to extend bot defense to the mobile channel.  

Appdome’s MOBILEBot Defense product is the industry’s only comprehensive anti-bot defense solution built-from-the-ground-up for mobile apps. It offers mobile brands multi-layered bot detection, intelligence and defense all in one solution, easily protecting the mobile channel from 100+ attack vectors including fake apps, weaponized apps, malware-controlled apps, bot attacks, credential stuffing, DDoS and account takeovers (ATOs). It requires no SDK, no coding, and no added servers to deploy, and is fully compatible with all coding languages and frameworks used in mobile app development. With the new line up of extensions announced today, Appdome’s MOBILEBot Defense product now works seamlessly with any WAF used in a mobile brand’s network. 

Unlike other anti-bot products, Appdome MOBILEBot Defense can be used with any cloud, hosted or on-premises WAF including Akamai WAF, Cloudflare WAF, Fastly WAF, F5 WAF, Radware WAF, AWS WAF and more. MOBILEBot Defense does not require an SDK, mobile app code changes or any servers and offers full support for all mobile languages and frameworks, including Obj-C, C+, Java, JS, C#, C++, Swift, Kotlin, Flutter, React Native, Unity, Xamarin, Maui, Cordova and more.  

As part of its announcement, Appdome also released real-time visibility of bot attacks in its ThreatScope Mobile XDR. The new bot detection and analytics service allows mobile brands to measure, track, investigate, report, and respond to threats and attacks across the WAF infrastructure, providing SOC-class visibility into mobile bot attacks and threats with full drill-down on attacks against specific apps, devices, OSs, releases, and more, all without a separate analytics package, SDK or device agent. 

Visit Appdome’s web site to learn more about MOBILEBot Defense, and about Appdome’s support for WAF providers including Akamai, AWS Virtual Server, Azure Virtual Server, Cloudflare, Fastly, Google Cloud Platform, Imperva, Radware and F5

Leave a comment »

Panther Labs Achieves AWS Security Competency Status

Posted in Commentary with tags on January 23, 2024 by itnerd

Panther Labs announced today that it has achieved Amazon Web Services (AWS) Security Competency status. This designation recognizes that Panther has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.

Achieving the AWS Security Competency differentiates Panther as an AWS Partner Network (APN) member that provides specialized software designed to help enterprises adopt, develop and deploy complex security projects on AWS. To receive the designation, AWS Partners must possess deep AWS expertise and experience and deliver solutions seamlessly on AWS.

AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise.

Panther’s cloud-native SIEM is built on and for AWS, empowering modern security teams to ensure real-time threat detection, log aggregation, incident response and continuous compliance.

Panther Labs is a cybersecurity company building the future of Detection and Response for the cloud-native era. Panther’s advanced data lake architecture, Detection-as-Code workflows, and intelligent correlation capabilities enable organizations to derive security signal from high-scale security data to rapidly detect and respond to threats. From startups to global enterprises, Panther’s mission is to help security teams move faster than the most advanced attackers. For more information about Panther, please visit www.panther.com or follow on X @runpanther.

Leave a comment »

Apple’s Stolen Device Protection For iPhone…. Why You Should Activate It NOW

Posted in Commentary with tags on January 23, 2024 by itnerd

Yesterday, Apple released iOS 17.3. And as part of this release was a new feature called Stolen Device Protection. This is one of these things that you need to drop what you’re doing and upgrade to iOS 17.3 so that you can activate this feature immediately. To understand why it’s so important, let’s start with the scenario that explains why this feature exists.

There’s been a rise in iPhone thefts lately where thieves not only steal iPhones, but because they had been watching their targets closely, the thieves also steal the passcodes for said iPhones. That allowed the thieves to change their Apple ID passwords which not only locked victims out of the Apple accounts, stopped them from accessing their iCloud backups, but gave them access to any passwords stored within their Apple accounts. If you want to see an example of this, Joanna Stern of the Wall Street Journal interviewed an iPhone thief who was able to steal more than $300,000 from victims using this attack.

Another thing to consider is that using this attack, the thief could also completely reset the iPhone and sell it for a huge sum of money as the thief could bypass one of Apple’s other security features which is Activation Lock. Which up until recently, prevented thieves for selling intact iPhones because the iPhone is “locked” to the owner, and only the owner could reactivate the phone after a reset. Instead the thief is forced to sell it for parts. And that’s becoming increasingly harder to do as Apple locks the parts down to the specific iPhone. That’s another reason why this attack vector is so dangerous.

All of this is very bad and clearly needed a solution. Which is where Stolen Device Protection comes in. What this feature does is it requires biometric authentication, meaning Face ID or Touch ID, when away from trusted places that the iPhone knows about like home and work to change a handful of settings. Specifically:

  • Viewing/using passwords or passkeys saved in ‌iCloud‌ Keychain
  • Applying for a new Apple Card
  • Viewing an ‌Apple Card‌ virtual card
  • Turning off Lost Mode
  • Erasing all content and settings
  • Taking certain Apple Cash and Savings actions in Wallet
  • Using payment methods saved in Safari
  • Using the ‌iPhone‌ to set up a new device

And it also includes a time delay for a second biometric authentication for certain sensitive actions. Specifically:

  • Changing the ‌Apple ID‌ password
  • Updating select ‌Apple ID‌ account security settings, including adding or removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
  • Changing the ‌iPhone‌ passcode
  • Adding or removing ‌Face ID‌ or ‌Touch ID‌
  • Turning off Find My
  • Turning off Stolen Device Protection

In short, knowing the passcode is no longer good enough to get access to a victim’s iCloud account or reset the phone among other things.

Here’s how you enable it. And I would recommend doing this at home:

IMPORTANT: To use Stolen Device Protection, you must have two-factor authentication and Find My enabled for your Apple ID account along with Significant Locations enabled on your iPhone. Significant Locations is an option within Location Services that you can find by going to Settings -> Privacy & Security -> Location Services -> System Services -> Significant Locations

  1. Update to iOS 17.3 as this security feature is at the time of writing this article is only available on that version of iOS.
  2. Once you’ve updated to 17.3, go to Settings and then Face ID and Passcode.
  3. Enter your passcode
  4. Scroll down until you see the words Stolen Device Protection. Then click on Turn On Protection.

You’ll either be prompted to authenticate using Face ID or Touch ID, and it takes a moment to turn it on. But if it turns on successfully, it should look like this:

Now if you need to turn it off, you can follow the same steps, but you need to click on Turn Off Protection. Again, I would do this from your home. The only reason that I can think of as to why you would want to turn this off is if Face ID or Touch ID isn’t working and you need to take the phone to an Apple Store for repair as they will require you to turn it off. I should note that you may have to wait for an hour before you can turn this feature off, even if you’re at home.

And while I’m here, let me pass along some tips to keep you and your iPhone safe:

  • NEVER hand your iPhone over to strangers.
  • NEVER enter your passcode in public, instead use Face ID or Touch ID
  • If you’re not using your iPhone, put it away in a pocket, bag, or purse.
  • If you do get your iPhone stolen, follow these instructions promptly.

The thing is that even with Stolen Device Protection, it’s going to take a while for the dirtbag criminal low life scumbag types to get the message that this feature is now out there. Thus iPhone users will still be targets for theft until whenever they do get the message.

So, will you be enabling Stolen Device Protection? Leave a comment below as to why (or why you’re not) enabling that feature.

Leave a comment »

« Older Entries
Newer Entries »