Redefining "Default Deny"
2 posters
Page 1 of 2
Page 1 of 2 • 1, 2
Redefining "Default Deny"
I would like to open a discussion about what "Default Deny" actually is. Some security providers make it their trade mark, claiming they are the One and Only, claiming they have actually invented this approach, although they offer only half-baked versions of this security approach that has its roots in firewalls for *nix systems. What these security providers actually do is try to implement "Default Deny" on a "Default Permit" system, introducing the "Trusted Computing" principle. The assumption is that either you trust, or you don't trust; nothing in between. If you trust something, you should allow it to do virtually anything, and if you don't trust it, you should either remove it, block it or run it in a sandbox to contain it. A practical problem is that you *can't* sandbox the whole system. So here we go: What does "Default Deny" mean to you? How do you implement it?
Paul
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
"Default Deny": "Everything, not explicitly permitted, is forbidden".
For my own setup, this is most clearly applied with LUA + SRP - in general, all execution is forbidden unless it is white-listed ("explicitly permitted"). However, given I am also effectively the "Administrator" (and know the "password"), this doesn't really apply haha.
For my own setup, this is most clearly applied with LUA + SRP - in general, all execution is forbidden unless it is white-listed ("explicitly permitted"). However, given I am also effectively the "Administrator" (and know the "password"), this doesn't really apply haha.
Re: Redefining "Default Deny"
So, if I understand you correctly, you apply the idea of "Default Deny" only for third-party executables and only in the sense of execution as such?ssj100 wrote:"Default Deny": "Everything, not explicitly permitted, is forbidden".
For my own setup, this is most clearly applied with LUA + SRP - in general, all execution is forbidden unless it is white-listed ("explicitly permitted"). However, given I am also effectively the "Administrator" (and know the "password"), this doesn't really apply haha.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Well, I suppose I just gave an example of how I apply the term "Default Deny".
As you know, my own security setup/approach relies heavily on sandboxing malware "threat-gates". In this way, I have more confidence when I eg. purposefully surf "high risk" sites or open unknown USB drives. In this context, I may want all pop-ups, flash content etc to be displayed. It's nice to know that after emptying the sandbox, all will be as it was before.
Furthermore, many of these malware "threat-gates" are not allowed to connect to the internet (via Sandboxie's configuration), so I suppose that's another way of applying "Default Deny" in my setup/approach. For example, when I open a newly introduced file, it opens/runs in a sandbox which is unable to connect to the internet. Sandboxie is really much more than a...sandbox.
Also, I guess I also use NoScript with my default web browser - therefore, only white-listed scripts are allowed to run. I suppose this is "Default Deny" too.
I'm sure there are many other attack vectors (both known and unknown) that I haven't covered/remembered, but that's the beauty of the "sandboxing" mechanism and using a relatively unknown/unused third party security program - for every new Privilege Escalation, Remote Code Execution, Buffer Overflow etc exploit, I am fairly certain of containment and subsequent easy disposal of "frozen malware". And at the same time, I (and even others) can enjoy the full benefits of my computer and the internet without apparent restrictions.
As you know, my own security setup/approach relies heavily on sandboxing malware "threat-gates". In this way, I have more confidence when I eg. purposefully surf "high risk" sites or open unknown USB drives. In this context, I may want all pop-ups, flash content etc to be displayed. It's nice to know that after emptying the sandbox, all will be as it was before.
Furthermore, many of these malware "threat-gates" are not allowed to connect to the internet (via Sandboxie's configuration), so I suppose that's another way of applying "Default Deny" in my setup/approach. For example, when I open a newly introduced file, it opens/runs in a sandbox which is unable to connect to the internet. Sandboxie is really much more than a...sandbox.
Also, I guess I also use NoScript with my default web browser - therefore, only white-listed scripts are allowed to run. I suppose this is "Default Deny" too.
