War is Peace - Freedom is Slavery - Ignorance is Strength

Saturday, January 01, 2000

Computer Security Essentials

Title:   Computer Security Essentials
Platform:  Windows XP
Author:  Dr. E
E-Mail:  outsideAG@gmail.com
Date:  November 7, 2004



This guide is designed to be a comprehensive introduction to the concepts, techniques, and programs necessary to protect private information on your home computer, and access the internet with privacy and anonymity.



Table of Contents:
------------------

Introduction

I. Securing Your Personal Computer

    1. Browser Security
    2. Secure Deletion
    3. Password/Passphrase Security

II. Secure Internet Access

    1. Internet Basics
    2. Proxies
    3. Anonymous Internet Access

III. Encryption

    1. Encryption Basics
    2. Encrypted Communication
    3. File Encryption

Appendices

    A. Recommended Software








Introduction
------------

Computers and the Internet offer their users the means to communicate, and access and store information, in ways never before possible.  At the same time they also provide unprecedented means for both state and private actors to monitor, trace, and archive records of your online activity, while the files on your home computer are continually at risk of being accessed without your knowledge or consent.

For individual users, the risks of computer insecurity and a loss of privacy on the internet include litigation, malicious prosecution, and theft of sensitive private information.

Large corporate trade groups such as the Business Software Alliance (BSA), Motion Picture Association of America (MPAA), and Recording Industry Association of America (RIAA), actively engage in intrusive surveillance of internet users, and file lawsuits alleging copyright infringement, and claiming millions of dollars in damages from people with no means to defend themselves.

In the United States, the government has given itself the right to intercept and monitor your E-Mail, and access private information on your personal computer, without a search warrant, and without notifying you that these searches are taking place.

Every single day profit motivated criminals across the globe are actively seeking to gain access to your online accounts, and personal computer records, to steal your private personal information, and use it for financial gain.

Your ISP, the sites you access, and the services you use all collect and store extensive records of your online activity, without notifying you as to the extent of their record keeping activities, or giving you any means to have those records deleted once you stop using their services.  Companies keep these records for business analysis, targeted marketing, and as ammunition for future litigation, but as long as those records exist, there is always the possibility that they could fall into the hands of a third party and be used to your detriment.

Privacy and security are two of the most fundamental human rights.  They are things that almost every person desires.  It is not unreasonable for you, as a computer user, to want your personal computer and your access to the internet to be just as private and secure as anything else that you do in your home.  As it stands though, no law and no corporation will come even close to guaranteeing you this most basic degree of privacy, and it is left up to you to insure these rights for yourself.

This guide aims to help you protect your computer security and online privacy.  This guide does not cover every topic, or every security relate program that is available.  Instead I have tried to focus on the most vital subjects, and on what i believe to be the best programs.  

In most cases the programs that I recommend, and provide tutorials for, are free and open source.  I did not choose these programs because they are free, I chose these programs because they are the best.  When it comes to privacy and security, secrecy is your enemy.  If you use a commercial program - where the source code is not public - you can never be truly sure that it is secure.  For this reason, open source software is the only software that can truly be trusted to protect your security and anonymity.

Links to the websites for all of the programs that I reference throughout this document can be found in Appendix A at the end of this document.








Securing Your Personal Computer
-------------------------------



1. Browser Security

To make surfing the internet faster and more convenient, web browsers store a variety of information.  But for people who don't want to create records of their online activity, or don't want others to be able to access their private accounts, these features can be very inconvenient indeed.  The four main features that pose a problem are the browser's cache and history functions, password saving utilities, and cookies.

Cache

Most web browsers automatically save every single page you access to the disk.  This feature should be disabled.

History

Most web browsers store a record of the address of every page accessed.  This feature should be disabled.

Password Keepers

Many browsers and third party applications exist that save the passwords you enter in web-forms.  You should disable this feature in your web browser, and not use and third-party applications that perform this function.

Cookies

Browsers store cookies that can not only indicate which web sites you have accessed, but also provide individuals with a means of accessing your private accounts without knowing your password.  Since cookies may be necessary to access the sites you need to use, this feature cannot be disabled.  You should be sure to delete all cookies, preferably securely, at the end of each session.




Browser Security Tutorials:

Internet Explorer:
------------------

Get either Firefox or Opera, there is no easy way to effectively secure Internet Explorer, and both of those browsers are better anyway.

Opera:
------

To configure Opera go to Tools > Preferences, or click Alt+P.

