Bitcoin Forum
March 19, 2024, 03:32:07 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Portrait of Kevin Day, Security IT Specialist and Hacker  (Read 7063 times)
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 02:15:03 AM
 #1

DragonData.com - Welcome to Your.org
Domain Name: DRAGONDATA.COM Registrant: N/A Kevin Day ( ) P.O. Box 326. Round Lake Beach Illinois,60073. US Tel. +1.3126281200. Creation Date: 03-Apr-1997 ...
whois.domaintools.com/dragondata.com


SecurityFocus Bugtraq: Re: Buffer overflow in mIRC allowing - Security
Feb 5, 2002 ... From: Kevin Day (toasty@temphost.dragondata.com) ... restore the two or three default group policy security templates one by one. ...
www.derkeiler.com › ... › securityfocus › bugtraq › 2002-02 - Cached

Inside the Security Mind: Making the Tough Decisions [Paperback]
Kevin Day (Author)

Product Description
Inside the Security Mind: Making the Tough Decisions, by security expert Kevin Day, teaches information officers how to think like a top security guru. Using real-world examples, Day explains how to reduce any security problem to a set of essential principles, making it easy to arrive at optimal solutions. Includes practical material on enterprise security issues and measures.
From the Back Cover

    "This is a really good book ... it spells out the motherhood and apple pie of information security in a highly readable way."

—Warwick Ford, CTO, VeriSign, Inc.

    "An excellent security read! Breaks down a complex concept into a simple and easy-to-understand concept."

—Vivek Shivananda, President

    Redefine your organization's information security
    Learn to think and act like a top security guru!
    Understand the founding principles of security itself and make better decisions
    Make your security solutions more effective, easily manageable, and less costly!

Make smarter, more informed security decisions for your companyOrganizations today commit ever-increasing resources to information security, but are scarcely more secure than they were four or five years ago! By treating information security like an ordinary technological practice—that is, by throwing money, a handful of the latest technologies, and a lineup of gurus at the problem—they invariably wind up with expensive, but deeply flawed, solutions. The only way out of this trap is to change one's way of thinking about security: to grasp the reasoning, philosophy, and logic that underlie all successful security efforts.

In Inside the Security Mind: Making the Tough Decisions, security expert Kevin Day teaches you how to approach information security the way the top gurus do—as an art, rather than a collection of technologies. By applying this discipline, your solutions will be more secure and less burdensome in time, expense, and effort. The first part of the book explains the practice of breaking security decisions down into a set of simple rules. These rules may then be applied to make solid security decisions in almost any environment. In the second part, Day uses a series of practical examples to illustrate exactly how the discipline works in practice. Additional material covers:

    Designing an enterprise security plan, including perimeter/firewall and Internal defenses, application, system, and hardware security
    Ongoing security measures—recurring audits, vulnerability maintenance, logging and monitoring, and incident response, plus risk assessment
    Choosing between open source and proprietary solutions; and wired, wireless, and virtual private networks

This book is essential reading for anyone working to keep information secure. Technical and non-technical IT professionals alike can apply Day's concepts and strategies to become security gurus, while seasoned practitioners will benefit from the unique and effective presentation of the essential security practices.

Inside the Security Mind:
Making the Tough Decisions
Kevin Day
Prentice Hall 2003
Isbn 0-13-111829-3

Inside the Security Mind is an easy read geared for the novice and as well as the seasoned pro. It starts with the basics and develops a good path to higher security concepts.

Well written with the focus on developing a good security program and implementing training, Inside the Security Mind will guide you through the steps necessary to allow you to define your security goals and policies. Inside the Security Mind was written with the premise in mind, best defined on page 283, which states:

" the evolution of security will not come through technology, but through awareness."

This book is great for helping to develop your own security and training policies and programs, including appendices complete with outlines and web resources to help setup basic computer security training classes within any organization and keep current with ongoing developments. Inside the Security Mind has comprehensive examples and comparisons through out the text demonstrating how to define security guidelines and setting rules by using risk and threat tables.

