nod32 turkce nod32 full indir nod32 full download full nod32 download
30 Kasım 2011 Çarşamba
Is Network Solutions Snatching Domain Names?
Numerous individuals have discovered that when they search for a domain name at Network Solutions, the domain register is automatically registering the name for Network Solutions.
FCC Merger Report Release "Improper," AT&T Claims (NewsFactor)
NewsFactor - AT&T expressed its dismay Tuesday over the release of a new Federal Communications Commission report concluding that the carrier's proposed merger with T-Mobile raises significant competitive concerns due to the increased likelihood of unilateral and coordinated effects.
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Trojan:JS/Obfuscated.Gen
Trojan:JS/Obfuscated.Gen is a Generic Detection that identifies malicious HTML, Javascripts, PDF, or any scripting files that contain obfuscated code, which may be used by malware authors to evade antivirus signature detection, as well as making malicious scripts harder discover and analyze
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Twitter, mixi form Japan tie-up as Facebook gains (AP)
Rogue:OSX/FakeMacDef.A
Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.
Twitter buys Android security firm Whisper Systems
According to Whisper Systems, its current software will still be offered after the transaction is completed.
Spotify joins the apps business: unveils new music app platform (Digital Trends)
Digital Trends - Spotify is now an app platform. At an event in New York today that is ending now, Spotify CEO and Founder Daniel Ek revealed its newest plan to edge out its streaming rivals: apps. As Facebook and so many other services are slowly doing, Spotify is planning to allow developers to make custom apps that interact with its streaming music service.
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Android is big in Asia: games return to South Korea (Appolicious)
Appolicious - In a land where smartphone adoption rates are among the highest in the world, South Korea has become one of the most targeted areas for mobile development. Now that restrictions on game approval have been loosened, South Korea can join in the Android gaming fun. As The Wall Street Journal points out, approximately 40 percent of the South Korean population has purchased smartphones in just two years, jumping on a fresh opportunity after mobile software regulations were lessened. And some 20 million South Koreans are now primed for the mobile gaming industry?s more adept innovations.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
CA Technologies: Looking to the cloud, but keeping its feet on the ground
IT management company aims for the cloud while looking after mainframes as well...
(silicon.com - Software)
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Story of one presentation - Gartner Symposium Barcelona
This week I attended the Gartner Symposium in Barcelona. The event is for IT leaders and executives, held in a magnificent venue and superbly organized.
Having the chance of giving a talk there, I wondered what kind of message should I give to such attendees. These people lead big companies and get regular reports from the best analyst in the world. During the conference basically they will get tons of information, and I wanted my message to remain in their minds, so I decided to go for a practical approach.
Worm:W32/Morto.A
Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Surprise! Microsoft quietly opposes SOPA copyright bill
Microsoft applauded a Senate bill that aimed to delete "rogue Web sites" from the Internet. But it's drawn the line at the broader Stop Online Piracy Act.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Fake AV business alive and kicking
Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs. Right now we are observing 10 000 daily attempts to infect users with Trojan-FakeAV; back in June the figures were 50-60,000.
nod32 full indir nod32 full download full nod32 download est nod32 serial
Steganography or encryption in bankers?
��� While looking over some potentially malicious links from Brazil, I came across an interesting group of files. They were of varying sizes but had similar structures. �
Facebook privacy practices get FTC shakeup
To settle charges of deception, Facebook agrees to get consumers' permission before it changes the way it shares their information.
Phishing at the Top Level
Opinion: ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
29 Kasım 2011 Salı
Backdoor:OSX/Tsunami.A
Backdoor:OSX/Tsunami.A is a distributed denial-of-service (DDoS) flooder that is also capable of downloading files and executing shell commands in an infected system.
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Intel Ivy Bridge launch schedule leaked
Intel's next generation Ivy Bridge processors are set to debut in April 2012, with the first lineup of i5 and i7 chips coming first, followed on by i3 and i5 mobile microprocessors a little later in the year.
Set to be the first processors to make use of the newly shrunk 22nm form factor, Ivy Bridge was originally set for release in the first quarter of 2012, but due to poor demand - presumably because of the not so distant release of Sandy Bridge E chips - it was pushed back to April 2012. This likely wouldn't have been possible if AMD's Bulldozer chips had shown stronger performance, but due to the lack of competition Intel could quite easily coast through the next few months knowing that there is nothing to threaten it performance wise.
Source:
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
Packed:W32/PeCan.A
This program is packed using a packer program associated with numerous other malware.
Trojan:BASH/QHost.WB
Trojan:BASH/QHost.WB hijacks web traffic by modifying the hosts.
full nod32 esed nod32 keyleri esed nod32 key esed nod32 keys
Samsung wins appeal on Galaxy tab ban in Australia (Reuters)
Reuters - An Australian court reversed a ban on the sale of Samsung Electronics Co Ltd's Galaxy tablet computers in the country on Wednesday, handing it a victory against rival Apple Inc in the firms' global patent war.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Backdoor:W32/Spyrat.D
A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
nod32 güncel key nod32 guncel key eset nod32 guncel key eset nod32 güncel key
Opt-out of Facebook permissions via new add-on
Still in rough development, a new extension for Google Chrome puts in your hands a useful power tool for separating your data from Facebook apps of dubious origin. Called OOptOut (download), the add-on by Chad Selph helpfully lists above the Facebook header for you any permissions that a newly-installed Facebook app requests.
Check boxes next to each let you toggle the select permission. Keep in mind that this extension isn't for casual enthusiasts. Disabling permissions can prevent an app from functioning properly. A gaming app that wants your location data may seem strange at first, but it's possible that the game has a legit reason for the request, such as finding other players that are nearby.
