[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[WEB SECURITY] The Pirate Bay un-SSL
- From: "Denny Roger \(EPSEC\)" <denny@xxxxxxxxxxxx>
- Subject: [WEB SECURITY] The Pirate Bay un-SSL
- Date: Mon, 27 Oct 2008 14:43:38 -0300
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0005_01C93842.65FC2470"
------=_NextPart_001_0005_01C93842.65FC2470
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Theory
Recently, the world saw <https://thepiratebay.org/> The Pirate Bay =
offering
<http://www.slyck.com/story1691_SSL_Encrpytion_Coming_to_The_Pirate_Bay> =
SSL
encryption on their server. This means that your ISP won't know anymore
which torrent you are downloading, right? Wrong.
=20
<http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol_over_Secure_Soc=
ket
_Layer> HTTPS is quite useless for protecting static and public content. =
By
static, I do mean the .torrent file itself. It is always the same. By
public, I do mean than one doesn't need any kind of authentication to =
pick
up the content. It's always the same, for everyone. For
<http://en.wikipedia.org/wiki/Web_crawler> crawlers, too.
So, one could easily index ( <https://thepiratebay.org/top> a portion =
of)
The Pirate Bay torrent database by the
<http://en.wikipedia.org/wiki/List_of_HTTP_headers> Content-Length. =
Then,
one could intercept some encrypted traffic between some machine(s) =
within
his/her network and the torrents.thepiratebay.org server. Knowing both
(encrypted) request and response lengths, it is possible to get a quite
reliable list of matches from the previously indexed torrent list.
Practice
Don't try this at work, or you might hurt yourself Eye-wink
1. Use <http://www.wireshark.org/> Wireshark to capture some =
torrent
downloads. Torrents are hosted on a separate server, which makes the =
task
easier yet. Just use the following capture filter: "tcp and port 443 and
host torrents.thepiratebay.org"=20
2. Now, just go with the stream Smiling("Follow TCP Stream" for =
the
packet you suspect belongs to the torrent download. This will create =
another
filter, just like "(ip.addr eq 192.168.0.10 and ip.addr eq =
83.140.176.156)
and (tcp.port eq 2157 and tcp.port eq 443)")=20
3. Just save the displayed stream anywhere else (pcap1.pcap sounds
nice)=20
4. Now, use my quick&dirty
<http://sysd.org/stas/files/active/0/TPB-TLSlen.pl.txt> TPB-TLSlen.pl =
Perl
script to get the request/response lengths:=20
perl TPB-TLSlen.pl pcap1.pcap
Yeah, I know, it is nasty. It only supports the
<http://en.wikipedia.org/wiki/Transport_Layer_Security> TLS cypher. And =
it
simply calls the tshark (the command line version of Wireshark) to parse
it's output.=20
5. Now, just paste the REQ and RES values
<http://sysd.org/stas/node/220?req=3D560&res=3D91888#TPB> below Laughing =
out
loud
(note that the REQ value is optional, setting it to 0 simply ignores the
request size for matching)=20
Note that you are able to fine-tune the maximum and minimum header =
sizes.
For the response, the headers are almost the same all the time. The only
thing that varies is the decimal representation of the file length and =
age.
(Un)fortuately, the request headers do vary for different browsers and
referring pages. However, knowing the request size still helps a bit,
specially if the torrent's filename was huge Smiling
Precision
The following size distribution chart was generated using the database =
with
~165K torrents:=20
torrent size distribution
The most common torrent size is ~14 KB, and it's easy to figure out that
such torrents represent the shared 700 MB files Smiling
There's also a major peak for the 454 bytes torrents. However, bigger
torrents are less common, thus, the size detection technique becomes =
more
precise. Now, the average "distance" between torrent sizes is ~44 bytes =
(at
least for the sample I've collected). So, adding a
<http://en.wikipedia.org/wiki/HTTP_cookie> cookie with the random size =
up to
128 bytes will disrupt the size matching detection a lot. The request =
size
disruption is even easier: the largest torrent
<http://en.wikipedia.org/wiki/Uniform_Resource_Identifier> URI I've =
found
was 150 bytes-wide. Thus, padding every request URI to match 150 =
characters
is enough to make the requests completely indistinguishable. Joining the
pieces (the padding add-on strings are bold):
GET
/4319199/[a4e]Ghost_in_the_Shell_TV_01-26.4319199.TPB.torrent?nVM2UGfcG53=
3un
4ym70eT2
9r0WwBLYdmFCNN+UTV/hiJ7EAXdFU5KfdWHpkB5lXaCmITsACKOPVyjmpbaOB+CrI5 =
HTTP/1.1
Host: torrents.thepiratebay.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1)
Gecko/2008070208
Firefox/3.0.1
Accept: =
text/html,application/xhtml+xml,application/xml;q=3D0.9,*/*;q=3D0.8
Accept-Language: en-us,en;q=3D0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=3D0.7,*;q=3D0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://thepiratebay.org/recent
Cookie: language=3Dpt_BR; country=3DBR;
PHPSESSID=3Dad6cb7e414c8dc88e0c2444f6215165a
=20
HTTP/1.1 200 OK
Content-Type: application/x-bittorrent
Etag: "2198642509"
Last-Modified: Mon, 28 Jul 2008 22:28:59 GMT
Server: lighttpd
Content-Length: 91601
Date: Mon, 28 Jul 2008 22:37:56 GMT
X-Varnish: 108010229 107999438
Age: 253
Via: 1.1 varnish
Connection: keep-alive
Set-Cookie:
p=3D68eOfxOC7JwBYcMe1RJWC4Z5PV/lJzqJORW8KROPMH9zQhszSjFnRp2tsNWEoyabWAlon=
eUaoz
MxYtx4hoM9MZUKE/7wGzC3ZKLEZdppG4og3W; expires=3DMon, 28-Jul-2008 =
22:37:56 GMT;
path=3D/;
domain=3Dtorrents.thepiratebay.org
=20
(binary torrent data)
Solution
1. Use a constant padding in the .torrent files. This messes =
things a
bit, but stills ineffective. The only advantage is not messing up with =
the
server Sad
2. Patch the <http://www.lighttpd.net/> lighttpd server so it =
sends a
non-lasting <http://en.wikipedia.org/wiki/HTTP_cookie> cookie with a =
random
size.=20
=20
For more information: http://sysd.org/stas/node/220
=20
=20
Regards,
=20
Denny Roger
=20
(11) 8136.8025
www.epsec.com.br
denny@epsec.com.br
=20
A EPSEC =E9 uma empresa brasileira especializada em desenvolvimento de
campanhas de conscientiza=E7=E3o em Seguran=E7a da Informa=E7=E3o.
=20
Fundada em 2008 por profissionais com vasta experi=EAncia em projetos de =
alta
complexidade em Seguran=E7a da Informa=E7=E3o, Auditoria e Controles =
Internos, a
EPSEC =E9 reconhecida pelo mercado atrav=E9s de suas palestras =
inovadoras e por
sua capacidade em disseminar a cultura sobre Seguran=E7a da =
Informa=E7=E3o com
alto valor agregado ao neg=F3cio de seus clientes.