I'm sure there are many other attack vectors (both known and unknown) that I haven't covered/remembered, but that's the beauty of the "sandboxing" mechanism and using a relatively unknown/unused third party security program - for every new Privilege Escalation, Remote Code Execution, Buffer Overflow etc exploit, I am fairly certain of containment and subsequent easy disposal of "frozen malware". And at the same time, I (and even others) can enjoy the full benefits of my computer and the internet without apparent restrictions.
Re: Redefining "Default Deny"
You can say that again. I just did a search with Free Commander (it shows me more than the system itself does). Although I have cleaned out my Vista Home Basic SP2 system really rigidly, there is still all this "Trusted" stuff to "protect" the system from:ssj100 wrote:I'm sure there are many other attack vectors (both known and unknown)
WINDOWS folder: exactly 72,434 files. Of those:
3735 .exe
17272 .dll
2637 .sys
87 .drv
SYSTEM folder:
0 .exe
11 .dll
0 .sys
10 .drv
System32 folder:
899 .exe
4778 .dll
1096 .sys
18 .drv
Program Files folder: exactly 14066 files. Of those:
256 .exe
2617 .dll
27 .sys
0 .drv
Under standard SRP rules, this is all allowed to run. That's a mind-blowing amount of crap to run my laptop just to surf the Internet, don't you think?
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
That's definitely a lot of crap "just to surf the Internet" haha. So how do/would you personally go about "protecting" yourself from all this?
For me, I view things perhaps a little differently. A clean system needs some form of new code to be introduced in the first place in order to get infected. This is why I treat "newly introduced files" the way I do (eg. I browse/view and open these new files sandboxed with no internet access), and also why I sandbox malware "threat-gates" (eg. web browsers and USB drives).
However, if the user (mistakenly) installs something genuinely malicious, that becomes a different story all together.
For me, I view things perhaps a little differently. A clean system needs some form of new code to be introduced in the first place in order to get infected. This is why I treat "newly introduced files" the way I do (eg. I browse/view and open these new files sandboxed with no internet access), and also why I sandbox malware "threat-gates" (eg. web browsers and USB drives).
However, if the user (mistakenly) installs something genuinely malicious, that becomes a different story all together.
Re: Redefining "Default Deny"
Just checked memory at startup: 26 processes and 213 modules running in memory...
Paul
You sit like a bean counter, doing inventory and asking yourself: Does my system need that to do what's OK for me? If not, you take the necessary measures to disable it. This involves first of all disabling a lot through the interface Vista provides. I don't like anything twinkling and flashing without purpose, so I set everything to Classic View (Win2000 look). Disabling services (of the 124 services my Vista came with, only 20 are running; even "Themes" went out of the window[s]). Altough you can't disable the Task Scheduler, you can disable a lot of the many tasks (even many hidden!) Vista launches. Disabling devices through the Device Manager. Modifying registry keys, taking care of the 60 or so startup locations (blocking write access), etc. Some of it requires activiating the in-built Admin because the system just won't let you, taking ownership (by default a lot is owned by the rather spyware-esque "TrustedInstaller"). Some of it requires renaming files, removing protocols (I removed "mailto" from the system, for example - regedit; do a search for "mailto" and delete everything you find) and so on, and so on...ssj100 wrote:So how do/would you personally go about "protecting" yourself from all this?
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Haha, that's probably one of the first things I do whenever I install Windows XP or Windows 7. I too can't stand anything "twinkling or flashing". The classic Windows 2000 look is the best, in my opinion. Unfortunately with Windows 7, you can't quite get the Start menu to look as slim and slick as the Windows 2000 one (unless you install/apply a third party program!) - very bizarre move by Microsoft.p2u wrote:I don't like anything twinkling and flashing without purpose, so I set everything to Classic View (Win2000 look).
