HNS Newsletter
Issue 166 - 16.06.2003.
http://net-security.org

This is a newsletter delivered to you by Help Net Security. It 
covers weekly roundups of security events that were in the 
news the past week. Visit Help Net Security for the latest 
security news - http://net-security.org.


----------------------------------------------------------------
Need to Secure Multiple Domain or Host Names?
----------------------------------------------------------------
Securing multiple domain or host names need not burden you with 
unwanted administrative hassles. Learn more about how the 
cost-effective Thawte Starter PKI program can streamline 
management of your digital certificates.
----------------------------------------------------------------
Click here to download our Free guide:
http://gothawte.com/rd746.html
----------------------------------------------------------------


Table of contents:
 
1) Security news
2) Vulnerabilities
3) Advisories
4) Articles
5) Reviews
6) Security world
7 Virus news


[ Security news ]

 
----------------------------------------------------------------

WHY SCHOOLS SHOULD TEACH VIRUS WRITING
Many antivirus companies oppose new courses on virus writing. 
But Robert thinks it's a great way to develop better virus 
prevention--and nudge would-be hackers toward a productive 
future.
http://www.net-security.org/news.php?id=2831


WIRELESS AUTHENTICATION, ROUTING, TRAFFIC CONTROL AND ACCOUNTING
This document exists to detail one solution to those looking to 
deploy authentication-based, for-profit, tiered network services 
over any Ethernet-based medium that utilizes industry standard 
protocols to tie in with existing OSS resources.
http://www.net-security.org/news.php?id=2832


COMPUTER HACKERS GATHER IN PITTSBURGH
The 29-year-old tavern owner from Berlin, Germany, is leading 
SummerCon, a gathering of roughly 200 hackers in Pittsburgh 
that began Friday and runs through Sunday.
http://www.net-security.org/news.php?id=2833


FEAR DRIVES IRRATIONAL SECURITY DECISIONS
It was bad enough that, before 2001, security companies that had 
products and services to sell generated most of the fear of being 
hacked on the Internet. But after the 9/11 terrorist attacks, 
things got wonky.
http://www.net-security.org/news.php?id=2834


GIBRALTAR PATCHES SOLARIS SERVERS
Gibraltar Software introduced an appliance that remotely 
patches Solaris servers.
http://www.net-security.org/news.php?id=2835


OVERCOMING "SECURITY BY GOOD INTENTIONS"
Last week Microsoft announced plans to revise the process it uses 
to provide patches that fix problems with its software.
http://www.net-security.org/news.php?id=2840


ADDING SECURITY TO THE CERT
Shiftless third-party prep courses have made MCSE certification 
less valuable. Is Microsoft's new security cert doomed to the 
same fate?
http://www.net-security.org/news.php?id=2841


CIA SPIES SHUN COMPUTERS
In the movies, spies and intelligence agents are the ones with the 
cool gadgets and state-of-the-art equipment, but their real life 
counterparts are far behind.
http://www.net-security.org/news.php?id=2842


THE TWO FACES OF FOUNDSTONE: SOFTWARE PIRACY PROBLEMS
A leading computer-security company is accused of software piracy.
http://www.net-security.org/news.php?id=2843


GARTNER: PESCATORE COMMENTS ON STATE OF ENTERPRISE SECURITY
Formerly with the National Security Agency and Secret Service, 
Gartner Inc. vice president John Pescatore has the perspective 
and experience to comment on just about everything related 
to IT security.
http://www.net-security.org/news.php?id=2844


IT EXECS SHARE SECURITY CONCERNS
Insider threats from employees and trading partners, interconnected
networks with no clear boundaries, and the potential for terrorist 
cyberattacks against corporate networks are among the top worries 
for technology managers.
http://www.net-security.org/news.php?id=2845


POLICE TO SIGN UP IT SPECIAL CONSTABLES IN WAR ON HACKERS
Home Office plans on cybercrime strategy will pool expertise from 
police, government and business.
http://www.net-security.org/news.php?id=2846


THE ENEMY WITHIN: FIREWALLS AND BACKDOORS
This article presents an overview of modern backdoor techniques, 
discusses how they can be used to bypass network firewalls.
http://www.net-security.org/news.php?id=2847


