The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Fri Nov 22, 2024 8:46 pm

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 193 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8  Next
Author Message
 Post subject: Re: Re:
PostPosted: Mon Jul 12, 2010 3:35 pm 
Offline
User avatar

Joined: Fri Sep 04, 2009 7:40 am
Posts: 4281
Hopwin wrote:
Well wtf? That makes me think the forum thing was a deliberate straw-man they built into their plot so they could pull it and satisfy most of their user base.


OMG BLIZZARD IS SO AMAZING THEY LISTENED TO US AND DID WHAT WE ASKED WE LOVE THEM GIVE THEM ALL THE MONEY NOW!


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Mon Jul 12, 2010 11:30 pm 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
Darkroland wrote:
Hopwin wrote:
Well wtf? That makes me think the forum thing was a deliberate straw-man they built into their plot so they could pull it and satisfy most of their user base.


OMG BLIZZARD IS SO AMAZING THEY LISTENED TO US AND DID WHAT WE ASKED WE LOVE THEM GIVE THEM ALL THE MONEY NOW!


I hope this is snark.

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 6:29 am 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
A change of heart
Quote:
Gamers crave anonymity, so Blizzard scuttles Real ID plans

http://arstechnica.com/gaming/news/2010 ... -plans.ars

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 7:13 am 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
And yet, that article still only refers to removing the forum integration with RealID, not eliminating RealID entirely.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 8:10 am 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
Optional?

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue Jul 13, 2010 8:21 am 
Offline
Evil Bastard™
User avatar

Joined: Thu Sep 03, 2009 9:07 am
Posts: 7542
Location: Doomstadt, Latveria
Wwen wrote:
Optional?
Optional does not mean what you guys keep thinking it means.

_________________
Corolinth wrote:
Facism is not a school of thought, it is a racial slur.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 8:28 am 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
Yeah. Optional would be: "We're implementing a new system, which, if you enable it, will prompt you for your real name and blahblahblah."

RealID is "Hey, since we already had your billing information, we automatically filled in your real name into this new system. But you can tell us to promise not to tell anybody, so don't worry, your information is safe."

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Tue Jul 13, 2010 8:30 am 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
Khross wrote:
Wwen wrote:
Optional?
Optional does not mean what you guys keep thinking it means.

I don't know what anyone here think they or I think it means. Your account is associated with your account info with your name and billing info on a database somewhere already. What non-optional part of this is making your ID less safe. I don't have an intricate knowledge of how they have set up RealID. Do you?

As long as you are on the internet, you are not safe. Hacking tools are more sophisticated and require less technical expertise to use than ever. A determined individual could find all the information they wanted without searching Facebook. I'd like to know what specific flaw the RealID system presents.

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Tue Jul 13, 2010 8:34 am 
Offline
User avatar

Joined: Fri Sep 04, 2009 7:40 am
Posts: 4281
Squirrel Girl wrote:
Darkroland wrote:
Hopwin wrote:
Well wtf? That makes me think the forum thing was a deliberate straw-man they built into their plot so they could pull it and satisfy most of their user base.


OMG BLIZZARD IS SO AMAZING THEY LISTENED TO US AND DID WHAT WE ASKED WE LOVE THEM GIVE THEM ALL THE MONEY NOW!


I hope this is snark.


You have to HOPE that it is snark?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 8:35 am 
Offline
I got nothin.
User avatar

Joined: Thu Sep 03, 2009 7:15 pm
Posts: 11160
Location: Arafys, AKA El Müso Guapo!
SO irony...

I got a reply from the ESRB yesterday. On an email with over 900 other email addresses in the CC field.

/facepalm

_________________
Image
Holy shitsnacks!


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue Jul 13, 2010 8:50 am 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
Müs wrote:
SO irony...

I got a reply from the ESRB yesterday. On an email with over 900 other email addresses in the CC field.

/facepalm



The email I got from them did not have anyone's address on it.

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 10:58 am 
Offline
I got nothin.
User avatar

Joined: Thu Sep 03, 2009 7:15 pm
Posts: 11160
Location: Arafys, AKA El Müso Guapo!
Image

_________________
Image
Holy shitsnacks!


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Tue Jul 13, 2010 11:31 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Taskiss wrote:
So, are you saying they don't do it now.. or are you saying they didn't do it before and they're doing it now?

I'm saying there has always been an association between the process running on the game server and the account. Even your description includes that such an association must exist (the "token" you speak of, and if it's kerberos then there needs to be a keytab if you use an authentication server). Where you go after that, well, it's a nice positive assertion but it flies in the face of current events.