Another problem with the extension is that the developer freely admits that it's in rough shape as it now. As the instructions on the download page indicate, sometimes it breaks sites, but it requires a certain degree of savvy to even install. You must be comfortable creating a git clone of the extension repository and working with Google Chrome in developer mode, since the more usable public build of the extension isn't ready yet.
Source:
nod32 keyleri güncel güncel nod32 keyleri nod32 guncel keyler
Ongoing analysis of the web infection
During the last couple of days I have together with Yury Namestnikov been investigating the extremely high numbers of infected websites. It all started when I was going through local statistics for Sweden and saw an increase of a certain JavaScript redirector, and also new detections on new variants for Java, PDF and Flash exploits. I published an article about this saying that Sweden was under attack, and you can read the blog post here:
http://www.securelist.com/en/blog/208193174/Sweden_is_under_attack_mass_infection_and_new_exploits
But after some more research I noticed that it was not just Sweden that was affected, it seemed to be a global epidemic. I also noticed that we were talking about two different redirectors; Trojan.JS.Redirector.ro and Trojan.JS.Pakes.cp.
Worm:W32/Downadup.AL
Worm:W32/Conficker.AL is a variant of Worm:W32/Downadup that can spread using three different methods and is capable of hiding its actions on the infected machine, as well as downloading files from remote sites.
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Staff on Facebook and Twitter? Five things you need to know to avoid a social media lawsuit
Legal Eye: Tap into social media but minimise the liabilities...
(silicon.com - HR)
nod32 key esed nod32 download nod32 serialleri esed nod32 indir
Application:W32/Keygen
Application:W32/Keygen identifies non-malicious files used to emulate a Microsoft Key Management Server in order to use cracked license keys for Windows 7.
nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
The Mystery of Duqu: Part Five
Driver
The driver is the first component of Duqu to be loaded in the system. As we discovered, the driver and other components of malware are installed with a dropper exploiting a 0-day vulnerability (CVE-2011-3402). The driver is registered in the HKLM\System\CurrentControlSet\Services\ registry path. The exact name of the registry key varies in different versions of Duqu drivers.
Once the driver is loaded, it decrypts a small block that contains its registry key and the name of the registry value to be read from that key. It also contains the name of the driver object to create.
All versions of the driver available at the moment have the same registry value name, “FILTER”.
The driver then registers the DriverReinitializationRoutine that queues the WorkerRoutine where actual driver initialization is performed. In the WorkerRoutine the driver reads the “FILTER” value from registry and decrypts it with a hard-coded encryption key. There are two known versions of decryption routine and two corresponding decryption keys. The driver also locates the NTOSKRNL.EXE or NTKRNLPA.EXE module and gets the addresses of API functions for further usage.
The decrypted “FILTER” value from registry contains the list of records that contain the name of the process (“services.exe”), the path to corresponding PNF DLL file that will be injected in that process and the decryption key (0xAE240682) that is used to decrypt the PNF DLL file.
After initialization the driver registers LoadImageNotifyRoutine that will be then called by Windows each time a new module is loaded. The routine checks if the name of image matches one of these specified in “FILTER” value and if it does, starts the injection: it decrypts and copies the PNF DLL file into an allocate memory region on that process. It also builds an copies a stub EXE file into that process that is then used as a loader for the PNF DLL.
As soon as “KERNEL32.DLL” is loaded in the same process, it locates addresses of API functions required by the loader EXE and modifies the original entry point of the main process module so that it passes execution to the loader EXE code.
The loader EXE module performs initial initialization of the PNF DLL module and then executes the export as specified in the configuration (“FILTER”). After that it restores the code of the original entry point and returns execution to the original process module. The loader also interacts with the driver module using a custom IOCTL code to change memory protection of the original entry point code.
PNF DLL file
This module is stored on disk as an encrypted block of data. As soon as it is decrypted, it turns out to be a DLL packed with UPX. Known versions of PNF DLL modules export 8 or 6 different functions by ordinal numbers.
Export 2 runs export 6 in a separate process.
Export 4 runs export 5 in a separate process.
Export 5 starts a thread in “services.exe” process that loaded the 302 resource (see below) and, if provided with correct information by the callee, installs a complete new set of Duqu components.
Export 6 stops the driver and completely uninstalls all components of Duqu. Export 8 and 1 initialize the PNF DLL module and start main threads.
It seems that ordinal 1 is intended to export primary functionality of the DLL. First, it loads the configuration information from another PNF file, the PNF Config file. If the file is not present, it is created from an encrypted hard-coded copy that is stored in the PNF DLL file.
The name of the configuration file is different for every version of Duqu. The PNF Config contains the name and path to the driver component, to the PNF DLL and PNF Config itself.
When the PNF Config is created, the date of creation is written into the file. The file also contains the TTL (“time to live”) value: a separate thread started by PNF DLL monitors if TTL days passed since the creation date, and after that runs the uninstallation routine.
Some versions of the PNF DLL also start an RPC server similar to the one found in Stuxnet.
The PNF DLL also provides API for manipulating the configuration file from external modules using globally available events.
Depending on the flags in the PNF Config, the PNF DLL code looks for specific processes: the list of process names in the PNF Config, “explorer.exe”, “svchost.exe” and then injects code in them. The code to be injected is stored in binary resource 302 found in PNF DLL.