Re: Redefining "Default Deny"
It is all so against-the-user, you just can't imagine. Yes, you are a limited user, so you may think you're safe, but behind your back MS is doing its stuff. Some part is collecting user statistics, like determining how many users use the Start menu, etc. (Don't you dare use that face- and fingerprint control login in Windows 8! ) Some other part is for forensics (yes, yes, you heard that right; we are all potential criminals until proven innocent in a court of law). You think you use a system tweaker with system rights. Haha... Think again. The damned TrustedInstaller returns a "success" code, but 1 minute later it sets it all back. That's if you leave everything as it is... I just feel like Charles Bronson in the "Death Wish" series, you know. Traps all over the place, waiting for the hackers to give them a cold shower...ssj100 wrote:very bizarre move by Microsoft.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Don't these instructions do anything for you? If not, then you should be on the lookout for something with "Theme" or "Personalization" or something; maybe in the Control Panel, maybe by right-clicking on your desktop, I don't know. If in doubt, ask a 5-year old in your neighborhood; those probably have the kind of "intuitivity" MS aimed at when they designed this [censored]. Set the theme to "Classic", reboot your computer and see if it holds. If it does, disable the "Themes" service and life is good again. In Windows 7, I saw that in the Control Panel you can get "Classic View" by clicking on the "View by drop-down" (somewhere to the right of the upper menu if I remember correctly) and selecting "small icons".ssj100 wrote:The classic Windows 2000 look is the best, in my opinion. Unfortunately with Windows 7, you can't quite get the Start menu to look as slim and slick as the Windows 2000 one (unless you install/apply a third party program!) - very bizarre move by Microsoft.
There are many improvements in security if you could put "Classic" on; doing this turns off the Navigation pane, the Preview pane, and the toolbar in all folders. In the Folder options you should also pick "Classic folders". In those same Folder Options, I added the parameter to show me all paths in the folder headers and to always show me a menu (also a new feature you can see in many "contemporary" programs: hiding menus from users so they won't ruin the wonderful "user experience" by setting something to their own taste). I also disabled thumbnails right from the start + instructed Windows not to show me any icons of the extension handlers on the file icon. As we can see from the still unpatched vulnerability here, I did that for a good reason. You can actually predict what's going to be the next "vulnerability"...
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
From memory, you can get the Taskbar to appear very much like the "Classic View" of Windows 2000 and choosing "small icons" does help with this.
However, I'm pretty sure the actual Start Menu can never be configured to be as slim as the "Classic View" of Windows 2000:
The best you can get it (for Windows 7 anyway) is a somewhat "fatter" version. However, I suspect this won't impact security haha.
However, I'm pretty sure the actual Start Menu can never be configured to be as slim as the "Classic View" of Windows 2000:
The best you can get it (for Windows 7 anyway) is a somewhat "fatter" version. However, I suspect this won't impact security haha.
Re: Redefining "Default Deny"
With Vista I didn't even try to get the same old Start menu; that can't hurt you really (except for the search feature that can launch executables as admin [Ctrl-Shift-Enter], but in Classic View that's disabled anyway). It's the active stuff that goes through all the folders that may hurt you.ssj100 wrote:The best you can get it (for Windows 7 anyway) is a somewhat "fatter" version. However, I suspect this won't impact security haha.
P.S.: My Start Menu (As you can see: everything removed, except for the Control Panel + access to my own programs). Search from there disabled; I search with Free Commander, which doesn't depend on indexing (disabled on my computer) to search fast:
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Gosh, what an ugly Start Menu. Almost a good enough reason to stick with XP haha!
Re: Redefining "Default Deny"
That's not the default look. It's just me striving for minimalization with "surgical interference" (+ Themes service disabled). If you hover your mouse over those icons and over all those parameters on the right, something happens "automagically" (thumbnails changing all the time); I don't want any of that. Everything should be static and I want things to move only when I say so. Here is what the default Start Menu looks like in English (mostly programs and functions I personally don't use at all):ssj100 wrote:Gosh, what an ugly Start Menu. Almost a good enough reason to stick with XP haha!
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Yes, I know. However, the second picture looks even uglier haha. I'm going to enjoy the slim Windows XP Start menu for as long as possible.
Of course, you can't blame Microsoft too much - they are out to please the "average" user (which is the majority). However, they really should ensure the more "advanced" user can still configure things to their liking. I really don't know why they've abolished the "slim" look (see my picture) of the Windows 2000 start menu. Anyway, as you've confirmed, this specific aspect (the width of the Start Menu etc) isn't really a security issue - just a cosmetic one.
