Protecting your self from the Firesheep extension

Recently a new plug-in was released for Mozilla Firefox called Firesheep. This plug-in is used to capture the user name and password of unsuspecting users connecting to a rather wide array of Web sites, such as Facebook and Twitter, via open wireless networks.
The plug-in was created to drive home the point that Web sites need to take better responsibility for the data of their users and require secure logins that make use of end-to-end encryption.
Firesheep makes hacking really easy (and scary)
Because trying out the technology is part of the fun of blogging, I decided to see what this plug-in was all about and installed it in Firefox. Then I thought I would test it out. Note: I used my own open wireless network and laptops for testing for this article. I did not compromise any user credentials in testing this plug-in.
After installing Fire Sheep, I connected to my Mi-Fi on that computer, and started looking for information.
Then I connected another laptop to the open network, and logged into Facebook. Almost faster than I was logged in, my credentials appeared in Firesheep. Then I logged into Twitter using the web client and the same thing happened there.
This being the first time I had used Fire Sheep, I was a bit surprised at how fast it gathered my information. WOW.
Not only does it capture credentials, logging in with the gathered information is as simple as a double-click.
What if I just stay off of open wireless networks?
This is a good idea in general, however, if someone on your own wireless network is running Firesheep and you log in to one of the affected Web sites, it will grab the credentials and display them in the side bar. The likelihood of anyone running the Firesheep plug in on a known trusted network, i.e., your workplace or home, is probably slim to none, however, it doesn't stop someone from trying.
Why anyone would be using either an open Wi-Fi network or a WEP-encrypted network in a business setting is a bit beyond me. The technology was good enough when it was the only technology available, but WPA runs circles around the older technology and is certainly better than an open network. Because access to information is just as crucial these days as access to the super-secret file cabinet in the HR manager's office, it is best to use the highest level of security offered to ensure the safety of your information, from employees and non-employees alike. The cost of access points today is relatively cheap (depending on what your needs are) and can get your wireless infrastructure up to the WPA standard with very little spend and configuration effort.
What about other browsers?
I tried Chrome, Internet Explorer and Firefox with Firesheep running and was able to capture the credentials for Facebook and Twitter.
What can I do to keep my information safe?
In a previous post, I covered a personal VPN service called WiTopia that encrypts your traffic from your PC all the way to WiTopia's servers. Requests for sites are then sent to the hosts and the response is encrypted back to you, virtually eliminating the problem.
Now that Fire Sheep is around, and I have seen how easy it is to get a hold of information for some sites, the US$60 annual price tag for encrypted data on any connection via a personal VPN is worth the price of admission for me. Especially since you are allowed to install the application on any computers you own (as long as you only use them one at a time).
Note: VPN Connections or other proxies connections that you may have access to will also encrypt your traffic and may be free or provided by your workplace.
Further research shows some Wi-Fi is okay
I tried several types of wireless networks to see which would allow Firesheep to gather information.

• Open - allows easy information capture
• WEP - allows information capture by other connected users
• WPA - does not allow information capture by Firesheep

I was quite surprised that WEP would still allow Firesheep to capture information and glad to know that attempts to collect information on WPA wireless networks did not work.
So what is the bottom line?
There have always been ways to get access to people's data via fairly simple hacking attempts, and especially on unsecured networks, but Firesheep makes it extremely easy for the masses. If you don't already have access to a VPN connection, services like WiTopia are a good way to help ensure your data is a bit more secure when using wireless networks, regardless of their security level.

« Previous pageNext page »

Read More

Create a simple, simulated network with the honeyd tool

Each piece of software in the FreeBSD ports tree comes with a pkg-descr file that offers a summarized description of the software. Using a tool such as pkgsearch, also from FreeBSD ports, you can print the contents of that file to the console without having to type the full path or go to the file the long way. Using pkgsearch to get a description of the net/honeyd port shows this:

:~> pkgsearch -d honeyd
/usr/ports/net/honeyd
DESC:
        Honeyd is a small daemon that creates virtual hosts
        on a network.  The hosts can be configured to run
        arbitrary services, and their TCP personality can be
        adapted so that they appear to be running certain
        versions of operating systems. Honeyd enables a
        single host to claim multiple addresses - I have
        tested up to 65536 - on a LAN for network simulation.

