Blog

Hacker Vs. Security Professional

Defcon.org, 29 – 31 July, Las Vegas, NV. $80.00 admission @ Alexis Park

Convention of hackers, crackers, programmers, security pros, black hats, white hat, gray hats the entire spectrum of security technology freaks converging on one location to discuss their favorite subject.

Once a year I am encouraged to go to numerous Security Conferences most of which turn out to be usless infomercials where vendors a trying to sell there plug in security solutions.

There are very few that have really been of value. Defcon is by FAR the best. Since it is a hacker convetion I often have trouble convicing the Government of its worth. It is good to know that FBI, CIA and possibly the NSA don't hold the same view as the Agencies I have worked for.

I can not stress the value of Defcon to Security Professionals enough.

Martin McKeay has a great site on Security issues. We discussed what the word “hacker” conveys to most people.

The original meaning of hacker was that of a technical savvy person creative enough to come up with work arounds, fixes and find vulnerabilities. This is what hacking still means to me. It is my personal oppinion that this is where you seperate the men from the boys. Hacking, in the traditional sense of the word, is the true gauge of technical skill and understanding.

These days the meaning of hacker, and hacking in general is used to address the activities of cybercriminals, or black hats. Martin and I disagree with the direction that the concept is going.

Unfortunately, his view is what most “security professionals” and the general public currently think of the whole concept of hacking, that is is criminal behavior. That is ignorant.

But, no matter how you define hacking or hackers, it is the duty of ever one who calls themselves a security professional to know the practices and mind set of a hacker, criminal or otherwise. It is like a detective or a profiler. The best detectives, investigators and profilers have an understanding of why criminals do what they do. In this same way, it is imperative that the Security Professional understand the techniques and mindset of every shade of hacker, black-white hat.

Which investigator will understand a thief better, the one with a PHD in criminology or the investigator who used to be a thief?

If the security professional doesn't know how to exploit there own systems, how effect is that security professional… And if MOST security professionals can not exploit ANY system, what does it mean to be a system security professional?

Martins Comments:

I love the 'Hacks' books from O'reilly. They've probably done more to regain the original meaning of hack and hacker than all of the protests by security professional combined. I have 4 or 5 of the 'Hacks' books sitting on my work and home bookshelves. Have you checked out Make magazine? (http://www.makezine.com/)

I wish we could regain the original meaning of the word, but I fear it's a pointless battle. To the average Joe in America today, hackers will always and forever be the evil creators of viruses and trojans. Not that Joe could tell the difference between the two.

I don't know if you remember it, but last year the guy who wrote the Sasser and Netsky viruses was hired by a German AV company (http://www.enn.ie/news.html?code=9554015). I know at least one German CISSP who was very upset at this idea, and let them know it. I also seem to remember that his employment didn't last long, but I couldn't find a link to that news. So at least one company was willing to hire a hacker knowingly and publicly.

People don't want to have to worry about the complexity of the shade of a hacker. Black, gray or white hat, if you say you're a hacker, they assume you're after their bank account number. I'll stick with calling myself a Security Professional, rather than trying to borrow from the 'hacker mystique' for publicity.

Posted by Martin at June 1, 2005 01:15 PM

ME:

McKeay.. great blog,

I was at Barnes & Nobles the other day looking for Kyle Rankin's book, Knoppix Hacks and I noticed hacking is quite the buzz word. It seems every conceivable category of Information Technology now has a book followed by (or proceding) the words hack, hacking, hacker's guide ect. O'reily has a whole series on hacks (great books): http://www.oreilly.com/hacks/

There is even a book called, “Understanding God's Will: how the HACK the equation” — (Not from O'reily)

I believe the reason for this is because hacking is cool. Its like the new and very necessary quick fix tool among this era of information overload and technical bombardment.

Many of the most famous and infamous player in this new Information Age have been Hackers. Just to name a few: William H. Gates III, KBE, Blake Ross (19 year old creator of FireFox), Linus Trivalds, Klaus Knopper (creator of Knoppix), the Woz, Paul Allen, Kevin Mitnic, Jeff Moss (creator of Defcon), all the creators of Unix, Bill Joy…

The word hacker has been hi-jacked. Its real meaning has been… hacked. That is why I was over joyed when I was introduced to the Certified Ethical Hacker certification. I have yet to take the cert. I plan on using the CISSP to prepare me for it… it is difficult from what I've seen in the Sample tests. I hope this cert gains enough credibility to take the concept of the true hacker back in mind of the Business owners.