To disable the file cache set the drop-down box labeled "Disk Cache" to Off.  It is fine to leave all the other boxes checked, it won't make a difference.  For additional security, you can also set the "Memory cache" to off, but this will probably have an adverse effect on your browsing experience.  To remove old cached files, go to your Opera install directory (C:\Program Files\Opera\ is the default), enter the "profile" directory, and delete the "cache4" directory, using the method described in the Secure Deletion section of this document.

To disable the saving of a history change the values in the drop down boxes labeled "Typed in addresses," and "Visited addresses" both to 0.

To disable the saving of password information, select the "Security" panel in Preferences, and uncheck the box labeled "Enable Wand."

To delete cookies at the end of each session, go to the directory that Opera is installed in (C:\Program Files\Opera\ is the default), and enter the "profile" directory.  Delete the "cookies4.dat" using the method described in the Secure Deletion section of this document.

If you want to remove old browser records from your computer, you should also securely delete the following files in the Opera profile directory.

opera.dir History File
download.dat List of Downloaded Files
global.dat History File
vlink4.dat List of Visited Links

Firefox:
--------

[Opera is the browser that I actually use, and I don't have a lot of experience with Firefox.  I have done my best to provide accurate information here, but as an FYI, I could be wrong.]

To configure Firefox go to Tools > Options

To disable the cache in Firefox open the Options dialog, and switch to the panel labeled "Privacy."  Under Privacy expand the  header labeled "Cache," and in the input box labeled "Use up to -- KB" enter 0.  When you set this value to 0, Firefox will acutally delete the existing files in the cache, so if you want those files securely deleted, you will need to do that yourself first.

To find the directory where Firefox is storing cached files, go to the address "about:cache," which is an internal page that gives information about the cache.  Go to this directory and delete all the files in it using the method described in the Secure Deletion section of this document. (You won't be able to delete some of them if Firefox is open, but I don't know if those files actually store private information.)

To prevent Firefox from storing a history of the pages you visit, expand the header labeled "History," which is also located in the Privacy panel of the Options dialog, and enter 0 in the input box labeled "Remember visited pages for the last -- days."

In Firefox, password saving is disable by default, but if you want to check to make sure it is disable, expand the header labeled "Saved Passwords," and make sure the box labeled "Remember Passwords" is not checked.

To delete cookies at the end of each session, go to the directory that you located your cached files in, and go up one directory.  Cookies are stored in the file cookies.txt, which should be deleted using the method described in the Secure Deletion section of this document.  

In the same directory as the cookies.txt file, you will also find the history.dat file, which stores the history of the sites you have visited.  You should delete this as well.



2. Secure Deletion

When files are stored on a computer, the actual data is stored in one place on the disk, and then the location of that data is stored separately, along with the name of the file.  When you delete a file on your computer, only the record of the data's location is actually erased, not the data itself, which is simply left in place on the disk.  What this means is that until another program writes new data over the old data, the old data can still be retrieved from the disk.  Even once another program has written over the old data, it is still possible to retrieve the old data using specialized equipment.

If you truly want to remove a file from your computer, it is necessary to use a secure deletion program that will overwrite the actual data - usually several times - to make sure it can never be recovered.

Eraser is a good, easy to use, open source program that can handle this for you.  It offers options for several different levels of overwriting.  Typically, 7 times overwriting should be sufficient, but if the file you are deleting is small, then you may as well go full bore for 35.  It is important to understand that for very large files, and free space wipes, overwriting 35 times would take quite a while, and if you did it regularly might cause your hard drive to wear out prematurely.



3. Password/Passphrase Security

Passwords and passphrases are really the same thing.  Geeks prefer the term passphrase, because a password/passphrase isn't supposed to be a "word" (dictionary word) at all - it is supposed to be some random collection of letters and numbers.  I will use the term password henceforth, because it is what most people are used to.

Passwords are used universally to limit access to computers or accounts to individual users.  You probably have dozens of different sites that you use passwords for, and for most of them, it probably wouldn't be a big deal if someone found out your password.  But for some accounts, and for protecting encrypted data, you probably do want to make sure that nobody will be able to get or guess your password/passphrase.

When choosing a password that will be used to keep your data/account safe, it is important that it be something that would be difficult not just for a human, but for a computer to guess.  This means that it shouldn't be anything with obvious personal significance to you, and that it should be long enough and strange enough that it would take a very long time for a computer to guess it either by trying every word in the dictionary, or by systematically going through every combination of letters in the alphabet for a sequence of a given length.