Look, this isn't that complicated. It's just a bunch of relational databases. Here is a purely conceptual example. Obviously the exact details of the implementation may vary somewhat. There are many permutations on this sort of scheme.

In the billing database we have fields like:

AccountID, AccountName, PasswordHash, FirstName, LastName, BillingStatus, etc.

On the authentication server, we have a table mapping AccountIDs to SessionIDs:

AccountID, SessionID

And also a table mapping AccountIDs to CharGroupIDs:

AccountID, CharGroupID, SessionID

On the game servers, we have character records like:

CharacterGroupID, CharName, SessionID, etc.

Now, when you log in to the authentication server, it transmits the username and password hash to the billing server, which looks for a matching account record. If a match is found, the AccountID is returned to the authentication server along with a status code indicating either success or a failure mode (so that the auth server can give you specifics like "bad user/pass" vs. "your account has expired", etc.).

If authentication was successful, the auth server generates a globally unique, ephemeral SessionID, and associates it with the AccountID. It also looks up any existing CharGroupIDs for that AccountID. A token is constructed consisting of at least the SessionID and a list of CharGroupIDs. Possibly it may contain other relevant data like time stamps/nonces or whatever, but that's not really relevant. The token is cryptographically signed by the auth server. This token is then given to the WoW client.

When you connect to a server, you present the token. Because it is cryptographically signed by the auth server, the game server can validate its authenticity. The list of CharGroupIDs it contains tells the game servers which characters that session should have access to. When you create a character on a new server, it generates a new CharGroupID (a globally unique ID so that there can't be collisions), and transmits this and the SessionID back to the auth server so that it can find the related AccountID and make an entry to map the AccountID to the CharGroupID for future sessions. If you log in a second time while you have an active session, the auth server can broadcast a revocation for that SessionID to the game servers, and then generate a new SessionID for your new session. Logging out, of course, releases your SessionID from the login server and revokes it from the game servers.

The point of such a scheme vs. direct authentication by the game servers is that the game servers possess very limited information. Characters are map to ephemeral SessionIDs, which vastly narrows the scope of any exploit involving the game servers. This is important because they have a high surface area for attack. There are many complex interactions between the WoW client and the game server, and a flaw in any of them could potentially allow data leaks or even remote execution. It is therefore important that the game servers not only do not possess sensitive account information, but that they do not even have access to that information. Moreover, if multiple game servers are compromised by the same agent, they cannot "compare notes" to determine that certain characters on realm A are controlled by the same account as other specific characters on realm B.

In the mean-time, the auth server's communication with the WoW client and the game servers is accomplished through a very narrow API which makes it much easier to secure to high degree of confidence. And, even supposing that it could be compromised somehow, the most an attacker would gain would be AccountID -> CharGroupID mappings. Let's just assume that this further enables them to obtain character names as well. But still, the AccountID is at least an "anonymous" number. While the auth server uses usernames during login, it doesn't store that data.

Of course, the attacker could snoop usernames and hashes from incoming authentication attempts (which would be seriously bad for anyone without an authenticator) but at least they wouldn't be able to mine username and real life data from the billing database without further compromising that API, which is at least an equally daunting task.

Now, it is possible that Blizzard dispensed with the SessionIDs, and the access token granted by the authentication server basically consists of a signed AccountID and some kind of nonce to prevent replay attacks by a malicious client. This would offload the AccountID -> CharGroupID mappins to game servers. While this is less secure, it would at least still prevents a hostile WoW client or a compromised game server from obtaining sensitive data like usernames, billing addresses, etc. It would introduce some potential issues ("comparing note" as I mentioned above), but these may be deemed minor enough to be acceptable. One potential upside is that it make it easier for characters to be created while the authentication server is down, but that's kind of an edge case to begin with. It would also somewhat reduce CPU and bandwidth requirements for the auth server, but I doubt that's a major issue. On the whole, we're still talking about small amounts of data transmitted only at login/logout and character creation/deletion. I will note that if you delete your WoW config and ask it to recommend a realm to you, it will recommend the realm that you have the most characters on. This implies that the auth server is maintaining a mapping of AccountID -> CharGroupID or CharIDs, rather than the game servers themselves, which would fit with the original scheme I outlined above.

So again, I don't know exactly how Blizzard has implemented their account authentication system, but I can virtually guarantee you that they've compartmentalized their data in some similar fashion. To do otherwise would just be ... insane. Blizzard has to know that the game servers are filled with people actively trying to exploit and otherwise **** with them. Giving the game servers access to any more account data than the bare minimum they need to do their job would be major security no-no.