I went to Defcon in 2003 (11 I think) and I learned a lot there. For one thing, not all hackers are evil Sasser Worm creators or apart of the “Hang Up Team” (a truly, TWISTED bunch of Russian hackers). Many of the Hackers speaking were hackers in the original since of the word. In fact, they were do-gooders! They would find exploits and try and report them imediately to the owner of the software or hardware. The biggest problem was that they companies like Microsoft and Oracle would not listen to them. They are often refered to as Gray Hats. Almost like vigilantes, where as White Hats can be considered people like you and me (mercenaries working for companies), and Black Hats just cyber criminals.

I think the concept of what a hacker is is being transformed. Why a company would hire an Internationally know Black Hat and publicize it is, to me, not smart money. I bet it would even negatively effect the stock.

June 2, 2005
Content Revolution

June 2, 2005
This Week In Tech: Episode 6 Outline

With Leo Laporte, Patrick Norton, Robert Heron, David
Prager, Roger Chang, Yoshi

Contacting the
TWIT SHOW
www.ThisWeekinTech.com
Skype handle: thisweekintech
(206) 339-TWIT through K7 (Seattle)
Questions@thisweekintech.com
TWIT Blogs

Intro.

Kevin lost in Canada

ITEM #1 GOOGLE

Steve Baumer says “google is a one hit wonder”
Will Google filter their info for China like Yahoo?
Google Portal
Google maps + Craig’s list = badass
Google Suggest
Google Ride finder
Microsoft employees going to Google
Working at Google Labs
GoogleOS?

ITEM #2 David
Prager on 3G

3G system on CDMA back bone
EDVO to do Webserver

ITEM #3 YAHOO
Music

Unlimited downloads for $5/mos (sue THAT, RIAA)
Statutory File traders treated worse than child molesters in

     prison
Yahoo! Music vs. iTunes
Video iPod?
Wireless headphone, WMA iPod
Hilary Rosen

David Prager – Ratings up on Attack of the Show

ITEM #4 ROGER
CHANG on E3

Roger Chang’s adventures setting up the GameSpot booth at
   E3
Xbox 360 infomercial
Nintendo announced the Nintendo “Revolution”
Console hype
Xbox 360 (3 3.2GHz + 500MHz ATI) vs. PS3 (Cell Processor
3GHz)
Xbox release this fall
PSP Sales

TWIT Console Picks
(Xbox 360 or PS3):

Robert Heron PS3
Yoshi Xbox
Roger Xbox (MicroSoft Media extender)
Patrick PS3
Leo Xbox

DVD Wars
Blu Ray in PS3
What will studios put their media content on?

ITEM #5 QUESTION
Brendan, MD Will PS3 have iTunes (will it be a media Coverence device), will this be a
threat to Rental services such as Netflix and BlockBuster?

Would have to use storage.
What storage will PS3
    use?
Microsoft’s Strangle hold on online Distribution

ITEM #6 QUESTION Carrey N.C.
Early online release of Revenge of the Sith and resulting success undercut the
MPAA position on online movies?

Star Wars 50mil in first Week!!
Discussion of fans and quality of DVDs

ITEM #7 QUESTION Dorthy [TWIT icon designer] 10-20 year
vision of technology impacting everyday life (positive and negative)?

Negative:
Patrick – Terminator
Roger – Mad Max
   Rich will get Richer and Poor will get Poorer

Positive:
Robert – Huge TV’s at great prices (Max Headroom?)
   Nano tech very bad or very good
Leo – Biotech will be bigger than

ITEM #8 TWIT PLUGS

Yosh & Robert
        From the shadows
        Fromtheshadows.tv – real Jedis, wifi mod

Patrick Norton
        Extremetech.com
        Extremeipod.com
        [cut the TWIT cast to 8-track and vinyl]

Leo Laporte
        Leo World Tour in Athens,
Ohio [South East
        Ohio Macromedia
User’s Group]

Roger Chang
        Still on GameSpot

ITEM #9 KEVIV ROSE’s
BIG ANNOUNCEMENT

Leaving G4 to head up small production company and
    conquer
IPTV
Kevin’s start on the Screen Savers
Connection with Alex Albrecht
What happened the day they laid off Alex, Yosh and
     Robert?
Why was the Screen Savers name changed to Attack
     of the Show?
What do Leo & Kevin think about Attack of the
      Show, Kevin Pereira and the G4 crew?
http://thebroken.org
http://systm.org

Leo and Kevin Rose covered in Bear grease

ITEM #10 THE MAN
TRYING TO KEEP US DOWN!