It is also important that you separate the passwords you use for online accounts, and for personal accounts or personal data.  Even if the online site you are entering your password for is one you trust, it is still not a good idea to give them the same password that you use to protect your personal information, or your personal computer.

A few Password rules:
    --It should not be a password that you use for ANYTHING else
    --It should be as long as possible, but within your ability to remember it
    --It should NEVER be written down
    --It should not contain any dictionary words
    --It should not contain any known number sequences (Phone #, Social Security #, etc.)

Once you have a good password, you need to protect it.  Besides never writing your password down, you need to be aware that an individual trying to get your password may try to obtain while you are typing it in.  This is where keyloggers come in.  Keyloggers are programs that record every keystroke you type on your keyboard, and either relay that information via internet, or store it for future retrieval.  Hardware keyloggers are devices that are installed between the keyboard and the computer, simply checking the computer you are on will reveal if a hardware keylogger is in place.  Many detectors of software keyloggers exist, but I haven't found any that are free or open source, so I won't make any recommendations.  If you want to look for one, go to download.com, and search for "keylogger."








Secure Internet Access
----------------------



1. Internet Basics

Every computer that is connected to a network - such as the internet - is given a unique address.  For some people using cable or DSL, this address will change only rarely, if ever.  For people who connect with a modem, the address changes each time you connect, but your ISP will ALWAYS have a record of who was connected with what address at any particular time.  This unique address is sent to every single website you access, it is given out when you use AIM or ICQ, it is given out EVERY SINGLE TIME you connect via any program to any other computer on the internet.

Who keeps logs of your online activity?

Every website, ftp site, mail server, and IRC server - for starters.  I don't know what kind of records AOL and MSN keep of access to their IM services, but it is safe to assume that they probably do keep records of each session, both to monitor and prevent spammers, and to provide assistance to law enforcement.

Besides third parties, who you have to connect to for them to log you, you must also keep in mind that at a bare minimum, your ISP keeps a record of every single website that you access, and probably in some cases, a great deal of additional information.  As I mentioned, ISPs are only governed by your contract with them, and in most cases those Terms of Service grant them carte blanche when it comes to your privacy.

What actually stops ISPs from engaging in more intrusive interference with their users online activity is that once they begin to monitor their users they assume liability for their users actions, which is a legal position that they work strenuously to avoid.  But if John Q. Law comes a knock'n, well, then they are off the hook on both counts.  They have no obligation to protect your privacy, and the police are the ones doing the nosing around, so they avoid assuming the legal risks associated with trying to police their own users.

How are users traced?

Well, with the amount of logging that is going on, it really isn't that hard.  Whether it is Law Enforcement, a trade group such as the MPAA/RIAA/BSA, or a private individual, all you have to do is be engaged in a criminal investigation, or have filed a lawsuit that requires that the identity of a user be revealed, and subpoenas rain down like Oregon in December.

Armed with a subpoena, all that the party seeking your identity has to do is fax over a form to your ISP, and like magic, your privacy is gone.  This is what we DON'T want.



2. Proxies

    prox•y
    A person authorized to act for another; an agent or substitute.

On the internet, a proxy server is a computer that acts as an intermediary between you, and the server that you are ultimately connecting to.  Your computer talks to the proxy, the proxy talks to the server, the server replies to the proxy, and the proxy relays the information back to your computer.  As in real life, dealing with a middleman has benefits, but also poses risks, and most of those benefits hinge on your ability to trust the man in the middle.

With internet proxies, the main problem that exists is that most of them keep logs of all activity, so when the shit hits the fan, your identity can still be exposed, it will just take a little more time.  If you have a need to be 100% anonymous and totally untraceable, do not rely on proxies to protect you - THEY WON'T!

What different types of proxies exist?

HTTP Proxies

Support for these proxies is already built into every web browser, and most web applications.  All you need to do is enter the address for the proxy into your browser, and enable it, and you will be surfing through the proxy.  These proxies are almost all logged, and you have know way to know that they aren't, so it is just safe to assume that they are.

HTTP proxies are best used a short term means to disguise traffic.  For instance, if a website limits access to its services on the basis of IP address, you can use different proxies to avoid those limits.  One application might be a program that rotates through a list of HTTP Proxies voting hundreds of times on one of those ridiculous "viewer polls" that they regularly put on cable news programs.

Another possible use of HTTP Proxies would be if you wanted to open multiple email accounts on a free web mail service, and don't want them to be linked together - and thus easily detectable - by the IP address that was used to create them.  You could use a different proxy to open each account, thus avoiding any simple detection of their connection to one another.


