Computer Forensics Case Analysis: Kucala Enterprises, Ltd. v. Auto Wax Co., Inc. February 21, 2008
Posted by timsteiner in Research.Tags: case analysis, computer forensics, e-discovery, e-evidence, electronic discovery, electronic evidence, encase
add a comment
Tim Steiner
SEC 220
02/15/08
Computer Forensics Case Analysis: Kucala Enterprises, Ltd. v. Auto Wax Co., Inc.
INTRODUCTION
There are many computer forensics products on the market today claiming the ability to recover lost/deleted files and obtain electronic evidence (e-evidence) to be used in court. Encase is a popular tool used by many law enforcement agencies to conduct electronic discovery (e-discovery) (EnCase, 2008). Technology is often defined as a double-edged sword. It can be used for great good but also can be used for great harm. Computer forensics is no exception and for every forensics tool there is an anti-forensics tool (EnCase, 2008). Evidence Eliminator is one such tool claiming the ability to defeat the Encase tool (Keys, A. 2003, p.4). What happens when e-evidence in a case is destroyed? What prevents defendants from eliminating all traces of incriminating evidence in an attempt to evade justice? These and other issues are addressed in the case of Kucala Enterprises, Ltd. v. Auto Wax Co., Inc.
OVERVIEW
The two auto care companies, “Kucala” and “Auto Wax,” both manufacture and sell a similar auto clay wax product. In 2001 Auto Wax sent Kucala a letter which stated that Kucala was selling a product that infringed the patent owned by Auto Wax (Keys, A. 2003, p.2). Kucala proceeded to file a complaint, “seeking a declaratory judgment against Auto Wax, which would declare the Auto Wax Patent invalid, and thereby allow Kucala to continue to manufacture and sell its own clay without fear of prosecution by Auto Wax.” (Keys, A. 2003, p.2). On December 13, 2002, the court granted Auto Wax’s discovery request and Kucala was ordered to produce computer files pertaining to the case. Upon forensic inspection of Kucala’s desktop computer, it became apparent that Kucala had used the computer program Evidence Eliminator on the desktop (Keys, A. 2003, p.3).
ANALYSIS
Legal Issue
The legal issue is whether or not Kucala’s actions were unreasonable. Furthermore, whether the actions were done in disregard of the court order, by deleting the files that could be used as evidence(Keys, A. 2003, p.18).
Holding
The district court concluded that Kucala’s disregard of court orders showed an utter lack of respect for the litigation process. The use of Evidence Eliminator software resulted in loss of data relevant to the case. The court found that Kucala had a duty to maintain evidence that was under their control. They were at fault for not preserving it (Keys, A. 2003, p.19).
Decision
The court recommends that Kucala’s suit against Auto Wax be dismissed. Additionally, Kucala is responsible for paying Auto Wax’s attorney fees and costs (Keys, A. 2003, p.20).
CLOSING REMARKS
In this case, any reasonable person can see that justice was clearly served. Kucala’s use of the Evidence Eliminator software seems to be a willful act to circumvent justice. There is no way of telling how much evidence was or was not destroyed by the Evidence Eliminator software. Thus, Kucala’s egregious conduct is rightfully rewarded by dismissing their claim. This a great precedent for subsequent computer forensics cases. As the use of electronic information increases, it is important to ensure that the integrity of that data is maintained. Just as there are penalties for destroying physical evidence, there must be penalties for destroying e-evidence. This will deter the use of tools such as Evidence Eliminator and ensure that computer forensics investigations can be successfully accomplished.
REFERENCES
Keys, A. (2003, May). Kucala Enterprises vs. Auto Wax Company. Retrieved February 14, 2008, from
http://www.guidancesoftware.com/downloads/KucalaVsAutoWax.pdf
EnCase. (2008, February). Wikipedia. Retrieved February 14, 2008, from
http://en.wikipedia.org/wiki/EnCase
1/4
Computer Forensic Product Analysis: HELIX February 15, 2008
Posted by timsteiner in Research.Tags: computer forensics, data acquisition, e-discovery, e-evidence, electronic discovery, electronic evidence, forensic tools, helix, incident response, open source, product analysis
add a comment
Tim Steiner
SEC 220
02/06/08
Computer Forensic Product Analysis: HELIX
INTRODUCTION
Computer Forensics products and methods are the keys to a successful forensic investigation. If the products used have not been fully tested, they may damage or destroy electronic evidence. Furthermore, it is very important to select good forensics tools; doing so can make or break a case. There are many choices of computer forensics tools, utilities, boot disks, and other software. Some computer forensics tools sell for thousands of dollars. While others are freely available open source software packages (Purchase, 2008). The focus of this paper is on “HELIX”, an open source forensics boot CD used for “Computer Forensics, Incident response, and Electronic discovery” (Helix, 2005, p.1).