=20
------=_NextPart_001_0005_01C93842.65FC2470
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"Pr=E9-formata=E7=E3o HTML Char";
margin:0cm;
margin-bottom:.0001pt;
background:#F8FBFC;
border:none;
padding:0cm;
font-size:9.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de bal=E3o Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:#1F497D;}
span.EstiloDeEmail17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.Pr-formataoHTMLChar
{mso-style-name:"Pr=E9-formata=E7=E3o HTML Char";
mso-style-priority:99;
mso-style-link:"Pr=E9-formata=E7=E3o HTML";
font-family:"Courier New";
background:#F8FBFC;}
span.TextodebaloChar
{mso-style-name:"Texto de bal=E3o Char";
mso-style-priority:99;
mso-style-link:"Texto de bal=E3o";
font-family:"Tahoma","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:405226925;
mso-list-template-ids:-133005026;}
@list l1
{mso-list-id:1980770100;
mso-list-template-ids:2029447808;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DPT-BR link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal style=3D'background:white'><b><span lang=3DEN-US
style=3D'font-size:13.0pt;font-family:"Times New =
Roman","serif";color:#485C74'>Theory<o:p></o:p></span></b></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
background:white'><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'>Recently, the world saw </span><span =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><a
href=3D"https://thepiratebay.org/"; target=3D"_blank"><b><span =
lang=3DEN-US
style=3D'color:#E60A53;text-decoration:none'>The Pirate =
Bay</span></b></a></span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> offering </span><span =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'><a
href=3D"http://www.slyck.com/story1691_SSL_Encrpytion_Coming_to_The_Pirat=
e_Bay"
target=3D"_blank"><b><span lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>SSL
encryption</span></b></a></span><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'> on their server. =
This
means that your ISP won't know anymore which torrent you are =
downloading,
right? Wrong.<br>
</span><span style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol_over_Sec=
ure_Socket_Layer"
target=3D"_blank"><b><span lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>HTTPS</span></b></a></span><=
span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> is quite useless for protecting static <b>and</b> public
content. By <i>static</i>, I do mean the </span><span lang=3DEN-US
style=3D'font-size:12.0pt;font-family:"Courier =
New";color:#0B2645'>.torrent</span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> file itself. It is always the same. By <i>public</i>, I =
do mean
than one doesn't need any kind of authentication to pick up the content. =
It's
always the same, for everyone. For </span><span =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/Web_crawler"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>crawlers</span></b></a></spa=
n><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'>, too.<br>
<br>
<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
background:white'><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'>So, one could easily index (</span><span =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><a
href=3D"https://thepiratebay.org/top"; target=3D"_blank"><b><span =
lang=3DEN-US
style=3D'color:#E60A53;text-decoration:none'>a portion =
of</span></b></a></span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'>) The Pirate Bay torrent database by the </span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/List_of_HTTP_headers"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>Content-Length</span></b></a=
></span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'>. Then, one could intercept some encrypted traffic =
between some
machine(s) within his/her network and the </span><span lang=3DEN-US
style=3D'font-size:12.0pt;font-family:"Courier =
New";color:#0B2645'>torrents.thepiratebay.org</span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> server. Knowing both (encrypted) request and response =
lengths,
it is possible to get a quite reliable list of matches from the =
previously
indexed torrent list.<o:p></o:p></span></p>
<p class=3DMsoNormal style=3D'background:white'><b><span lang=3DEN-US
style=3D'font-size:13.0pt;font-family:"Times New =
Roman","serif";color:#485C74'>Practice<o:p></o:p></span></b></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
background:white'><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'>Don't try this at work, or you might hurt yourself =
</span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><img
border=3D0 width=3D15 height=3D15 id=3D"Imagem_x0020_1"
src=3D"cid:image001.png@01C93842.634CE2F0"; alt=3DEye-wink></span><span =
lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>1.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Use </span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><a
href=3D"http://www.wireshark.org/"; target=3D"_blank"><b><span =
lang=3DEN-US
style=3D'color:#E60A53;text-decoration:none'>Wireshark</span></b></a></sp=