PGP ENCRYPTION PROVES POWERFUL
If the police and FBI can't crack the code, is the 
technology too strong?
http://www.net-security.org/news.php?id=2849


AOL SPAM FILTERS GO AWRY
America Online has been blocking an undisclosed number of Comcast 
subscriber e-mails since late last week and is in the process of 
resolving the problem.
http://www.net-security.org/news.php?id=2850


HACKERS DEVELOP TOOLS TO THWART FORENSICS
Anti-forensics tools and skills to thwart investigators are emerging 
in the underground hacker scene.
http://www.net-security.org/news.php?id=2851


TAKING THE THREAT OUT OF IP VOICE
Once corporate users have tested voice over IP and proven that 
it works, they face one last hurdle: making sure it's secure.
http://www.net-security.org/news.php?id=2852


RETAILERS BACK ONLINE SECURITY SCHEME
Good news for e-commerce as 4,000 European retailers join 
Verified by Visa initiative.
http://www.net-security.org/news.php?id=2853


INDUSTRIAL SECURITY GETS A LINUX LOCK
Control-system specialist Verano has introduced a service and 
software package to help companies protect their critical 
infrastructure from digital attacks.
http://www.net-security.org/news.php?id=2854


WI-FI IS BOOST, NOT BANE, TO SECURE NETWORKS - INTEL
High-speed wireless computer networks, or Wi-Fi, are notoriously 
vulnerable to unauthorized intrusion, but that may actually help 
to sell companies on the need to embrace the technology.
http://www.net-security.org/news.php?id=2855


FEDS WARN BANKS ABOUT INTERNET ATTACK
The government is warning financial institutions about a 
virus-like infection that has targeted computers at roughly 
1,200 banks worldwide, trying to steal corporate passwords.
http://www.net-security.org/news.php?id=2856


MICROSOFT TO FIGHT VIRUS WRITERS HEAD ON
Microsoft is develop ing its own anti-virus software to combat 
the malicious programs plaguing users.
http://www.net-security.org/news.php?id=2857


REALITY CHECK: HOW SAFE IS LINUX?
Many of the programs included in Linux distros have programming 
errors that lead to things like privilege escalation, whereby a 
common user tricks a program into thinking it has more privileges 
than it does, says Guardian Digital CEO Dave Wreski.
http://www.net-security.org/news.php?id=2858


HACKER ARRESTED IN INDIAN CREDIT CARD SCAM
An Indian computer engineer has been arrested for hacking into 
computers belonging to foreign banks and using their databases 
to operate a credit card scam, police said yesterday.
http://www.net-security.org/news.php?id=2859


CIA: AGENCY'S HIGH-TECH SKILLS EXAGGERATED
The Central Intelligence Agency is so afraid of losing sensitive 
information to hackers that its analysts work on outdated and 
poorly integrated computers, according to a newly declassified 
report.
http://www.net-security.org/news.php?id=2861


NEW WPA WIRELESS SECURITY COMING SOON
Virtually no one has a kind word to say about WEP, the standard for 
securing data transmissions on Wi-Fi networks. WEP, which relies on 
cryptography that can be cracked with a half-hour of laptop time, 
isn't well-defended, but until recently it's all Wi-Fi fans had.
http://www.net-security.org/news.php?id=2862


STORAGE AND SECURITY: HOW REAL IS THE THREAT?
Partially at the behest of a reader, we take a look at the 
storage-security nexus.
http://www.net-security.org/news.php?id=2865


TURNING THE SEGA DREAMCAST INTO A LINUX FIREWALL/ROUTER
This highly detailed 101-page how-to article provides the necessary 
background and procedures to turn a SEGA Dreamcast gaming console 
into a Linux-based software router with firewalling and virtual private 
networking capabilities.
http://www.net-security.org/news.php?id=2866


STUDENT HACKS SCHOOL, ERASES CLASS FILES
Highlighting the vulnerability of most computer networks, a 
17-year-old student taking a networking course was arrested for 
hacking into his school's computers and erasing folders belonging 
to the junior class, New York State Police said Tuesday.
http://www.net-security.org/news.php?id=2867


PROBLEM SOLVER: GETTING VPN TO WORK THROUGH NAT FIREWALLS
With the rising popularity of telecommuting and the increasing need 
to protect their electronic assets, companies large and small have 
been turning to Virtual Private Networking (VPN).
http://www.net-security.org/news.php?id=2868