Of course, you can't blame Microsoft too much - they are out to please the "average" user (which is the majority). However, they really should ensure the more "advanced" user can still configure things to their liking. I really don't know why they've abolished the "slim" look (see my picture) of the Windows 2000 start menu. Anyway, as you've confirmed, this specific aspect (the width of the Start Menu etc) isn't really a security issue - just a cosmetic one.
Re: Redefining "Default Deny"
One other thing I think we haven't discussed yet about Vista/Win7 is a very important place in the Control Panel: "Windows Features". For added security, it's very important to know how to turn some features off, because those features may turn out to be a lot stronger than your protection is (it's all "Trusted"). Here are 2 tutorials, one for Vista and one for Win7.ssj100 wrote:they really should ensure the more "advanced" user can still configure things to their liking
P.S.: After you've done this, there are still your programs left to configure before you can go online. This seems to be just a matter of taste, but that is a false impression. Although they may run in your sandbox, there are some aspects you'd have to know about because some risks just can't be undone by a sandbox or by a default-deny executable blocker. Besides, some programs (players, for example) won't ask you and use your Internet connection for the (not always so nice) purposes of their creators. We'll talk about those aspects a bit later. I'll also prepare some sniffer screenshots to show you that this is not mere paranoia; there's a lot going on "under the hood" which is also security-related...
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
I think the vast majority of users out there would only consider something "malicious" if eg. their bank account PIN got stolen or their hard-drive got maliciously wiped etc. I don't think many users would care if information such as what operating system, programs, fonts, Java version, Flash version, system time zone etc they are using are leaked out.
Perhaps we can compare it to something like whether we should cover our faces when we go out shopping - most people won't care about being recognised and being taped on camera (eg. security video cameras). Given this, I am quite surprised that some of these same people care more about being totally and comprehensively anonymous online!
Also just a few comments about sandboxing with Sandboxie. As we all know, new code needs to be introduced in order to get "infected". One general principle to ensure is that any newly introduced file should always be opened in a sandbox which doesn't allow ANY outgoing connections (easily configured with Sandboxie alone). Furthermore, any (forced) sandboxed application/folder that doesn't need to make outgoing connections should be configured with the same restriction. For example, if you download a video file, you should browse and execute this file in a sandbox which is unable to connect out - I've demonstrated the ease of opening such files with a sandboxed "explorer.exe" many times.
With sandboxed internet facing applications (that is, programs that do need to connect out), always ensure that sensitive areas of your computer (eg. a folder containing files with your PIN numbers etc) are unable to be accessed by anything running in the sandbox (again, easily configured with Sandboxie alone).
Perhaps we can compare it to something like whether we should cover our faces when we go out shopping - most people won't care about being recognised and being taped on camera (eg. security video cameras). Given this, I am quite surprised that some of these same people care more about being totally and comprehensively anonymous online!
Also just a few comments about sandboxing with Sandboxie. As we all know, new code needs to be introduced in order to get "infected". One general principle to ensure is that any newly introduced file should always be opened in a sandbox which doesn't allow ANY outgoing connections (easily configured with Sandboxie alone). Furthermore, any (forced) sandboxed application/folder that doesn't need to make outgoing connections should be configured with the same restriction. For example, if you download a video file, you should browse and execute this file in a sandbox which is unable to connect out - I've demonstrated the ease of opening such files with a sandboxed "explorer.exe" many times.
With sandboxed internet facing applications (that is, programs that do need to connect out), always ensure that sensitive areas of your computer (eg. a folder containing files with your PIN numbers etc) are unable to be accessed by anything running in the sandbox (again, easily configured with Sandboxie alone).
Re: Redefining "Default Deny"
That's what's usually advertised as info leakage, but that's just a minor part of the story. Hackers *could* get a hint at what you have installed and attack the default settings of those features, that's all.ssj100 wrote:operating system, programs, fonts, Java version, Flash version, system time zone etc they are using are leaked out.