OVERVIEW
Helix is a customized version of Knoppix, designed with many computer forensics and incident response applications. Helix is a Live Linux CD, meaning that it is booted directly from the CD and does not need to be loaded to the hard drive (Helix, 2005). By not being put on to the hard drive, Helix can ensure that the data on the host device is not compromised or damaged in any way. It is essential that the computer forensic tool not disturb or change anything on the host computer in order for the evidence obtained to be admissible in court. Helix claims to be forensically sound, meaning that it can be used to obtain reliable data as evidence (Computer Forensics, 2008).
ANALYSIS
Helix is released under the GNU General Public License (GPL) which makes the software freely available to everyone.
Strengths
Helix is free so the price is right. It includes many useful computer forensics applications such as Sleuthkit and Autopsy. Many organizations use Helix for incident response and forensics training. When Helix is loaded, it automatically detects the system’s hardware (Helix, 2005). Helix has a very good support for Windows where many of the other forensics boot disks do not. With Helix it is possible to image a running Windows system (Bejtlich, R. 2006).
Weaknesses
The major issue with Helix is the degree to which it touches the host computer’s hard drive when it boots (Bejtlich, R. 2006). Helix claims to not make any changes to the host computer’s hard drive (Helix (Linux Distribution), 2008). Although Helix is a popular forensics utility, there are no examples to be found of it being used in actual law enforcement to conduct e-discovery.
CLOSING REMARKS
Helix is a great computer forensics tool. It can be used to acquire a live image of a windows system, repair damaged files, data acquisition, recover a virus damaged system, change Windows passwords, look for rootkits, secure file deletion, and much more (Gleason, B.J. 2006). The Helix software package is a complete professional quality forensics tool. It is my opinion that Helix could be used by law enforcement to accurately obtain and document e-evidence. At this time I see no examples of Helix being used by any law enforcement agency. Thus, I have to conclude that a court might not accept e-evidence obtained via Helix because there is no precedence to follow. It would be better to spend the money on a commercial computer forensics product already used by law enforcement to ensure that the evidence obtained would be admissible. Electronic Evidence is only valuable if it is admissible as evidence in support of a case.
REFERENCES
Bejtlich, R. (2006, August). Forensically Sound Evidence. Retrieved February 4, 2008, from http://taosecurity.blogspot.com/2006/08/forensically-sound-evidence.html
Computer Forensics. (2008, February). Wikipedia. Retrieved February 4, 2008, from http://en.wikipedia.org/wiki/Digital_Forensic_Tools
Purchase. (2008). The Farmer’s Boot CD. Retrieved February 4, 2008, from http://www.forensicbootcd.com/con/pur.html
Gleason, B.J. (2006, March). Helix 1.7 for Beginners. Retrieved February 4, 2008, from
http://www.e-fense.com/helix/Docs/Helix0307.pdf
Helix. (2005). The Helix Live CD Page. Retrieved February 4, 2008, from
http://www.e-fense.com/helix/index.php
Helix (Linux Distribution). (2008, February). Wikipedia. Retrieved February 4, 2008, from http://en.wikipedia.org/wiki/Helix_%28Linux_distribution%29
1/3
Wireless Router Max User Review February 13, 2008
Posted by timsteiner in Research.Tags: dhcp, max user, subnet, wireless router, wlan
add a comment
Wireless Router Max User Review
I did some research and it seems all wireless routers have a limit of 253 users. This makes sense because a class C IP address with the mask of 255.255.255.0 (this is usually the default) can only allow 256 addresses, -2 for the network and broadcast address leaves 254 host addresses. And one of those addresses will router IP so that leaves 253.