MEDIA BIG HITTERS SLAM DIGITAL DISTRIBUTION SECURITY
A lack of secure standards for distributing digital content is 
threatening to hold back the development of the media, 
software and consumer technology industries.
http://www.net-security.org/news.php?id=2869


FTC: BLAME FOREIGNERS FOR SPAM
The U.S. Federal Trade Commission wants broader powers to crack 
down on foreign e-mail fraud. The worst varieties of spam are 
increasingly coming from overseas, it says.
http://www.net-security.org/news.php?id=2870


EFFECTS OF WORMS ON INTERNET ROUTING STABILITY
This article discusses the impact of worms on Internet endpoints 
and infrastructure, as well as their impact on global routing 
instability throughout the Internet.
http://www.net-security.org/news.php?id=2871


MAGAZINE, UNIVERSITY DRAW IRE OF ANTIVIRUS INDUSTRY
First the University of Calgary announced plans to offer a class in 
writing computer viruses and other destructive programs. Then 
Wired magazine published the code of a virus-like program that 
caused mass havoc on the Internet this year.
http://www.net-security.org/news.php?id=2872


REAL-TIME ALERTING WITH SNORT, PART 1 OF 3
Snort is built to perform one task and perform it very well. It does 
a magnificent job of detecting intrusions. Anything beyond intrusion 
detection is left up to you to handle. One capability you should 
add is real-time alerting.
http://www.net-security.org/news.php?id=2873


TURNING THE NETWORK INSIDE OUT
We challenged networking and firewall vendors to design an 
enterprise that's secure from the perimeter to the core. Their 
responses give us a glimpse into the future of network security.
http://www.net-security.org/news.php?id=2874


SPAM 'MORE OF A MENACE THAN HACKERS'
Viruses are the number one fear of computer users, but concern 
over the growing problem of junk email is increasing.
http://www.net-security.org/news.php?id=2875


INTERVIEW: CAN OUTSOURCING AID SECURITY?
Stijn Bijnens, chief executive at security specialist Ubizen, explains 
the latest advances and the case for outsourcing.
http://www.net-security.org/news.php?id=2876


HONEYPOTS: ARE THEY ILLEGAL?
Honeypots are a new and emerging technology for the security 
community. The purpose of this paper is to address the most 
commonly asked issues.
http://www.net-security.org/news.php?id=2877


GIVE STATES THE RIGHT TO PROTECT PRIVACY
Congress should let them pass their own laws regulating the sharing 
of financial data - and thus strengthen the credit system.
http://www.net-security.org/news.php?id=2878


DEFENDING YOUR DNS: BEST PRACTICES FOR RELIABLE DNS AND DHCP
Well-publicized attacks against DNS root servers and top-level 
domains highlight the vulnerability of the DNS infrastructure.
http://www.net-security.org/news.php?id=2879


PRIVACY AND ANONYMITY IN E-MAIL
As convenient as email is, it leaves much to be desired in terms 
of protecting the privacy of messages.
http://www.net-security.org/news.php?id=2880


CALIFORNIA MAN TO PLEAD GUILTY IN AL-JAZEERA HACKS
A 24-year-old California man will appear in court on Monday to 
answer charges that he hijacked the Internet domain of Arabic 
news service Al-Jazeera in March.
http://www.net-security.org/news.php?id=2881


SHARE VULNERABILITIES OR NOT?
First the University of Calgary announced plans to offer a class in 
writing computer viruses and other destructive programs.
http://www.net-security.org/news.php?id=2882


DO NO HARM: HIPAA'S ROLE IN PREVENTING ID THEFT
With the Health Insurance Portability and Accountability Act (HIPAA) 
privacy deadline recently passed, most health care providers and 
plan companies are preparing to implement the final rule for security.
http://www.net-security.org/news.php?id=2883


BUSINESS SECURITY DEPENDS ON PEOPLE
Patents and copyrights aren’t enough to safeguard a company’s 
treasures, according to Curtis Coleman. The director of worldwide 
electronic security for Seagate Technology touts the need for an 
increasing holistic view of corporate security in a competitive world.
http://www.net-security.org/news.php?id=2884