Java Anonymous Proxy

JAP is a program, developed by the Technical University Dresden, which provides excellent privacy.  It will definitely prevent your ISP from monitoring and logging the websites you visit, and should prevent any website operator from tracing your access.

JAP has two major faults.  First, and most important, is that its creators and operators still have ultimate control over the program, and in the past, they have complied with a court order that required them to log the activity of their users, and turn that information over to a law enforcement agency.  The second, and lesser problem with JAP is that it uses a relatively small number of IP addresses to make all requests, and so some servers may block, or flag requests coming from IP address known to be used by JAP.

Overall, I would strongly recommend JAP as a means of preventing the creation of a permanent record of your online activity, but not as something that you should trust in situations where guaranteed permanent anonymity is necessary.

There are a few other good proxy schemes in existence, but unfortunately I don't have the time to cover them all here.



Proxy Setup Tutorials:

Whether you are using JAP, or an HTTP proxy, you will need to follow the same directions to configure your browser to use a proxy.

A proxy address will usually consist of an IP address (i.e. 120.240.480.960) and a port number (i.e. 3120).  The proper way to note this address would be 120.240.480.960:3120.  A proxy address can also be a domain name (i.e. www.yahoo.com) but this is not as common.  By default, the address that you will enter for your proxy when you are using JAP is 127.0.0.1:4001.

Internet Explorer:
------------------

Select Tools > Internet Options... and select the panel labeled "Connections."  Click the button labeled "Lan Settings," which is near the bottom of the dialog box.  In the section labeled "Proxy server," check the box labeled "Use a proxy server for your LAN.  In the text input box labeled "Address," enter the IP address for your proxy server.  If you are using JAP, then enter 127.0.0.1.  Now, in the text input box labeled "Port," enter the port for your proxy server.  For JAP this is 4001.  Click OK to close the LAN dialog, and then click OK again in the Internet Options dialog, and you are ready to browse using your proxy.


Firefox:
--------

Select Tools > Options and select the panel labeled "General."  Click on the button labeled "Connection Settings."  Select the button labeled "Manual proxy configuration."  Now, in the text input box labeled "HTTP Proxy" enter the IP address for your proxy server.  If you are using JAP, then enter 127.0.0.1.  In the text input box directly to the right, which will be labeled "Port" enter the port for your proxy server.  For JAP this is 4001.  Now enter the EXACT same information in boxes labeled "SSL Proxy."  Click OK to close the Connection Settings dialog, and click OK to close the Options dialog.


Opera:
------

Select Tools > Preferences and select the panel labeled "Network."  Click on the button labeled "Proxy servers."  Check the box labeled "HTTP," and in the text input box to the right enter the IP address for your proxy.  If you are using JAP, then enter 127.0.0.1.  In the text input box directly to the right, which will be labeled "Port" enter the port for your proxy server.  For JAP this is 4001.  Now, check the box labeled "HTTPS," and enter the same IP and Port information in those boxes.  Click OK to close the Proxy Servers dialog, and click OK to close the Preferences dialog.



3. Anonymous Internet Access

True anonymity can only be attained by accessing the internet through a connection that is not yours, and you have no attachment to.  This does not mean the computer at your desk at work, the computer in the library that you have to enter your card number to use, or the computer at your university that you have to login to with a personal account.  What this may mean is an internet cafe, a computer at a desk at someone else’s work, or a computer at a university that you logged into with someone else’s account.  An even better method, if you are lucky enough to own a laptop and a WiFi card, is to use a free wireless access point.  Wifi provides the best security available, because it allows you to use your own computer, while accessing the internet through someone else’s connection.

A problem that exists with public computers is that your use of them can potentially be monitored either by their owner, or by a third party.  Because this monitoring is likely to be engaged in for purposes of either financial gain through theft of personal information, or simple curiosity, it is not particularly threatening, but it is something you should be aware of.  If you want to prevent the logging or monitoring of your web surfing you could install JAP, if that is possible.

Wifi also poses security problems, foremost being that all of the data being transferred between your computer and the base station can be intercepted by anyone within radio range.  Once again, this is only likely to be done by individuals motivated by profit or curiosity, but it still should not be ignored.  Using JAP would provide a solution to this, because it encrypts all of your web traffic.  If you don't use JAP, or another means of encrypting your web traffic, then you should avoid logging into sensitive accounts that don't provide a secure login option, otherwise anyone in the room has the potential to get your password.

If true anonymity is what you are seeking, then you need to think about more than just computer logs.  It is also important that you consider the physical security of the location that you are using as an anonymous access point.