And there's the rub with Real ID. Real ID breaks this anonymity in a major way. We can imagine a number of different ways that Real ID could be implemented, but the details are mostly irrelevant. What is relevant is that real name data is made available to the WoW client through at least the Lua API, and probably on a deeper level at the even less documented client/server communication level. In short, the game server becomes -- at a minimum -- a relay for real-name-to-character mappings.

This is why I say that Real ID broadens the scope of a game server exploit. To answer Wwen's point, yes, any time you make a purchase or otherwise provide real-life data to a remote computer system, you're taking a security risk. But it's a measured risk. A properly secured billing server would be very difficult to compromise. Blizzard initiatives like the authenticators have lead me to believe (at least in the past...) that Blizzard does have a pretty solid grasp on security implementation. Thus, allowing the billing servers to store/access real name data is entirely different proposition than making that data available to the many game servers. It's purely a question of surface area and the basic reality that the game servers are exposed to direct communication with outside agents that must be presumed to be hostile.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 13, 2010 11:35 am 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
That is epic fail...

on noes! you have my e-mail!

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 11:42 am 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Having an email can be just as intrusive as having someone's name.


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 13, 2010 11:43 am 
Offline
Sensitive Ponytail Guy
User avatar

Joined: Fri Sep 04, 2009 10:18 pm
Posts: 2765
Squirrel Girl wrote:
That is epic fail...

Oh Novos! you have my e-mail!
Fixed ;)

_________________
Go back to zero, take a pill, and get well ~ Lemmy Kilmister


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue Jul 13, 2010 11:46 am 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
Lenas wrote:
Having an email can be just as intrusive as having someone's name.


Actually this is true. I admit to being snarky about my response.

I am frustrated, and sad that I have to stop an enjoyable and innocuous activity because Kotick is a slime ball.

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Tue Jul 13, 2010 2:37 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
Stathol wrote:
Look, this isn't that complicated.

Yes I agree, it isnt that complicated, and I don't understand why you want to complicate it further.
Stathol wrote:
Taskiss wrote:
Besides, the API is just a vector, not the information (which must already exist on the server).

Actually, this isn't quite the case. The billing data resides on a database server (or, more likely, a cluster thereof).


Where you went wrong is, apparently, ignoring the facts or reading more into what I wrote than was there. Either way, you're wrong.
Code:
The facts:
Account data (real name information) is available right now.
Access to that data is available via UI code.


Now, the only question is, how long have those capabilities been present. It's unrealistic to assert that Blizzard wouldn't have had it prior to this is ignoring the facts.
Stathol wrote:
No competent networking engineer would design a system of this scale wherin the game servers have access to billing/account data


That ship has sailed, the genie is out of the bottle, however you want to put it, but it's fait accompli. Let it go, get over it, not only would they do it, they've done it.

So, we're left with pondering how long that data has been available. Realistically, they started talking about migrating all the accounts to battle.net accounts back in November, 2008. They actually merged my accounts in March of 2009, and I got a message that the merge was a done deal in May, 2010. The API went live in patch 3.3.5, released last moth, but there is reference to the BNGetInfo api on the web from back on June 11, 2010.

The data has been there for some time and the only question is, "how long". I'm guessing that it's been there in some form since the beginning.
Quote:
Giving the game servers access to any more account data than the bare minimum they need to do their job would be major security no-no.


Again, this ship has sailed. It's a done deal.

Now, I suppose the argument will wander to the question "what is account data", and that's a good question.. and I have a good answer.

But, you knew I would! :)

Account data is, as it sounds, account data. Like, the data I entered when I set up the account. The data from the session where I entered my name, my address, and my billing method/credit card info. I've never entered that data while within the client, but hey, there it is, Bob's your uncle, smack dab in the return string when I execute a BGGetInfo request.

Any and everything I entered in that session is account data, and some part of it exists in-game now, retrievable from within the game client.

_________________
In time, this too shall pass.


Last edited by Taskiss on Tue Jul 13, 2010 3:04 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 3:01 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
That's exactly my point. I'm outlining roughly how the new system with Real ID is substantially different from the prior system. Several people (see Wwen's post that I addressed above) seemed to not appreciate the difference between having personal data stored in the billing database vs having it stored/accessible by the game servers. Your prior comments implied that you didn't appreciate this difference either:

Taskiss wrote:
As for the "linking your character back to the billing database", I'm struggling to think of any computer system account that uses a subscription model that doesn't do the same thing.

The mechanism may change, but there must be that link. I'm not sure what mechanism Blizzard uses, but I seriously doubt anyone knows. Hacking can provide access to personal info...I'm not seeing anything new there.