an><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> to capture some torrent downloads. Torrents are hosted =
on a
separate server, which makes the task easier yet. Just use the following
capture filter: </span><span lang=3DEN-US =
style=3D'font-size:12.0pt;font-family:
"Courier New";color:#0B2645'>"tcp and port 443 and host
torrents.thepiratebay.org"</span><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'> =
<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>2.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Now, just go with =
the
stream </span><span style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><img border=3D0 width=3D15 height=3D15 =
id=3D"Imagem_x0020_2"
src=3D"cid:image002.png@01C93842.634CE2F0"; alt=3DSmiling></span><span =
lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'>(<i>"Follow
TCP Stream"</i> for the packet you suspect belongs to the torrent
download. This will create another filter, just like </span><span =
lang=3DEN-US
style=3D'font-size:12.0pt;font-family:"Courier =
New";color:#0B2645'>"(ip.addr
eq 192.168.0.10 and ip.addr eq 83.140.176.156) and (tcp.port eq 2157 and
tcp.port eq 443)"</span><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>) =
<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>3.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Just save the =
displayed
stream anywhere else (</span><span lang=3DEN-US =
style=3D'font-size:12.0pt;
font-family:"Courier New";color:#0B2645'>pcap1.pcap</span><span =
lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'>
sounds nice) <o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>4.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Now, use my
quick&dirty </span><span =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'><a =
href=3D"http://sysd.org/stas/files/active/0/TPB-TLSlen.pl.txt";
target=3D"_blank"><b><span lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>TPB-TLSlen.pl</span></b></a>=
</span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> Perl script to get the request/response lengths: =
<o:p></o:p></span></p>
<div style=3D'mso-element:para-border-div;border:solid #BFD0D9 =
1.0pt;padding:
6.0pt 4.0pt 14.0pt =
4.0pt;background:#F8FBFC;margin-left:211.5pt;margin-right:
0cm'>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:#0B2645'>perl
TPB-TLSlen.pl pcap1.pcap<o:p></o:p></span></p>
</div>
<p class=3DMsoNormal =
style=3D'margin-left:211.5pt;background:white'><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'>Yeah, I know, it is nasty. It only supports the =
</span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/Transport_Layer_Security"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>TLS</span></b></a></span><sp=
an
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> cypher. And it simply calls the </span><span =
lang=3DEN-US
style=3D'font-size:12.0pt;font-family:"Courier =
New";color:#0B2645'>tshark</span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> (the command line version of Wireshark) to parse it's =
output. <o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>5.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Now, just paste the =
<b>REQ</b>
and <b>RES</b> values </span><span =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'><a =
href=3D"http://sysd.org/stas/node/220?req=3D560&res=3D91888#TPB";><b><=
span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>below</span></b></a></span><=
span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'> </span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><img
border=3D0 width=3D15 height=3D15 id=3D"Imagem_x0020_3"
src=3D"cid:image003.png@01C93842.634CE2F0"; alt=3D"Laughing out =
loud"></span><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><br>
(note that the <b>REQ</b> value is optional, setting it to 0 simply =
ignores the
request size for matching) <o:p></o:p></span></p>
<p class=3DMsoNormal style=3D'background:white'><span lang=3DEN-US =
style=3D'font-size:
10.5pt;font-family:"Times New Roman","serif";color:#0B2645'>Note that =
you are
able to fine-tune the maximum and minimum header sizes. For the =
response, the
headers are almost the same all the time. The only thing that varies is =
the
decimal representation of the file length and age. (Un)fortuately, the =
request
headers do vary for different browsers and referring pages. However, =
knowing
the request size still helps a bit, specially if the torrent's filename =
was
huge </span><span style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><img border=3D0 width=3D15 height=3D15 =
id=3D"Imagem_x0020_4"
src=3D"cid:image002.png@01C93842.634CE2F0"; alt=3DSmiling></span><span =
lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><o:p></o:p></span></p>
<p class=3DMsoNormal style=3D'background:white'><b><span lang=3DEN-US
style=3D'font-size:13.0pt;font-family:"Times New =
Roman","serif";color:#485C74'>Precision<o:p></o:p></span></b></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
background:white'><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'>The following size distribution chart was generated using =
the