        WWW: http://www.citi.umich.edu/u/provos/honeyd/
        - Dominic 

The honeyd tool can be used to simulate an entire network of vulnerable computers. The standard use case for honeyd is to set up a honeypot network. Wikipedia defines a honeypot, as of this writing, thusly:

In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, (un)protected, and monitored, and which seems to contain information or a resource of value to attackers.

On most of the major open source Unix-like systems--including BSD Unix systems like FreeBSD and Linux-based systems such as Debian--installing honeyd is as easy as a single short command, because it is available through the operating system's standard software management system. Configuration is, in its most basic form, not much more difficult.
Configuration for honeyd is stored in a file of your choosing. A file called honeyd.conf is the most obvious choice. A relatively easy to follow explanation of configuration and deployment is available in the form of an entry in the Ulisses Costa Blog, "Deploying Honeypots with Honeyd".
The O'Reilly book Network Security Hacks offers an overview of setup and use as well. In the second edition, the setup explanation begins on page 400; between that and the following explanation of how to record honeypot activity, the section on honeyd spans thirteen pages.
Only the most cursory, and largely useless, explanation of honeyd could be offered in an article here. You are better off reading other sources for the information. Instead, let this serve as your introduction to where to find the information and why you might want it.
The usual purpose for a honeynet (a virtual network of honeypot hosts) is to serve as either a distraction and delaying tactic for malicious security hackers, allowing network administrators additional options for protecting themselves, or as a way to collect data on the activities of malicious security hackers without being attached to a network of any other hosts. An additional possible use that may not occur to many is that of a test network for practicing beginner-level penetration testing techniques.
One of the benefits of using something like honeyd for practicing some of the basic techniques of penetration testing--network enumeration for instance--is that it is a lot cheaper than building an entire physical test network, and a lot simpler than building a virtual network using virtual machine technology like Virtualbox, VMWare, and Xen.
Considering the licensing issues involved if you need MS Windows hosts in your test networks, the savings can be really shockingly large. Check that number above: the developer has tested honeyd simulating as many as 65,536 honeypot hosts. Doing that with actual MS Windows licenses would cost more than three million dollars with a very generous volume discount.
There are downsides to this approach to simulating penetration testing target networks as well, of course. The simulation of hosts that honeyd provides is in fact fairly rudimentary. If you want to start exploring the possibilities for rootkit installation, be prepared to move up from honeyd to something more robust.
In the end, honeyd's usefulness is whatever you make of it, but whether you want to start learning the ropes of penetration testing, set up a honeynet to delay and confuse would-be attackers, or simply perform some research, it is a tool worth knowing is available. Being open source software, it can be used without charge as well.

Read More

Unique password ,are you sure ? I dont think so

These days it seems like every time we turn around someone has written another article that gives "security" advice directly contradicting actual secure practice:

• Don't use strong passwords! Just use whatever you'll remember!
• It's okay to use one password for everything as long as it's a strong one!
• You don't have to use a strong password as long as it's uncommon!

Those of us that studied even a modicum of logic during our school years should be familiar with the idea of a false dichotomy. The false dichotomy, or false dilemma, is what is known as a formal fallacy of propositional logic. When someone makes an argument based on the idea that there are only two options, thus making a case for choosing one of those options over the other, despite the fact that there are other ignored options that may be preferable, that person is indulging in a classic fallacy of the false dichotomy.
My favorite solution to all of these convenience issues with using strong, unique passwords is to use a password manager. Unfortunately, doing so is still not as easy as using password123 everywhere, and as a result, a lot of people are willing to swallow any ridiculous swill being peddled about how bad security practice is actually "more secure".
The arguments for strong passwords are common and well documented. The most cursory searches should turn up something that will give you the gist of the idea. Unfortunately, the problem of convincing people that every password should be unique might be a little more difficult to solve. Explaining it is not too difficult; just slightly less easy than explaining the importance of a strong password, and its importance is slightly less obvious to the casual observer, so it is done less often.
The best example that comes to mind for what can happen if you do not use unique passwords goes something like this:
John and Jane each have accounts at 40 different Web sites. John uses the same password at all of them because it is too difficult to maintain multiple passwords in his head, while Jane uses a password manager to ensure she can use a different password for each site without having to remember any of them.
Both of them have memberships at example.com, and by some twist of fate, they both end up using the same password, OJ01GzVWR5. In fact, they both use the exact same 40 Web sites. Along comes Pat, a malicious security cracker. Pat manages to bypass the incredibly deficient security at example.com and download the unencrypted database of usernames and passwords.
With this database in Pat's grasp, the malicious security cracker makes a list of a 100 high-value Web sites, mostly including financial institutions. Pat starts running the username and password pairs in the unauthorized copy of the authentication database.
Because Pat's strategy involves entering each username and password combination only once, a direct attempt to access each of the 100 sites once per account name is all that is needed. This neatly avoids problems like the potential of being locked out of a highly secured site. In fact, it turns most sites -- however well-designed -- into a trivial exercise to access under someone else's credentials, as long as some people use the same username and password everywhere.
The end result is that Jane's bank account remains secure, while John's gets cleaned out the next day, and it is all because he took the advice of some security "expert" whose credentials largely consist of a piece of sheepskin and a job at a big-name security vendor that does not actually produce anything innovative. Sometimes, though, when advice sounds too good to be true, that is because it is not true. The perfect example is when someone tells you that you do not need unique passwords to be secure.