All the TWITs have hands in the IPTV
Man never understood tech
Remember Napster

ITEM #11 IT’S A
BOY! MINI YOSH

The future is here.
Its just not evenly distributed yet.—William Gibson

Contacting the
TWIT SHOW
Skype handle: thisweekintech
(206) 339-TWIT through K7 (Seattle)
Questions@thisweekintech.com
Leo@Thisweekintech.com
Kevin@Thisweekintech.com
Robert@Thisweekintech.com



Is the KitKat Club a Canadian strip club? Enquiring TWITS want to know.

May 30, 2005
This Week In Tech: Episode 5 Outline.

Get this podcast at http://www.leoville.tv/bt/

Featuring: Leo Laporte, Kevin Rose, Patrick Norton, Robert Heron, Yoshi Herrerra

Intro.

Drinking Caffeine

How many TWIT Torrents are being downloaded?

Contribute to the TWIT. Donation will go toward the new equipment for the next show

Roger Chang & David Prager with E3 Update on Episode 6.

Patrick Norton on Security Updates

Firefox – big updates

Itunes – has buffer overflow

Mozilla 1.4 – mozilla.org/security

Firefox has more exploits than I.E.? What do the TWITS use?

Xbox 360

20 Gig hard drive, 3 Powerpc processors + 500MHZ ATI processor

Xbox 360 coverage on Mtv

The TWIT comment on the future gaming systems

Contacting the TWIT SHOW

Skype handle: thisweekintech

(206) 339-TWIT through K7 (Seattle)

Questions@thisweekintech.com

ITEM # 1 – QUESTION: Aaron, Maine Hardware Hacking Resources:

Kevin’s overclocked toothbrush

Aaron asks for TWITS recommendation on Resources

Yoshi gives advice

Google “how to soder”

And other resources will be posted on his blog

ITEM #2 – BATTLESTAR GALACTICA – BITorrent vs. Traditional Broadcasting

Early release of BSG online actually

         increases fan base!

SourceForce Project – Broadcast

         Machine  (Beta)

Bittorrent to create a “Television

        Station” with your computer

        Participatoryculture.org

Motion Picture of

       Association of America

       (MPAA) Taking action against

       Bitorrents

Robert Heron on projector technology and digital delivery systems (1080P)

       Star Wars Revenge of the Sith

ITEM #3 – QUESTION Johnathan, NY –Who will the win in the DVD format wars? Will the Standard unify into one?

            Remember to turn off your TV

                 before you ask questions, you

                 TWITS

            Sony vs. Toshiba (HDDVD vs. Blu

                 Ray)

            Multi format drives



ITEM #4 – Leo does best impression of BILL GATES Comments on IPOD

            MP3 player battle (Sony vs. Nokia

                vs. Apple)

            Video IPOD??!!

            Leo played volley ball with Steve

                 Job’s

            Apple and Sony flirting



ITEM #5 – QUESTIONS [TWIT Soldier] Philip, AUS – What do I encode with?

            Getting the right bit rates, right

                 resolution and quality

            Nero Divx, XVid and others

Some one needs to hack the PSP

Quicktime Pro (recommended)

ITEM #6 – QUESTION [TWIT Soldier] Ashley, UK – What components do you recommend for building a PC for gaming and high res. Graphics editing?

            Kevin’s picks

            Yoshi’s picks

AMD Mobile

Robert Heron’s builds

Patrick gives advice on purchasing

video card for graphics editing

Magic Bullet plug-in and faster

   rendering

Awaiting the Direct X upgrade

ITEM #7 – QUESTION [TWIT Soldier] Tristen, ILL – What kind of processor will the computers of the future use?

            Intel’s optical chip proto-type

            Leo on the Play Station 3’s Cell

            Processor, Distributed Processing


and next generation processing

ITEM #8 — QUESTION [TWIT Soldier] Mike, Fl – What is everyone looking forward to at the E3?