The amount of WLAN users varies among routers. I found it very hard to find routers that list the max. # of users. The ones below are what I found.
1)Belkin Wireless G Router
| LEDs | Power, Wired, Wireless, Modem, Internet |
| Maximum Users | 253 (LAN), 16 (WLAN) |
| Ports | Ports 4-10/100Base-T auto-sensing and auto-uplink RJ45 ports, LAN 1-10/100Base-T RJ45 port, WAN |
| Protocols supported | CSMA/CD, TCP, IP, UDP, PPPoE, UPnP, and DHCP (client and server) |
| Range | Up to 400ft* |
| Security | WPA, WPA2, 64-bit/128-bit encryption |
| Specifications Standards | IEEE 802.11b , IEEE 802.11g , IEEE 802.3u 100Base-T Fast Ethernet , IEEE 802.3u 10Base-T Fast Ethernet |
http://catalog.belkin.com/IWCatProductPage.process?Product_Id=136493
2)IOGEAR GWA501 Wireless Broadband Gateway
price $60
Max. Users Supported: 253
http://www.overstock.com/Electronics/IOGEAR-GWA501-Wireless-Broadband-Gateway/2675104/product.html
3) Belkin Wireless G router (F5D7230-4)
Max. users: 253 LAN, 32 for WLAN.
http://pclinuxoshwdb.com/index.php?option=com_content&task=view&id=181&Itemid=63
4)3Com OfficeConnect Wireless 54 Mbps 11g Cable/DSL Router
The 3Com OfficeConnect Wireless 54 Mbps 11g Cable/DSL Router is a high-speed, affordable, and easy-to-use small office solution boasting eXtended range (XR) technology that enables up to 253 (64 wireless.
http://www.telephonestuff.com/catalog/jmp_Aastra/search.php?fs=ws
5)Netgear RangeMax DG834PN ADSL Modem Wireless Router
User Support: Up to 253 LAN users
http://www.applemac.biz/product_info.php?products_id=913&display=specs
6) 3Com® OfficeConnect® Wireless 11g Cable/DSL Router
Four 10/100 Ethernet LAN ports with Auto MDI/MDIX provide wired LAN connectivity; up to 253 (128 wireless) users can share the same cable or DSL Internet connection
http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CRWE554G72T
7)CWR- 854 Wireless-G Router
Four 10/100Mbps Switch Ports with Auto-MDI/MDI-X Provide Wired LAN Connectivity for up to 253 (45 Wireless) Users
http://www.comx-computers.co.za/download/CWR-854.htm
White Paper: Legal Liabilities of an IT Professional February 11, 2008
Posted by timsteiner in Research.Tags: availability, bolam test, calculus of negligence, cia, confidentiality, cyberlaw, duty of care, Information Security, integrity, IT Professional, IT Security, legal liabilities, malpractice, negligence
add a comment
Tim Steiner
LES 330
12/05/07
White Paper: Legal Liabilities of an IT Professional
INTRODUCTION
As an IT Security Professional your main focus is to provide confidentiality, integrity, and availability (CIA) of sensitive company and client information. This means that the information is only seen by its intended viewer, it is not tampered with, and available when requested (Bell, G. 2001). This can be a daunting task when faced with vast amounts of information that needs secured. If you overlook something, will you be held liable? What happens if you fail to properly do your job and it results in loss of intellectual property, trade secrets, or your client’s bank account information? Thus, It is important to understand the duty of care that is expected of you as an IT professional in order to avoid legal liability. This is why I have chosen to research the legal liabilities of an IT professional and give a more clear assessment of what standards apply.
OVERVIEW
A professional is defined as a person who, “has more than average skills and abilities.” When a professional is sued they are held to a higher standard than an ordinary person because they are expected to know better. Recognized professionals can be sued for malpractice while ordinary individuals can only be sued for negligence (Professional Negligence, 2007). Furthermore, recognized professionals such as doctors, lawyers, or accountants can be sued for malpractice if they fail to provide a sufficient standard of care and the results are tortuous (Malpractice, 2007). Recognized professions require practitioners to meet certain universal requirements and there is a standard certification process. Because there is no universally agreed upon certification process, there are no clear standards for IT professionals. IT professionals are currently not considered professionals in regards to legal liability and therefore not subject to malpractice lawsuits.
