Baanboard.com

Go Back   Baanboard.com > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor

Main

Poll
For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
55%
Installation Wizard into new VRC
18%
Manual into existing VRC
9%
Manual into new VRC
18%
Total votes: 11

Baanboard at LinkedIn


Reference Content

 
Security

Gunter Ollmann: Time to Squish SQL Injection

Security Focus - 1 hour 8 min ago
Time to Squish SQL Injection
Categories: Security

Mark Rasch: Lazy Workers May Be Deemed Hackers

Security Focus - 1 hour 8 min ago
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Categories: Security

Adam O'Donnell: The Scale of Security

Security Focus - 1 hour 8 min ago
The Scale of Security
Categories: Security

Mark Rasch: Hacker-Tool Law Still Does Little

Security Focus - 1 hour 8 min ago
Hacker-Tool Law Still Does Little
Categories: Security

Infocus: Enterprise Intrusion Analysis, Part One

Security Focus - 1 hour 8 min ago
Enterprise Intrusion Analysis, Part One
Categories: Security

Infocus: Responding to a Brute Force SSH Attack

Security Focus - 1 hour 8 min ago
Responding to a Brute Force SSH Attack
Categories: Security

Infocus: Data Recovery on Linux and <i>ext3</i>

Security Focus - 1 hour 8 min ago
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Categories: Security

Infocus: WiMax: Just Another Security Challenge?

Security Focus - 1 hour 8 min ago
WiMax: Just Another Security Challenge?
Categories: Security

More rss feeds from SecurityFocus

Security Focus - 1 hour 8 min ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories: Security

Infocon: green

SANS Internet Storm Center - 2 hours 8 min ago
ISC Stormcast For Tuesday, May 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5512
Categories: Security

ISC Stormcast For Tuesday, May 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5512, (Tue, May 23rd)

SANS Internet Storm Center - 13 hours 53 min ago
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL, (Mon, May 22nd)

SANS Internet Storm Center - May 22, 2017 - 9:53pm

A reader sent us an interesting find of a phishing site that is going after Uber credentials. Uber credentials are often stolen and resold to obtain free rides. One method the credentials are stolen is phishing. The latest example is using convincing looking Uber receipt emails. These emails feature a prominent link to uberdisputes.com.

Uberdisputes.com then requests the users Uber credentials to log in. Overall, the site uses the expected Uber layout. But more: The site uses a valid SSL certificate.

Turns out that the site was hosted behind a Cloudflare proxy. Cloudflare does issue free SSL certificates, and just like most certificate authorities, it only requires proof of domain ownership to obtain this service. This does make it more difficult to distinguish a fake site from the real thing.

Now by the time I started to investigate this, the original site was already taken down. But there was still some evidence left to see what happened. First of all, passive DNS databases did record the IP address of the site, which pointed to Cloudflare. Secondly, when searching certificate transparency logs, it was clear that a certificate for this site was issued to Cloudflare. Like for all Cloudflare certificates, the certificate was valid for a long list of hostnames hosted by Cloudflare. Sadly, it looks like whois history sites like Domaintools have no record of the site, so we do not know when it was exactly registered, but likely just before the domain started to get used.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

ISC Stormcast For Monday, May 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5510, (Mon, May 22nd)

SANS Internet Storm Center - May 22, 2017 - 1:20am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

Typosquatting: Awareness and Hunting, (Sat, May 20th)

SANS Internet Storm Center - May 20, 2017 - 7:01am

Typosquatting has been used for years to lure victims You receive an email or visit an URL with a domain name which looks like the official one. Typosquatting is the art of swapping, replacing, adding or omitting some letters to make a domain looking like the official one. The problem is that the human brain will correct automatically what you see and you think that you visit the right site. I remember that the oldest example of typosquatting that I saw was mircosoft.com. Be honest, at the first time, you read microsoft.com right? This domain was registered in 1997 butit has been taken back by Microsoft for a while. Longer is your domain name, more you have available combinations of letters to generate fake domains. Sometimes its difficult to detect rogue domains due to the font used to display them. Anl looks like a 1 or a 0 looks like an O.

