|
eames posted:So this article about "badBIOS" over at arstechnica... please tell me that is a hoax? The key thing is that this is pretty much impossible to spread on a wide basis, due to the fact you have to know very specific hardware attributes in order for it to function on a wide range of target computers. Hell, the sound thing for one simply won't work in places where there's sufficient environmental noise, or sufficiently poor quality speakers. It's the kind of thing where if it's going to be deployed anywhere, the person attacking already has knowledge of all the hardware details of the target facility.
|
#
?
Oct 31, 2013 19:07
|
|
|
|
| # ? Apr 30, 2024 21:35 |
|
|
Install Windows posted:The key thing is that this is pretty much impossible to spread on a wide basis, due to the fact you have to know very specific hardware attributes in order for it to function on a wide range of target computers. Hell, the sound thing for one simply won't work in places where there's sufficient environmental noise, or sufficiently poor quality speakers. So why the hell was it deployed on a security researcher's laptop of all places?
|
|
#
?
Nov 1, 2013 00:01
|
|
|
KillHour posted:So why the hell was it deployed on a security researcher's laptop of all places? I have a feeling there is a simpler explanation than some uber-virus infecting this guy, but theoretically government intelligence agencies would be very interested in getting zero day vulnerabilities before security researchers made them public.
|
|
#
?
Nov 1, 2013 00:07
|
|
|
KillHour posted:So why the hell was it deployed on a security researcher's laptop of all places? Why wouldn't it be? Isn't that the most logical place for a very difficult to set up attack to be tried?
|
|
#
?
Nov 1, 2013 00:38
|
|
|
Crossbar posted:I have a feeling there is a simpler explanation than some uber-virus infecting this guy, but theoretically government intelligence agencies would be very interested in getting zero day vulnerabilities before security researchers made them public. Perhaps because it's Halloween and it's a themed joke article?
|
|
#
?
Nov 1, 2013 06:42
|
|
|
Shalhavet posted:Perhaps because it's Halloween and it's a themed joke article? Except the Twitter account is of a famous person in the industry and has been running for a while now.
|
|
#
?
Nov 1, 2013 13:59
|
|
|
Install Windows posted:The key thing is that this is pretty much impossible to spread on a wide basis, due to the fact you have to know very specific hardware attributes in order for it to function on a wide range of target computers. Hell, the sound thing for one simply won't work in places where there's sufficient environmental noise, or sufficiently poor quality speakers. Audio networking is actually a surprisingly robust technique that has significant commercial applications/implementations. I'm sure it's not perfect, but it's pretty good. http://www.engadget.com/2012/06/13/yamaha-and-fuji-tv-make-infosound-apps/ https://sonicnotify.com/ http://lisnr.com/ You can of course trade off bandwidth for reliability if necessary. Operating in low-SNR environments is a firmly established problem. This virus isn't uploading HD video, it's probably dial up speeds at best. Like Yamaha Infosound: 80 bits per second, with a range of 33 feet. It's more than enough to get nuclear_program_timetable.xls to the right people. It is indeed a very technically impressive exploit if this guy's right. The virus is apparently integrated at basically all levels from probably the firmware level to the UEFI BIOS all the way up to the operating system, across a variety of hardware, across a variety of operating systems, across any available communications channels (IP, bluetooth, audio networking) including some very unusual modes. I can't look at that and not think "state sponsored". I mean think about the act of reconstituting itself after a BIOS flash. There has to be some bare metal firmware exploit to get the audio packets (he speculates the peripheral controller), which probably then find another active infection and get a copy of the BIOS virus, which then probably reloads an OS hack. That's pretty analogous to the OS bootstrapping procedure right there. And there's probably many similar solutions, like the high-level program maintaining a database of exploits to help bootstrap the BIOS/bare metal across various communications channels (hence the "acts like it's connected to the internet" bit). Paul MaudDib fucked around with this message at 16:26 on Nov 1, 2013 |
|
#
?
Nov 1, 2013 15:40
|
|
|
Yeah, the "communicates with sound" bit isn't the impressive bit. I can speak to my tablet and have it translate my English words to text with over 95% accuracy; it should be fairly simple for a virus to read binary digits sent by another machine. For a virus to attack multiple disparate platforms at the firmware level is the part that sounds fishy; you'd need a government backing you to pull that off, and I'm pretty sure they'd keep it away from security researchers at all costs.
|
|
#
?