302 resource
Depending on the flag in the PNF configuration file, it is either a DLL loader module or a block of data (equivalent of decompressed “.zdata”, see below). Both configuration have been found in different Duqu versions. The PNF DLL checks a flag in PNF Config and determines whether to pass execution to the DLL loader or to locate the payload DLL and call it directly.
The loader DLL module is similar to PNF DLL. The main purpose of the loader is to decompress its “.zdata” section and pass execution to the main payload that is contained in decompressed data.
The .zdata block contains the header that starts with the magic number 0x48747193. It contains the offsets and sizes of the DLL loader, the payload configuration block and the payload DLL.
Configuration block
The configuration block contains the name of the temporary file to use %TEMP%\~DR0001.tmp, additional binary data controlling the behavior of the payload and information required to connect to the C&C servers. There are two lists of C&C servers, one can contain domain names, IP addresses or names of network shares, and the other contains IP addresses in binary format and is used to connect using Windows HTTP (winhttp) services. Although the configuration blocks we have found so far are similar and are set up to connect to its C&C using HTTP and HTTPS, the payload DLL is able to connect to a network share and even become a server.
Payload
We are still analyzing the payload. It contains 256K of C++ code with extensive use of STL and its own complex class hierarchies, probably own framework.
The payload is able to connect to C&C server using either winhttp library or connection to a network share IPC$ endpoint. It is able to connect using proxy server configuration of Internet Explorer. It also contains code for acting as a HTTP server and processing the same requests as served by the C&C. The payload is able to load an external DLL module provided by the C&C and interact with it using a pre-defined API. The most noticeable module discovered so far is the infostealer module. There are also modules for updating the TTL value in the PNF DLL configuration, for reading the network and disk storage configuration from the infected machine.
It also can form a PNF DLL with a configuration block and the payload DLL ready for distribution to other machines.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
YouTube Could Become the Best Video Streaming Option (ContributorNetwork)
ContributorNetwork - COMMENTARY | Television and movie streaming is a popular feature of many tablet computers and smartphones. While streaming movies and watching television over the Internet has proven to be a popular pastime, the particular app or platform used to achieve that varies between a certain number of providers, and many devices are even brand specific most of the time. Apple users like iTunes, and Kindle Fire users like Amazon Video on Demand. However, YouTube is increasingly looking like it should become the video streaming first choice.
Using TS RemoteApp as an attack vector
So in today's session at SMBNation that I spoke at, I showed how to use TS RemoteApp with TS Gateway on SBS2008 to deliver remote applications through Remote Web Workplace. It is one of the most cool features in the Windows Server 2008 operating system. But we have to remember what its doing.
Part of the conversation we had was on the difference between local desktop display in TS RemoteApp vs just having a full desktop to the Terminal Server. One issue that came up was that as a RemoteApp, you can't run other applications.
Well, that is not actually true. If you think that, then a TS RemoteApp has the ability to be an attack vector for you. What do I mean? Well below is a screen shot of what happens if you hit CTRL-ALT-ENTER with the cursor focused on the RemoteApp window (in this case MS Paint running remotely):
At this point, you can run Task Manager.... then hit File->Run and run something else. In my case, I showed a few people afterwards how to start cmd and start exploring the network. Now, you will only have the privileges of the user account logged in as, but it is still something you have to be careful about. If you think a RemoteApp bundle prevents access to other application sor the network... you are wrong.
So is this bad? No. Is it really an attack vector? No. You just need to understand that when allowing ANY type of Terminal Services based access, you have to restrict the policies and access accordingly. No matter if its local or remote. Running a TS RemoteApp bundle of Office will display on the local desktop, but is STILL running on the Terminal Server. So it will be browsing the network the Terminal Server is connected to as the local net. It will also browse your own drives mapped via tsclient. So you have to remember that.
Hope thats useful. A TS RemoteApp bundle does NOT mean you won't have access to the TS desktop when displaying remotely on your personal desktop. And that's not a bad thing. TS Remote App is a convenient way to extend the workspace to your local machine, anywhere in the world. No pun intended. That's its power... and the benefit. Great remote productivity enhancement in Windows Server 2008. Use it. (Safely of course)
Best paying IT security jobs in 2012
Good news for information security professionals: Expect salaries to increase by an average of 4.5 percent in 2012. Pay for chief security officers, meanwhile, is expected to increase by 3.9 percent.
Those predictions come by way of staffing agency Robert Half Technology, which last week released its 2012 Salary Guide, which details technology industry salary and hiring trends.
The report predicts that for 2012, many security jobs will be in high demand, especially for midlevel and senior roles. "Data security and protection, especially in industries such as banking and healthcare, will continue to be an in-demand area within technology," according to the report. "In fact, 24 percent of CIOs polled by our firm cited security as their top professional concern."
Source:
güncel key nod32 full nod32 esed nod32 keyleri esed nod32 key
Worm:W32/Downadup.A
Worm:W32/Downadup exploits a vulnerability in the Windows Server service to spread copies of itself across a network. The worm also attempts to download files from a remote server.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
More Bad Drivers on the Information Superhighway
Opinion: In order to prevent bad device drivers from making the system unstable, Microsoft artificially limits the amount of memory available to Windows.
full nod32 download est nod32 serial 64 bit nod32 esed nod32 4
28 Kasım 2011 Pazartesi
Is Twittering safe?
So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.
Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.
She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.
So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
- Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
- There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
- Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
- Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
- You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.
Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.
So be careful. Follow these rules and enjoy the conversation!
Terrorist-Funded Filipino Hackers Arrested
In a joint effort, US and Philippines authorities managed to arrest four members of a hacker collective that are suspected to have attempted a hack on AT&T.