What I'm hinting at is:
1) Most programs give you a user ID
Most programs give your machine an ID
Most programs combine those two IDs when you download or buy something through their [media] shops or trigger their business schemes with this or that action.
Some (more than you might want) combine those IDs with your real name, your e-mail address and even your authorization credentials unprotected over the Internet. It's really not difficult for the average script kiddie to intercept those data. A little outdated, but here's Steve Gibson's story of his experience with RealPlayer:
http://www.grc.com/downloaders.htm (I really hope you'll read that till the very end of the page)
Not much has changed since then.
2) When I tested GeSWall, for example, it was very good at protecting files and folders already stored on my computer, but it did nothing, and I mean - nothing, to protect the browser's memory and I failed all PoC's that are out there.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
I suppose it's important to generally not use one's REAL details where possible (for example, I know many people who use "fake" e-mail accounts for various purposes), and also use different passwords for more private matters.
When it comes to making online transactions, it's all up to the user to decide on whether the risks out-weigh the benefits. Clearly, online transactions/banking has a huge convenience appeal to most people - for example, one doesn't need to leave his/her house, thus saving time and petrol etc. Most people probably see it as "making use of technology", while others see it as "a ticking time bomb".
I think the vast majority of people out there perform online transactions/banking with no real/significant consequences and have been doing so for years. And I think most of these people have absolutely no "Windows Hardening" tweaks applied to their system and/or have no decent security setup/approach.
I also reckon the vast majority of people who get their "ID" stolen and abused in the REAL world would not have prevented it with any windows hardening tweak etc. For example, no "tweak" can protect anyone from "social engineering" in general (except a "tweak" in the brain haha).
When it comes to making online transactions, it's all up to the user to decide on whether the risks out-weigh the benefits. Clearly, online transactions/banking has a huge convenience appeal to most people - for example, one doesn't need to leave his/her house, thus saving time and petrol etc. Most people probably see it as "making use of technology", while others see it as "a ticking time bomb".
I think the vast majority of people out there perform online transactions/banking with no real/significant consequences and have been doing so for years. And I think most of these people have absolutely no "Windows Hardening" tweaks applied to their system and/or have no decent security setup/approach.
I also reckon the vast majority of people who get their "ID" stolen and abused in the REAL world would not have prevented it with any windows hardening tweak etc. For example, no "tweak" can protect anyone from "social engineering" in general (except a "tweak" in the brain haha).
Re: Redefining "Default Deny"
I don't think the average user can form an educated opinion (or guess even) about those risks. It may help to know that most giant providers are required by law to collect data on users and store them on their servers. How far this goes can be found easily online (so-called "spyguides" per "service" provider; the infamous "Global Criminal Compliance Handbook" is one example). For your convenience, one resource is here: http://cryptome.org/ For added security, open those pdf documents in your sandbox (just kidding). Makes you wonder how that info got there in the first place with all those super-secure environments the "Trusted Ones" keep creating...ssj100 wrote:When it comes to making online transactions, it's all up to the user to decide on whether the risks out-weigh the benefits.
Hackers are after these data. Advertisers are after these data. Hackers parasitize on advertiser's channels, and so on, and so on. Until you've been hit, you won't even realize this. My point: we are up to professionals and unless we learn to swim, nobody will keep us from drowning. Rethink "trust" and stay secure. This is not baby babble of someone who suffers from paranoia; it's a security stance, based on professional experience and lots of good reading. We want to avoid targeted attacks. Tweaking *all* of your applications for security and privacy helps. Blocking those who don't comply with your security policies in a firewall also helps.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
The average user also would not know how (or would not be bothered) to "tweak" or even read forums like this haha.p2u wrote:I don't think the average user can form an educated opinion (or guess even) about those risks.
And by the way, for whatever it's worth (and for the record), I'm still not convinced I personally need a software firewall with outbound control haha. I think I'll be convinced when/if I get my identity stolen (and I'm not talking about stuff like which browser I use haha) despite my current setup/approach.