Nov 1, 2013 17:21
|
|
|
dpbjinc posted:Yeah, the "communicates with sound" bit isn't the impressive bit. I can speak to my tablet and have it translate my English words to text with over 95% accuracy; it should be fairly simple for a virus to read binary digits sent by another machine. For a virus to attack multiple disparate platforms at the firmware level is the part that sounds fishy; you'd need a government backing you to pull that off, and I'm pretty sure they'd keep it away from security researchers at all costs. This first requires your virus to know how to interact with all the neccesary audio hardware while in the EFI/BIOS stuff without the benefit of standardized drivers at the OS level. It would be trivial if this was proposed to be simply a Windows or OS X virus to have access to it and not need extensive work on the writer's side to ensure it supports everything. That's completely different at the EFI/BIOS level. Paul MaudDib posted:Audio networking is actually a surprisingly robust technique
|
|
#
?
Nov 1, 2013 17:52
|
|
|
There's a slightly less hyperbolic explanation here, with a few slightly different takes on Dragos' analysis and thoughts on the practicality. I kind of disagree on his analysis that the relatively known nature of the exploits themselves means it's not a state-sponsored virus. It's not the exploits themselves that are terribly new, it's the fact that they're all tied up in an extremely persistent top-to-bottom rootkit that can target incredibly broad swaths of hardware/software and is obviously espionage-oriented given that it's designed to jump airgaps and stuff. I mean sure people build botnets all the time, but you generally don't write an OpenBSD virus to do it. At a minimum it's probably an industrial espionage tool. And yeah, it would be somewhat trickier since you'd be working at the bare-metal level. You can't exactly just pop open Audacity inside the audio chipset, but signal processing is the whole reason we have audio chips in the first place. The BIOS isn't the only point of vulnerability here, you could also attack the peripherals themselves, or perhaps the southbridge. Paul MaudDib fucked around with this message at 21:20 on Nov 1, 2013 |
|
#
?
Nov 1, 2013 20:49
|
|
|
jesus christ that's horrifying
|
|
#
?
Nov 1, 2013 21:12
|
|
|
I hope whoever wrote it put a killswitch on it, so on some arbitrary day it melts away into the ether 
|
|
#
?
Nov 1, 2013 23:21
|
|
|
everyone knows america will be around forever, so I'm sure there's no reason DARPA would put a killswitch in it...
|
|
#
?
Nov 2, 2013 00:51
|
|
|
Do you guys actually believe this exists, or are you trying to troll would-be readers of the topic? Not only is what is described physically impossible, but WHY it is impossible is explained diligently in the actual article, such that people "in on it" can snicker to themselves at their cleverness. i.e. it's a pretty basic troll. e: The more I look at it, the more I think the guy is trying to "out" people who write about computer security, but who lack the basic knowledge needed to instantly out this as nonsense. Presumably to have a presentation at PacSec of people who bought it. e2: Best comment on this so far "He really DOES have some bridges to sell you, he tweeted about them" Khablam fucked around with this message at 01:19 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 01:04
|
|
|
Khablam posted:Not only is what is described physically impossible, but WHY it is impossible is explained diligently in the actual article, such that people "in on it" can snicker to themselves at their cleverness. i.e. it's a pretty basic troll. quote:So it turns out that annoying high frequency whine in my soundsystem isn't crappy electrical noise that has been plaguing my wiring for years. It is actually high frequency ultrasonic transmissions that malware has been using to communicate to airgapped computers... one "ghost" located at least. And now we know how the "hypervisor" functions, its probably stored in the realtek firmware, and thats one of the ways it survives reinstalls and BIOS reflashing. Off to find tools to dump the RealTek audio chips, and to try to find clean firmware to compare it to. Haven't ruled out video firmware yet, either. I suppose there's multiple ways you could take that. A, dude's faking it (how would audio frequency transmissions cause a signal in a stereo?), B, he actually has had a schizophrenic break, C, he's right or it's in some other local chip. He does claim to have released some files that differed on a clean install. Although it could be something like a different driver set. quote:
Paul MaudDib fucked around with this message at 01:34 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 01:19
|
|
|
If I told you I had some magic diesel that could make trains fly, would you believe me? If I then released chemical tests that showed my diesel was different to other diesel, would you believe me? If I then made patsy accounts on Reddit, claiming to have seen flying trains, would you believe me? No, because your existing knowledge of the impossibility of the claim prevents you from believing it. In this case, any computer security professional should react in the same way; the claims are simply impossible, and I shouldn't need to explain away every single one (though people have if you spend a couple of moments to look) since they're on the same level of absurdity if you have the pre-existing knowledge. I'm pretty sure he's angling to get some good bites to use as a warning about who we choose to listen to over issues of computer security, because there's some frankly awful reporting on it both within the field, and in the wider media.