Read More

Two simple tricks for better shell script error handling

Word on the street is your shell scripts don't do any error handling. They just chug happily along even when    everything is broken.
Because a lowly shell shell script doesn't need any error handling right? WRONG!
Here are two simple tricks that are easy to use and will make your scripts much more robust.

1. Turn on -e mode (do you feel lucky - punk?)
   In this mode any command your script runs which returns a non-zero exitcode - an error in the world of shell - will cause your script to itself terminate immediately with an error.
   You can do that in your shebang line:
   

   #!/bin/sh -e

   Or using set:
   

   set -e

   Yes, this is what you want. A neat predictable failure is infinitely better than a noisy unreliable failure.
   If you REALLY want to ignore an error, be explicit about it:
   

   # I don't care if evil-broken-command fails
   evil-broken-command || true

   Oh and as long as you're messing with shell modes, -e goes well with -x (which I like to think of as shell X-ray).
   Like this:
   

   #!/bin/sh -ex

   Or like this:
   

   # turn -x on if DEBUG is set to a non-empty string
   [ -n "$DEBUG" ] && set -x

   That way you can actually see what your script was doing right before it failed.
   
2. Use trap for robust clean-ups
   A trap is a snippet of code that the shell executes when it exits or receives a signal. For example, pressing CTRL-C in the terminal where the script is running generates the INT signal. killing the process by default generates a TERM (I.e., terminate) signal.
   I find traps most useful for making sure my scripts clean-up after themselves whatever happens (e.g., a non-zero error code in -e mode).
   For example:
   

   
   #!/bin/sh -e
   
   TMPFILE=$(tempfile)
   trap 'echo "removing $TMPFILE"; rm -f $TMPFILE' INT TERM EXIT
   
   echo TMPFILE=$TMPFILE
   echo hello world > $TMPFILE
   cat $TMPFILE
   # gives user a chance to press CTRL-C
   sleep 3
   # false always returns an error
   false
   
   echo "NEVER REACHED"
   

   Note that you can only set one trap per signal. If you set a new trap you're implicitly disabling the old one. You can also disable a trap by specifying - as the argument, like this:
   

   trap - INT TERM EXIT

Read More

"Operation Payback" attacks to go on until "we stop being angry"

WikiLeaks has been experiencing some issues lately ranging from having its Web hosting services shutdown to having its accounts frozen and the flow of money cut off. Some cheer those actions, while others see them as an attack on liberty and free speech and are coming to WikiLeaks' defense.

Similar Articles:

• 
  WikiLeaks: DDOS Attacks Reflect 'Public Opinion'
• 
  MasterCard Affected in Attacks Over WikiLeaks
• 
  DoS Attacks Hammer WikiLeaks for Second Day Running
• 
  WikiLeaks Hounded Across Internet by Hackers, U.S. Senator
• 
  WikiLeaks Nearly Immune to Takedown, Says Researcher
• 
  WikiLeaks Persists Despite Massive, Multifaceted Attacks

WikiLeaks is no stranger to controversy. Exposing confidential government documents and communications evokes a passionate response--either for or against the activity. The WikiLeaks site has been the target of DDoS (distributed denial of service) attacks--either by government agencies that don't want sensitive information exposed, or by activist groups that believe WikiLeaks is a threat to international diplomacy and national security.

