Security News, Vulnerabilities, Data Breaches, Website Security
Can you protect yourself on Social Media?
Mar 1st
- Image via Wikipedia
One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace and others can be the downfall of valuing information. The ability to share and provide information is completely the opposite of network security requirements. This is really encouraging people to do things that are not security conscious activities. Social media encourages:
- Lack of privacy
- Encouraging information sharing
- Giving away answers to security questions
- Social engineering
As we have seen recently, a lot of spam, spyware and malware is attacking social network. Just in the past week I have probably gotten a 100 requests to be my friend on Facebook from people who i do not know and funny enough, all the message have the exact same personal message. Malicious people are attracted to social networks because of the ease of gaining trust and availability of data for social engineering. Relationship building is easier through social media which can easily lead to phishing attacks.
With these sites, people install applications without knowing what goes on in the background, and its easy to download malicious code to your computer. There are no external third party audits of these applications before the make it to your Facebook application. Your computer can be easily infected by a virus or spyware.
What does the Social Media user to to protect their information?
No Personal information – This is anti-social network, but there are things you can limit about what you post. Don’t post your Birthday! Or your address, or your mothers middle name or any really personal data.
Limit who can view and contact you – Don’t let your profile be truly public, restrict to people you know for requested users. Remember you can’t retract information you put out there.
Dont trust strangers – Your mother was right, don’t open the door to strangers. Limit who you accept chat or friend requests from and well as even communicate with.
Trust no one – People lie, its sad but true. So profiles lie, they might say they went to your college or high school. They might be interested in your groups, so dont take anyone at their word.
Restrict your privacy – There are a some configuratin setting in all the social media applications that can allow you to turn on some restrictions on your privcay. Take a minute to actually look at them. One easy example is in Facebook you can creat groups that you can place friend in, you don’t want business people seeing what your friends are posting.
Password management – An oldie but a goodie, always use a strong password and don’t share it. And change it periodically.
Layers of protection – You should be running a personal firewall and antivirus software on the machine you are viewing social networks. This will help if a malicious piece of software tries to download something to your machine. Keep your protection software up to date as well and run the patch management software on your machine, this is especially important for you Windows users.
Child protection software – You should have some kind of child protection software running on machines where children under 13 are using. This will help with all that shady software that is out there.
Gary Bahadur
http://twitter.com/kraasecurity
Address: 200 Se 1st St #601 Miami FL 33131
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test
Related articles by Zemanta
- Half of Online Adults Use Social Networks at Least Monthly (seekingalpha.com)
- Firms worry about social networks, but don’t block access (arstechnica.com)
- Google Buzz proves problems with single online identities (thewayoftheweb.net)
- Are Consumers Becoming More Suspicious of Social Networks? (marketingvox.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=6e138ad0-af9e-40d2-ab77-da1094d4aa21)
When will Vendors provide Risk Assessments of their products?
Feb 17th
- Image via Wikipedia
If you drive a car and every week you have to get something fixed it would prove pretty annoying, disgusting, outrageous and you probably you would never buy that model again and probably wouldn’t by from that manufacturer either. So why do we accepts buggy software that is vulnerable to things like cross site scripting attacks, buffer overflows, malware and such? But we do that everyday. Everything from vulnerable operating systems such as Windows to vulnerable applications such as Adobe and weak website such as Facebook.
As stated by CIO.com, “SANS and Mitre, a Bedford, Mass.-based non-profit, federally funded technology research and development organization, today is also releasing its second annual CWE/SANS Top 25 list of the most common programming errors currently being made by software developers. The authors say the errors on the list are responsible nearly every major type of cyber attack, including the recent intrusions at Google (GOOG), and numerous utilities and government agencies.” The biggest companies are culprits.
So what are we do to about buggy software? May scream “I’m mad as hell and I am not going to take it anymore!” Might feel good for a second or two, but not going to solve the almost daily patch process we have to go through for our software. Patch management is a thriving sector!
As I see it, some theoretical things the end user can do to change the deadly cycle of poor software:
- Sue! I don’t know if that’s possible, but if you bought a car with bad acceleration problems (ahem Toyota) you might just sue the manufacturer if you got into an accident. What can we do that if some hacker breaks in through buggy software?
- Stop buying from that vendor! Apple seems to be taking this tactic by not allowing Flash on the IPad. But can we all move away from Microsoft tomorrow? Probably not.
- Make the vendors conduct Risk Assessments of their products prior to release. A third party risk assessment is probably a good idea. Something with more teeth than a SAS70 type review.