|
|
#
?
Nov 2, 2013 01:26
|
|
|
Ahahaha, loving seriously. Malicious binary code transmitted via whalesong. Does anyone really need to check if it's a hoax? Really?
|
|
#
?
Nov 2, 2013 10:23
|
|
|
I — as a complete layman — find it fascinating to think about the technology behind that. For example ultrasonic networking which is something I never thought about before. Either way, I don’t think anybody but a government could pull this off on such an extremely low level in the device and even then it would have to be very specifically targeted. But if you would have told me five years ago that the US has the ability to tap into 80% of all internet traffic on the planet, I would have burst into laughter too. https://www.youtube.com/watch?v=w6lRq5spQmc https://github.com/borismus/sonicnet.js
|
|
#
?
Nov 2, 2013 12:56
|
|
|
Ultrasonic networking has been 'done' before, but as a concept it loses out hard to wifi. - less bandwidth (by many orders of magnitude, you're looking at 1/10th dial up speed in a best case scenario) - less range - more interference sources - transmit disrupts receive - ultrasonic sound equipment is massively expensive. No, your bios can't magically make your speakers with a 20khz hardware low pass start magically working ultrasonicly. Your microphone with a 16-17khz peak response frequency can't be convinced to hear ultrasound. There's very good reasons why data transmitted over a medium at millions of Hz at low power em is better than 10's of thousands of Hz at high power soundwave. It's interesting to read the responses to this, I'll be very interested ti see what happens at PacSec, which is what I assume the intention is 
Khablam fucked around with this message at 13:22 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 13:20
|
|
|
I dunno, you could probably do a low-level bootstrapper that communicates via sound. It obviously couldn't be the initial infection vector but it's plausible that it could be used to reload the virus after you try to remove it. Yeah, it sounds stupid when you call it "whalesong" but one of the most common ways to dump firmware from hardware that doesn't really want you to dump it is to blink an LED, and then you turn it to binary with a phototransistor. This is basically just that in reverse with a sound chipset and some softmodem code, which I'm sure there's plenty of floating around from the dialup era. And from the initial experiments people are doing, the "cheap hardware is not capable of ultrasound" argument kinda falls apart. A 20khz low pass filter doesn't mean it instantly provides infinity dB suppression at 20.0001khz. Here's a cheap netbook playing a 20khz tone to a nearby MacBook Air with music playing in the background.  That's just a carrier, but you can very probably find some way to modulate that slowly at a minimum. He found a ceiling of about 24khz with the setup, so there's something like 4-6khz of bandwidth there, which is quite a bit. The narrower you pack your signal, the slower the datarate gets, but you also get more bang for your wattage. 1khz is considered a very wide bandwidth signal on HF radio, for example PSK31 operates in 31.25 hz bandwidth and 25 watts can propagate globally. A whole SSB voice channel is only 2.5khz. You don't need megabits per second in every situation, and it's actually a detriment to the range and reliability of transmission. It seems like a weird "gotcha" for a security researcher to burn his reputation on. Individually the elements are plausible. ACPI rootkits exist, there are several hypervisor rootkits, and firmware viruses exist. I'm sure people have done stranger things than writing a virus for an audio chipset or a southbridge controller or something, and sure, if a security researcher of 15 years claims that he has a hypervisor rootkit that uses those as a stealth re-loader I'll entertain the thought. It's really only the tight integration and the big toolbox you'd need to successfully target a meaningful amount of hardware/software that seems implausible here, and you could fix that by throwing money at it. "AHA! That software could exist but it would be really expensive and have to be really well written!" isn't much of a gotcha. Of course one would think that in three years of working on this virus he would have some samples that he could release. Or at least some recordings of the audio stream. And the "so that hum in my speaker system is actually a supervirus" isn't confidence inspiring either. Paul MaudDib fucked around with this message at 20:01 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 16:45
|
|
|
dragos: https://www.youtube.com/watch?v=XT4ObtDs0yc
|
|
#
?