SECURITY EFFORTS FOR DATA IN MOTION SHOULD BE PUT TO REST
Everybody knows that it is easier to hit a stationary target than a 
fast-moving target. Yet, an enormous amount of resources are being 
used to encrypt data in motion, while any smart hacker can tell you 
that data at rest is that much easier to decode and transmit to a 
second location.
http://www.net-security.org/article.php?id=507

----------------------------------------------------------------




[ Vulnerabilities ]


All vulnerabilities are located here:
http://www.net-security.org/archive_vuln.php


----------------------------------------------------------------

ike-scan Local Root Format String Vulnerability
http://www.net-security.org/vuln.php?id=2759


Progress _dbagent -installdir dlopen() Vulnerability
http://www.net-security.org/vuln.php?id=2758


Progress PATH based dlopen() issue Vulnerability
http://www.net-security.org/vuln.php?id=2757


Post-Nuke Cross Site Scripting Vulnerability
http://www.net-security.org/vuln.php?id=2756


Sphera Hosting Director Control Panel Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2754


NucaWeb Server Directory Traversal Vulnerability
http://www.net-security.org/vuln.php?id=2753


HP-UX Multiple Security Vulnerabilities
http://www.net-security.org/vuln.php?id=2752


Nokia GGSN Denial of Service Vulnerability
http://www.net-security.org/vuln.php?id=2751


Spyke PHP Board Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2750


Etherleak Information Leak in Windows Server 2003 Drivers
http://www.net-security.org/vuln.php?id=2749


FTP Voyager File List Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2748


SmartFTP Multiple Buffer Overflow Vulnerabilities
http://www.net-security.org/vuln.php?id=2747


LeapFTP "PASV" Reply Buffer Overflow Vulnerability
http://www.net-security.org/vuln.php?id=2746


FlashFXP Multiple Buffer Overflow Vulnerabilities
http://www.net-security.org/vuln.php?id=2745


Cross Platform Browser Vulnerabilities
http://www.net-security.org/vuln.php?id=2744


Internet Explorer URL Spoofing Threat
http://www.net-security.org/vuln.php?id=2743


SPChat 2.0 for PHP-Nuke and SPChat 0.8.0 Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2742


Son hServer v0.2 Directory Traversal Vulnerability
http://www.net-security.org/vuln.php?id=2741


Philboard Forum Administration Bypass Vulnerability
http://www.net-security.org/vuln.php?id=2740


ICQLite Executable Trojaning
http://www.net-security.org/vuln.php?id=2739


URLScan Detection Vulnerability
http://www.net-security.org/vuln.php?id=2738


ImageFolio Versions admin.cgi Directory Traversal 
and Arbitrary File Deletion Vulnerabilities
http://www.net-security.org/vuln.php?id=2737


MERCUR Mail Server v.4.2 Multiple Buffer Overflow Vulnerabilities
http://www.net-security.org/vuln.php?id=2736


Max Web Portal Multiple Vulnerabilities
http://www.net-security.org/vuln.php?id=2735


Speak Freely Multiple Remote and Local Vulnerabilities
http://www.net-security.org/vuln.php?id=2734

----------------------------------------------------------------




[ Advisories ]


All advisories are located at:
http://www.net-security.org/archive_advi.php


----------------------------------------------------------------

Debian Security Advisory - New webmin packages fix 
remote session ID spoofing
http://www.net-security.org/advisory.php?id=2121


Debian Security Advisory - New lyskom-server packages 
fix denial of service
http://www.net-security.org/advisory.php?id=2120


SuSE Security Announcement - radiusd-cistron
http://www.net-security.org/advisory.php?id=2119


Apple Security Advisory - Apache 2.0 and dsimportexport 
Security Vulnerabilities
http://www.net-security.org/advisory.php?id=2118


Mandrake Linux Security Update Advisory - kernel
http://www.net-security.org/advisory.php?id=2117


Debian Security Advisory - New cupsys packages fix 
denial of service
http://www.net-security.org/advisory.php?id=2116


Debian Security Advisory - New slashem packages fix 
buffer overflow
http://www.net-security.org/advisory.php?id=2115


Debian Security Advisory - New nethack packages fix 
buffer overflow, incorrect permissions
http://www.net-security.org/advisory.php?id=2114