Related articles by Zemanta
- Apple vs. Microsoft: Making Platform Enemies and Friends (seekingalpha.com)
- Adobe Reader And Acrobat Get Yet Another Security Update (ghacks.net)
- Microsoft investigates new Internet Explorer flaw (news.cnet.com)
- Google readies Flash for Android devices (infoworld.com)
Gary Bahadur
http://twitter.com/kraasecurity
Managed Firewall
Managed Vulnerability Scanning
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=5940a61e-7193-4971-a98b-6547400ef860)
What is the value of a Data Breach?
Jan 27th
- Image by Getty Images via Daylife
SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of Data Breach” study released on Monday by the Ponemon Institute… The study, which examined the experiences of 45 U.S. companies that suffered breaches last year, also found that the number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009. In addition, data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches.” There are a number of ways to protect your data in transit such as PGP Encryption but when the companies looses data, there isnt much the end user can do to protect themselves.
Thats a lot of money. If we look at the data breach of Heartland, which was over 100 million records, that, well let me do the math, may take a minute. Its $20,400,000,000. Thats a lot of money. Condidering I was a shopper mostlikely of Heartland, I do not recall getting a check from anyone for $204. I will not hold my breath for that. We all asked if the retailers like Heartland and TJ Max had a PCI Audit done. Would this have protected our information?
So far, I am pretty sure I recieved a letter offering me free 2 year credit monitoring from Chase, Citibank, Bank of America and Countrywide because thet lost my records. I am waiting for my check for $204 from each of those companies. Also, over the past few years I have had to have my credit cards replaced with Chase, American Express, and several Visa versions. So I am still waiting for those $204 checks. Maybe in total I am owed about 9x$204=$1,836. That will be a nice check when I get it.
Security Requirements
So what can a company do to help reduce these data breaches? The easy answers, yet not implemented, include:
1) Encryption of back-up data and tapes
2) Conduct yearly Vulnerability Assessments
3) Conduct Quarterly or Monthly Vulnerability Scanning
4) Implement a Data loss prevention solution
5) Go through a PCI Audit or HIPAA Security Assessment yearly
Related articles by Zemanta
- Data breach costs continue to rise (v3.co.uk)
- Survey: Data breaches from malicious attacks doubled last year (news.cnet.com)
- Breach numbers fall while costs rise Ponemon study finds (v3.co.uk)
Regards
Gary Bahadur
http://twitter.com/kraasecurity
Managed Firewall
Managed Vulnerability Scanning
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f1ed6c34-1f2a-4642-b40c-ac12e03f3b45)
Ponemon Institute Cyber megatrends – Some Additions Needed
Nov 28th
Ponemon Institute recently released their Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change may not be the trend. Secondly, I suggest adding Vendor Risk Management. The vendor does not have to be offshore to pose a problem. Vendors are so integrated into companies and business processes that they are like an employee but are not subjected to the same Network Security Assessment requirements in many cases.
Its a difficult thing to try and forecast. The good thing about it is that no one really remembers your forecaste anyway.
Regards
Gary Bahadur
http://twitter.com/kraasecurity
Managed Security Services
Managed Firewall
Managed Vulnerability Scanning
++++++++++++++++++++++++++++++++++++++++++++++++
Cyber Security Mega Trends Study
Prepared by Dr. Larry Ponemon, November 18, 2009
Related articles by Zemanta
- Think Tank Study Shows Top Web Trends Are Security Risks (readwriteweb.com)
- The cloud is a powder keg (myventurepad.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=b7fe4b47-d582-49fc-8e62-74349ac6b73d)
HIPAA Vendor Compromised Healthcare Records
Nov 12th
This is story that is several months old, but as I came across it, i thought it would make a good point. A vendor handling healthcare records has lost social security numbers of people in March of 2009. In this case, Health insurer Aetna, Inc., is reportedly providing 65,000 individuals with free credit monitoring for a year after its job application Web site was breached, the Associated Press has reported.
The Web site, which was maintained by an outside vendor, had Social security numbers of current and past employees and individuals who received job offers from the insurer, the AP reported.
The site reportedly held e-mail addresses for about 450,000 individuals who had applied for jobs or submitted resumes to the company and were waiting to be notified about job openings. Spokeswoman Cynthia Michener said Aetna doesn’t know how many were copied, but the site has been disabled and is undergoing a “thorough forensic review” or you can say network security audit by an outside company.
So here we have a health insurer compromising personal data. People already recieve so much spam email that their real email is suspect. If your provider Aeata seems to be sending ligitimate emails to you, that can get confusing.
As noted in the article “This is not the first time the Hartford, Conn.-based insurer has had to provide free credit monitoring services. In April 2006, Aetna notified approximately 38,000 members that an employee’s laptop computer containing certain personal member information was stolen from a car in a public parking lot.”