            Roger will give a report on E3 next

              week

ITEM #9 — Release of the Systm – 23^rd May Release date

ITEM #10 – QUESTION [TWIT Soldier] Is the PSP worth buying?

            Portable gaming device that is

            highly hackableRead feeds



This Week in Tech is financed by donation from listeners like you.



The best way to predict the future… invented yourself. – Leo Laporte

Contacting the TWIT SHOW

Skype handle: thisweekintech

Phone: (206) 339-TWIT through K7 (Seattle)

Questions@thisweekintech.com

Leo@Thisweekintech.com

Kevin@Thisweekintech.com

Robert@Thisweekintech.com



May 28, 2005
Review of ROTSS Episode 2

I saw episode 2 of the ROTSS which is now called TWIT or This Week in Tech. I think it is a great show. It is like the Screen Savers to the 2nd power because you've got Leo Laporte, KRose, Patrick Norton, and Robert Heron (even Dovorak show up, kind of).

I listened to the podcast right after seeing Systm. Systm is great but it doesn't give me the feel of being the Screen Savers. TWIT definitely delivered. They talked about Hitch Hiker's Guide the the Galaxy, they talked about the trailer for Serinity. They went tech and discussed Long Horn and OS X and some old formats that didn't work. They talked about Digg.com and boxedthoughts.com. They even took a couple of audio emails. I am impressed. I will be surprised if no one picks these guys up to do another Screen Savers like show. Unfortunately, the best candidate would be G4TV.

You know I don't have anything bad to say about any of the tech show (Broken, Systm or TWIT). I guess it would be like a starving man complaining about a cracker. There is such a void on TV when it comes to actual tech. Yet its the Information Age and our reliance on computers and the Internet continue to grow exponentially at scary proportions. It will always amaze me that G4 did not take advantage of the existing market that was held by TechTv. It has pushed us all completely on line to get the content we crave. The original crew have really formed a bond with their viewers that is begining to approach Trekie level… o.k. maybe not that crazy.

p.s. thebroken kicks TWITS ASSSS!! They just need to get Leo Laporte on there. Get Leo in some fly Pimp Gear, put a hoe on each arm and them let him school us on Mac hacking. That would be the SHIZNIT!

May 27, 2005
Review of the Systm (the bittoreent)

I'm a huge fan of the old Screen Savers show. I had recorded
all the last (and in my oppinion) the best Screen Savers shows that
featured the HILARIOUS Alex Albrech and Tech Talented Kevin Rose.
The show was out of control. I laughed out loud on every single
show. I thought they'd finally established a groove and you could
feel it in the voice and reaction of the fans that were screamed in the
audience and callers.

And then my wife erased all the files from my DVR which I planned on downloading and keeping forever… Why… Why, honey.

I eventually got over it. But then out of the
blue G4, fired half the original crew and hired geek gamers
and gear whores from like three other shows. WTF. That
asian chick is kinda tasty [some kinda of freaky asian fetish I have]

but those other pukes
make me want to turn off the TV. Kevin Pereira has become
the face of all things unholy. For me he represents the end of
the Screen Savers. I know its not his fault, but someone must
suffer for this atrocity.

What followed was scandalous. They changed the whole format of the show and nuked Screen Savers.
Attack of the Show was born. It was like seeing Anakin Skywalker
get sedused by the darkside. I felt betrayed.

But now there is a New Hope. The first Systm show is pure, unforgiving, hardcore tech. Kevin Rose and Dan Huard host the show in a smooth, effective rythm that leaves you hungry for more.

In there first show they talk about WarSpying, something they
covered briefly on the Screen Savers. These geeks actually tell
you how to create a hand held WarSpying device that you plug into
your car to drive around and pick up unencrypted Video feeds from CCTVs
in peoples homes and commercial establishments. I will admit I
thought is was Geeked OUT! But whenever people start breaking out
the soder sucker and microchips my eyes start glazing over.
Electronics is TOTAL magic to me. But the message is clear.. get
CCTV, home and commercial security cameras with built in
encryption.

It was a good show. Kevin once again shows his amazing skills
in producing quality, quality content leaning toward my one of my
favorite subjects, security. If you are a fan of the old Screen
Savers and you're a TRUE geek you will love Systm.

p.s. theBroken kicks Systms ASS, but I ain't one to gossip.. so you ain't heard that from me.