Nov 2, 2013 18:03
|
|
|
Paul MaudDib posted:I dunno, you could probably do a low-level bootstrapper that communicates via sound. It obviously couldn't be the initial infection vector but it's plausible that it could be used to reload the virus after you try to remove it. Pretty sure your post is exactly what he's trying to troll out: people with a little knowledge using it to support big, fallacious assumptions (and then pass it off as advice). If you carefully read the original post you should be able to discern the troll. As I said initially; he literally gives you all the information in the piece to debunk it as a troll, you just need to understand why each clue is there. Hiding the reasons it's a troll within the body of itself is really rather brilliant, and the people saying "each part is plausible" are missing the point in a way that is frankly artistic to behold. Khablam fucked around with this message at 20:03 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 20:01
|
|
|
I don't know what "the original article" is here. Is it the ArsTechnica one? Because he didn't (openly) write that. And I don't see anything that's truly impossible in there. I don't see anything impossible in his Google+ feed either, which is the only thing I've read direct from him. So a longtime security expert describes a plausible-sounding virus, possibly with some contradictory details (that no one has specifically named), but not enough information to really verify any of it, and we're supposed to be fools for not just instantly rejecting it out of hand? If that's really his game, that's incredibly unprofessional and proves nothing more than the fact that experts can abuse their authority. Can you imagine the CDC pulling a stunt like that? "We told everyone that we found SuperAIDS that spreads by toilet seats and you trusted us, heh, plebs  "Frankly if anything the opposite is true. Like people claiming that a 20khz low pass filter in a speaker would cause full suppression at 20khz, even in the face of easy tests you can do yourself (just tried it, sitting on my lap my laptop's lovely mic can pick up my lovely desk speakers at 20khz no problem). Sure, be skeptical, I'm not throwing out every computer in the house either. He certainly should provide some evidence of this if it exists - a recording of the audio transmission, some samples of the virus, etc. At the same time it's not impossible that someone could put their mind and some serious funding and intel into it and make something like that. Probably a state actor or organized crime or something. There's certainly an angle on how bad media reporting is. Like, it obviously can't infect your computer with sound alone, and so on. Paul MaudDib fucked around with this message at 21:48 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 20:11
|
|
|
Paul MaudDib posted:I don't know what "the original article" is here. Is it the ArsTechnica one? quote:Because he didn't (openly) write that quote:And I don't see anything that's truly impossible in there quote:the people saying "each part is plausible" are missing the point in a way that is frankly artistic to behold Start at the point of infection, explain: - What the attack vector was - What it targets - How it spreads - What / how it does it - The latter stuff about airgapping If you can't explain every process that occurs at each step, guess what - you don't understand why it's not possible. Then claiming it might be possible because you don't understand why it's not, is (I am pretty sure) exactly the point he is trying to make about people working in IT security. (as a bonus and to let you start to see what I mean: the last term is a paradox by definition - if the system can communicate with another machine in any way, it's not airgapped, making the statement nonsensical. He's smarter than you and playing with your lack of knowledge, both of terminology and process). Anyway, even before I posted today two users PMd me to tell me you'll literally believe anything you're told, so I don't suspect you'll a) Read what I wrote b) Comprehend it if it doesn't fit your world model c) Do any work to look at what I'm saying before replying again d) Will continue to ignore parts of the story that don't make sense so you can carry on believing the story as a whole If you're at the point of selectively quoting what I (and others) are writing about it in order to not be disproving your own argument in your posts, you need to take a step back and look at your motivation for holding the belief. e: I'm not trying to be a dick to you about this, I am trying to make you see why if you spend as much time looking at the basic claims as you do hand-waving away all the parts of it that you know don't add up, you'll see the truth behind it. People like believing in the big-bad and conspiracy theories, and will never examine why they ignore mass amounts of contrary, reliable evidence and believe wild suppositions built on narrative-based 'evidence' - it's pretty interesting as a concept, and him making a conspiracy theory up from scratch and watching it play out over blogs / reddit is pretty interesting from a psychological point of view. There are some very, very convinced people being very, very angry about this. Khablam fucked around with this message at 23:03 on Nov 2, 2013 |
|
#
?