Debian Security Advisory - New gnocatan packages fix 
buffer overflows, denial of service
http://www.net-security.org/advisory.php?id=2113


Debian Security Advisory - New atftp packages fix buffer overflow
http://www.net-security.org/advisory.php?id=2112


Debian Security Advisory - New ethereal packages fix buffer 
overflows, integer overflows
http://www.net-security.org/advisory.php?id=2111


Debian Security Advisory - New eterm packages fix error 
introduced in DSA-309-1
http://www.net-security.org/advisory.php?id=2110


Immunix Secured OS Security Advisory - tetex, psutils, 
w3c-libwww
http://www.net-security.org/advisory.php?id=2109


Mandrake Linux Security Update Advisory - ghostscript
http://www.net-security.org/advisory.php?id=2108


SGI Security Advisory - Imperfect Broadcast Address Checking
http://www.net-security.org/advisory.php?id=2107


SGI Security Advisory - Potential Denial of Service 
using PIOCSWATCH ioctl
http://www.net-security.org/advisory.php?id=2106


OpenPKG Security Advisory - gzip
http://www.net-security.org/advisory.php?id=2105


SGI Security Advisory - WebSetup / WebMin Security 
Vulnerability
http://www.net-security.org/advisory.php?id=2104


Debian Security Advisory - New powerpc kernel fixes 
several vulnerabilities
http://www.net-security.org/advisory.php?id=2103


Apple Security Update - Apple File Service Arbitrary Files 
Overwriting and Directory Services Clear Text Password 
Potential Vulnerabilities
http://www.net-security.org/advisory.php?id=2102


Debian Security Advisory - New xaos packages fix improper 
setuid-root execution
http://www.net-security.org/advisory.php?id=2101


Debian Security Advisory - New kernel packages fix 
several vulnerabilities
http://www.net-security.org/advisory.php?id=2100


Gentoo Linux Security Announcement - aftp
http://www.net-security.org/advisory.php?id=2099


Gentoo Linux Security Announcement - mod_php php
http://www.net-security.org/advisory.php?id=2098

----------------------------------------------------------------




[ Featured articles ]


All articles are located at:
http://www.net-security.org/articles_main.php

Articles can be contributed to staff@net-security.org


----------------------------------------------------------------

UNIX SECURITY: THE FORMMAIL HACK
Is your Web server being used as a Spam Mail relay? It could be, 
and it doesn't even need a daemon listening on the SMTP port. 
How's it done, and how do you prevent your system from 
becoming a target?
http://www.net-security.org/article.php?id=503


TRUSTIX SECURE LINUX 2.0 BETA 3 RELEASED
Trustix team announced that Trustix Secure Linux 2.0 beta 3 (aka
Lightning) is available for download. As this is a beta release, it is 
not intended for usage on production servers, but rather for 
testing it and sending your feedback to Trustix.
http://www.net-security.org/article.php?id=504


TEACHING HOW TO CREATE MALICIOUS CODE
In universities around the world, a question has arisen about 
computer studies syllabuses: should students be taught how 
to create viruses and malicious code?
http://www.net-security.org/article.php?id=505


INTRUSION DETECTION
This paper discusses what is an intrusion detection system, the 
models and the main techniques.
http://www.net-security.org/article.php?id=506


SECURITY EFFORTS FOR DATA IN MOTION SHOULD BE PUT TO REST
Everybody knows that it is easier to hit a stationary target than a 
fast-moving target. Yet, an enormous amount of resources are being 
used to encrypt data in motion, while any smart hacker (in its 
negative context of somebody trying to obtain data not intended 
for them) can tell you that data at rest is that much easier to 
decode and transmit to a second location.
http://www.net-security.org/article.php?id=507

----------------------------------------------------------------




[ Reviews ]


All reviews are located at: 
http://www.net-security.org/reviews.php 


----------------------------------------------------------------

SONICWALL PRO
SonicWALL's line of firewalling appliances are recommended for 
small- to medium-sized networks in various environments. Michael 
Oliveri, as a user of a SonicWALL product for the past four years, 
shares his experiences.
http://www.net-security.org/review.php?id=75


ORACLE PERFORMANCE TUNING
Writing a good Oracle performance tuning book involves a lot of 
time and effort. To us, as readers, this book will offer a good 
fundamental knowledge and serve as a good lead to further 
expand our Oracle performance tuning knowledge.
http://www.net-security.org/review.php?id=76