database with ~165K torrents: <o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
background:white'><span style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><img border=3D0 width=3D640 height=3D500 =
id=3D"Imagem_x0020_5"
src=3D"cid:image004.png@01C93842.634CE2F0"; alt=3D"torrent size =
distribution"></span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><o:p></o:p></span></p>
<p class=3DMsoNormal style=3D'background:white'><span lang=3DEN-US =
style=3D'font-size:
10.5pt;font-family:"Times New Roman","serif";color:#0B2645'>The most =
common
torrent size is ~14 KB, and it's easy to figure out that such torrents
represent the shared 700 MB files </span><span =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><img border=3D0 =
width=3D15
height=3D15 id=3D"Imagem_x0020_6" =
src=3D"cid:image002.png@01C93842.634CE2F0";
alt=3DSmiling></span><span lang=3DEN-US =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'><br>
There's also a major peak for the 454 bytes torrents. However, bigger =
torrents
are less common, thus, the size detection technique becomes more =
precise. Now,
the average "distance" between torrent sizes is ~44 bytes (at =
least
for the sample I've collected). So, adding a </span><span =
style=3D'font-size:
10.5pt;font-family:"Times New Roman","serif";color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/HTTP_cookie"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>cookie</span></b></a></span>=
<span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> with the random size up to 128 bytes will disrupt the =
size
matching detection a lot. The request size disruption is even easier: =
the
largest torrent </span><span =
style=3D'font-size:10.5pt;font-family:"Times New Roman","serif";
color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/Uniform_Resource_Identifier"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>URI</span></b></a></span><sp=
an
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> I've found was 150 bytes-wide. Thus, padding every =
request URI
to match 150 characters is enough to make the requests completely
indistinguishable. Joining the pieces (the padding add-on strings are =
<b>bold</b>):<o:p></o:p></span></p>
<div style=3D'mso-element:para-border-div;border:solid #BFD0D9 =
1.0pt;padding:
6.0pt 4.0pt 14.0pt 4.0pt;background:#F8FBFC'>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>GET
/4319199/[a4e]Ghost_in_the_Shell_TV_01-26.4319199.TPB.torrent<b>?nVM2UGfc=
G533un4ym70eT2<br>
9r0WwBLYdmFCNN+UTV/hiJ7EAXdFU5KfdWHpkB5lXaCmITsACKOPVyjmpbaOB+CrI5</b> =
HTTP/1.1<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
style=3D'font-size:9.0pt;font-family:"Courier New";color:red'>Host:
torrents.thepiratebay.org<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) =
Gecko/2008070208<br>
=A0Firefox/3.0.1<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Accept:
text/html,application/xhtml+xml,application/xml;q=3D0.9,*/*;q=3D0.8<o:p><=
/o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Accept-Language:
en-us,en;q=3D0.5<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Accept-Encoding:
gzip,deflate<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Accept-Charset:
ISO-8859-1,utf-8;q=3D0.7,*;q=3D0.7<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Keep-Alive:
300<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Connection:
keep-alive<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Referer:
https://thepiratebay.org/recent<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:red'>Cookie:
language=3Dpt_BR; country=3DBR; =
PHPSESSID=3Dad6cb7e414c8dc88e0c2444f6215165a<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'><o:p> </o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>HTTP/1.1
200 OK<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Content-Type:
application/x-bittorrent<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Etag:
"2198642509"<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Last-Modified:
Mon, 28 Jul 2008 22:28:59 GMT<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Server:
lighttpd<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Content-Length:
91601<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Date:
Mon, 28 Jul 2008 22:37:56 GMT<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>X-Varnish:
108010229 107999438<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Age:
253<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Via:
1.1 varnish<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Connection:
keep-alive<o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><b><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'>Set-Cookie:
p=3D68eOfxOC7JwBYcMe1RJWC4Z5PV/lJzqJORW8KROPMH9zQhszSjFnRp2tsNWEoyabWAlon=
eUaoz<br>
MxYtx4hoM9MZUKE/7wGzC3ZKLEZdppG4og3W; expires=3DMon, 28-Jul-2008 =
22:37:56 GMT;
path=3D/;<br>
=A0domain=3Dtorrents.thepiratebay.org</span></b><span lang=3DEN-US =
style=3D'font-size:
9.0pt;font-family:"Courier New";color:blue'><o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><span
lang=3DEN-US style=3D'font-size:9.0pt;font-family:"Courier =
New";color:blue'><o:p> </o:p></span></p>
<p class=3DMsoNormal =