Written in simple layman's terms Inside the Security Mind starts with an overview of the realities of computer security including the positive and negative risks and covers subjects such as:


Good guys and bad guys: who really is a hacker and who is not. The 4 types of common hackers, who they are, what they are usually targeting and the most common exploits used for attack.

Allows you assess your necessary considerations, efforts, focus and education required to define your security policies and procedures.

Defines a set of eight necessary security rules and their implications, including the difficulties of granting and implementing these rules.

Demonstrates the effects of trust, change, access, weaknesses, separation, process, prevention, response and their integrated effects on security.

Displays common connection, networking and database vulnerabilities as well as operating and physical vulnerabilities and their relationships.

Shows how attacks can be chained (combined) and the effect of what chaining does.

Differentiates between criminal hackers and the more common garden-variety types

Demonstrates how to lower liabilities from outside the network

Defines security assessment models: how to define risks and threat assessment including traditional US relational security assessments

Displays audit measures and their relationship to acceptable risk assessment regarding perimeter and internal architectures

Shows current audit tools and the types of scans and why they are used

Defines standard defenses and their staffing considerations

How to use of external vs. internal consultants and the truths about certifications

What security hazards associated with hardware-based security exist

How firewalls will and will not be useful to your defenses and why firewalls are not all that is needed.

What the perimeter, internal, physical, server/device, access, authentication and logging/monitoring considerations are and the unique characterizations of each in relation to hardware.

Defines the common defense points and the considerations needed to applying hardening

Vpns and when to use them and their security flaws

This book is a great guide to setting up or reviewing any data security program and will make a nice addition to any security officer's library.

D Bruce Curtis
American Interconnect Corp.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
1710819127
Hero Member
*
Offline Offline

Posts: 1710819127

View Profile Personal Message (Offline)

Ignore
1710819127
Reply with quote  #2

1710819127
Report to moderator
The trust scores you see are subjective; they will change depending on who you have in your trust list.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710819127
Hero Member
*
Offline Offline

Posts: 1710819127

View Profile Personal Message (Offline)

Ignore
1710819127
Reply with quote  #2

1710819127
Report to moderator
1710819127
Hero Member
*
Offline Offline

Posts: 1710819127

View Profile Personal Message (Offline)

Ignore
1710819127
Reply with quote  #2

1710819127
Report to moderator
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 02:16:58 AM
 #2

Interview with Kevin Day, author of "Inside the Security Mind: Making the Tough Decisions"
by Mirko Zorz - Tuesday, 24 June 2003.
Bookmark and Share

Who is Kevin Day? Introduce yourself to our readers.

I grew up in Northern California, as the son of an early programmer I held a pacifier in one hand and a keyboard in the other. I came into Information Security Consulting about 9 years ago, and was hired by a New York based consulting company in 1999. Beginning as a lead security engineer, I eventually became a security practice manager developing new concepts and methodologies, and working high-profile projects for Fortune 500 companies and government organizations. Most recently, I was amongst the founders of Relational Security Corporation, an organization that focuses on new tools and methodologies for Information Security Assessment and Risk Management.

How did you gain interest in computer security?

Because my father was an early programmer, I lived and breathed computers and coding throughout my childhood. As I got older I realized it was not my desire to spend days and nights battling coding logic. My time was balanced between computers, the arts, and philosophy. It all started when I was hired by a hospital on the West Coast. Daily, I had information security projects thrown my way. It didn't take long to realize that Information Security was the perfect balance between logical and creative. As it says in Inside the Security Mind, "security is not a battle of a human's creativity vs a computer's predictable logic… it is an unpredictable battle between two equally creative and dynamic forces: Creativity vs. Creativity." This experience inspired my journey onto the Information Security path and I have never lost my passion for it.