Nov 2, 2013 22:50
|
|
|
Khablam posted:Yes.
|
|
#
?
Nov 2, 2013 23:10
|
|
|
Big demands from a person who apparently didn't even bother playing a tone generator website though his speakers before pontificating about how cheap hardware obviously couldn't send or receive a frequency marginally above their nominal spec. Computer viruses aren't audiophiles. No, I really doubt a researcher with 15 years in the field is going to burn up his career to make a semantic point about how if you can "jump an airgap" that means there was never an airgap to begin with. As I've said repeatedly, the proof is in the pudding. The concept doesn't seem impossible, if you ignore the cross-platform claim (difficult) and the sound modem it would be just another vicious trojan, but there's no reason to believe it exists except "he says it does". If it exists, it would be super easy to release some recordings of it communicating. Although then people would probably just fishmech out over whether he just forged a recording or something. He'd really need to post some demonstrably malicious binary to have solid proof. People have offered to buy a contaminated system to have them analyzed more thoroughly and he hasn't done that. Another approach would be producing the USB controller firmware dumps on something that would be truly different and binary incompatible with x86, maybe an ARM or 68k or PPC. Or really substantial proof of any kind. There's just not enough information to either dismiss it as a troll or accept it as real. Or the dude could legitimately be going nuts, this "virus" has been afflicting his systems more and more over the past three years yet no one else has ever seen it in the wild, people went through a BIOS dump and couldn't find anything, his writing is pretty erratic, etc. Onset of schizophrenia, anyone? If he's making legitimately impossible claims, that would explain it equally well. Paul MaudDib fucked around with this message at 02:50 on Nov 3, 2013 |
|
#
?
Nov 2, 2013 23:48
|
|
|
Paul MaudDib posted:There's just not enough information to either dismiss it as a troll or accept it as real. Or the dude could legitimately be going nuts, this "virus" has been afflicting his systems more and more over the past three years yet no one else has ever seen it in the wild, people went through a BIOS dump and couldn't find anything, his writing is pretty erratic, etc. Onset of schizophrenia, anyone? If he's making legitimately impossible claims, that would explain it equally well. Yeah, this whole thing is sounding like A Beautiful Mind or something. Yes, viruses communicating via audio are a possibility, but there is no way in hell one virus is going to infect the firmware of every machine in the room unless somebody is actively planting it. This guy is not in the middle of a government conspiracy.
|
|
#
?
Nov 3, 2013 05:46
|
|
|
Paul MaudDib posted:Big demands from a person who apparently didn't even bother playing a tone generator website though his speakers before pontificating about how cheap hardware obviously couldn't send or receive a frequency marginally above their nominal spec. Khablam posted:"each part is plausible" quote:No, I really doubt a researcher with 15 years in the field is going to burn up his career quote:to make a semantic point about how if you can "jump an airgap" I'm going to say it again - the reasons it can't work are explained in the original article. If you perhaps looked at what I suggested instead of selectively quoting parts of my post that aren't important to the whole (one last time as a freebie: each part is plausible) then you'll stand a better chance of seeing what I mean. zylche posted:You know you can have multi-stage attacks and this could just be the preservation payload right? quote:Approach with scepticism and don't take his words for the absolute truth but completely dismissing it isn't helping anyone. Even if he's taking the piss you don't just shout down anyone trying to talk about it.
|
|
#
?
Nov 3, 2013 17:34
|
|
|
In CryptoLocker news, if your antivirus deletes the infection before you have a chance to pay the ransom you can now pay 10BTC (~$2100) to find the private key via a web interface. http://www.bleepingcomputer.com/forums/t/512668/cryptolocker-developers-charge-10-bitcoins-to-use-new-decryption-service/ These guys must be raking in the cash.
|
|
#
?
Nov 4, 2013 16:53
|
|
|
Khablam posted:Stuff So instead of going on about whatever it is you're going on about, why don't you spell it out instead of "Dude, those words, read them. No, REALLY READ THEM.....!!!...."
|
|
#
?