ANALYSIS
Since IT professionals are not subject to malpractice, only negligence suits can be brought against an IT professional. In order to prove negligence the claimant must show that there was a duty of care owed to them and that the duty of care has been breached (Breach of duty in English law, 2007). The claimant bears the burden of proof to show that there was a duty of care owed, and a breach of that duty of care caused some harm to the claimant. The court uses a test to find if the defendant was negligent. This test examines what a reasonable person would have done in the same situation (Roe v Minister of Health, 2007).
Origins
There are several cases that identify the origin of the reasonable person test. In 1837 the famous English tort case, Vaughan v. Menlove, first used the reasonable person test to find if a defendant was liable for negligence (Vaughan v. Menlove, 2007). The 1954 case of Roe v Minister of Health involved proving that a medical professional failed to meet the required duty of care. It was shown that a reasonable medical professional would not have foreseen the subsequent harm and therefore was not liable (Roe v Minister of Health, 2007). These cases set a precedence for negligence suits today.
Evolution
Since the inception of negligence cases there have been many critical changes. In 1957, the Bolam test was introduced after the case of Bolam v Friern Hospital Management Committee showed that a higher duty of care is owed by an individual with skills and abilities in excess of an ordinary person (Bolam Test, 2007). This case first identifies the professional standard of care (Standard of Care, 2007).
Current Applications
Many of the mentioned historical cases are referenced today in modern negligence cases. Currently, the Bolam test is being used to determine whether a doctor is liable for medical malpractice (Bolam Test, 2007). The “hand rule”, or Calculus of Negligence, is used today in the United States to determine the responsibility of a person to take precautions. If the cost to avoid harm is less than the cost of that harm then the precautions should be taken (Calculus of Negligence, 2007). This clearly applies to IT applications. Many precautions are taken by businesses to prevent information security loss. Using the hand rule if the cost of preventing information loss is less than the cost of losing that data, then the precautions should be taken.
ASSESSMENT
Clearly many historic cases, although unrelated in subject matter, are applicable to cyberlaw. Furthermore, many of the same rules of law that apply to written contracts also apply to electronic contracts. The liability of an IT professional is similar to that of any professional. An IT professional has more than average skills and abilities in specific areas, therefore the IT professional will be held to a higher standard than an ordinary individual. At this time there is no universal licensing of IT professionals due to the vast areas of expertise and quickly changing technologies. This is a good thing for IT professionals in terms of legal liability. IT professionals can be held liable for negligence, but not malpractice which poses a much more severe consequence.
CLOSING REMARKS
The IT professional faces many challenges to ensure information is C.I.A. while limiting liability. Liability can not be eliminated but can be mitigated through following good information security practices and procedures. If precautions are used effectively and the hand rule is applied, then risk of negligence is minimal. No policies should be a replacement for good common sense. If the IT professional is actively involved in day to day operations and notices something that could result in a security breach, then it should be addressed immediately. Paying attention to details is essential to all professionals and especially important for IT applications where security is key.
REFERENCES
Bell, G. (2001). Information Security Risk & Assessment. Retrieved December 4, 2007, from http://www.sis.uncc.edu/LIISP/slides01/Greg-Bell.pdf
Roe_v_Minister_of_Health. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Roe_v_Minister_of_Health
Vaughn_v._Menlove. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Vaughn_v._Menlove
Malpractice. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Malpractice
Bolam_Test. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Bolam_Test
Calculus_of_negligence. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Calculus_of_negligence
Breach_of_duty_in_English_law. (2007, December). Wikipedia. Retrieved December 4, 2007, from http://en.wikipedia.org/wiki/Breach_of_duty_in_English_law
1/5
Is Intrusion Detection Important? February 11, 2008
Posted by timsteiner in Research.Tags: Information Security, intrusion detection, firewall, signature detection, anomaly detection, tcp dump, ascii logging, acid, mysql, ruleset, hids, nids, snort, data confidentiality, network security
add a comment
Tim Steiner
SEC-330
Structured External Assignment
Intrusion detection is essential in today’s world of insecure networks and the need for data confidentiality is steadily increasing. Unfortunately there is only a small percentage of small to mid-sized organizations that employ host based or network based intrusion detection systems (IDS). It is no longer enough to just use a firewall and expect the network to be secure. There is a need to see what is going on inside the network and identify potential threats.