The investigation that led to the arrest of the Filipinos started back in March when the FBI requested the aid of Criminal Investigation and Detection Group's Anti-Transnational and Cyber Crime Division (CIDG-ATCCD) concerning a hacking operation that targeted the wireless services provider AT&T.
The suspects, aged between 21 and 31, and allegedly financed by a Saudi Arabian terrorist group, caused damage worth of $2 million (1.4 million EUR) to the communications company, reports SunStar. They were taken into custody after the FBI and the ATCCD raided several locations in the Metro Manila area, from where numerous computer and telecommunications equipments, believed to be used in the attacks, were sized.
Source:
Trojan:W32/Murofet.A
This trojan attempts to download a file (presumably malicious) from a randomly generated domain.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Trojan:SymbOS/ZeusMitmo.A
When installed on a mobile phone, this trojan monitors all incoming SMS messages and acts as a backdoor for receiving commands sent by an attacker via SMS messages.
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
Dutch CA suspends issuance of digital certificates
Dutch Certificate Authority KPN/Getronics has announced the suspension of the issuance of digital certificates.
The reason for this is that a breach has been discovered on a KPN web server related to PKI. The attack dates back no less than four years.
KPN, best known for its telecom business, acquired Getronics four years ago. Former Getronics has a certificate authority similar to Diginotar. Like Diginotar, KPN is allowed to issue 'special' certificates for the Dutch government and public services. In fact, many organizations affected by the Diginotar incident switched to KPN certificates.
Google future-proofs your e-mail, documents from spies
Recent changes enable "forward secrecy" so that encrypted e-mail stored now can't easily be snooped on in the future.
esed nod32 antivirus nod32 turkce nod32 full indir nod32 full download
Worm:W32/Morto.A
Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server.
CA Technologies updates cloud management packages
Cloud 360 and Cloud Commons Marketplace announced...
(silicon.com - Software)
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Trojan:SymbOS/ZeusMitmo.A
When installed on a mobile phone, this trojan monitors all incoming SMS messages and acts as a backdoor for receiving commands sent by an attacker via SMS messages.
Trojan-Downloader:OSX/Flashback.A
Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.
Just Show Me: How to use iMessage on your iPhone or iPad (Yahoo! News)
Yahoo! News - Welcome to Just Show Me on Tecca TV, where we show you tips and tricks for getting the most out of the gadgets in your life. In today's episode we'll show you how to use iMessage on your iPhone or iPad once you've ?
indir nod32 nod32 güncel key nod32 guncel key eset nod32 guncel key
Malware Calendar Wallpaper for November 2011
Here's the latest of our malware calendar wallpapers.
1280x800 | 1680x1050 | 1920x1200 | 2560x1600
This month's calendar includes a fairly typical mix of cybercrime references. However, I'd like to highlight one in particular - the arrest of a Dutch teenager for stealing furniture from the Habbo Hotel virtual world.
To some people, the idea of having a virtual life seems strange. It may seem even stranger for the police to take an interest in the theft of something that's not real. There are, of course, reasons why they would. For one thing, the virtual theft was carried out by stealing the login credentials of members of Habbo Hotel - essentially a real-world phishing scam like any other. For another, the theft and sale of virtual property can be as lucrative as any other type of cybercrime: in this case, the stolen goods had a real-world price-tag of more than �4,000.
This case underlines the fact that *any* kind of online transaction, if it can be used to make money illegally, if of interest to cybercriminals. So we all need to remain vigilant and take care to safeguard all our online activities.
Trojan:Android/DroidKungFu.C
Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.
nod32 guncel key güncel key nod32 full nod32 esed nod32 keyleri
Login failed: Public wi-fi too clunky for mobile customers
News in brief: Low take-up of public wi-fi is put down to complicated login processes...
(silicon.com - Networks)
nod32 guncel keyler nod32 guncel key güncel key nod32 full nod32
Ongoing analysis of the web infection
During the last couple of days I have together with Yury Namestnikov been investigating the extremely high numbers of infected websites. It all started when I was going through local statistics for Sweden and saw an increase of a certain JavaScript redirector, and also new detections on new variants for Java, PDF and Flash exploits. I published an article about this saying that Sweden was under attack, and you can read the blog post here:
http://www.securelist.com/en/blog/208193174/Sweden_is_under_attack_mass_infection_and_new_exploits
But after some more research I noticed that it was not just Sweden that was affected, it seemed to be a global epidemic. I also noticed that we were talking about two different redirectors; Trojan.JS.Redirector.ro and Trojan.JS.Pakes.cp.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
US police use radio encryption to stop iPhone eavesdropping
Anxiety over the public snooping of police radios using smartphones is persuading a growing number of US police forces to take the controversial step of moving their communications to fully-encrypted operation.
The Washington D.C. police department has become the latest to adopt radio encryption after mounting evidence that criminals were listening in to police conversations using cheap applications running on mass-market phones, the Associated Press has reported.
The same adoption is happening in Orange County Florida, Santa Monica California and even small out-of-the-way towns in Kansas, the agency discovered. Although scanning open analogue and digital radio services has been possible for decades using fixed radios, doing so reliably from any location or while moving is extremely difficult - the frequencies vary widely for different services across county and state boundaries.
Source:
esed nod32 indir nod32 serial nod32 güncel keyleri nod32 keyleri güncel
27 Kasım 2011 Pazar
Tech Buzzwords Make Shortlist for Word of the Year (Mashable)
Mashable - The Oxford English Dictionary has chosen its (two-word) word of the year: Squeezed Middle. Last year's word of the year was big society, and the word of 2009 was unfriend.