May 27, 2005
Security+ Authentication Methods Explained: Kerberos, CHAP, Certificates
Authentication and Crypto are two of the hardest subject for me. So I've tried to break each one down in terms I can understand. I've only gotten up the Certificates. I'll finish the others soon.

1.2 Recognize and be able to differentiate and explain the following methods of authentication · Kerberos
· CHAP (Challenge Handshake Authentication Protocol)
· Certificates
· Username / Password
· Tokens
· Multi-factor
· Mutual
· Biometrics

The following definitions are necessary to understand the different methods of

Authentication:

Authentication: Verification of person who created or sent the data and the integrity of the data.

Data Integrity: Assurance (confidence) that the data created or sent by an authenticated person has not been corrupted and/or tampered with, data is in original form.

Principal: Authenticated person.

Peer: client or user trying to get authenticated

Verifier : server or application approving the principal. CHAP term is “authenticator.” These terms are used interchangeably.

Hackers tools make it very easy to “sniff” out passwords and logins over a network or computers and allow unauthorized programs or users to impersonate authorized users. That is why authentication is so important to computer security.

Kerberos

Kerberos was created in the ’80 by MIT’s Athena Project. Kerberos is a distributed application that works over a network. A Kerberos client acts on behalf of the principal to authenticate with a verifier without exposing the users data to hacker tools.

The Kerberos client sends encrypted messages to the verifier. These messages are time stamped and sent using Kerberos protocol. Kerberos protocol is based on the Needham and Schroeder authentication protocol. The current implementation of Kerberos uses Data Encryption Standard (DES).

CHAP (Challenge Handshake Authentication Protocol)

The CHAP authenticator (a.k.a verifier) randomly sends “challenge” message to the peer (a.k.a client, or user). The responses with a value that calculated by running the “challenge” message through a one way hash function (using MD5). The authenticator checks the message against its own calculations.

CHAP replaces Password Authentication Protocol (PAP) which sends logins and passwords CLEAR TEXT over the network. Upon initial connection between peer and authentication CHAP is used and maybe used over and over again as the authenticators sends random challenge messages.

The disadvantage is that the challenge message is sent in plain text allowing a hacker to possible capture the data and do a Man in the Middle attack.

Certificates

Certificates are used a lot on web pages with a need for strong security. Certificates are based on two or more people or groups using a trusted third party to confirm that each of the two parties are who they claim to be. Certificates provide public-key infrastructure (PKI) solutions. Certificates are provided by Certificate Authorities such as thawte and VeriSign. These, and other Certificate Authorities, act as a third party issuing Private keys to organization, groups and/or persons and confirm the identities of by verifying the issued private key with a public key. Usually Certificate Authorities us a secure method of communication called Secure Socket Layer (SSL) to send and receive messages. SSL was developed by Netscape. SSL uses a private key to encrypt data over the SSL connections. Secure Http is an alternative to SSL. Public keys are not need for S-Http or SSL. When a secure session is occurring when the URL turns from HTTP to HTTPS.

Issues digital IDs to enable authenticated, 128-bit SSL encryption that secure e-commerce and online payments across the Internet.

References
1. Neuman b. & Theodore T. Kerberos: An Authentication Service for Computer Networks. USC/ISI Technical Report number ISI/RS-94-399. http://www.isi.edu/gost/publications/kerberos-neuman-tso.html
2. Simpson W. PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994 (RFC1994). Internet RFC Archives. August 1996 http://www.faqs.org/rfcs/rfc1994.html
3. Karve, Anita. SSL and S-HTTP: Secure Communication over the Internet. 1 Jan 1997. Networkmagazine.com
http://www.webopedia.com/TERM/S/SSL.html
May 26, 2005
Importance of applying security to your system

This is an update on my first post about the removing the trojan called smithfraud. I help my friend get rid of the trojan and had the system purring, but shortly after he got back on the Internet with no protection and got hacked again. This time worse then before. Not only did he get smithfraud AGAIN but he got some crap I never even heard of. I may have to wipe his entire hard drive.

I constantly tell him how important it is to secure your system even if your on dial-up. Just having Sp2 for XP is not enough. I recommend at least a firewall.