Before going any further it is important to understand what an IDS is, and why it is important. An IDS detects attacks against a computer network. The benefits to having an IDS are detecting attacks, enforcing policies, providing an audit trail, and resource justification. An IDS can detect attacks and tell if computer systems have been compromised. Internal behavior can be monitored to ensure compliance with the acceptable use policies. After the attack an audit trail can show how far an attack went and where it came from. An IDS can show just how well the firewall is working and the information on attacks can be used as justification for a firewall upgrade.
In order to decide what type of IDS to employ one must understand how the IDS detects attacks. There are a couple of ways an IDS can detect attacks on the network. Signature detection matches network traffic against a list of known signature attacks. This is effective against known attacks but may not detect newly developed attacks. Anomaly detection works by learning what normal traffic looks like and will then alert you when it sees abnormal traffic. This works great but may be high on false positives. Snort uses primarily signature detection.
Snort is quickly becoming the industry standard for network intrusion detection systems. Furthermore, it is open source and freely available. What really sets Snort apart from other NIDS is Snort’s configurability and ability to be run on multiple platforms. Snort’s configuration files can be fine-tuned to specific network architectures and custom rules can even be made. Another big factor is that Snort is constantly updated with new attack signatures.
Before installing Snort, it is important to consider what resources are to be protected and what kind of bandwidth will be monitored. If the network has a firewall and DMZ, it is common to place the Snort sensor between the DMZ network and the switch facing the internet. Snort puts a network card in promiscuous mode so it sees all network traffic. If the network traffic is too much for one Snort sensor it will drop packets increasing the likelihood of a false negative. It is important to have a Snort system that is fast enough to handle network traffic. If this is not possible multiple Snort sensors can be used. An example would be using separate Snort sensors for each subnet.
Snort can log its output in several ways tcpdump binary, ASCII logging, and logging to a database. Tcpdump binary is very fast but logs data in binary format. “There are 10 kinds of people in the world: those who understand binary data, and those who don’t.” ASCII logging is slower but easier to read. Logging to a database is a great tool for creating easy to read visual reports using additional programs such as ACID (The Analysis Console for Intrusion Detection).
The kinds of information logged are alerts that contain what kind of attack, where it’s coming from, where it’s going, and where to find more information. The actual packets of the attack will record MAC addresses, IP addresses, packet payload, timestamp, and TCP flags. Alerts to watch for are attempted-admin, attempted-user, successful-admin, successful-user, shellcode-detect, suspicious-login, attempted dos, and denial-of-service.
Once Snort is up and logging alerts to a MySQL database, other software can be utilized to see visual reports of the data. ACID is an open source analysis console specifically tailored to Snort. With ACID one can view Snort alerts according to various criteria, use information from security web site such as Bugtraq and ArachNIDS, Put alert information in graphical format, and search functions for all Snort data in the database.
So now the IDS, database, and analysis console is set up and working. Now comes the fun part, the rule set of the IDS must be fine-tuned to reduce false positives and eliminate false negatives. “Tuning Snort is like Goldilocks faced with her choices: start with the bed that’s way too big and then keep refining until its jusssst right.” There are many default rules that may be unnecessary and should be removed to increase efficiency.
In the event of a real attack, an incident response plan is crucial in getting up and running as soon as possible. It’s important to have a plan in place to respond to an attack, find out how far the attacker got, recover from the attack, and learn from the attack so that it won’t happen again. If a real-time attack is identified the attack must be stopped immediately. This can be done by pulling the network plug, or pulling the power cord. Pulling the network cable out is a quick and easy way to knock a logged-in intruder off of the system. Furthermore, it keeps programs running for further investigation and prevents the system from being the launching point of further attacks. Pulling the power cord (not the power switch) is important to preserve evidence for a court case. Using the operating systems shutdown function could cause more harm if the intruder left something behind that is triggered by a shutdown command.