Yesterday, I found a nice phishing email related to DHL (the worldwide courier company). The message was classic: DHL claims that somebody passed by your home and nobody was present. But this time, it was not a simple phishing page trying to collect credentials, there was a link to a ZIP file. The archive contained a malicious HTA file that downloaded a PE file[1] and executed it. Lets put the malware aside and focus on the domain name that was used: dhll.com(with a double L).

A quick check reveals that this domain is hopefully owned by DHL (not DHL Express but the Deutsche Post DHL padding:5px 10px"> Domain Name: dhll.com Registry Domain ID: 123181256_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2016-09-23T04:00:10-0700 Creation Date: 2004-06-22T00:00:00-0700 Registrar Registration Expiration Date: 2017-06-22T00:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Registry Registrant ID: Registrant Name: Deutsche Post AG Registrant Organization: Deutsche Post AG Registrant Street: Charles-de-Gaulle-Strasse 20 Registrant City: Bonn Registrant State/Province: - Registrant Postal Code: 53113 Registrant Country: DE Registrant Phone: +49.22818296701 Registrant Phone Ext: Registrant Fax: +49.22818296798 Registrant Fax Ext: Registrant Email: domains@deutschepost.de Registry Admin ID:Admin Name: Domain Administrator Admin Organization: Deutsche Post AG Admin Street: Charles-de-Gaulle-Strasse 20 Admin City: Bon Admin State/Province: - Admin Postal Code: 53113 Admin Country: DE Admin Phone: +49.22818296701Admin Phone Ext: Admin Fax: +49.22818296798 Admin Fax Ext: Admin Email: admincontact.domain@deutschepost.de Registry Tech ID: Tech Name: Technical Administrator Tech Organization: DHL Tech Street: 8701 East Hartford Drive Tech City: Scottsdale Tech State/Province: AZ Tech Postal Code: 85255 Tech Country: US Tech Phone: +1.4089616666 Tech Phone Ext: Tech Fax: - Tech Fax Ext: Tech Email: netmaster@dhl.com Name Server: ns4.dhl.com Name Server: ns6.dhl.com DNSSEC: unsigned

The zone dhll.com is also hosted on the DHL name servers. Thats a good point that DHL registered potentially malicious domains but... if you do this, dont only park the domain, go further and really use it! Its not because the domain has been registered by the official company that bad guys cannot abuse it to send spoofed emails.

First point: dhll.com or www.dhll.com donot resolve to an IP address. If you register such domains, create a website and make them pointto it and log whos visiting the fake page. You can display an awareness message or just redirect to the official site. This will also prevent your customers to land on a potentially malicious site and improve their experience with you.

The second point is related to the MX records. No MX records were defined for the dhll.com domain. Like with the web traffic, build a spam trap to collect all messages that are sent to *@dhll.com.By doing this, you will capturetraffic potentially interesting and you will be able to detect if the domain is used in a campaign (ex: you will catchall the non-delivery receipts in the spam trap.

Finally, addan SPF[2] record for the domain. This will reduce the amount of spam and phishing campaigns.

To conclude, registering domain names derived from your companys name is the first step but dont just park them and use them for hunting and awareness!