What operating system(s) do you use and why?

Personally I have a mix of everything in my house and office. Professionally, there is no single OS I use or recommend. Each has its calling, each has its purpose, and each has its place. The battle of the operating systems all-to-often transcends security or technology and lands in the world of politics. However, I will say that the convenience of a Windows desktop proves necessary in many practical-life instances. As such, Windows 2000 is my primary laptop OS with a Linux Duel-boot.

How long did it take you to write "Inside the Security Mind: Making the Tough Decisions" and what was it like? Any major difficulties?

The ideas for Inside the Security Mind had been evolving for many years, inspired by working with my clients to solve security issues. The actual book took about 8 months to write and 18 months for the entire publishing process.

The book itself was quite difficult to write in the beginning. It was not similar to anything available, and honing in on the right balance of philosophy and practical example to achieve maximum impact, proved challenging. Additionally, knowing what you want to say is easy, but relating it to the world is not. Because the book is focused on "all audiences," not just technical gurus or security professionals, great editorial care had to be taken to make the book easy-to-read, with minimal technical acronyms.

What kind of response did you get from the security community to your book? Are you satisfied with the results?

The feedback has been tremendous. When exploring a new approach you can never be sure how readers will respond. In the short time since its publication, Inside the Security Mind has received Kudos from several infosec publications and security leaders (like Stephen Northcutt of SANS). I am also pleased to hear the enthusiastic feedback on the "philosophy and concepts", which are the core focus of the book.

What do you see as the major problems in online security today?

Thankfully we have evolved beyond the question "Is information security a problem," which was the first major hurdle. Now we are stuck on the concept that information security is a person that comes in to fix our security issues when we need help. All to often, the need for security is triggered by a limited set of circumstances. "Adding a new WAN link? Giving access to remove users? Suring the net? Let's call in the Security Experts first". So the problem is such:

Security cannot be isolated to such simplistic triggering events as is commonly recognized by executive and management staff. But how do we train the Executives, Managers, and Technical staff to see beyond this and to know when and where security issues need attention.


The primary goal of my book is to train people how to "think" in terms of security and how to be better equipped to recognize security issues. Security will continue to be a problem if only "security professionals" recognize and address security issues. To truly be secure, every manager, director, and technician in an organization needs to have some understanding of basic security principles.

What do you think about the full disclosure of vulnerabilities?

As the arguments rage back and forth with the pros and cons of disclosing information on vulnerabilities, a few ideas have been widely accepted.

1. Vendors are more incensed to write, "Bug free code" and to respond to exposures and exploits if they are publicly known.

Conversely

2. Making the exposure publicly known opens a window of opportunity for every script-kiddy in the world to use it to their advantage.

I agree that the best solutions may involve a time-delayed response where exposures / exploits are reported to a central agency. I also agree that that agency should be responsible for contacting the related parties (usually vendors), who are then given X days to develop a patch or make their disclosure before it becomes public knowledge. This is in accordance with the chapter on "Secretless Security" and the idea that nothing can be assumed secret or unknown to the "bad-guys", and pretending it is a secret can only work against us. This is also highly incenting to vendors, since those who have not responded in this type of scenario, will have greatly magnified the proverbial "egg on their face."

I see a lot of arguments for against this type of approach and I would certainly not be so fixed as to say the solution is this simple. It is far too big of a topic to provide a simple "Yes I agree" or "no I don't" answer.

What is, in your opinion, the biggest challenge in protecting information at the enterprise level?


The biggest challenge in Information Security Risk Management is at the Enterprise Scale. Organizations are finding it difficult to get their hands around security when it has so many dimensions and possibilities. Medium and large companies have spent the past few years building an arsenal of tools and technologies to solve point-in-time-problems (one series of problem = one tool/solution). But now organizations have to consider so many vulnerabilities & exposures, so many tools & technologies, and so many regulations & standards, that such tunnel vision is no longer possible. Organizations are challenged to adopt information security risk management practices that span from the business requirements, to the governing regulations, to the technical details. And all this needs to be accomplished in the midst of shrinking budgets and increasing threats from the outside world.