If you have a broadband connection check out my walk through on securing broadband Internet connections.

May 26, 2005
Common Criteria, the Rainbow Series and Windows 2K

Windows 2000 was awarded the Common Criteria Certificate. This
is the first Microsoft Operating System to receive such a prestigious
certification putting it on the same level as SecureOS Solaris Unix,
both built on an operating system that has been around for over thirty
years. This document will explain what the Common Criteria Certificate is, how a vendor achieves it and why a vendor would want it.

Common Criteria is based on the idea of a sound way of evaluating the security of an operating system. Common Criteria has evolved over the years. Security evaluation criteria goes back to the ‘70’s. The
first standard for this criteria was published in the United States
Trusted Computer Systems Evaluation Criteria (TCSEC), the “Orange Book.” It was published in 1985 by the National Security Agency. Europe
came up with similar standards in an effort to create an international
standard called Information Technology Security Evaluation and
Certification (ITSEC) in 1991. This led to the CC Editorial Board (CCEB) which was formed establishing globally recognized standards for security evaluation (dinopolis). Each country has its own organization that enforces and advertises these international standards. In the United States,
both the NSA and the National Institute of Standards and Technology
meet the security and testing needs of Information Technology producers
and consumers. They do this through a joint program called the National Information Assurance Partnership (NIAP). The responsibilities of these organization are outlined in the Computer Security Act of 1987 (epic).

In order for a vendor to be awarded the Common Criteria Certification it must pass all required tests for a security certification accepted in 15 countries. There
are three parts to the CC: 1) Introduction and general model, is the
introduction to the CC. It defines general concepts and principles of
IT security evaluation and presents a general model of evaluation. 2)
Security functional requirements, establishes a set of security
functional components as a standard way of requirements for Targets of
Evaluation (TOEs). 3) Security assurance
requirements, establishes a set of assurance components as a standard
way of expressing the assurance requirements for TOEs (CRYPTIC).

Common Criteria is essential particularly in these times of heightened Information security awareness. The CC Certification is verification that the operating system has met a specific level of security. Consumers
are more likely to purchase an operating system that is internationally
accredited than one with just a good reputation.

This certification took Microsoft three years and millions of dollars to attain. Very few companies have the time, money and resources to reach this level security. According to Microsoft they obtained the Common Criteria “because its evaluation and certification process helps consumers make informed security decisions (Microsoft).”

Works Cited

Dinopolis. Common Criteria History. 11 May 2001. http://www.dinopolis.org/documentation/misc/theses/hhaub/node78.html

NIAP. Common Criteria Evaluation Verification Scheme.

http://niap.nist.gov/

Electronic Privacy Center. Computer Security Act of 1987. http://www.epic.org/crypto/csa/

Microsoft. Windows 2000 achieves the Common Criteria Certificate. 29 Oct 2002.

http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/cccert.asp#top

Radium. The Rainbow Series Library. 28 June 2000.

http://www.radium.ncsc.mil/tpep/library/rainbow/

Digg This

May 26, 2005

I finally found Cat Schwartz or Kat Shwartz

The reason I haven’t been able to find Cat Schwartz is because I’ve been spelling her name with a “K” Kat Schwartz. My graMARr and speling Good, it is not.

Silly me. Shes at ~~Catschwartz.com [dead and gone]a pretty cool blog~~ hi tech mommy. I feel so empty now that I’ve found you Catherine.

I know I should be happy but the guess I let the obsession of finding you fill me for so long that it began to comfort me. Wait… perhaps I can meet you in REAL life. Just kidding Cat, I’m not really psycho. Or am I?

Contact Cat:

~~TheTechChick@gmail.com[dead?]~~

Cat Schwartz Obsession:

http://tv.groups.yahoo.com/group/Catherine_Schwartz_Fan_Club/

Catherine_Schwartz_Fan_Club@yahoogroups.com

Catherine_Schwartz_Fan_Club-subscribe@yahoogroups.com

~~Old Cat Schwartz Pictures:~~

~~http://waltv.allisonboring.com/gal~~le~~ry/Celebrities_and_Non_Performing_Musicians_1/KatSchwartzMorganWebbTechTV~~

~~http://canuckradio.f2o.org/gallery/categories.php?cat_id=4&sessionid=4bbc3b33bf12bb0411351c60917e10c1~~

May 25, 2005