style=3D'background:#F8FBFC;border:none;padding:0cm'><i><span
style=3D'font-size:9.0pt;font-family:"Courier New";color:blue'>(binary =
torrent data)</span></i><span
style=3D'font-size:9.0pt;font-family:"Courier =
New";color:#0B2645'><o:p></o:p></span></p>
</div>
<p class=3DMsoNormal style=3D'background:white'><b><span =
style=3D'font-size:13.0pt;
font-family:"Times New =
Roman","serif";color:#485C74'>Solution<o:p></o:p></span></b></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
2.4pt;margin-left:211.5pt;text-indent:-18.0pt;mso-list:l1 level1 lfo2;
background:white'><![if !supportLists]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'><span =
style=3D'mso-list:
Ignore'>1.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Use a constant =
padding in
the </span><span lang=3DEN-US =
style=3D'font-size:12.0pt;font-family:"Courier New";
color:#0B2645'>.torrent</span><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'> files. This messes =
things
a bit, but stills ineffective. The only advantage is <b>not</b> messing =
up with
the server </span><span style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'><img border=3D0 width=3D15 height=3D15 =
id=3D"Imagem_x0020_7"
src=3D"cid:image005.png@01C93842.634CE2F0"; alt=3DSad></span><span =
lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><o:p></o:p></span></p>
<p class=3DMsoNormal =
style=3D'mso-margin-top-alt:2.4pt;margin-right:0cm;margin-bottom:
0cm;margin-left:211.5pt;margin-bottom:.0001pt;text-indent:-18.0pt;mso-lis=
t:
l1 level1 lfo2;background:white'><![if !supportLists]><span lang=3DEN-US
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><span
style=3D'mso-list:Ignore'>2.<span style=3D'font:7.0pt "Times New =
Roman"'>
</span></span></span><![endif]><span lang=3DEN-US =
style=3D'font-size:10.5pt;
font-family:"Times New Roman","serif";color:#0B2645'>Patch the =
</span><span
style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";color:#0B2645'><a
href=3D"http://www.lighttpd.net/"; target=3D"_blank"><b><span =
lang=3DEN-US
style=3D'color:#E60A53;text-decoration:none'>lighttpd</span></b></a></spa=
n><span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> server so it sends a non-lasting </span><span =
style=3D'font-size:
10.5pt;font-family:"Times New Roman","serif";color:#0B2645'><a
href=3D"http://en.wikipedia.org/wiki/HTTP_cookie"; =
target=3D"_blank"><b><span
lang=3DEN-US =
style=3D'color:#E60A53;text-decoration:none'>cookie</span></b></a></span>=
<span
lang=3DEN-US style=3D'font-size:10.5pt;font-family:"Times New =
Roman","serif";
color:#0B2645'> with a random size. <o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US>For more information: <a
href=3D"http://sysd.org/stas/node/220";>http://sysd.org/stas/node/220</a><=
o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt'>Regards,<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt'>Denny =
Roger<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US style=3D'font-size:10.5pt'>(11) =
8136.8025<o:p></o:p></span></p>
<p class=3DMsoNormal><span lang=3DEN-US =
style=3D'font-size:10.5pt'>www.epsec.com.br<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.5pt'>denny@epsec.com.br<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.5pt'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span style=3D'font-size:10.5pt'>A EPSEC =E9 uma =
empresa
brasileira especializada em desenvolvimento de campanhas de =
conscientiza=E7=E3o em
Seguran=E7a da Informa=E7=E3o.<o:p></o:p></span></p>
<p class=3DMsoNormal><span =
style=3D'font-size:10.5pt'><o:p> </o:p></span></p>
<p class=3DMsoNormal><span style=3D'font-size:10.5pt'>Fundada em 2008 =
por
profissionais com vasta experi=EAncia em projetos de alta complexidade =
em
Seguran=E7a da Informa=E7=E3o, Auditoria e Controles Internos, a EPSEC =
=E9 reconhecida
pelo mercado atrav=E9s de suas palestras inovadoras e =
por<o:p></o:p></span></p>
<p class=3DMsoNormal><span style=3D'font-size:10.5pt'>sua capacidade em =
disseminar
a cultura sobre Seguran=E7a da Informa=E7=E3o com alto valor agregado ao =
neg=F3cio de
seus clientes.<o:p></o:p></span></p>
<p class=3DMsoNormal><o:p> </o:p></p>
</div>
</body>
</html>
------=_NextPart_001_0005_01C93842.65FC2470--
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: image/png;
name="image001.png"
Content-Transfer-Encoding: base64
Content-ID: <image001.png@01C93842.634CE2F0>
iVBORw0KGgoAAAANSUhEUgAAAA8AAAAPCAMAAAAMCGV4AAAAK3RFWHRDcmVhdGlvbiBUaW1lAGRv
IDIwIGRlYyAyMDAxIDIxOjEwOjQ5ICswMTAweqnzmAAAAAd0SU1FB9EMFBQLH3rul3EAAAAJcEhZ
cwAACvAAAArwAUKsNJgAAAAEZ0FNQQAAsY8L/GEFAAAAeFBMVEX/AP8AAAAAv/cAue4At+wAsuUv
0P8azP8Pyf8Ix/8Bxv8AvfMAu/IAs+cAr+JJ1v9C1P870/9u3v9W2f8rz/8Dxv+q7P+X6P9+4v9k
3P9Q2P/I8/+g6v+F4/800f8Ryf/f+P++8P+O5v9d2//6/v+17v/////t+/+cWiB5AAAAAXRSTlMA
QObYZgAAAJFJREFUeNpVj9sagiAQhBkVxVMeUjSh0jR8/zdsl+Ki4erfmY+dFYIFlggC3LEaHSZw
7lw3O/UNfngYdtGm8EzhjaYOGRhPsiwcPRVBgN335P08Jl43bV/7TiFVJMTG3ud+eQxPNZaSWE/z
bWnTTI2oJH/YX9ENHmu/r2k737eqL99ClM2LMiD3j+JEyr+Lwn0fVDgJ4zKm7BYAAAAASUVORK5C
YII=
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: image/png;
name="image002.png"
Content-Transfer-Encoding: base64
Content-ID: <image002.png@01C93842.634CE2F0>