What are your future plans? Any exciting new projects?

I am extremely excited about a new technology we have developed at RelSec. Over the past several years we have been working to develop RSAM (Relational Security Assessment Manager), which provides clients and consulting companies with an open and adaptable framework for assessing/managing risks and safeguards in a large-scale manner. The capabilities of this technology are tremendous, far beyond my expectations from the security world. I imagine this will be the standard security tool for assessment and risk management in the years to come, and I am excited to be involved with it from the start.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
relative
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 21, 2011, 02:17:50 AM
 #3

you just cant make this stuff up  Cheesy

next we learn that MtGox is an ex-Sony employee working on IT security?
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 02:19:01 AM
 #4

you just cant make this stuff up  Cheesy

next we learn that MtGox is an ex-Sony employee working on IT security?

I would not put it past them both to be in cahoots with each other.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
done
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
June 21, 2011, 02:19:20 AM
 #5

 Cool
Oldminer
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001



View Profile
June 21, 2011, 02:25:11 AM
 #6


If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
Epinnoia
Full Member
***
Offline Offline

Activity: 209
Merit: 100


View Profile
June 21, 2011, 02:36:05 AM
 #7

I think if you did a poll of the users of bitcoins, you'd find a rather high percentage of its users are computer literate enough to qualify as being 'IT Specialists' and white hat hackers.

http://en.wikipedia.org/wiki/White_hat_%28computer_security%29


My first miner -> ATI 4550 (7.2 Mh/sec): 
https://www.facebook.com/groups/cryptospeculators/
toasty
Member
**
Offline Offline

Activity: 90
Merit: 12


View Profile
June 21, 2011, 02:36:38 AM
 #8

I am not the author of that book.
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 02:54:46 AM
 #9

I am not the author of that book.

But this IS YOU, correct?


http://www.freshports.org/mail/elm/

elm 2.5.8_2 mail on this many watch lists=8 search for ports that depend on this port An older version of this port was marked as vulnerable.
    Is Interactive IS INTERACTIVE: yes
    A once-popular mail user agent, version 2.5.x
    Maintained by: toasty@dragondata.com search for ports maintained by this maintainer
    Port Added: unknown
    License: not specified in port


I'm looking for a bit of assistance from a undernet IRC node operator please. I would like a cloaked hostname. Seems I'm attracting a bit of attention.
Elm is an interactive screen-oriented mailer program  that
supersedes mail and mailx.  This is the 2.5.x distribution.

---

http://www.securityfocus.com/archive/75
Re: Unusual entry in Apache logs 2008-05-30
Kevin Day (toasty dragondata com)

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
anewbie
Newbie
*
Offline Offline

Activity: 52
Merit: 0


View Profile
June 21, 2011, 03:03:09 AM
Last edit: June 21, 2011, 03:26:52 AM by anewbie
 #10

I am not the author of that book.

But it looks like mtgox user 10364 is

10364,toasty,toasty@dragondata.com,$1$rtQupk2h$FR.Ee1vC2s

EDIT:  But I think you are probably not that Kevin Day

http://www.rsam.com/company_team.htm

There is no tie-in to dragondata.com and any mention of rsam.com or any of the other obvious domain names associated with that Kevin day.

NF6X
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile WWW
June 21, 2011, 03:03:34 AM
 #11

I looked at a few other random freshports pages for other packages and saw the exact same "cloaked hostname" stuff. It does not appear to me that the "cloaked hostname" request came from or was specifically directed at Kevin.
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 03:15:24 AM
 #12

Well, I was able to access DragonData website at http://www.dragondata.com a few minutes ago, but no more.....