SPECIAL EDITION USING WINDOWS XP PROFESSIONAL
In the information era, the number of improvements in operating 
systems grows rapidly. Fighting with our time, working all day, 
we spend hours and hours learning to cope with new technologies 
and the need for information and the need for books. Differencing 
quality from quantity, I present you this beginner's complete 
reference for the newest end user Microsoft operating system.
http://www.net-security.org/review.php?id=77

----------------------------------------------------------------




[ Security world ]


All press releases are located at:
http://www.net-security.org/press_main.php


----------------------------------------------------------------

Central Command Offers Existing RAV Antivirus Customers A Twenty 
Five Percent Discount To Upgrade To Vexira Antivirus Solutions
http://www.net-security.org/press.php?id=1470


Ibas and HP Join Forces - Leading the Way in Reliable 
Erasing of Sensitive Data
http://www.net-security.org/press.php?id=1469


Finnish Parliament switches to F-Secure Anti-Virus
http://www.net-security.org/press.php?id=1468


Trend Micro Only Vendor To Earn Certification For Antivirus 
Products From National Information Assurance Partnership
http://www.net-security.org/press.php?id=1467


80% of Network Attacks Avoidable with Intrusion Prevention 
Technology, Reveals Study of Interxion's Network
http://www.net-security.org/press.php?id=1466


GeCAD’s Antivirus Technology to be Acquired by Microsoft
http://www.net-security.org/press.php?id=1465


Panda Software Welcomes Microsoft Initiatives For 
Improved Computer Security
http://www.net-security.org/press.php?id=1464


Rosco Lowers Total Cost Of Ownership For Smart Card Issuers
http://www.net-security.org/press.php?id=1463


Trapeze Networks Raises $34 Million in Up Round
http://www.net-security.org/press.php?id=1462


Indicii Salus Backs eSecurity for Britain
http://www.net-security.org/press.php?id=1461


Network Associates' McAfee SpamKiller Dominates Consumer 
Anti-Spam Space with Over 90% Retail Market Share
http://www.net-security.org/press.php?id=1460


IBM ISV Trustix Strengthens UK Team
http://www.net-security.org/press.php?id=1459


Online Credit Card Transactions Go Mobile
http://www.net-security.org/press.php?id=1458


Neoteris Adds NetIQ to Leading Technology Partnership Base
http://www.net-security.org/press.php?id=1457


SSH Certifier to Provide Secgo with a Flexible, Scalable 
Authentication Platform for Using and Managing Digital 
Certificates
http://www.net-security.org/press.php?id=1456


F-Secure Delivers Information Security to Alma Media
http://www.net-security.org/press.php?id=1455


Bugbear.B on the Increase Again as Businesses Return to Work
http://www.net-security.org/press.php?id=1454


ActivCard Announces Commencement of Follow-on Exchange Offer
http://www.net-security.org/press.php?id=1453

----------------------------------------------------------------




[ Virus News ]


All virus news are located at: 
http://www.net-security.org/viruses.php 


----------------------------------------------------------------

Panda Spots a New Damaging Worm "Trile"
http://www.net-security.org/virus_news.php?id=255


Weekly Virus Report - Mapson, Lentin.R and Naco.F Worms
http://www.net-security.org/virus_news.php?id=254

----------------------------------------------------------------

Questions, contributions, comments or ideas go to:
 
Help Net Security staff
staff@net-security.org
http://net-security.org

----------------------

Subscribe to this weekly digest on:
http://www.net-security.org/subscribe.php

Unsubscribe by sending the e-mail address you are subscribed
with to: info@net-security.org with UNSUBSCRIBE in the message body.

The archive of the newsletter in TXT and PDF format is available 
http://www.net-security.org/newsletter_archive.php


----------------------------------------------------------------
Need to Secure Multiple Domain or Host Names?
----------------------------------------------------------------
Securing multiple domain or host names need not burden you with 
unwanted administrative hassles. Learn more about how the 
cost-effective Thawte Starter PKI program can streamline 
management of your digital certificates.
----------------------------------------------------------------
Click here to download our Free guide:
http://gothawte.com/rd746.html
----------------------------------------------------------------