Updating Snort, as with any system, is important to keep the system up to date and patch known exploits. Oinkmaster is a Perl script that downloads updated rules files from Snort.org. Snort updates, modifies, and makes minor changes daily so it can be an overwhelming job to make all the changes by hand. Oinkmaster automates the process.
The designers of Snort knew that it would not be feasible to integrate everything (administration, visualizations, and remote management) into one program. With this in mind they made Snort the best IDS sensor it could be and left the other functions to external programs. This is what makes Snort so configurable but also very intimidating. There are a lot of options to consider before setting up a Snort IDS.
REFERENCES
Scott C. (2004). Snort for Dummies
Intrusion Detection System (2007). Wikipedia. Retrieved October 17, 2007, from http://en.wikipedia.org/wiki/Intrusion-detection_system.
Network Intrusion Detection System (2007). Wikipedia. Retrieved October 17, 2007, from http://en.wikipedia.org/wiki/Nids.
Snort(software) (2007). Wikipedia. Retrieved October 17, 2007, from http://en.wikipedia.org/wiki/Snort_%28software%29.
About Snort (2007). Snort.org. Retrieved October 17, 2007, from http://snort.org/about_snort/
Snort EULA Analysis: The de facto standard for intrusion detection/prevention February 11, 2008
Posted by timsteiner in Research.Tags: confidential information, eula, gnu, gpl, hids, ids, intrusion prevention, nids, open source, snort
add a comment
Tim Steiner
LES 330
11/19/07
EULA Analysis: The de facto standard for intrusion detection/prevention
INTRODUCTION
As the IT manager of a small accounting firm, you are in charge of keeping the local network and confidential information secure from unauthorized parties. After examining the network log, you notice that there is a computer on your network sending private network data to a third party. Upon further investigation, you find that someone has hacked your network and gained access to all your private client information files including SSNs, Name, Address, and Contact information. Furthermore, you have no idea how long this has been going on or how much information has leaked out. This is the kind of nightmare an IT manager can face when proper Intrusion detection system is not implemented. Unfortunately, with the expense of such systems many small businesses opt to take that chance. Snort is an open source and freely available network intrusion detection system (IDS) that can be used to detect an attack, enforce policies, and provide an audit trail. Snort is a popular IDS that is becoming the de facto standard for intrusion detection/prevention. That is why I have chosen to analyze Snort’s End User License Agreement (EULA).
ANALYSIS
Snort is released under the GNU General Public License (GPL) which makes the software freely available to everyone. In addition to the GPL, Snort’s EULA states how the software may be copied/modified and redistributed.
Strengths
Snort includes a short and very well organized EULA. The terms of warranty and legal liability show that Snort basically offers no guarantees, and is not responsible for any problems that may arise. This is clearly stated as “without any warranty” including “implied warranty of merchantability” or “fitness for a particular purpose.”
The EULA states that if the Snort source is modified and included as part of a product offering then the source code for the resulting product must be distributed under the GPL, making it open source and freely available. In this way Snort can legally enforce its copyright to all included parts of its software and keep it from being used in software marketed under a different name.
Weaknesses
While the Snort EULA is fairly straightforward, the GPL is much more complicated and lengthy. By agreeing to the Snort EULA, the user also agrees to the terms of the supplemental GPL. This important fact could easily be overlooked by a user that quickly skims through the document. In that way the EULA could be misleading if not thoroughly examined.
ASSESSMENT
Overall the Snort EULA is complete and well organized. It offers the company protection against copyright violations and unauthorized use of Snort’s intellectual property. Furthermore, the company is protected from legal liability by offering “No Warranty” they give no guarantee that the software will work or perform its desired function. This is essential as a Snort IDS has the responsibility of protecting valuable system resources from attack. By offering no warranty, risk of being sued is mitigated in case the Snort product fails to perform its IDS functions.
CLOSING REMARKS
Although fairly straightforward and easy to understand, how many people actually read the EULA before accepting it? I know that from my own experience very few including myself even attempt to read the EULA before installing software. It usually contains complex vocabulary and legal terminology that the common person has trouble reading, let alone understanding. Thus, the EULA is very effective at protecting its own assets but offers little to no protection to the end user.
1/3
Projects
Research
Infosec
Tutorials
Subscribe to Einsteiner's Weblog by Email