A quick reminder about the tool dnstwist[3] which is helpful padding:5px 10px"> # docker run -it --rm jrottenberg/dnstwist --ssdeep --mxcheck --geoip dhl.com _ _ _ _ __| |_ __ ___| |___ _(_)___| |_ / _` | _ \/ __| __\ \ /\ / / / __| __| | (_| | | | \__ \ |_ \ V V /| \__ \ |_ \__,_|_| |_|___/\__| \_/\_/ |_|___/\__| {1.01} Fetching content from: http://dhl.com ... 200 OK (396.3 Kbytes) Processing 56 domain variants ................ 48 hits (85%) Original* dhl.com 199.40.253.33/United States NS:ns4.dhl.com MX:mx1.dhl.iphmx.com SSDEEP:100% Bitsquatting ehl.com 45.33.14.247 NS:pdns03.domaincontrol.com MX:smtp.secureserver.net Bitsquatting fhl.com - Bitsquatting lhl.com - Bitsquatting thl.com 50.57.5.162/United States NS:dns1.name-services.com MX:us-smtp-inbound-1.mimecast.com Bitsquatting dil.com 72.52.4.119/United States NS:ns1.sedoparking.com MX:localhost Bitsquatting djl.com 117.18.11.145/Hong Kong NS:ns1.monikerdns.net Bitsquatting dll.com 68.178.254.85/United States NS:ns43.domaincontrol.com MX:smtp.secureserver.net Bitsquatting dxl.com 69.74.234.98/United States NS:ns59.worldnic.com SPYING-MX:dxl-com.mail.protection.outlook.com Bitsquatting dhm.com 192.241.215.84/United States NS:ns19.worldnic.com MX:dhm.com Bitsquatting dhn.com 62.129.139.241/Netherlands NS:pdns07.domaincontrol.com MX:smtp.secureserver.net Bitsquatting dhh.com 103.241.230.134/India NS:dns1.iidns.com Bitsquatting dhd.com NS:ns-west.cerf.net MX:dhd-com.mail.protection.outlook.com Homoglyph bhl.com 206.188.192.219/United States NS:ns79.worldnic.com SPYING-MX:bhl-com.mail.protection.outlook.com Homoglyph dhi.com 199.36.188.56/United States NS:ns10.dnsmadeeasy.com Homoglyph clhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Homoglyph dlhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Homoglyph dihl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Homoglyph dh1.com 208.91.197.27/Virgin Islands NS:ns43.worldnic.com SPYING-MX:p.webcom.ctmail.com Hyphenation d-hl.com 104.24.124.134/United States 2400:cb00:2048:1::6818:7c86 NS:fiona.ns.cloudflare.com MX:mx1.emailowl.com Hyphenation dh-l.com 72.52.4.119/United States NS:ns1.sedoparking.com MX:localhost Insertion duhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dhul.com 82.194.88.4/Spain NS:ns1.dominioabsoluto.com Insertion djhl.com 47.89.24.50/Canada NS:f1g1ns1.dnspod.net Insertion dhjl.com - Insertion dnhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dhnl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dbhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dhbl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dghl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dhgl.com 209.61.212.161/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Insertion dyhl.com NS:dns17.hichina.com MX:mxbiz1.qq.com Insertion dhyl.com - Omission dl.com 104.247.212.218 NS:ns1.gridhost.com SPYING-MX:mail.b-io.co Omission dh.com 54.204.28.210/United States NS:a5-67.akam.net SPYING-MX:mx1.dhltd.iphmx.com Omission hl.com 107.154.105.117/United States NS:ns57.domaincontrol.com MX:mail0.hl.com Repetition ddhl.com 180.149.253.156/Hong Kong NS:ns11.domaincontrol.com SPYING-MX:ddhl-com.mail.protection.outlook.com Repetition dhll.com - Repetition dhhl.com 209.61.212.154/United States NS:ns1.dnsnameservice.com MX:smtp.getontheweb.com Replacement rhl.com 107.161.31.165/United States NS:ns1.hungerhost.com MX:mx.spamexperts.com Replacement chl.com 216.222.148.100 NS:nameserver.ttec.com MX:smtp2.mx.ttec.com Replacement xhl.com 69.172.201.153/United States NS:ns1.uniregistrymarket.link Replacement shl.com 69.171.27.23/United States NS:eu-sdns-01.shl.com SPYING-MX:mxa-0016ba01.gslb.pphosted.com Replacement dul.com 62.129.139.241/Netherlands NS:pdns01.domaincontrol.com MX:smtp.secureserver.net Replacement dnl.com - Replacement dbl.com 198.173.111.6/United States NS:ns53.worldnic.com SPYING-MX:p.webcom.ctmail.com Replacement dgl.com 216.107.145.5 NS:ns62.downtownhost.com MX:dgl.com Replacement dyl.com 99.198.109.164/United States NS:ns-1768.awsdns-29.co.uk MX:mail.dyl.com Replacement dhk.com 98.191.212.87/United States NS:ns1.dhk.com MX:dhk.com.us.emailservice.io Replacement dho.com 75.126.101.248/United States NS:ns1bqx.name.com Replacement dhp.com 199.4.150.5/United States NS:dhp.com MX:mailhub.dhp.com Subdomain d.hl.com - Subdomain dh.l.com - Transposition hdl.com 216.51.232.170/United States NS:ns1.systemdns.com MX:aspmx.l.google.com Transposition dlh.com 212.130.57.148/Denmark NS:ns1.ascio.net SPYING-MX:mail.dlh.com Various wwwdhl.com 199.41.238.47/United States NS:ns.deutschepost.de