Those who spend time on Twitter might have guessed that OWS, occupy or 99% would have come out on top this year. They didn't come out on top, but they did make the shortlist, alongside some notable tech buzzwords. Gamification, clicktivism and crowdfunding made the U.S. shortlist, while hacktivism, sodcasting (playing music on your phone's speaker in a public place) and -- not surprisingly -- phone hacking made the UK list.
Those who spend time on Twitter might have guessed that OWS, occupy or 99% would have come out on top this year. They didn't come out on top, but they did make the shortlist, alongside some notable tech buzzwords. Gamification, clicktivism and crowdfunding made the U.S. shortlist, while hacktivism, sodcasting (playing music on your phone's speaker in a public place) and -- not surprisingly -- phone hacking made the UK list.
nod32 serial nod32 güncel keyleri nod32 keyleri güncel güncel nod32 keyleri
Cyber security threats are evolving
THREATS TO CYBER SECURITY are evolving and businesses need to learn from attacks by Lulzsec and Anonymous, speakers said at a cyber security panel discussion today.
At a Westminister Eforum, Defence Select Committee member Julian Brazier told the audience that "very few people understand the sheer scale and spectrum of the threat we face".
Andy Dancer, CTO at Trend Micro explained that the nature of cyber threats is changing, and cyber attacks are targeting individuals, rather than an entire company at once. He said, "Previously threats went out to the targets [attackers] could see. Now its point of entry and then focus on machines on the inside, impersonate the user if I can't get access to their machine. It's not an outbreak that hits all machines one at a time, it's an individual that slowly takes over."
Source:
eset nod32 güncel key indir com nod32 nod32 keyleri nod32 keyler
Surprise! Microsoft quietly opposes SOPA copyright bill
Microsoft applauded a Senate bill that aimed to delete "rogue Web sites" from the Internet. But it's drawn the line at the broader Stop Online Piracy Act.
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Critical TCP/IP Worm Hole Dings Windows Vista
Microsoft has issued a high-priority security update to fix a pair of "critical" flaws that expose Windows users to remote code execution attacks.
Code Testing Tools Could Be Acquisition Targets in '08
Interest in building security into the development process could make code testing products into inviting buyout targets.
Lab Matters - Detecting Malware Attacks on Smartphones
In this edition of Lab Matters, Ryan Naraine interviews Kaspersky Lab CTO Nikolay Nikolay Grebennikov about malicious threats on mobile devices. Grebennikov talks about the taxonomy of threats and explains Kaspersky Lab's vision for protecting data on smart phones. The discussion touches on privacy issues, data protection, anti-theft recovery, social engineering, URL filtering and parental control.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
CA Technologies: Looking to the cloud, but keeping its feet on the ground
IT management company aims for the cloud while looking after mainframes as well...
(silicon.com - Software)
The Mystery of Duqu: Part Five
Driver
The driver is the first component of Duqu to be loaded in the system. As we discovered, the driver and other components of malware are installed with a dropper exploiting a 0-day vulnerability (CVE-2011-3402). The driver is registered in the HKLM\System\CurrentControlSet\Services\ registry path. The exact name of the registry key varies in different versions of Duqu drivers.
Once the driver is loaded, it decrypts a small block that contains its registry key and the name of the registry value to be read from that key. It also contains the name of the driver object to create.
All versions of the driver available at the moment have the same registry value name, “FILTER”.
The driver then registers the DriverReinitializationRoutine that queues the WorkerRoutine where actual driver initialization is performed. In the WorkerRoutine the driver reads the “FILTER” value from registry and decrypts it with a hard-coded encryption key. There are two known versions of decryption routine and two corresponding decryption keys. The driver also locates the NTOSKRNL.EXE or NTKRNLPA.EXE module and gets the addresses of API functions for further usage.
The decrypted “FILTER” value from registry contains the list of records that contain the name of the process (“services.exe”), the path to corresponding PNF DLL file that will be injected in that process and the decryption key (0xAE240682) that is used to decrypt the PNF DLL file.
After initialization the driver registers LoadImageNotifyRoutine that will be then called by Windows each time a new module is loaded. The routine checks if the name of image matches one of these specified in “FILTER” value and if it does, starts the injection: it decrypts and copies the PNF DLL file into an allocate memory region on that process. It also builds an copies a stub EXE file into that process that is then used as a loader for the PNF DLL.
As soon as “KERNEL32.DLL” is loaded in the same process, it locates addresses of API functions required by the loader EXE and modifies the original entry point of the main process module so that it passes execution to the loader EXE code.
The loader EXE module performs initial initialization of the PNF DLL module and then executes the export as specified in the configuration (“FILTER”). After that it restores the code of the original entry point and returns execution to the original process module. The loader also interacts with the driver module using a custom IOCTL code to change memory protection of the original entry point code.
PNF DLL file
This module is stored on disk as an encrypted block of data. As soon as it is decrypted, it turns out to be a DLL packed with UPX. Known versions of PNF DLL modules export 8 or 6 different functions by ordinal numbers.
Export 2 runs export 6 in a separate process.
Export 4 runs export 5 in a separate process.
Export 5 starts a thread in “services.exe” process that loaded the 302 resource (see below) and, if provided with correct information by the callee, installs a complete new set of Duqu components.
Export 6 stops the driver and completely uninstalls all components of Duqu. Export 8 and 1 initialize the PNF DLL module and start main threads.
It seems that ordinal 1 is intended to export primary functionality of the DLL. First, it loads the configuration information from another PNF file, the PNF Config file. If the file is not present, it is created from an encrypted hard-coded copy that is stored in the PNF DLL file.