However, there are also hacktivists--a mashup of hackers and activists--who are willing to cross some lines to defend WikiLeaks as well. The Swiss bank that froze WikiLeaks founder Julian Assange's assets, and PayPal--which cut off the WikiLeaks account used for collecting donations to fund the site--have both been targeted by DDoS attacks of their own.
Noa Bar Yossef, senior security strategist for Imperva, commented via e-mail to say, "Operation Payback's goal is not hacking for profit. In the classical external hacker case we see hackers grab information from wherever they can and monetize on it. In this case though, the hackers' goal is to cripple a service, disrupt services, protest their cause and cause humiliation. In fact, what we see here is a very focused attack - knocking the servers offline due to so-called 'hacker injustice'."
Botnets and DDoS attacks are not new. Botnets are exceedingly common. Typically, PCs of unwitting users are compromised in stealth and sit idly waiting for instructions from the attackers. A botnet can harness thousands, tens of thousands, or possibly hundreds of thousands of compromised PCs at one time to mount massive spam distribution or denial of service attacks.
The WikiLeaks defense is a different story, though. Noa Bar Yossef explains, "In this case however, the Operation Payback is recruiting people from within their own network. They are actually asking supporters to download the piece of code, the DDoSing malware itself, that upon wake-up call the computer engages in the DoS. There is no victimized machine as the participants knowingly engage in what they call an act of defiance."
In other words, rather than simply harnessing the combined power of infected machines without the PC owner's knowledge or consent, the Operation Payback hacktivist botnet is actively seeking volunteers to willingly join the botnet and assist in the effort to make organizations pay for trying to silence WikiLeaks.
WikiLeaks walks a very thin line between paragon of freedom of speech and threat to national security. Even if you have strong opinions one way or the other about Wikileaks, I don't recommend volunteering to compromise your PC in support of any hacktivist efforts. You can't be sure that is all the malware is doing, and you might not be able to control or remove the botnet code once your hacktivism days are over.

Read More

Anonymous Shifts On WikiLeaks Strategy, Announces It With A Press Release

The Internet vigilante group Anonymous has been thrust into the spotlight this week as the WikiLeaks story continues to erupt like a media volcano. So like any group at center of a story would do, Anonymous has put out (yes) a press release outlining the motivations behind the attacks on PayPal, Mastercard and Visa and implying a change in strategy after attacks on Amazon never materialized.

“We do not want to steal your personal information or credit card numbers. We also do not seek to attack critical infrastructure of companies such as Mastercard, Visa, PayPal or Amazon. Our current goal is to raise awareness about WikiLeaks and the underhanded methods employed by the above companies to impair WikiLeaks’ ability to function.”

Thus far Operation Payback has orchestrated DDoS attacks on the corporate sites of companies deemed enemies of WikiLeaks after it started releasing thousands of diplomatic cables over Thanksgiving weekend.
The Anonymous hacktivist group behind Operation Payback had its main Twitter account and Facebook pages taken away on Wednesday and has since the been decentralized in its social media efforts. This however didn’t stop one of the splinter accounts from tweeting out the below release, stating that the group essentially did not want to injure the companies targeted, but in fact wanted to “raise awareness.”

“While it is indeed possible that Anonymous may not have been able to take Amazon.com down in aDDoS attack, this is not the only reason the attack never occured. After the attack was so advertised in the media,  we felt that it would affect people such as consumers in a negative way and make them feel threatened by Anonymous. Simply put, attacking a major online retailer when people are buying presents for their loved ones, would be in bad taste.
The continuing attacks on PayPal are already tested and preferable: while not damaging their ability to process payments, they are successful in slowing their network down just enough for people tonotice and thus, we achieve our goal of raising awareness.”

While the logic here is inconsistent (don’t people also use Paypal and Mastercard to buy presents for their loved ones?) the release hints at a kinder gentler Anonymous afraid of (yes) bad press. If so that would explain this further evidence of a more positive pivot, a mission statement asking group members to cull the most interesting parts of the WikiLeaks cables and republish — An action which, granted, does spread more awareness than the firing of a LOIC cannon.

Read More

Terrorist Caught Through Facebook Sting

Gathering evidence on Facebook has become standard legal practice, so a social sting operation was bound to happen. That’s how the Federal Bureau of Investigation caught a would-be terrorist in Baltimore.