Nov 4, 2013 17:20
|
|
|
So is the only known vector for cryptlocker still email attachments?
|
|
#
?
Nov 4, 2013 19:21
|
|
|
Had a really poo poo form of Cryptolocker today. Can't remember the exact name but it switched off all backup and internet-related services after it had fully encrypted the exchange database. Thankfully we had a cold backup for that particular site, because they never switched out the backup disk. That was erased fully. Scary stuff. It was charging $5000 too, so it's not like it was an "Oh we can just pay the $300" deal.
|
|
#
?
Nov 4, 2013 19:26
|
|
|
How in the hell did it get on a machine that had access to the exchange database?
|
|
#
?
Nov 4, 2013 19:33
|
|
|
bull3964 posted:How in the hell did it get on a machine that had access to the exchange database? The weakest link is always the people.
|
|
#
?
Nov 4, 2013 19:51
|
|
|
A virus that gets onto a domain admins machine and starts scanning the network for C$ shares would be amazing.
|
|
#
?
Nov 4, 2013 19:56
|
|
|
Raften posted:So is the only known vector for cryptlocker still email attachments? It's also now dropped by the Zeus botnet, via a few java exploits and from a couple of older trojans (the type that phone home for new payloads, like zeroaccess). sanchez posted:A virus that gets onto a domain admins machine and starts scanning the network for C$ shares would be amazing. Conficker ( I think...) had a mechanism for spreading in this way. It would brute-force them  Luckily, most of the worst-case scenarios for massively damaging payloads have been patched, or the infrastructure changed so they can't get about so easily.Like how programs running in the user-space can't communicate with the bios - especially in the case of OpenBSD, which when specifically mentioned like that was really all you should need to see the guy is trolling.
Khablam fucked around with this message at 20:05 on Nov 4, 2013 |
|
#
?
Nov 4, 2013 19:59
|
|
|
Gordian posted:In CryptoLocker news, if your antivirus deletes the infection before you have a chance to pay the ransom you can now pay 10BTC (~$2100) to find the private key via a web interface. If you already paid the ransom you get it for free at least apparently
|
|
#
?
Nov 4, 2013 21:47
|
|
|
Alctel posted:If you already paid the ransom you get it for free at least apparently
|
|
#
?
Nov 4, 2013 22:12
|
|
|
Serious Hardware / Software Crap > Post Your Favorite Malware Descriptions. I love these. I like to look up malware/adware/crapware websites and read the descriptions they have for their "products". Basically, if the words "web", "enhance", or "experience" are in the description you can be sure it is completely useless. Here's one from "Sendori". "How does it work? Sendori software works in tandem with web browsers to dramatically speed access to tens of thousands of the most popular websites. Sendori leverages routing methodologies, security and editorial directories to deliver cutting-edge name server technology." Shiiiiiiiit. That's so technical sounding it can't possibly be wrong. Here's one from Yontoo, which I notice is now discontinued: "At Yontoo, our mission is to enhance, extend and personalize everyone’s experience across all websites." There's those crapware buzzwords. But wait, that's not all it does! "We founded Yontoo to show that the Web can be so much more than individual pages. The beauty of Yontoo comes from the ability to horizontally cross the internet rather than the typical vertical website archive that you see all over the internet. Yontoo takes a backseat to the web page, still allowing the main site to be the center of attention, as it should always be." Our software is so good at what it does you may not even know that you installed it and are using it. Terrific! Sweetpaks: "Today, SweetPacks is a selection of innovative products designed to enhance our user's digital experience. With over 150 million users around the world, we offer a wide variety of fun, useful, easy to use and safe apps for your everyday use." What, is the same college intern with a thesaurus working for all of these companies? Wide variety of apps? Funny, I've never heard of or used any I don't know of anyone who (knowingly) has. Anyway, I find these amusing, so if you have any ridiculous ones, post em.
|
|
#
?
Nov 4, 2013 23:59
|
|
|
|
| # ? Apr 30, 2024 21:35 |
|
|
bull3964 posted:How in the hell did it get on a machine that had access to the exchange database? Not sure, I don't deal with that company too often. IIRC they might have refused to pay for AV.
|
|
#
?
Nov 5, 2013 00:45
|
|