The name of the configuration file is different for every version of Duqu. The PNF Config contains the name and path to the driver component, to the PNF DLL and PNF Config itself.
When the PNF Config is created, the date of creation is written into the file. The file also contains the TTL (“time to live”) value: a separate thread started by PNF DLL monitors if TTL days passed since the creation date, and after that runs the uninstallation routine.
Some versions of the PNF DLL also start an RPC server similar to the one found in Stuxnet.
The PNF DLL also provides API for manipulating the configuration file from external modules using globally available events.
Depending on the flags in the PNF Config, the PNF DLL code looks for specific processes: the list of process names in the PNF Config, “explorer.exe”, “svchost.exe” and then injects code in them. The code to be injected is stored in binary resource 302 found in PNF DLL.
302 resource
Depending on the flag in the PNF configuration file, it is either a DLL loader module or a block of data (equivalent of decompressed “.zdata”, see below). Both configuration have been found in different Duqu versions. The PNF DLL checks a flag in PNF Config and determines whether to pass execution to the DLL loader or to locate the payload DLL and call it directly.
The loader DLL module is similar to PNF DLL. The main purpose of the loader is to decompress its “.zdata” section and pass execution to the main payload that is contained in decompressed data.
The .zdata block contains the header that starts with the magic number 0x48747193. It contains the offsets and sizes of the DLL loader, the payload configuration block and the payload DLL.
Configuration block
The configuration block contains the name of the temporary file to use %TEMP%\~DR0001.tmp, additional binary data controlling the behavior of the payload and information required to connect to the C&C servers. There are two lists of C&C servers, one can contain domain names, IP addresses or names of network shares, and the other contains IP addresses in binary format and is used to connect using Windows HTTP (winhttp) services. Although the configuration blocks we have found so far are similar and are set up to connect to its C&C using HTTP and HTTPS, the payload DLL is able to connect to a network share and even become a server.
Payload
We are still analyzing the payload. It contains 256K of C++ code with extensive use of STL and its own complex class hierarchies, probably own framework.
The payload is able to connect to C&C server using either winhttp library or connection to a network share IPC$ endpoint. It is able to connect using proxy server configuration of Internet Explorer. It also contains code for acting as a HTTP server and processing the same requests as served by the C&C. The payload is able to load an external DLL module provided by the C&C and interact with it using a pre-defined API. The most noticeable module discovered so far is the infostealer module. There are also modules for updating the TTL value in the PNF DLL configuration, for reading the network and disk storage configuration from the infected machine.
It also can form a PNF DLL with a configuration block and the payload DLL ready for distribution to other machines.
esed nod32 keys est nod32 key esed nod32 serial esed nod32 antivirus
DHS denies report of water utility hack
Department of Homeland Security says Illinois utility was not hacked and investigates claims of hack on Texas water utility.
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Time to party! Windows 7 is here!
It's only a few days away. The official launch of Windows 7 is here!
And of course, that means its time to party!!! You may have heard about the Windows 7 House Parties that are being thrown all around the world. Basically thousands of small groups of people are getting together to see what Windows 7 can do.
Personally, I thought we needed to do more. So fellow MVP and friend Charlie Russel and I decided we would throw our own party. But focused on IT pros and not the consumer angle. We plan to have a lot of fun, showing the cool features of Windows 7 for IT pros like BitLocker, AppLocker and DirectAccess. We plan to bring a bunch of laptops and show new shell extensions, Powershell, new multitouch features and basically sit around and enjoy hours of Q&A for those that haven't tried it yet. We are even planning on installing Windows 7 on a guest's Macbook to show how well it does using Bootcamp on Apple hardware and even on small netbooks.
I also wanted to send a message out to the Vancouver IT community to clear up some misconceptions. This is a party hosted by Charlie and myself. This is NOT a Microsoft event. Microsoft was gracious enough to let us use their facility and even sprung for some of the cost for pizza. However, they never planned this out. Nor did the local VanTUG and VanSBS groups.
Our party is an INVITATION ONLY event. Because we are limited in our own budget and constrained in where we could have the party... we only have enough room for 75 people. So we could only allow a certain number of our friends to come. Charlie and I decided the best way to handle this would be to simply invite who we wanted, and then open it to our friends at the local user groups on a first come, first served basis. This is why there is a cap on the registration on the event, and why it booked up so quickly.
I am hearing through the grapeline that there is a LOT of descent in the Vancouver IT community who feel that Microsoft, VanTUG and VanSBS did a poor job organizing this. >LET ME BE CLEAR. This is a personal party that Charlie and I organized. If you were lucky enough to get an invitation and registered, great. But if you didn't, don't take it out on Microsoft, the local usergroups or their leaders. It's not their fault!!!
We are using our own money and time to throw this party. Please be considerate and respect that we couldn't invite all of you. I am happy to see there is so much excitement about Windows 7 and that you wanted to party with us. And I am sorry if you feel it isn't fair that you didn't get invited. Please feel free to share your own Windows 7 experience, and host your own party. We may be the only IT pro party during the Windows 7 launch, but nothing says you can't have your own!
So party on. Welcome to a new world. Welcome to Windows 7!
Login failed: Public wi-fi too clunky for mobile customers
News in brief: Low take-up of public wi-fi is put down to complicated login processes...
(silicon.com - Networks)
güncel nod32 keyleri nod32 guncel keyler nod32 guncel key güncel key nod32
Lab Matters - Inside the Sony Hack
Tim Armstrong looks at the timeline of the Sony breach and pieces together the relevant details at each point in time. He discusses the known facts of the case and the potential future fallout.