An FBI informer made the initial contact with 21-year-old Antonio Martinez after he posted publicly on Facebook about his desire for jihad earlier this fall, according to AFP.
AFP cited a prepared statement by the U.S. Justice Department:

An affidavit filed in support of the criminal complaint alleges that on September 29, 2010, Martinez publicly posted on his Facebook account a statement calling for violence to stop the oppression of Muslims, and that on Oct. 1, 2010, he publicly posted a message stating that he hates any person who opposes Allah and his prophet.

The FBI set Martinez up with a fake car bomb, and then apprehended him when he was about to set it off remotely. He’d rigged the faux explosive in a vehicle parked just outside of a U.S. military recruitment office in a suburban Maryland shopping mall.
Martinez was charged with attempting to murder federal officers and employees, along with the attempted use of a weapon of mass destruction on government property.  He faces possible life in prison for these charges, and is being held in custody until a court hearing scheduled for Monday.
The timing of all this — officials were able to nab this suspect within six weeks of his jihad-seeking post on Facebook — appears brisk compared to the pace of other sting operations. The case may set an example for future continued use of the social network for stings.
Readers, what do you think about the advent of sting operations on Facebook? What effect might this have on the community?.

Read More

Dutch police arrest suspected pro-Wikileaks hacker

Dutch authorities said today that they have arrested a 16-year-old hacker involved in the pro-WikiLeaks attacks on the Web sites of MasterCard and PayPal.
The Dutch National Prosecutors Office said that the teen, who was not named, was arrested by a high-tech crime team last night.

The arrest comes after a group known as Anonymous--a label that's been adopted before by activists who have electronically assaulted the Church of Scientology and the Australian government--organized attacks on Web sites of companies that have distanced themselves from WikiLeaks. Distributed denial-of-service attacks enlist thousands of computers, all making simultaneous connections, in hopes of overwhelming a target.
Visa.com was taken offline briefly yesterday afternoon, though the company told CNET that no payments or transactions were affected. MasterCard.com was unreachable yesterday morning. A Web site for the Swedish prosecution agency, which is trying to extradite WikiLeaks editor Julian Assange on sexual assault allegations, has been targeted too.
Amazon.com was attacked today, but unlike Anonymous' other victims, it has a massive server infrastructure that can bring additional capacity online instantly. That famously robust system proved able to fend off what's being called Operation Payback.
"We have changed our target--the Hive isn't big enough to attack Amazon," AnonOpsNet announced through Twitter. The new target: PayPal's Web-based system for processing payments.
It's unclear how successful those efforts were. A third-party monitoring service operated by WatchMouse.com reports that PayPal was experiencing significant problems in Japan, South Africa, and Germany, but not in the United States or most of Western Europe. The api.paypal.com Web site, however, was inaccessible from CNET's newsroom this afternoon.
Also today:
• Attorney General Eric Holder says the Feds are investigating the pro-WikiLeaks attacks. "We are aware of the incidents," Holder said in Washington today, Bloomberg reports. "We are looking into them." No word on whether the U.S. Department of Justice is looking into the attacks on WikiLeaks itself.
• An article in WalesOnline.co.uk says that alleged WikiLeaks source Bradley Manning, the former Welsh schoolboy who's now facing criminal charges, was barred from receiving visitors. "His family, including his mum Susan who suffers ill health after a series of strokes, is understood to have flown out from Wales to the U.S. to visit him. However, despite their trip, it is understood the request to visit the 23-year-old soldier, who is being held in solitary confinement, was turned down."
• In a very democratic fashion, Anonymous appears to be holding a poll to determine who should be attacked now. The U.S. Senate--that is, senate.gov--is currently in the lead.
• Russian autocrat Vladimir Putin is taking up the cause of WikiLeaks and Assange. "Why was Mr. Assange hidden in jail? Is that democracy? As we say in the village: the pot is calling the kettle black," Putin said.
• Edge.org has a solid collection of essays addressing these questions: "When does my right to privacy trump your need for security? Should a democratic government be allowed to practice secret diplomacy? Would we rather live in a world with guaranteed privacy or a world in which there are no secrets? If the answer is somewhere in between, how do we draw the line?"
• One reason why Anonymous' attack on Amazon.com didn't fare so well: The online retailer's "European datacenter, which formerly hosted the WikiLeaks Web site, accounts for more than a third of all Internet-facing Web servers in Ireland." That's from Netcraft.
• The American Conservative magazine published an article making the conservative case for WikiLeaks. Excerpt: "Conservatives should prefer an explosion of whistle-blower groups like WikiLeaks to a federal government powerful enough to take them down."
• Amazon.co.uk previously sold (for about 7 British pounds) a Kindle book titled "WikiLeaks documents expose US foreign policy conspiracies." The Web page is now offline, but here's Google's cached version.