iVBORw0KGgoAAAANSUhEUgAAAA8AAAAPCAMAAAAMCGV4AAAAK3RFWHRDcmVhdGlvbiBUaW1lAGRv
IDIwIGRlYyAyMDAxIDE3OjM4OjM3ICswMTAwt2yC7wAAAAd0SU1FB9EMFBA5K7Ejn2kAAAAJcEhZ
cwAACvAAAArwAUKsNJgAAAAEZ0FNQQAAsY8L/GEFAAAAb1BMVEX/AP8AAADfnhHbmg3Ylgr0sybt
rB/opxrmpRjkoxbenRDdnA/YlwrWlQj8uy77uS34tyr/yVT/wDnzsiXlpBf/4Jz/2Yb/xUf/vjL/
68D/3JL/0W//z2f2tSjqqRz/89v/57P/w0D//fn/////+OkUhAD5AAAAAXRSTlMAQObYZgAAAIpJ
REFUeNpVj+kSgyAMhFlB8aqIV9UeWPH9n7EJSme6M/nx5dgkQrDAElGA390yxgy8P9y2TrbBhdRM
VZgUgSlzRgbGAz74eegEArv7cS6J3cazHwpdMC/r42nnV//WQ6mIxwn32aSZHlApNrQd2j5gHfY1
pg1+VX07D6LevCgj8v2JlEr9fRT/+wIs1wfLHYBAGAAAAABJRU5ErkJggg==
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: image/png;
name="image003.png"
Content-Transfer-Encoding: base64
Content-ID: <image003.png@01C93842.634CE2F0>
iVBORw0KGgoAAAANSUhEUgAAAA8AAAAPCAMAAAAMCGV4AAAAK3RFWHRDcmVhdGlvbiBUaW1lAGRv
IDIwIGRlYyAyMDAxIDE3OjU1OjQwICswMTAwZUX0iwAAAAd0SU1FB9EMFBYwFjwEFIMAAAAJcEhZ
cwAACvAAAArwAUKsNJgAAAAEZ0FNQQAAsY8L/GEFAAAAdVBMVEX/AP8AAACEqgB/pAB+owB6ngCb
yQCTvgA7TAB7nwB5nACm1gCj0gCgAADAAAC16QBQZwDQ/y/G/wKBpwDh/3jL/xi+9gC88gCp2gCd
ywCaxgCPuQCOuACKsgCCqADt/7Dc/2Gu4QCJsAD8//T///+LtAD1/9Iut3H0AAAAAXRSTlMAQObY
ZgAAAIhJREFUeNpVj+kSgyAMhFkVxarFsyctWqnv/4gmIJ3pzuTHl2OTCMECS0QBbrVjFzNwbrPz
1OsKB1IzVVHn8EyZEAUYNzjv52ASCKz2x9+U2M48u1CYT0Y8Tpervt0fT/N6S+KuVwhSg2RD3R7c
ln5fVSs05waqPIWD8oInIvL9SZpJ+fdR/G8HMC0HpAljeYoAAAAASUVORK5CYII=
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: image/png;
name="image004.png"
Content-Transfer-Encoding: base64
Content-ID: <image004.png@01C93842.634CE2F0>
iVBORw0KGgoAAAANSUhEUgAAAoAAAAH0CAIAAAAi9As+AAAACXBIWXMAAAp1AAAKdQFKJd39AAAg
AElEQVR42u3dMXLiSqMG0NaruxRw4PIK5BXAJI4mvZkITXKzCSebBIcm+1NHTgZWYFbgcmDYi14g
jIUQQmDACM4JpsYIhNRq+Gh1qxWlaRoAgOP6P0UAAAIYAAQwAHARATx7uI1648KD4140d/swq70I
AARwPeNeuz9ZTd/u62Capmmajm767VzQViwCgNMWncoo6HEv6g5DCCEko/Sx89kibj/9nL7ctz6f
FbLlFYsAQAu4dvrGg2k6SpYen/19moSbq9bigfZ1HIbP4+pFAHDy/jmJreg8puljCCGU5Gd83f78
o3V1U28RAGgB72z6Nil59PV9VrkIAAQwANC0AG5fxyWP3ly1KheVidZQAwAQwKUmb9PPP2bvr/UW
FdO3+j0kMQACOKf142e81K87fZuE5K5TvWhFWsaxB0AAr03g+1/JpP/vfIaNca87jAf/dTYtAgAB
/EWdx+kg9NtRFEVR93XwOfFG5SIAOG3RxZ6Mzfp9s92PoshJaQC0gAFAAAMAAhgABDAAIIABQAAD
AAIYAAQwAAhgAEAAA4AABgAEMAAIYABAAAOAAAYABDAACGAAEMCKAAAEMAAIYABAAAOAAAYABDAA
CGAAQAADgAAGAAQwAAhgABDAAIAABgABDAAIYAAQwACAAAYAAQwACGAAEMAAcEH+ucB9jqLIgQdA
C1j6AqAFfO7SNJXEAGgBA4AABgAEMAAIYABAAAOAAAYABDAACGAAQAADgAAGAAEMAAhgABDAAIAA
BgABDAAIYAAQwACAAAYAAQwAAhgAEMAAIIABAAEMAAIYABDAACCAAQABDAACGAAEMAAggAFAAAMA
AhgABDAAcLYBPHu4jT70xsvLxr2PJbcPM0cTAAG8v/Rt98NgmqZpmo6SYTeXweNe1H39WHTTb8tg
ABojStP01PP3ZpQ+dj4zN2R/zh5u208/py/3rZVF9fY8ikII2e5H0YmXAwBawKcSzX+fJuHmqrV4
oH0dh+Hz2CEFQAB/WevHzzgMf8/PLY973WFI7hZt3Pi6nXvq1Y3DCYAA3lMC37+ko5t+O4qiKOvx
nZ9jnr5NSp7++q4bGAAB/HXjXhR1wyhN0zRNpz+f2jsOd45WOPYACOA1Zg+/hyEZfQysat3/bxBP
+n/GIevyXZXvFF5KX0caAAFc2/RtUtLRuzjPPHmb5sL6/XXdatIy53Ucs4ulL+lCrNnD7ecOL/0R
QshfId4br/7ZeOPe2ezKPutBEw5Sfl6DWhte/wVqhQDeq/Z1vJyyn83c1o+f8VKX7/Rtkh+gdWHf
Qn+fJiGEydNffeDZN1F3OP9vfN0u/snH17ov60OW76LSLUVku58bvTLptysPwuzhduUFB/u1oUp8
g/S0jZIQQvLRBzyIQ4jnU29ky+LFHB35JXXkd//0y6FOKSX5sjp7hcqwuuyzKAp/noPRl4/16KJq
y7fUzhAKRTx/9POhURJCxRdX9vzc4vkK1r3gi8dUlTi+Ux+E1XnM5r+KoiiK2v0w+Jx5I3Qep4OQ
GyD9ueTS2nvPwxCSu8e7JHxes3XxCm1dTV+O1/r9tz+JB4Ok5DxVPJh+ThbU+W8Qh5KTfPnzWsmv
z++11v3LKFn/ArSAG+NsWsC59t0oKf48Lm38FRqPn7/Wi7/Ys0XJ6OMZuVWPlr5cyn6S558RD0ar
DdaK913/A33x5KWdyP0xSqqq++e77LDXm14SD6a5p2wqk9Ud3qJAFo2V5UKpucLC44PisSnWo9Wz
DRs39etlVXN1y9tWfvTzq9+w5TW2u3ZDcnOLMtvcNU+p+351a0XZ+uZVvXZVGe1eZSmNIQHc8ABe
itjVD3RJAuc/iMsfoJUPUvbUOF7+Hit9UcX3c8lzNrxvZXJlq0qS3QN4h72u85KtyyS3v1sWSK7T
Yc0bVq2w+LVZ0rez8sNji2P39bLacPDXb1x1AG/a8so3qhmIudRdH8CfG7Jpt4vhWPn+G2rF6g58
bmFZkn6tuBDAFxDAhcZKSd4WvwZyryjpUlrupirtc1pN+dKNKPnKLnwRrn/f8u+rDStc+1VZHiDb
7HXdlywPVyhpSRRa04Wn1y6QxXffyhusP3CFFa6OrihszPK6iqcBtqozW5ZVdRUvPFAVi8tdrBs3
rPqNtu9GXR/AS9FV2aO7+B1Y+2fZplpRPI1VCNTi76SDFhcCuNkBvFLnV8ZtFD9Xxfxd/cDknr9x
+FLZacTSF+U3dPP7VjTy63wLV/65w17vUlCFI1N5OnLbAin/rsttQ40VltSKz13JugzmK1ga4Lhx
zXsoq3Vptb4xWfbaYq5v3rDqN9ryZFRaa1BT1Y+Pj81Z/TBX/ixbXytKTxcUf5qvGfF6gOIiPf1B
WGwefhUm85Fo2UC1leuROndJWNynIhuwlY3rmL5Nll+c6Q7D0qSeq8OXPq9MXLpEYm76NgkrV4Tl
J06p+b71V7iVHfZ6l4Ja3r7Z+2vFOLBtC2SuMO1M68fPeP78rVfYuUs+lkzfJuHmqnN1M69F4+dh
7q02rvnrZbWybf/Nf+V9DMascbHr7OG23Z+EJHd7tM0btssbrYy8mj5ucylk6/5/gzhU3EUmLgwu
zbax6q4z62tFCK37X8niy2E+drOza538WnERQmjw3ZCYTxRWbj5f2EoCV3/oaqZ+7yN28xeB0Wid
u/k38/g5u+HJxzX4s/fX8M0X2LfuX4odksNu1ZQUWQ3dNgx3eKOVIctLidUdfqRTxSrW30SmfR2X
zO33xZvOLI7zHr4KvlJcCODG5292lcKo/ExU/kdy579Bdq/G5Q9d+3p999n6a7qydYzWP6l9XfIb
PX/zjG3fd+MKt7LDXu9WUCtfm2uvHtlx/YW2bFYfbq5aO62wc5eEydt09v6atU6zG5E9P/x9Wprg
ZuOav15WFd/2+Qq+btaZcS/qDldajvU3rPYb7fDLtSSL18/g17q6KWnrVsz4t6lWLCXw+HkY4sF/
na9+TA5XXJdBH3BT+4AreoNWO4KzUTbFqTrKeqCWHivrCCq+72pXVd1BWOvf9xiDsLbZ611fUvGm
q31zWxRIyXCb+SO1V1g+eiCO4+XJbeK4xmatFsWXympTZV56qHSIWFUtWrthG95ox0/oSl93yUUK
lcOwvjQ0b7lWfD4WJ0m88rbLVeLoxWUQ1gUGcBa9TQzgOgNXSi4NKR2isaJyJMa6E84bL0TZeCnL
+uEcK89fexnS5j932uutX1LnTTdeNbS2QNZccLL5EJRcDFQc/bw8Mmv1+G/c1K+XVVqjwpWMK1rz
xqH6WrKVHd7mw7BVAG+8cmdaekV27U/J5lpRdVxXqsTXigsBfMYBvGmE5ZoErhguWvYBWveds/TR
S0alvwa2nIhj8we33kQcdQJ4x73e6iUbf7tsmjejskA+Dn/1ZBbVK1w5dVEcxVvRoNm4qV8vq5qr
2yaAa2z5DtViy8/o0juU/cyr/MFba3qWTVOcrN2TtWezdigu6ojSc7svUF2LexSmaRpFl1sORxsw