CA Technologies updates cloud management packages
Cloud 360 and Cloud Commons Marketplace announced...
(silicon.com - Software)
nod32 turkce nod32 full indir nod32 full download full nod32 download
26 Kasım 2011 Cumartesi
How to cope with being unfriended on Facebook according to William Shatner (Yahoo! News)
Yahoo! News - Been unfriended by someone on Facebook recently? Does it make you feel unwanted, useless, and depressed? Fear not — William Shatner will walk you through the horrors of the ultimate form of Facebook rejection. This skit was shown on Jimmy ?
UK Government Releases Cyber Security Strategy
The UK government has ruled out introducing new anti-cyber crime laws, but could employ hackers as part of its new cyber security strategy released today.
A boost to Ministry Defence spending and a one-stop shop for reporting cyber crime are stars of the new policy, but courts will be encouraged "to use existing powers to impose appropriate online sanctions for online offences," according to the report.
Cyber crime will be handled by a single specialist group handled - the new National Crime Agency (NCA) - which will include "those with specialist skills" to back up�police. Otherwise known as good-guy hackers.
Source:
est nod32 key esed nod32 serial esed nod32 antivirus nod32 turkce
SOPA's latest threat: IP blocking, privacy-busting packet inspection
A little-noticed section of the Stop Online Piracy Act could require deep-packet inspection and blocking IP addresses of copyright-infringing Web sites, a significant change from earlier versions.
Six myths of risk assessment
I find it surprising that after more than 30 years of experimentation of risk assessment, many security practitioners continue to apply risk assessment in such a non-intuitive way. There seem to be some rather widespread misconceptions about the nature of the process. I cringe when I hear experienced professionals suggest that risk assessments must be objective and repeatable. Where on earth did they get that impression? Were they taught this on a course? Or did they read it in a standards document? It's not something that occurs in practice.
This has prompted me to try to debunk some of the myths of risk assessment. Hopefully, by speaking out, I might encourage future practitioners to approach the subject with a more critical eye, rather than merely copying the flawed practices of previous generations. So here is my attempt at nailing six common myths of risk assessment.
Source:
Is Twittering safe?
So Susan has been on my case about Twitter for some time now. In a recent round table we were recording she "beat me up" about it, and tonight on IM we had a good discussion about the REAL vs PERCEIVED risks in Twitter.
Susan's biggest complaint is that security minded individuals shouldn't be blindly recommending the use of Twitter without educating the user on 'safe-twittering'. I would say that same logic exists for setting up web pages, blogs and the use of social networking sites like Facebook.
She stepped that up a bit tonight when she blogged her discomfort in the fact the RSA Conference was recommending Twitter as well.
So in an effort to stop spreading the FUD about Twitter insecurity, I wanted to share some of my thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
- Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
- There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her. :-)
- Never click on links in a tweet, unless you trust the URL. If unsure, don't click! The worms that were used to attack Twitter came from people getting users to go to profile pages etc that they had control over for some interesting script attacks. With only 140 chars, its common to "shorten" the URL. Which means you might be clicking on a link blind. That's fine. But only trust shortened URLs that can be previewed BEFORE you go to it. As an example, my recommendation is to use something like TinyURL. However, here is the trick. When you create a TinyURL, use the preview mode. As an example, if you want to send someone to my blog you can use http://tinyurl.com/silverstr to go directly. However, if you use http://preview.tinyurl.com/silverstr it will stop at TinyURL.com and let the user SEE the link before they actually get to it. That is much safer. If using TweetDeck, select TinyURL as the provider, and when it creates the shortened url, simply add "preview." in front of "tinyurl.com".
- Use a 3rd party Twitter client instead of using the Twitter.com website directly. I am a fan of TweetDeck and Twitterfon, but there are tons of different clients out there. Why? It is the lesser of two security evils as it relates to web based attacks in Twitter. Most clients have ways to reduce or turn off linking, prevents the script attacks in profile viewing and generally is just an easier environment to stay protected in. Are these clients free of attack? Of course not. But its another layer of defense. Of course... you need to have trust in your client. But that's a story for another day ;-)
- You never know who is following you. Remember that. As you use Twitter more and more, you never know who might be watching. I recently had someone who has been trying to get an interview with me who follows me on Twitter, knew where I was having coffee one day because of a tweet I wrote (and it's geotag) and ended up coming down to confront me with his resume. Which was inappropriate in my books. But my own fault. I wasn't too concerned.. but it definitely gave me pause when considering my daughter uses Twitter and could be as easily found. Nothing like the potential of being stalked. GeoTagging makes it way to easy to find you. Remember that.
Look, Twitter is addictive. Simple. Short. Fast. A great way to see the thoughts of others you might care about. Ultimately though... like any other Internet based technology it has the potential to be abused... and put you at risk. No different than websites or blogs.
So be careful. Follow these rules and enjoy the conversation!
Trojan:W32/AntiAV
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
esed nod32 keyleri esed nod32 key esed nod32 keys est nod32 key
Duqu First Spotted as 'Stars' Malware in Iran
As we continue to investigate the Duqu targeted attack, there is new information that suggests the malware was created to spy on Iran's nuclear program.
Some background and facts:
Back in April this year, Iran announced it was victim to a cyber-attack with a virus called "Stars." This article offers some additional details on that attack.
We can now confirm that some of the targets of Duqu were hit on April 21, using the same method involving CVE-2011-3402, a kernel level exploit in win32k.sys via embedded True Type Font (TTF) file.