Re: Redefining "Default Deny"
Well, in one sense you're right: whatever firewall vendors say to market their products: once you let something out, you no longer have control. Blocking something "Trusted" that may hurt you in an unexpected way BEFORE it gets out is another issue. That's mainly my approach, because I'm convinced that getting hit by a malicious executable is really the least of a client's concerns these days.ssj100 wrote:I'm still not convinced I personally need a software firewall with outbound control haha.
P.S.: Security is basically 1) guesswork + 2) religion. Security experts have a hard time convincing clients who don't want to listen, but still want them to protect their interests. That's probably why you always see those disclaimers at the end of a user agreement; "if you get hacked, don't look at us"... +OK...
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Well, I'm sure you don't try to convince them of stuff like only viewing plain text when they surf the web haha.
But realistically, I think programs like Sandboxie can really reduce the chances of significant infection for REAL users in the REAL world. Real-world users want to view (and interact with) most things on a web-site and very much enjoy doing so. With programs like Sandboxie, all this can be done with (relative) safety.
By the way, I just checked the Macro security level in my workplace - it's set to Medium! I'm almost tempted to test out Didier Stevens' POC haha.
I don't think that's how people get "infected" and require subsequent "help and support" these days. It always seems to be related to the poor handling of newly introduced files and also surfing "dodgy" sites and clicking on all pop-ups etc without using Sandboxie! Anyway, that's my own personal approach with other people, but they just "can't be bothered" to learn new things or change their ways. Happily, most of these people run "just an Antivirus and Windows Firewall", "no windows tweaks whatsoever", and "leave everything on default settings" and yet have never required "help and support" or have had their e-mail/bank accounts hijacked etc. Perhaps they are just lucky...p2u wrote:Blocking something "Trusted" that may hurt you in an unexpected way BEFORE it gets out is another issue.
But realistically, I think programs like Sandboxie can really reduce the chances of significant infection for REAL users in the REAL world. Real-world users want to view (and interact with) most things on a web-site and very much enjoy doing so. With programs like Sandboxie, all this can be done with (relative) safety.
By the way, I just checked the Macro security level in my workplace - it's set to Medium! I'm almost tempted to test out Didier Stevens' POC haha.
Re: Redefining "Default Deny"
I agree with you COMPLETELY that Sandboxie is one of the best solutions to protect your computer from malicious executables. Let there be no doubt about that, OK?ssj100 wrote:I think programs like Sandboxie can really reduce the chances of significant infection for REAL users in the REAL world.
But, please, don't start me on the REAL world; I live in Russia. You can get your identity stolen with other means ("insiders" everywhere, who want to make an extra buck, cross-site scripting and general vulnerabilities on the servers of "service" providers, etc,). I think (haven't seen any hard statistics yet except for the marketing hype of both security vendors and the media) that malicious executables on people's client computers play an insignificant role in the process.
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Re: Redefining "Default Deny"
Yes, with the specific malicious action of identity theft, I'm also not convinced that malicious executables play much of a role (despite all the security vendors' recent hype). However, I personally don't know many people who have had their "identity" stolen (in fact I only know of one, and I don't think it was related to the lack of "computer security"), but I know many many people who have had their systems hosed with adware and scareware.p2u wrote:You can get your identity stolen with other means ("insiders" everywhere, who want to make an extra buck, cross-site scripting and general vulnerabilities on the servers of "service" providers, etc,). I think (haven't seen any hard statistics yet except for the marketing hype of both security vendors and the media) that malicious executables on people's client computers play an insignificant role in the process.
I reckon "social engineering" is the most common method of performing identity theft or similar. In terms of the incidence of genuine sensitive information (not stuff like which web browser someone is using!) being leaked due to hijacked ISP servers, I really don't know. And it's probably not worth knowing because we all have to depend on and trust the security and integrity of our ISP's to some extent. Until this day, I'm really unsure about how much information my ISP can (potentially) access about my surfing habits etc. After all, nothing's stopping them from selling this information to the highest bidder haha.
By the way, on the subject of "insiders", is there any way to be safe from Hardware keyloggers from a software point of view?
Page 1 of 2 • 1, 2
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum
|
|