If a compromise occurs once, you would think that a lot of new HIPAA data security protections would be put in place. But as we see in almost all industries, its very hard for a company to learn from its mistakes. Maybe there will not be a third time after this second breach.
Gary Bahadur
baha@kraasecurity.com
http://www.kraasecurity.com
http://twitter.com/kraasecurity
Managed Security Services
Managed Firewall
Managed Vulnerability Scanning
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=d25ea83e-d17c-440a-b00c-2001ab64b257)
HIPAA Compliance Data Breach with a Foreign Supplier
Nov 3rd
Recently, the Economic Times Report in India discussed a successful “Sting operation by a UK agency in which some health related data was bought from a medical transcription company” . What this means is all that perosnal and HIPAA confidential data that was being transfered for transcription got stolen in the most likely scenario. There have been few stories of this type of Data Breach so far. The Suppliers to US companies have not made the headlines but this might be just the begining fo that wave. The two components of HIPAA Security are Logical and Physical Security. Remote partners can easily breach your logical security controls.
Is there any real view that the US can export the security laws such as HIPAA Security to all parts of the world that handle US customer data? How do you monitor the activities of your suppliers once the data has left yoru network? In the US, a company can control all the security devices such as Firewalls, Intrusion Detection Systems, Antivirus on Servers and Patch Management of servers hosting confidenial data. There are all parts of most security regulations including PCI, SOX, GLBA and more. But the endpoint of security has left these shores and resides in India, China, South America, Vietname and anywhere else you have a supplier.
As your data now resides in a foreign country, what are the reporting requirements of a breach? HIPAA security policy has timeframes, reporting requirements and penalties. The only real penalty a company oversea may face is loss of the contract. Few governments are upt o enforcing security rules outside of actual hacker activity.
So what are some steps you can take to implement Supplier Security?
1) Conduct a Vulnerability Assessment of your connectivity to your Suppliers’ networks
2) Define process and policy controls that the Supplier has to have in place in order to hold your data
3) Assign risk ratings to all data the Supplier handles
4) Conduct an risk assessement of the impact of losing the data
5) Develop a Incident Response plan for the Supplier losing your data
6) Asses the supplier security procedures on a yearly basis
Gary Bahadur
http://www.kraasecurity.com
http://blog.kraasecurity.com
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
IPhone Apps Every Road Warrior Entrepreneur Needs
Oct 22nd
The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in the future as you switch away from the Blackberry.
Why should you switch from the Blackberry? Well there may not be a good reason. The Blackberry has a number of apps and it is secure, it has encryption and has been beaten up on the security front like network security assessment and application security testing. It’s ingrained in businesses and Blackberry Enterprise Server is well known to many IT administrators.
The Entrepreneur can use both devices. Let’s assume there are at least some people using the IPhone, what apps should they have in their toolkit? Of the thousands of apps, how can you pick a few that would be beneficial to the Entrepreneur Road Warrior? Well the way I picked them is through word of mouth , that are of benefit to me and comes with network security assessment tools. I travel, work in my car, have meetings at all times of day, I am away from the office for days or weeks.
Take these with a grain of salt and do not send any flame emails. But please send in the apps that you think should be shared with the world or at least readers of this Blog.
Urban Spoon
First up is Urban Spoon. You are thinking, well that’s not some kind of spreadsheet or financial app. What is the business purpose? The lifeblood of the Entrepreneur is networking , managed security services, application security risk assessment and deal making. Where deal making most of the time involves some kind of meal. Urban Spoon can find you restaurants by cuisine, by neighborhood, by cost, by distance. Everything you need for a meeting is the most random city.
AroundMe
In the same vein as Urban Spoon, is AroundMe . Say you are on your way to an important lunch you have setup with a restaurant you found on Urban Spoon but you are almost out of gas. Use AroundMe to find the closed gas station. Or if you need cash to pay for that gas because your Amex Card has been cancelled, find the closest bank.
GoogleMaps
Well this is pretty obvious. But when you are traveling and maybe forgot to bring your Garmin GPS and do not feel like paying the rental company an extra $11.99 a day to rent their GPS , this is just as good.
ReQall
This is a pretty useful app. The developers were one of the www.TiE.org Top 50 companies this year at TiECon. The app captures your voice, translates it to text, organizes your calendar based on your voice messages, integrates into Outlook or Google Calendar and provides memory assistance. It’s great when you have no pen or driving in a car or need a memory reminder.
FlightAware
For the true Road Warrior, there is no road, there is the sky. So when you are rushing to the airport or think you need to rush to the airport, track down what is going on with your flight. Check out FlightAware to get an update and help you plan that trip to the airport.