dluYSRTwWTQIC/ZqdbDJfFjqzx8+8fDNH88/Poun0w7UAtYCPkQCl9yKLX9RJvB9n0ufRS1gzlbn
saxzyCcevtN8wpPtL5BGC1gLGAAtYABAAAOAAAYABDAACGAAQAADgAAGAAEMAAhgABDAAIAABgAB
DAAIYAAQwACAAAYAAQwAAhgAEMAAIIABAAEMAAIYABDAAHCy/rnAfY6iyIEHQAtY+gKgBXzu0jSV
xABoAQOAAAYABDAACOBV4160qjdWqABwkACeJ293WLJs2JXDALDvAB73PpI3HkzTMqNkkcNSGAC+
HsDjXhR1h8koC9qX+1bpszqP2fLpIB52hTAAfC2Ax73f19M0TR879Z7fun9J03R6/VsEA0BRtJiY
4uL2/GMijjRNo+hyywGAE28BAwDfG8Czh9v1nbvjnuFXAHDsFvDs/VWpAsAGW9yMYfZw2+5PFn9O
utFw3VPj67aiBYD1thp8NO6VT75RlIxqj5X+xj03CAuAhgTwUlv4pgkpK4ABOKMAPo89F8BNPnaO
F9B0uw/CKr0Vg1syAMABA7hubzAAUOafnV41fh6G0JDBVgBwLi3g7FrfZCR9AeCILeDW1U0IwbW+
AHDUFnBoX8dh8vR3pvwAYCe7Xs6RTYvV5E5glyE1uNY6XsCFBnBhUsoSDUhmASyAAb6R2xECQFNa
wOfSitIC1gIGaFQLePZwG1UzExYA7D2AAYCv2e+pvCbdJskp6AbXWscLEMArxr2o+zqYvty3BDAC
GGCdvZ+C7twl5ugAgGMH8Oz9NYTJ21TRAsDRAnj28G9/EkJsnmgA2HsAr78MKZsgK/75Y589wPm3
K1zfNO59LLh9cNYbgIttAYcQ4v2OwBr3on/D/9LMKBl2PzN4Pt4rW3LTb8tgABrjxEeTzh5u208/
PxM9d51TcdG4F3XDFldAGQXd4FrreAFawAfO379Pk6Xz2a37lzTL2Nnfp0m4ufpc1L6Ow/DZDFwA
nH8Ar/YF7/ks8PRtEm6uWut6epfGerWubhxOAM4+gMe9jyFXeZN+e48hPHt/DWHYjZ7v5n3A059P
7Xkf8PSt7H6Ir++6gQE44wAe97rDEEI8HwKVLgZJhRAm/X/32Q6OB9NFv27r/ley23nm1QHbjj0A
jQvg8fOwdLhz5zEdJWG/M2Hl+3lzPb3t63jjk3Pp60gD0PwAnr2/rr3Yt3OX7G0mrDXduouu36W3
mb2/rltPWsaxB6BpAdy6ulnbzM0ax3uaCatzVzzjPB+WFULrx894qct3+jYJyV3HIQWgCXa8nnLc
i7olZ6HXPPwFy1f7Lv+Vv/HS9jdhch1wg2ut4wVcbAAvsrZEvO+bEebeqrDu2cPtx0jsrd9VAAtg
gCYGcCH/5pItpqL6/i9xASyAARoZwE3/EhfAAhjgu/yfIgCARgXwuLd8e8Bxz10BAeCgATx7uM0G
RhXnftzvXJQAIIDzjd8//Uk2EWVu5HHnMU2ng3jvc1ECgADO2r/vryGE5NfqZT+t+5fR/mbCAgAB
nI/Zijv/VcwICQB8JYCzCZ+H3fwQrCx95xcGmxISACodYCashszG4TrgBtdaxwu41BZwyA25WhIP
pmlj5sICgOa1gM+hFaUFrAUM0LgW8BkmMQ4fwAkG8Li3ywQbs4fb4kgtAKB+AHcef721lyef3BS9
URS1337pEgaA3QM4G3c1SobdKIoqZn0e97Ll7f4kGRmRBQBldhrMUnEJ0ofTvxSp0HdoUE+Tam1u
EJYBWcAFtICXmsJpmo6S1UXxYJqmqYYvAOy/BXwurSgtYC1ggEa1gAEAAQwAAhiOxBQcgAAGAAQw
AAhgAGCfATzu5ealzOadjKItpqoEAAG8rdnDbW4urHGv3Z98/DHsymAAOEgAj//0J5/TTY6fh+Fj
DqzpIA5h+HuH+yYBgADe0P59fw0hJHfZdJPz/P35oxVCaN3/SkKYvE0VLQDsuwW81BrO5+9HOAMA
ew/g1tVNCOH1fbaav9nJ6fi6rWgBYL0dJ7KfPdzmxl3Ne4MXdyk8/XsRBjdjaHStjaI0TfP/KhPg
MlrAIbTuXxY3I4wH0yxu29dxNhbLvQgB4CAt4PNoRWkBawEDNKwFDAB8TwCPe9F6puIAgAME8GK8
FQCwg392y9/n5ox2XuU+sgA0swU8nwlrJH0B4Igt4GwijmZOtrEYMSuJAWhaCzi0r+MwefrrjgsA
sJtdr6HMpsJqaCdwWQvYtaTNOnauAwYuMoALE1GWaEAyC+AzCGDHDmguE3EAQFNawOfSitIC1gIG
0AIGAAFcz+zhtjAF5e2DkdEAsNnOp6DXT0YZD6Yv963T33OnoJtba52CBi62BTzudYdZ1qZ5oySE
MOn/qx0MAAcI4PHzsLSl23lMR0kwRwcAHCKAZ++vIcQ/f5SdZ+7cJSFM3qaKFgD2HMCtq5u1zdys
cdzMeaIB4KQDeN7M7beLg57nI7PWNI4BgDmjoOeMpG1SrTUKGrjUFnAIofOYptNBXHg0GaVpE9IX
ABraAj6HVpQWsBYwQONawADAMQJ43FtMNbk6BWVRb6xoAUALGABOij7gOf2IzTp2+oABLWAA4IgB
PO7l+npzvcK6fwHgUAE8e7jNTcMx7rX7k48/hl0ZDAAHCeDxn/4khGSUPnbCfPrn+a0Jp4M4hOFv
9yMEgL0H8Oz9NYSQ3HWyNM7yN5v/uXX/y92QAOAwLeCl1nA+fz/CGQDYewC3rm5CCK/vs9X8zU5O
ux0hAFTa8Trg2cNtbtzVvDd4cYOkj87h095z1wE3t9Y6dsCFtoBDaN2/jJL5/+PBNIvb9nWcjcU6
/fQFgEa2gLWicOwAvqEFDAAcJ4DdDQkAtIABoMma1Ac87kXd18H05b619FA2JWa8vKDGnutHbG6t
dewALeBjxm9u9ul8IKdpmqajm3771gSYAAjgQ8fv7OH3MB78b97q7TyOkkn/j65nAM4tgMe9qL49
D8LKwnaQ5B/6+zQJN1efJ53b13EYPktgALSA9xa///bD4H/3V8UFSzNeZvNjAsCZBXDnMa1vj3Nh
fcRvYYDV9G1S8uRsfmoAOHX/NKL1O91qfHOZwrhZAGhKC/g7+oDXtH5DmE88vSLfKSx9ATiHAP6O
5u/fp0mY9NvzVO8OQ/bXR7xP3qa5J6+/EXHpWXLHHoBv1NyJOGYPt+2nn5+zb4x7UTdscR9Ekzk0
uNY6doAW8Pdp3f9KJv1/55NvjHvdYTz4z30QAbiAAF69KcNRJ6PqPE4HYX6CujhHJQCctJ1PQX/O
wlwUNyMKncZscK117ICLbQHPZ4aM5zMxfxglIYTP88IAwD4DePw8LG3pdh7TURLC5OmvBAaAfQfw
7P01hPjnj7LzzJ27pHB9EACwlwBuXd2sbeZmjeP8JM0AwF4CeN7MXb0D73xk1prGMQAwZxT0nJG0
Taq1jh1wqS3gkN0caToozsecjNLU5bgAcLAWsFYUjh3AN7SAAYBvCeBxb/m+g+PeseeiBIALC+DZ
w202Buv1fTlwJ/22EAaAwwTw+E9/kk1EmRtxtRiWZS5KADhEAM/eX0MIya/V4c6t+5eRmbAA4CAB
3Lq62RDOAMDeAzibCWvYzQ/BytL34bbdn4SQ3HUULQCsd4CZsEIySh9PP4BdS9rgWuvYAZfaAg7r
ZsKKB9O0CekLAA1tAWtF4dgBfEMLGAAQwAAggOGYCmekQbVBAAMAAhgABDAACOAdzR5uo0x2A6TZ
w+3K5FgAwB4DeNyLonZ/svTY9G0Shl23IwSAAwXwuNcdzue9yk2H1Xmc347wj2YwAOw/gMfPwxCS
0cvK/Qhb9/8bxCEMnyUwAOw7gGfvryHE1+2yZVW3KoRz5aJS4CgB3Lq6CWHy9He2rnG8JpwBgC8E
cHY/4Em/XRzyPL9HYfzzR0vRAsB6O98NafZwWxwEPRcPpqudwye45+6o09xau3K+99sPXxRFqlDj
apFDRkMDON/i/ZSMGnM3YAEsgH2bC2DlQGMD+Iy+xH0UBbBvcwEMx2QqSgBoSgBnU1CumXRy3Fu/
DAD4agu4sZNOZtNXO/YANDGA4ySJw6TfblpjV/QC0OgAnoS7l3SUhDDsNuqMc/rBsQegiQEcQgih
85jdi8EtkADgiAEcQmjdv6TTQXY2WggDwJEC+COER9nklFHvWaECwFECOITc2ejhUKkCwAb7ngtm
PkV0A6akNBNWg2utmbBwyBDAZ/Ml7qMogH2bC2A4pvqnoMe9KJoPs8pmwqpiJiy+P5UBziOAAYD9
NRucgs44GdXoxm6apt97RtH5zCbWIocMLWAAEMC1Ld31KNcrrPsXAA4VwLOH2+4wl8Xt/uTjj2FX
BgPAQQJ4/Kc/CYuLfcfPwxBCPJim6Xwyjt/mpASAvQfw7P01hJDcZVNtzPP3549WCKF1/ysJYfI2
VbQAsO8W8FJrOJ+/H+EMAOw9gFtXNyGE1/fZav5mJ6fj67aiBVaYLwU+Pw67XQk3n/L5Q9YbPO5F
2cisBswE7Trg8/oSdx1wg47diRSUQ0YzW8AhtO5fRsn8//FgmsVt+zrOxmKdfvoCQCNbwOfXivJb
WAtYc0oLGBrQAr6E73SbrRwABDAACGAAQAADgACGRsp6kfUlAwIYAAQwACCAAUAAw5HooAUEMAAg
gAFAAAMAAhgABPBpM8bnAo/g6kvWraTOyrfdgK9XOZUWBPDhzB5uo4Xbh9nSwnFv3RIAEMBfSd92
fxIPpmmaptNBPOm3o974M327r9midHTTb8tgABrjtG9JPXu4bfdvRuljZ/WB2cNt++nn9OW+9RnH
IffUjXtedu6ucTfovqibii92tuK867alkV9nmqbZmktXUl3Ui5dvtQFfP3yNqwCns8EX9dlBC3h7
rfuXdClSW1c3Iby+z0KY/X2ahJur1mJR+zoOw+fxlz+T6sTxvwdtKiCAT934eRg+Yze+bheyGQAE
8P7jt9cdhnjwXyeEMH2blDzj9V03MABN8E+D0jfqDkMyWnT6bsXJQwC0gHdM33gw/ewQbl/HJc/L
dwpLX75kL9VG3QMaHMCzh9ssfVfavpO3ae5p76/r1pCWcewBEMBV6dvuT5JRWkzf1o+f8VKX7/Rt