[1]https://www.virustotal.com/en/file/f438ba968d6f086183f3ca86c3c1330b4c933d97134cb53996eb41e4eceecf53/analysis/
[2]https://support.google.com/a/answer/33786?hl=en
[3]https://github.com/elceef/dnstwist

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

ISC Stormcast For Friday, May 19th 2017 https://isc.sans.edu/podcastdetail.html?id=5508, (Fri, May 19th)

SANS Internet Storm Center - May 19, 2017 - 3:25am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

My Little CVE Bot, (Thu, May 18th)

SANS Internet Storm Center - May 18, 2017 - 7:55am

The massive spread of the WannaCry ransomware last Friday was another good proof that many organisations still fail to patch their systems. Everybody admits that patching is a boring task. They are many constraints that make this process very difficult to implement and... apply!Thats why any help is welcome to know what to patch and when. This is the key:

  • What to patch? What are the applications/appliancesthat are deployed in your infrastructure?
  • When to patch? When are new vulnerabilities discovered?

The classification of vulnerabilities is based on the CVE (or Common Vulnerabilities and Exposures) standard maintained by mitre.org[1]. To explain briefly, when a security researcher or a security firm finds a new vulnerability, a CVE number is assigned to it (CVE-YYYY-NNNNN). The CVE contains all the details of the vulnerability (which application/system is affected, the severity and many more information). As an example, the vulnerability exploited by WannaCry was %%cve:2017-0143%%.

Those CVE are stored in open databases and many organisations are using them and provide online services like cvedetails.com[2]. There are plenty of them that offer almost all the same features but they don width:700px" />

Based on cve-search, I can provide details about new CVEs to my customers or any other organisationsjust by querying the database. Indeed, reading the daily flow of CVE is difficult and useless for many people. They have to focus on what affect them. To help them, Im using a quick padding:5px 10px"> email_contact | days_to_check | output_format | product_definition [ | product_definition ] ...

The script will parse this config file and search for new CVE for each product definition. Results will be sent via email to the specified address.

As I width:700px" />

Of course, the main requirement is to know what you are using on your infrastructure. The information used in the config file describes the products is based on the CPE standard[6] which categorisesapplications, operating systems and hardware devices. This information can be found byNmap. An alternative is touse the following tool on your own network (only!): cve-scan[7]. It scans hosts and searches for vulnerabilities in thecve-search database.

My script is available on my GitHubrepository[5].

[1]https://cve.mitre.org
[2]http://www.cvedetails.com/
[3]https://github.com/cve-search/cve-search
[4]https://hub.docker.com/r/rootshell/cvesearch/
[5]https://github.com/xme/toolbox
[6]http://cpe.mitre.org/
[7]https://github.com/NorthernSec/cve-scan

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

ISC Stormcast For Thursday, May 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5506, (Thu, May 18th)

SANS Internet Storm Center - May 18, 2017 - 5:05am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

Wait What? We don?t have to change passwords every 90 days?, (Wed, May 17th)

SANS Internet Storm Center - May 17, 2017 - 10:56pm

/. Recently published a post covering a draft NIST Standard that is in review [1]. This handler thought it would cause a disturbance in the force, but so far no one is discussing it. One of the big stand out changes is no more periodic password changes [2]. There are several others as well, and CSO Online has a fantastic summary review [3].

There are some clear differences that stand out right away in the introduction. As with most things, standards evolve as we learn.

padding:5px 10px"> Electronic authentication (e-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people over a network. This recommendation provides technical guidelines to agencies to allow an individual person to remotely authenticate his/her identity to a Federal Information Technology (IT) system. [4]

Digital identity is the unique representation of a subject engaged in an online transaction. A digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject. In other words, accessing a digital service may not mean that the physical representation of the underlying subject is known. [2]

The new draft goes on from there to outline digital identity and attempts to clearly define access and uses more risk based language.

One clear change that will shock users is the removal of periodic password changes. The handlers agree that a strong review of this draft is in order for security professionals as we can hear the users now:

Wait, you have been forcing me to change my passwords ALL THIS time, and now your saying it is not needed?