TweetDeck
Social Media, the latest buzz word, actually has some teeth. Small companies and the Entrepreneur have to be connected to the work whether you like it or not. Twitter is a way of life these days even if people seem to be twittering their lives away. How do you tell your followers that you are stuck in an airport in Baltimore? Try using TweetDeck.
These Apps don’t seem very business-like, but the Entrepreneur is practical, cheap, requires network security audit tools and has to get things done today . These help you achieve your million tasks on a timely basis.
Gary Bahadur
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=c11b7e79-5319-48b5-aa18-9890ccf96cfb)
Information Devaluation Through Phishing
Sep 25th
- Image via Wikipedia
Information Devaluation Through Phishing
The value of information has been decreasing over time. How do you see this isn the real world? There are two ways, one can be seen from the user perspective and the other from the attacker/bad guy perspective.
From a user point of view, the most obvious method to see information devaluation is Facebook, Twitter, MySpace, Linkedin etc. These may be seen as good ways to keep in contact, but look at all the personal data stored in these sites. Enough to authenticate to your bank account with such pieces of data as Name of Dog, Elementary School, Parents Lastname. Everything for secret question authentication. There was just a theft from a bank (http://www.networkworld.com/news/2009/092409-construction-firm-sues-after-588000.html) where the challenge questions were successfully answered.There are many Network security assessment tools to prevent such phishing ways to get the answer to these challenge questions.
The attackers are focusing Phishing efforts on Twitter and Facebook much more these days. Its pretty obvious why, so much information is available here. KRAA Security a Network security audit tool provider twitters, but we try to keep personal things off there. But many people lives their lives on twitter so much, its a mind boggling concept.
The Washington post just had an article where the list Facebook as the top phished site (http://voices.washingtonpost.com/securityfix/2009/04/facebook_among_top_phished_web.html). Part of this is the information people post and the Applications developed for it have many ways of phishing your information. Thus a Information security risk assessment is a necessity.
So is there is a solution the phishing problem in Social Media? Probably a security penetration test for such websites. Even though the phishing problem will probably get such more extensive as Social Media expands, takes over more aspects of our lives and invades every information dissemination media. Doomed I say.
This was a cheerful post.
Gary Bahadur
http://twitter.com/kraasecurity
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=359ec324-8ddc-4ec6-9b2e-cc633e4a3c18)
FTC’s Additional Rules for HIPAA Security
Aug 23rd
FTC’s Additonal Rules for HIPAA Security
The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault would fall under this category.
This seems like it should be an obvious thing to do. Why would you let any entity keep your health information without following strict regulatory requirements? It is definitely a good thing to force companies that keep your health information to notify consumers following a data security breach if the breach involves more than 500 people or even 5 people. The question is how do you track down all these companies that store health information and force the the company notify customers? How do you know when a smaller companay has lost information? We still struggle with this question for the hospitals and healthcare organizations that currently have to comply with the HIPAA regulations or the Hipaa Security Rule. CVS recently had to pay $2.5 million in fines. I wonder what that is in comparison to the cost to consumers who have problems with their data being stolen. (I wouldn’t use the term “lost”)
Part of the changes coming from the FTC is the utilization of mobile devices that capture, use, transmit and store data. What are the hospital security requirements of these devices? Does a mobile hand scanner or a mobile device that stores info have to have a built in firewall and antivirus as would a laptop? The only real way to deal with this is to conduct Hipaa Risk Assessment but how many companies actually do it properly?
Have you seen the list of breaches on Privacyrights.org? I like this recent one in particular. You cant find such a list on the FTC site.
“ July 31, 2009 Jackson Memorial Hospital: (Miami, FL) A Miami man was charged with buying confidential patient records from a Jackson Memorial Hospital employee over the past two years, and selling them to a lawyer suspected of soliciting the patients to file personal-injury claims.”
Is every company required to do network security assessment and register their device if it captures, uses, transmits any kind of health information? Is any website that does the same required to register with the FTC? But I wonder if you had such as database and hackers got into it, how much more trouble would we be in? Check out our HIPAA Top 5 Steps to Compliance for some fun reading.
I do not think I came to any real conclusions with this post. Isn’t blogging wonderful?Gary Bahadur
Gary Bahadur
http://www.kraasecurity.com
http://blog.kraasecurity.com
http://twitter.com/kraasecurity
Miami, Fl
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*Website Security Assessment
Credit Card Theft Put Miami on the Map
Aug 19th
Miami is a fun place to live and work (there are actually people who work here). Its a great vacation spot, people enjoy the nightlife and now we have something else to crow about. The largest credit theft ring was based here!