Read More

Mass-mirroring Wikileaks

                

Wikileaks is currently under heavy attack.

In order to make it impossible to ever fully remove Wikileaks from the Internet, we need your help.

if you have a unix-based server which is hosting a website on the Internet and you want to give wikileaks some of your hosting resources, you can help!

Please follow the following instructions:

* Setup an account where we can upload files using RSYNC+SSH (preferred) or FTP
* Put our SSH key in this server or create an FTP account
* Create a virtual host in your web server, which, for example, can be wikileaks.yourdomain.com
* send the IP address of your server to us, and the path where we should upload the content. (just fill the form below)

We will take care of all the rest: Sending pages to your server, updating them each time data is released, maintaining a list of such mirrors. If your server is down or if the account don't work anymore, we will automatically remove your server from the list.

Our content is only html/css/javascript/png static files, so we don't require much resource to host it.

The complete website should not take more than a couple of GB at the moment (with base website and cablegate data)

To add your mirror to the list, please download the SSH key you will find below, then fill the following form to add your website to our mirror list :
Form

	IP Address of your server *
add ":port" if you are using a port other than 22 for SSH or 21 for FTP, IPv6 should be written with brackets [ ] like [2001:67e::44]:22
	Login we should use to access this server *
	Password we should use, ONLY if we should use FTP
	absolute path where we should upload the html data. *
	Hostname you configured on your http server to serve the pages (if not www.wikileaks.org) *
	I know that this may be dangerous if I host a www.wikileaks.org virtual host, and I'm ok with this risk. *
and also (not required)
	an email address where we can contact you if we saw your server offline or have any other problem (we will keep it confidential)
	Any comment about this mass-mirroring project ?

The KEY you should allow is :


ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtmX4Jx8NGcCEiwEIQAcHKS1s+N9GLzca9Ffu4ItBEB/6jVTEoamnxnYt0WHQ0I+jpN3g/k2lF3MTncUjwrLorWSxPLI6giGTheT4vhLZQOVZV4O+GS0CETMKVsrclPLhHouW891QU84eHACuTh+KUvuhs3pV0EHYHnAVCIs8JuU03ZTNIIuuYFVf7P3BCIa8pnncUcy722ZB7qlWCjjjpBxLGr1/EyOTsZD76Kl8BBoiZDwXCgFzvKYe2NqhqRBb8bo0CP6QyyROxcgBLYtvBJurhMNQ7qTZJBF5DjeDQrCvCZsEwlffV5BFoQY5ISnZgkKC00Ww65y6+EwCZ9WvSw== wwwsync@wikileaks.org



you can also download this key here

this keyfile signatures are:

• ssh fingerprint : 2048 72:16:b8:6a:e4:02:6f:69:ac:b4:7a:6a:9e:00:f1:b0
• sha1sum : f1dde3ec690466fc76f94bcf557ae94ce6e92c56
• md5sum : 95ce4351299d723907e048c81877d3e5
• sha256sum : c1737e11e3e0a5f4e782f75bb99b63fe4523fb29e3b2b8845ee9e53b7f21c3d1
• bubblebabble digest :
  
  
  

  +--[ RSA 2048]----+
  |                 |
  |       .         |
  |o     . .        |
  | =     . .       |
  |E . . o S        |
  |.+ + . +         |
  |..B +            |
  |o=+o             |
  |B*               |
  +-----------------+ 

  more info here:http://213.251.145.96/mass-mirror.html 

Read More

wikileaks secreet status

   Halo selamat malam berikut adalah hidangan malam ini dari saya.
Wikileaks memang sedang controversi tetapi  apakah semuanya
benar saya rasa itu anda yang menilai.Terus terang saja semua ini
entah rekayasa atau bukan tetep menarik untuk di ikuti.


    sayang belum ada yang dari jakarta yang katanya ada 3% wo mari
kita lihat sejauh mana paman sam memegang kartu as di seluruh dunia
termasuk indonesia.nantikan kabar berikutnya .Thanks salam sesat.

Read More