Taskiss wrote:
That association already exists on the server.

I have 3 different accounts, one for each of my sons and myself. They occasionally log into the account my character is on to access my banker, and when that happens and I'm on as a different character, I get kicked off the server.

There must be a connection between characters and account ID's in the information available on the server.


Assuming that by "the server" you mean the game server, you are implying that personal information (beyond an "anonymized" accountID number) has always been available to the game server, even prior to Real ID. That's an unlikely arrangement for the reasons I've already given.

And therein lies the problem. I'm well aware that the changes have probably been in place for some time before they became publicly apparent. There's nothing I can do about that. I'm also aware that this issue is unresolved even though they've backed down on the forum requirements. Which is why my account is going to remain canceled until this feature is significantly modified or removed. I rather doubt that even cancelling the account will offer protection from exploitation since the account is merely tombstoned rather than deleted, but at least I can vote with my money that Real ID is an unnecessary and unacceptable security/privacy risk.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Jul 13, 2010 3:07 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
"the game server" = the "cloud/variety of systems/whatever you want to call it this week" that provides return information to requests initiated by the client application.

And, for the record, I'm not canceling my account. I monitor my identity/finance account activity very closely and would hopefully capture any activity before it becomes problematic.

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 14, 2010 12:30 am 
Offline
Cheesehead

Joined: Thu Sep 03, 2009 1:15 am
Posts: 465
I think what Stathol is trying to communicate is this:

Think of the shell game.

The nut (the account details) are in one cup.

The authentication server can contact that cup...

The game server can not contact that cup...

And the game client can only pick from the game server or the authentication server.

When the game client points to the authentication server, the authentication server is swapped to the game server so that your client never touches the nut...

And while I can encrypt what you send and what is sent (and might and should), I should never let the game client touch the cup with the nut in it.

By having Real ID, it's like sprinkling nutmeg all over the game server cup and saying 'Don't worry, the nut is safe...'

Except the game client touches the game server cup, your add-ons touch the game-server cup, and there's enough nut in the nutmeg for serious privacy concerns and potential for identity theft if you aren't already hyper-vigilant with your personal detail.

(Also, there are multiple cups with multiple nuts - like wow.blizzard.co.eu and wow.blizzard.com and asia.blizzard.cn to prevent my nut from touching Suineko's (if he has a Euro account)).

_________________
Once, I was a ranger
Then, I was a warlock
And a mage
And a paladin
Now, I seek to be myself


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Wed Jul 14, 2010 4:15 am 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
Stathol wrote:
tl:dr

That's what I'm getting at. I'm glad you're here, Stath. I outside of the grief opened by real names on the forums, I don't see the "OMG account canceled!" outside of that. Web servers are always the least secure part of your network. Posting here offers a risk as well. Someone could get your email. If you use your real name they might get more. You can spoof email addresses or get account info and do quite a lot of things if someone is focusing on you.

We may not know exactly what methods Blizz uses, but the most powerful authentication, hashing, and identification tools are known. So one can make some educated guesses. Of course, even the most recent version of SSL or kerberos or whatever aren't perfect when you're running your info on the tubes. Or hey, maybe they're going for the "hidden in plain sight" method and passing all your account info in plain text!

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Wed Jul 14, 2010 7:58 am 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
Wwen wrote:
Stathol wrote:
tl:dr

That's what I'm getting at. I'm glad you're here, Stath. I outside of the grief opened by real names on the forums, I don't see the "OMG account canceled!" outside of that. Web servers are always the least secure part of your network. Posting here offers a risk as well. Someone could get your email. If you use your real name they might get more. You can spoof email addresses or get account info and do quite a lot of things if someone is focusing on you.

We may not know exactly what methods Blizz uses, but the most powerful authentication, hashing, and identification tools are known. So one can make some educated guesses. Of course, even the most recent version of SSL or kerberos or whatever aren't perfect when you're running your info on the tubes. Or hey, maybe they're going for the "hidden in plain sight" method and passing all your account info in plain text!


Wwen, with ReadID turned off, I sent a single line of code in game and got my real name back. And I am a complete nub when it comes to this stuff. This is why I have canceled and am trying to get my account deleted.

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Jul 14, 2010 8:21 am 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
What line of code did you send?

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 14, 2010 10:49 am 
Offline
User avatar

Joined: Wed Feb 03, 2010 8:20 am
Posts: 1037
Katas wrote:
Also, there are multiple cups with multiple nuts [...] to prevent my nut from touching Suineko's


That'll teach me to stop reading threads from the end.

_________________
Image Image Image Image Image


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 193 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 126 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group