EpK7jkMKQBM04DrgUNL2DSEsJuJ4uW8t/7/mnq85N+iqypPdhSNfB1zYsIpLhMP664DrXD18URXA
dcDQjBbw7O/TJIRJvx0t+ZjxqvM4HYT5wi3Td4dgPoW1nc/vvuViOZFScrAUNWgBf/NXwB7L5NC/
shv6Kz6/2dUty2O2gAsr0QI+3KE/hc3WAkYLGAAEMAAggAFAAHNymjWS5TgDr3ZYbTa0T3UCBDAA
CGAAQAADgAA+ZzoFz+NALGZvOdohrl6t/mZAAAOAAAYAAQwACOBvsOilq99dp2PvaIdmY1F//Vjk
13CII7tunWoRCGAAQAADgAAGAATwAa12yLmIs2a5VUz7XFGAhad9fe7odWtYrHwvffz1a4XKoxxA
AAOAAAYAAQwACGAAEMCwjSPMmFGx5i+O4Vo3cKxi9FbpqL1D7+mZVQnUBwEMAAhgABDAAIAA/jaH
mK///Obo39gRW/2ERYfrHkt4q1Xt9r7Rh72v+fw+RMoBAQwACGAAEMAAgAA+ttVLOdfdM+Drdws4
73KrudenXyY7dwxXP3KCO37QTdL7CwIYAAQwAAhgAEAAA4AAviT1Z/ZfPLP+DAM7D0X5yhwRRyuo
+lt7iIlNjl8xdtj3irs7fH3zfHhBAAMAAhgAvts/F7jPTs0BoAV8hulbmIOi5kwdNSesqP/gkUvG
z5r9Fl398txvyR+uT/qL26+CoQXceGma+jwDoAUMAAIYABDAJ+4rvXQVr93LRcZRjiP1vUf/K2v+
yq0+TnDXAAEMAAIYAAQwACCAz8fq5ZX57r3VuaZ36IfbbSrmmheh6hc8fj3Z2OVfqE6rteu7LiY+
zbdQhxHAAIAABgABDAACGAAQwOdiqwFW+ck3vv6+6zaj4l2qR2+Z7uP4lae0FlUM6Nv7W5dWgDr1
bauVb3zyulGNqiICGAAQwAAggAEAAXxadpt/I2ya1mPjf6rXvJd5QthL3ahT8qsTdFT37tdc88YB
AaVVbreqUrpJFX/W7HJe7bf+rpq882Q72z6n5qQu+/o6QgADgAAGAAQwAJyCfxQBeRV9YzqETu0Y
ffFVOzyy2+W89Xsu0zQtrYGFByt6fwvPyVaYX+3GDSisdvHI6nNKV1J4fsWTq1970Gqzup3V+3Xo
r5qNb33owtECBoALIoABQAADwGXQBwyU2Pv047u9ZC8jD+p3Xa92GK92Blf3Fq/7s7CS0nfMv3a1
X3Z1qxY93OueULr7G7vqC6sNy12wX+kwrtip0j0K2/ejr9sFLWAAQAADgAAGAAEMABzWeV7dXGvP
TSsBUCk/HKwwQq2wKJSNO6szBcrq0ypeVdiAxZd59UvyTyukQMXYuiOEoxYwAHwDAQwAAhgALoM+
YAAOomYf8GlulT7gTca9aO72Yaa2A9AYTQ7gcS/qvg6maZqm6eim35bBADTqFEEzTQdxiOfxm6Zp
OkpCSEb1X+/QA1xm6p1IODa2BTz7+zQJN1etxQPt6zgMn8cqFwDrnU63dKP7gOPr9ucfrasbFQuA
pmhsAE/fJiWPvr7rBgagCS7lfsAuOgJAC3gf2tdxyaP5TmHpC4AW8EFM3qYhfCTu7P01hPJu4AaN
eS5MCG7zbJuiU3S27Vs2Twt4vdaPn/FSl+/0bRKSu47fVAA0osXV4Cti5xNxvNy3lv/f6OPh975t
s3mKzrZdxuY1ey7o2cNtu5+Nho7PIH3VS9tm8xSdbRPA0LyPjXJTdCi6BhWd2xECwDcQwAAggAHg
MugDBgAtYAAQwACAAAYAAQwACGC2Nnu4jXrjwoPjXjR3+zA78KJmFlm0bn8UXd2yO3z5nFfRLe1W
YYf2Wz7nVm6f+zO3+MI7nSqXcolGSQghJKPiY/FguvL/QyxqnukgDotdyP74LD9Ft7nsPgrr0OVz
XkVX/Mjm92a/5XN+5TYdxKV7cUpVTgBfavgWA7hYW0fJYvneFzU9QwoPKLrNFS63O/miVHRbfmg/
922/5XOO5Va+D6dV5ZyCvjDjXtQdxoNpLoazU4R/nybh5urzdhbt6zgMn8eHWNRErfuXNH3M3e2y
dXUTsvthKroNOo9pWn6nFEVX9wT+72E8GCQHK7pzLLfZ+2vJDWpPrMoJ4AvTeUzXfRuG+LpdCJjD
LWr+L5nnYfj83Cm6+lnyb38SD/7rqHXbFFkY/O/+6rAf2HMrt+nbJH79XTZo44SqnADmo7aWPPr6
PjvAorM4kdAdhnmMKLr6Z1+iqN2fxIP/zX8BKrr68ds65Af27/mV2/h5GCbh5+LU8K+39u3D7NSq
nACG7YOkOwzJ6BxuQH30sy9pOv351D6v4cnHj1/q1bbcR7Rzl0z6f07tpLoAJpT2lmoAAAVQSURB
VISQdVysurlqHWBR89M3Hkw/O4QV3XZa97+SMHn6O1N0X4jf/ZbPj/OucosSGz6/n1aVE8AsTN6m
uc/+++shFzX0+/A2S9+Vtq+i2/arcLGDim59ffv7NAmTfnvei9kdhuyvj8tZ91s+Z13l5uLrq9Oq
cgKYrFny42e81HExfZvMxxDufVFj07fdnySjlSFsim7zz5blOV8W+6PoNpwreCm9nOtx70V3dp/W
NbXu5qpzYlXOZbEXfDWwiTi2uw547Q4oui0uBF6+blLR7Xo9tYk4tvqGGyUfu2QiDk7zKvX5BE8h
rNahvS9qYP6WnNFaShVFV2f2l5Vqp+h2DOB9l8/5ldu6Wnc6VS5K09T5VwA4Mn3AACCAAUAAAwAC
GAAEMAAggAFAAAMAAhgABDAAIIABQAADgAAGAAQwAAhgAEAAA4AABgAEMAAIYOC7zR5uo+j2YXbA
txj3Pt5g3IuiqDc+jT3/3CwQwHDySXUq4dGIDfvIue4w+XXfOrk97fw3CP1/RTACGE7d9G1yjhvW
un9J05e95OO6+I0H/3VO8RC07n8lk/6fsbqNAAbOzfh5GPbU/D2Ezl0Shr81ghHAcLJmD7dRdxhC
GHaXOjFnD7fRp6Uexfnp0o9nZMtKH1xZz9JJ1o8+2txTcu+zbsPKdqD8DXJ9wONeVKLQT1qxqSXv
+nsYkrtOWcO4ZBVl3dGLs84Ve1q1SRs2t3OXBI1gBDA0L5Tb/fw50Um/XfiKf/39b/aM+OeP1poH
V9cz7BajYtJv554y6be3Gj007q2+wU7Dj+psav7pf58mIb5uFx9/7mVRWtyY1o+fcZg8/c1t2fhP
f1Ie4XU2qcaOd+6SEIbPEpiTkAJlRkkIIRkt/Zl/oPDIdBCHEEI8mObWsfpgydPmDy2vZ/FGy0tL
Nqx8w/NvsPTAdBAXtzK/O9ts6oYS+yyi3IMlO5t7g7Iyz6+wepOqdzz//LL9h6MTwFAngMu+y+df
/tlz8v8vfULV13/uvVbXU3zrWgG8NifLt6AkWTdv6uY1r03A8gQurrv494ZNqt7xusUHR+MUNNQ5
Gfv+unxeOSzOoYbX98VJzpLzr8sPTt8m2anrZd1hWL+e9nW81bZ2/ps3oofden23s4fbdn8SklH6
mDv3W3NTN7u5aq0ttNb9r2RxFnr8PAyV5583bNLWOw76gIF9at2/fJ7K3tgLPO61+5MQD6aPne/Y
2M7dRwJvzN897zgIYGhCpl3dhMJ4oTAfdVRs4VVqX6/vgdzvxbmt+5fls64rW5+lb9QdhngwXX3z
vW1qoblcLLSPBB4/D8OGK4hrbVK9HQcBDKdtER6duySESb+dO6WZNR23a7NlA3+XVrO4dGars6Xr
TwJna1tq9q05iT17uO0OQ0hGpXm69aZmP1LepsXHl9ZRUmhZAv95fl09x1/Y0+pNqrfjWWdCWVcB
HJ1ucCj1eSpzPmJnMcYnb9EeKx0gVPbg8inShaVRz0svKT6ysmFrR2GVvcFibWu2Y2Wf1m/q5lFY
2YCnJNmwgvkGrxsaln9F5SZV7njuvQyCxiAsOOmzzve/kqU2WOex8PWfjHY5b9y6fynGSDJK0/o9
sCsbVrSyoVu+wa6bWnJdbwghhLvH3EriwXRlBdnoqdX2b8meVm5SjR0fPw/LG9pwfFGapkoB2Itx
L+q+lvUoV5o93Lb7YeuXHW374DC0gIG9+RzTvE0q/ulPjtMsPfGpqtECBvhaIzOM6p3xHi8mqUxG
6cEvg5o93Laffmr+ogUMnGcj+HGU1L3j0HyU8nEuQh7/6YfB/6QvWsAAcNH+HzWH9ISZhttGAAAA
AElFTkSuQmCC
------=_NextPart_000_0004_01C93842.65F91730
Content-Type: image/png;
name="image005.png"
Content-Transfer-Encoding: base64
Content-ID: <image005.png@01C93842.634CE2F0>
iVBORw0KGgoAAAANSUhEUgAAAA8AAAAPCAMAAAAMCGV4AAAAK3RFWHRDcmVhdGlvbiBUaW1lAGRv
IDIwIGRlYyAyMDAxIDE3OjQxOjQ0ICswMTAwWW+vIgAAAAd0SU1FB9EMFBA6O4e53M4AAAAJcEhZ
cwAACvAAAArwAUKsNJgAAAAEZ0FNQQAAsY8L/GEFAAAAeFBMVEX/AP8AAAD/RCX/PR3/ORn/NBP/
bVX/X0X/Vzv/UjX/TC//QiP/Px//NhX/MQ//fmn/e2X/Zk3/YUf/TjH/mIf/iHX/g2//SSv/xbv/
t6v/pJX/k4H/19H/vrP/qZv/cFn/a1P/WD3/6eX/0sv/jnv//Pv/////8e+LGXUkAAAAAXRSTlMA
QObYZgAAAJBJREFUeNpVj9sSgyAMRFkVRcRKK6VqtRes+P9/2IDame5MHk4um4SxIASxQ4Bf3Ngd
GXi/unnqTYMdqZmq0DkiU2aLAgFX+OjnIRIwLO7HZUrs5jD7oRAyIx6nx2Ds8/UWbcWJu364W50X
opWKB0NztXH+puq4r9E4X6iK+rQdRL2lrNSO4f4kzTj/++j47wud3Ai2GfjNTQAAAABJRU5ErkJg
gg==
------=_NextPart_000_0004_01C93842.65F91730--
Brought to you by http://www.webappsec.org
Search this site
|