According to Bloomberg, “Albert Gonzalez, a 28-year-old Miami resident, and two hackers living “in or near Russia” were indicted yesterday by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co. and two unidentified national retailers.”
It always amazes me when really smart computer folks insist on hacking from the US. Why not just head down the the Caribbean and hack from there, let likely to get caught.
My question about this is whats the value of regulations such as PCI or HIPAA. A PCI Security Audit and Hipaa Security policy are supposed to prevent this type of thing when the companies being hacked usually come out after the fact and say they were compliant?
Privacyrights.org has this list of breaches in the month of August alone. I wonder what the compliance or network security audit was like for these companies? I dont suppose there really is a good answer to what to do about compliant companies getting breached. They will just keep giving you a year of free credit monitoring I guess.
| Aug. 1, 2009 | Williams Cos. Inc. (Tulsa, OK) |
A laptop containing personal and compensation information for more than 4,400 current and former employees was stolen from a worker’s vehicle. The computer had names, birth dates, Social Security numbers and compensation data for every Williams employee since Jan. 1, 2007. | 4,400 |
| Aug. 3, 2009 | National Finance Center (Washington DC) |
An employee with the National Finance Center mistakenly sent an Excel spreadsheet containing the employees’ personal information to a co-worker via e-mail in an unencrypted form. The names and Social Security numbers of at least 27,000 Commerce Department employees were exposed. | 27,000 |
| Aug. 4, 2009 | New Hampshire Department of Corrections (Laconia,NH) |
A 64-page list containing the names and Social Security numbers of about 1,000 employees of the state Department of Corrections ended up under the mattress of a minimum security prisoner. The prison contracts with vendors to shred documents and investigators are trying to find out why documents were not destroyed. | 1,000 |
| Aug. 11, 2009 | Bank of America Corp. (Charlotte, NC) |
Charlotte-based BofA (NYSE:BAC) and Citigroup (NYSE:C) each recently issued replacement cards to consumers, telling them that their account numbers may have been compromised. Account information from certain Bank of America debit cards may have been compromised at an undisclosed third-party location. Bank officials are not certain if this is a new breach or a previously disclosed one. | Unknown |
| Aug. 11, 2009 | Citigroup Inc. (New York City, NY) |
Citigroup (NYSE:C) each recently issued replacement cards to consumers, telling them that their account numbers may have been compromised. Citigroup told credit-card customers in Massachusetts “your account number may have been illegally obtained as a result of a merchant database compromise and could be at risk for unauthorized use.” Bank officials are not certain if this is a new breach or a previously disclosed one. | Unknown |
| Aug. 11, 2009 | University of California-Berkeley School of Journalism (Berkeley, CA) |
Campus officials discovered during a computer security check that a hacker had gained access to the journalism school’s primary Web server. The server contained much of the same material visible on the public face of the Web site. However, the server also contained a database with Social Security numbers and/or dates of birth belonging to 493 individuals who applied for admission to the journalism school between September 2007 and May 2009. | 493 |
| Aug. 13, 2009 | National Guard Bureau (Arlington, VA) |
An Army contractor had a laptop stolen containing personal information on 131,000 soldiers. on the stolen laptop contained personal information on soldiers enrolled in the Army National Guard Bonus and Incentives Program. The data includes names, Social Security numbers, incentive payment amounts and payment dates. | 131,000 |
| Aug. 14, 2009 | American Express (New York, NY) |
Some American Express card members’ accounts may have been compromised by an employee’s recent theft of data. The former employee has been arrested and the company is investigating how the data was obtained. American Express declined to disclose any more details about the incident. The company has put additional fraud monitoring and protection controls on the accounts at issue. | Unknown |
| Aug. 14, 2009 | Calhoun Area Career Center (Battle Creek, MI) |
Personal information from 455 students at Calhoun Area Career Center during the 2005-2006 school year was available online for more than three years. The information included names, Social Security numbers, 2006 addresses and telephone numbers, birth dates and school information. There were about 1,000 students at the career center during that time, but an investigation by the Calhoun County Intermediate School district found that information for 455 students was available. | 455 |
| Aug. 15, 2009 | Northern Kentucky University (Highland Heights, KY) |
A Northern Kentucky University employee’s laptop computer – which contained personal information about some current and former students — was stolen from a restricted area. The personal information stored on the employee’s computer included Social Security numbers of at least 200 current and former students. | 200 |
Gary Bahadur
http://twitter.com/kraasecurity
*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=35eba444-2f1a-45f5-96c1-29393cdf719c)
Recent Comments