Another section that should be reviewed and discussed deeply is 5.2.7 Verifier Compromise Resistance. According to the section there should be some mechanism to verify compromise resistance. One could interpret this to run passwords against breached credential databases, however this is not specifically called out [2] [3].

In conclusion, this standard is a strong deviation from previous recommendations and should be reviewed for impact to your security practice. (There is that disturbance in the force we were looking for).

[1] https://it.slashdot.org/story/17/05/09/1542236/nists-draft-to-remove-periodic-password-change-requirements-gets-vendors-approval

[2] https://pages.nist.gov/800-63-3/sp800-63b.html

[3] http://www.csoonline.com/article/3195181/data-protection/vendors-approve-of-nist-password-draft.html

[4] http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

ISC Stormcast For Wednesday, May 17th 2017 https://isc.sans.edu/podcastdetail.html?id=5504, (Wed, May 17th)

SANS Internet Storm Center - May 17, 2017 - 4:10am
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security

WannaCry? Do your own data analysis., (Tue, May 16th)

SANS Internet Storm Center - May 16, 2017 - 11:01pm

In God we trust. All others must bring data. ~Bob Rudis

With endless amounts of data, technical detail, and insights on WannaCrypt/WannaCry, and even more FUD, speculation, and even downright trolling, herein is a proposal for you to do your own data-driven security analysis. My favorite book to help you scratch that itch? Data Driven Security: Analysis, Visualization and Dashboards, by Jay Jacobs Bob Rudis. A few quick samples, using WannaCry data and R, the open source programming language and software environment for statistical computing and graphics. If ever you wanted to pick up a bit of immediately useful programming, R is for you.

Our good friends over at Team Cymru tweeted out a great GitHubGist WannaCry factsheet, therein are a number of useful resources, many leading to other good reads. I easily tracked down a list of malicious IPs associated with WannaCry.

width:686px" />

You can always learn interesting insights from IPs and this situation is no different. In very few lines of R, we can identify and visualize the data for further insight. Ill walk you through it. First, lets pull in the libraries we need to do some IP geolocation, create a word cloud, and make said word cloud more color rich, and make a nice plot.

library(rgeolocate)
library(wordcloud)
library(RColorBrewer)
library(plotrix)

We need to then read in Maxmind data (GeoLite2-Country) and call Oliver Key and @hrbrmstrs rgeolocate package

file - system.file(extdata,GeoLite2-Country.mmdb, package = rgeolocate)

Follow that with our malicious WannaCry IP addresses.

ips - c(188.166.23.127,91.219.236.222,46.101.166.19,193.23.244.244,62.210.124.124,2.3.69.209,
144.76.92.176,91.121.65.179,146.0.32.144,148.244.38.101,91.219.237.229,50.7.161.218,
149.202.160.69,217.79.179.177,87.7.10.93,163.172.149.155,212.47.232.237,192.42.115.101,
171.25.193.9,81.30.158.223,178.62.197.82,195.22.26.248,79.172.193.32,212.47.244.98,
197.231.221.221,38.229.72.16,5.35.251.247,198.96.155.3,46.101.166.19,128.31.0.39,
213.61.66.117,23.254.167.231)

Finally, we pull it all together and receive our first results file.

results - maxmind(ips, file, c(continent_name, country_code, country_name width:328px" />

And in one fell swoop, we create a word cloud from our data.

wordcloud(results$country_name, max.words = 100, min.freq = 1, random.order = FALSE, rot.per=0.35, colors=brewer.pal(8, Dark2 width:267px" />

Hmm, looks like most of the malicious IPs are in Germany. :-)

Prefer to visualize that a different way? No problem, well run a quick count and use plotH to create a scatterplot with histogram-like bars.

ct - count(results$country_name)
plotH(freq~x,data=ct,ylab=Frequency,xlab=Country,col=blue width:434px" />

Give it a try for yourself. When events such as WannaCry have you frustrated and down, you can at least take data-driven security analysis in your own hands.

Resources for this article:

Categories: Security

All times are GMT +2. The time now is 16:53.


©2001-2017 - Baanboard.com - Baanforums.com