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
Terpie
Full Member
***
Offline Offline

Activity: 174
Merit: 101



View Profile
June 21, 2011, 03:15:57 AM
 #13

I really hope you're telling the truth Kevin, because people are now digging.
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
June 21, 2011, 03:16:27 AM
 #14

tl;dr

Be humble!
chuckypalumbo
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
June 21, 2011, 03:18:08 AM
 #15

Well, I was able to access DragonData website at http://www.dragondata.com a few minutes ago, but no more.....

ruh roh...
bitrebel (OP)
Sr. Member
****
Offline Offline

Activity: 364
Merit: 251


View Profile
June 21, 2011, 03:21:12 AM
 #16

uh oh!!!

Dropping the ball on Kevin, BIG TIME!!!
Looks like our friend knows a thing or two about Brute Force Attacks

http://pdos.csail.mit.edu/pipermail/asrg/2003-July/000340.html

[ASRG] [toasty@dragondata.com: Re: Remembering history passwords may be bad, but they are getting worse]
Simson L. Garfinkel slg at ex.com
Tue Jul 29 22:05:29 EDT 2003

    Previous message: [ASRG] [toasty@dragondata.com: Re: Remembering history passwords may be bad, but they are getting worse]
    Next message: [ASRG] [toasty@dragondata.com: Re: Remembering history passwords may be bad, but they are getting worse]
    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What would be interesting to me would be to know who the attackers are.
I mean, are they other pornographers, users who want to get free stuff,
or are they anti-pornographer crusaders?


On Monday, July 28, 2003, at 12:33  PM, David G. Andersen wrote:

> Once again, the porn industry is at the forefront of Internet
> research. ;-)  (Kind of a cool read)
>
> ----- Forwarded message from Kevin Day <toasty at dragondata.com> -----
>
> Date: Mon, 28 Jul 2003 00:39:35 -0500
> From: Kevin Day <toasty at dragondata.com>
> Subject: Re: Remembering history passwords may be bad, but they are
>   getting worse
> To: Sean Donelan <sean at donelan.com>
> Cc: nanog at merit.edu
> X-Sender: toasty at mail.dragondata.com
> X-Virus-Scanned: by amavisd-new
>
>
>
>> The problem is fewer and fewer modern systems implement the other
>> recommendations.  So password lifetime has become the primary
>> protection
>> factor.
>>
>> How many systems notify the user
>>   - the date and time of user's last login
>>   - the location of the user at the last login
>>   - unsuccessfull login attempts since last successful login
>> How many web systems control the rate of login attempts
>>   - by source
>>   - by userid
>> How many web systems notify anyone or block the account after N
>> unsuccessful login attempts either temporarily or permanently
>
> Sean:
>
> I run one of the larger adult websites, that has a reputation for being
> very difficult to acquire passwords for.
>
> The kind of attacks we see now aren't solved by any of the above. We
> throttled the number of login attempts per IP, then the attackers
> switched
> to using proxy servers. Tens of thousands of them at once. Our
> database of
> IP addresses that have had more than 100 bad login attempts is now
> around
> 100,000. (Most of which are all now banned completely).
>
> We also tried put rate limiting on login attemps by username. This
> allowed
> any idiot to lock any of our legit customers out of the system whenever
> they want, providing an easy denial of service, so this was scrapped
> pretty
> quickly.
>
> The attacks we see now are... well orchestrated. 10-50,000 proxy
> servers
> all making login attempts at once, rather slowly. 10-50 login attempts
> per
> second, each from a different proxy. Still slow enough per IP that it
> doesn't hit our threshold for how many bad logins per IP per hour we
> allow,
> but enough attempts that just by trying seemingly random
> username/password
> combinations they get a couple of successes a day. We've also seen
> people
> trying what appear to be known good username/password combos that were
> presumably acquired from other sites that were compromised in some way.
>
> We keep detailed histories of all the login attempts per IP, and can
> eventually weed out the exploited proxies from actual users, but this
> takes
> an incredible amount of our time, CPU time and database storage just to
> manage. A few weeks ago, after we tightened our login attempt limits,
> whoever is doing this decided to point all the proxies to a public URL
> that
> was very database intensive, and requested it over and over
> again(apparently to get revenge/in frustration), killing our database
> server for several hours until I figured out what was going on.
>
> We tried putting up something that was displayed to users showing their
> last login time and IP, in hopes that some would notice their account
> being
> used by others. Many ISP's force users to go through a proxy server,
> usually without their knowledge. We'd report the IP address that we saw
> (the proxy server) which would freak out many users because it didn't
> match
> their system's IP. The login time is apparently meaningless to most
> users,
> who didn't seem to keep track of when their last login in.
>
> We do have our tricks to detect when an account has been compromised,
> but
> they're not 100% accurate, so it usually comes down to having to wait
> until
> our friendly hacker and his 500 closest buddies are all sharing the
> account.
>
> We're taking steps to make brute force attacks like that impossible
> (forced
> random passwords, etc) but we've found that many users won't tolerate
> not
> being able to choose their own password. If forced into it, they forget
> their passwords very easily and the support costs from dealing with
> password recovery are generally higher than passwords leaking out.
>
> While the recommendations you listed are probably worthwhile to stop
> some
> attacks, they're not going to stop people determined enough to get into
> SOME account if they're not picky on which one.
>
> -- Kevin
>
>
>
>
> ----- End forwarded message -----
>
> --
> work: dga at lcs.mit.edu                          me:  dga at pobox.com
>       MIT Laboratory for Computer Science           
> http://www.angio.net/
>       I do not accept unsolicited commercial email.  Do not spam me.
> _______________________________________________
> ASRG mailing list
> ASRG at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/asrg


Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
MindFunk
Jr. Member
*
Offline Offline

Activity: 57
Merit: 10



View Profile
June 21, 2011, 03:23:18 AM
 #17

Busted!  Grin
toasty
Member
**
Offline Offline

Activity: 90
Merit: 12


View Profile
June 21, 2011, 03:24:21 AM
 #18

I am not the author of that book.

But this IS YOU, correct?


http://www.freshports.org/mail/elm/

elm 2.5.8_2 mail on this many watch lists=8 search for ports that depend on this port An older version of this port was marked as vulnerable.
    Is Interactive IS INTERACTIVE: yes
    A once-popular mail user agent, version 2.5.x
    Maintained by: toasty@dragondata.com search for ports maintained by this maintainer
    Port Added: unknown
    License: not specified in port


I'm looking for a bit of assistance from a undernet IRC node operator please. I would like a cloaked hostname. Seems I'm attracting a bit of attention.
Elm is an interactive screen-oriented mailer program  that
supersedes mail and mailx.  This is the 2.5.x distribution.

---

http://www.securityfocus.com/archive/75
Re: Unusual entry in Apache logs 2008-05-30
Kevin Day (toasty dragondata com)



Yes, I am the maintainer of an obsolete email program on the FreeBSD operating system. I did not write that part about the "cloaked hostname", that is on pretty much every freshports page. http://www.freshports.org/

Anything you see written by toasty@dragondata.com is probably me.

shads
Sr. Member
****
Offline Offline

Activity: 266
Merit: 254


View Profile
June 21, 2011, 03:25:51 AM
 #19

Can someone explain to me why someone involved in the hack would out himself on a well read forum using his own first name and a nick that can easily connect him to a real identity?  All this after sending photo ID a few days earlier to the target of the hack?


PoolServerJ Home Page - High performance java mining pool engine

Quote from: Matthew N. Wright
Stop wasting the internet.
Tx2000
Full Member
***
Offline Offline

Activity: 182
Merit: 100



View Profile
June 21, 2011, 03:25:55 AM
 #20

Well this should be interesting
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!