According to analysis by IrCERT (Iran's Computer Emergency Response Team) Duqu is an upgraded version of "Stars":
If we are to believe these reports, then it means that Duqu was created in order to spy on Iran's nuclear program.
Just yesterday (November 4), the United Nations announced it was in possession of plans from Iran to make computer models of a nuclear warheads.
"The annex will also say that more than 10 nations have supplied intelligence suggesting Iran is secretly developing components of a nuclear arms program - among them an implosion-type."
It would not be surprising that Stars and Duqu were used to collect such information.
Reflecting on our Windows 7 birthday party
So this week my buddy Charlie and I threw a Windows 7 party for the IT pro community in Vancouver, BC at the Microsoft office.
The office could only handle 80 people, and we simply had to turn people away. Sorry to those who weren't allowed to come. Many people came early, and hung out in the hallway even before they were allowed in.
With almost a 100 people in that hallway just out of the elevator, that hall was WARM. I felt bad for some of the people as you could tell they were overheating. But we weren't ready to let them in as we set up the rooms with different Windows 7 systems.
When we did open the doors it was a mad rush for everyone to get in where it was cooler and they could grab a cold one and cool down. Thankfully everyone was patient and polite. Thanks to everyone for that!
Once they got in, there were several different rooms that they could go hang out in. In one room, Charlie had brought a HP Media Touchsmart so people could experience the new multi touch functionality of Windows 7. Kerry Brown, a fellow MVP with experience in Windows shell, stayed in the room teaching people all the new shell features like Libraries, Jump Lists etc, and I am told schooled some admins on the nitty gritty of Power Shell. Good job Kerry! Thanks for helping out!!!
It was interesting as everytime I looked in that room, people were surrounded around the device playing with the TouchPack games and with Virtual Earth. It was interesting to hear my buddy Alan comment that his experience on his iPhone with multitouch, especially with Google Earth, was far superior to what he was seeing there. Maybe that is something Microsoft can take away from that. Of course, big difference on a 24 inch monitor and a small iPhone screen. But the point is well taken.
We had the biggest crowds when we did demos in the main presentation room. When I was presenting on DirectAccess security I had my good friend Roger Benes (a Microsoft FTE) demonstrate how Microsoft used DirectAccess themselves. Using the Microsoft guest wireless he connected seamlessly to Microsoft's corpnet, which allowed us to demonstrate the policy control and easy of use of the technology. I am told a lot of people enjoyed that session, with several taking that experience back to their own office to discuss deployment. Thats always good to hear.
Charlie impressed the crowd showing how to migrate from Windows XP and Vista to Windows 7. He demonstrated Windows Easy Transfer and Anytime Upgrades and took the time to explain the gotchas in the experience. He even had me demonstrate XP mode on my laptop so people could see how they could maintain application compatibility with a legacy Windows XP virtualized on Windows 7.
Of course, I had a lot of fun hanging out in the far back room. I got to demonstrate some of the security stuff built into Windows 7 like BitLocker, AppLocker and BitLocker to Go. I was even asked about Parental Controls which I couldn't show on my laptop since its domain joined, but was able to show on a demo box Roger had brought for people to play with.
Some of the more interesting things I helped facilitate was asking my buddy Alan to bring his Macbook in. He is a great photographer who works with Linux and OSX a fair bit, on top of using Windows. Actually, all the photos you see in this post were taken by him. Thanks for sharing them Alan!
Anyways, I convinced him to let us use his Macbook to install Windows 7. He reluctantly agreed, as you can see from the picture below when he was looking at the Snow Leopard and Windows 7 media together. :-)
We had a fair number of people crowd around his Macbook as he went through the process of installing Bootcamp and deploying Windows 7. Interestingly enough, it flawlessly converted that Apple hardware into a powerful Windows 7 system in about 20 minutes.
Charlie and I were REALLY busy. We had presented on different sessions in different rooms throughout the night. Actually, I very rarely even saw him except for a few times when he called me in to help out with a demo. Sorry we couldn't party more together Charlie. And my apologies to those that were looking forward to our traditional "Frick and Frack" show where we banter back and forth.
Many of you may not know that outside of computers, I am an avid indie filmmaker. Actually, that is giving me too much credit. I am an amateur cinematographer at best, who had high hopes that I would get a chance to film everyone's impressions throughout the party. Unfortunately, I was so busy presenting, I had almost NO TIME to get any film recorded. *sigh* Alan did get a snap of a rare moment when I actually caught someone on film.
Of course I can't complain too much. I had a great time getting to show all the neat features in Windows 7, and answering the tonnes of questions that people had.
Of course, when the night finally wound down, it was nice to close out the party and watch the Vancouver skyline change. When we were done, we had the opportunity to hang with our IT friends in Vancouver and bring in the birth of Windows 7.
I have several people I would like to thank for making the evening possible. Charlie and I couldn't have done it without the support of people like Graham from VanTUG, Jas from VanSBS and Roger from Microsoft. Speaking of Microsoft, I have to give a shout out to Sim, Sasha and Ljupco in the MVP team who helped us get through all the red tape to throw the party at Microsoft's office. And many thanks to Brent, Alan and Kerry for helping us out throughout the event. My thanks to all of you.
I hope everyone had a good time. And if anything, Charlie and I hope you learned something that will help you deploy and use Windows 7 in your organizations. Happy birthday Windows 7. Welcome to a new world without walls!
P.S. All the pictures you see here were taken by Alan and used with his permission. You can check out some of his other amazing work at bailwardphotography.com.
Kaydol:
Kayıtlar (Atom)