Is it your neighborhood coffee shop, where the barista knows you by name?  Well, then you would have been just as safe logging in from your home computer, and signing off your communications with your address and phone number.  

Another thing to consider, if you have reason to believe that your activity might become the focus of an aggressive government investigation, is the level of electronic surveillance being conducted around the access point you intend to use.  Almost everywhere you go these days, you will be caught on someone's camera.  Fortunately, most of the time these cameras are cheap crap that are primarily designed to prevent slave-wage register jockeys from dipping into the till, and even if the tapes are kept for any extensive amount of time, they are probably of too poor a quality to do you much harm.  Banks on the other hand, should be avoided like the plague.  Most standalone banks have 360 camera coverage, with reasonably high quality cameras, and they will definitely archive their tapes for much longer than any convenience store.

Once again, if you have reason to believe that you are either the subject of an ongoing investigation, or may be investigated in the near future, take the basic precaution of not using the same access point every time, and not using any access point that is close to your house.  Additionally, I would strongly recommend - and not just as a matter of principal - that you always take the bus, and never use a car.  License plate numbers are by far the easiest way to locate people, and since there is a good chance that you will be recorded, you don't want to be caught wearing a nametag when you are.








Encryption
----------



1. Encryption Basics

The topic of encryption is extremely dense and technical, and I am not particularly well versed in it myself.  As a result I will to try to explain encryption theory, but simply provide some tutorials on how to achieve the most commonly necessary encryption tasks.  For more information on encryption concepts in general, it would be a good idea to consult the manual for GnuPG, which can be found at http://www.gnupg.org/gph/en/manual.html.

Most basically, encryption is the process of putting something into code, generally with the idea that the code can be understood and decrypted by the intended receiver of the coded message, or by yourself at a later time.

The benefits of encryption are obvious.  Encryption allows us to store information in a way that only we can retrieve it, and it allows us to send communications that cannot be understood by anyone other than their intended receiver.



2. Communications Encryption

The most common way of sending encrypted messages is via e-mail.  The form of encryption that is used for this is called Public-Key Encryption.  With Public-Key encryption, you can give your public key to anyone, or even better, publish it online, and anyone can use that Public-Key to encrypt a message for you.  The great thing, is that only the holder of the Private-Key (you - hopefully) will be able to decrypt the message.

The program that I would recommend for handling Public-Key encryption is Windows Privacy Tools.  It is free, and open-source, and based of GNU Privacy Guard, a free open-source version of PGP.  The manual for WinPT can be found at http://help.helpem.com//display.html?uid=winpt&ref=contents, and I will refer you there for more information on how to use the program.

Once you have WinPT going, and you have created a key-pair, you will want to put your public key online.  A good free key server can be found at pgp.mit.edu.

To add your key to the key server, start by right click on the WinPT icon in your system tray, and opening the Key Manager.  With the key manager open, you should see at least one key pair listed.  If there are not any keys listed, you will need to create a new key pair, and you should refer to the WinPT manual for instructions on how to do this.  To post your public key, simply highlight the key pair that you want to use, and then select Edit > Copy.

Now, at the pgp.mit.edu page, click inside the text entry box labeled "Enter ASCII-armored PGP key here," which is under the heading "Submit a Key," and select Edit > Paste, or CTRL+V.  A big mass of letters and symbols should show up in the box, and at the top, there should be a line that reads "-----BEGIN PGP PUBLIC KEY BLOCK-----"  Click the button labeled "Submit this key to the keyserver!"  Now, anyone who wants to send you a message can go to pgp.mit.edu, search for the e-mail address that you created your key for, and use that key to encrypt the message.

An encrypted message can be sent the same as any other e-mail, using any e-mail service.  Generally, I prefer to send the encrypted part of a message as an attachment to my e-mail, and then save that encrypted file to my disk, where I can decrypt and read it, but you can also paste the encrypted message directly into the body of an e-mail, and it will work just as well.  
To decrypt a message that you have received in an e-mail, you can highlight it, and copy it (Edit > Copy, or CTRL+C) then right click on the WinPT icon in the system tray, and select Clipboard > Decrypt/Verify.  You will be asked to provide the password for your Private-Key, and if all goes well, the decrypted text will be placed in the windows clipboard, from which you can Paste it into Notepad, or view it using Clipboard Viewer.  Using the clipboard for decryption is not as secure as saving it to a file first, and so I wouldn't recommend this for highly sensitive data.

For absolute security, you should first save the encrypted message to your disk, then decrypt it to another file, read the message, and then securely delete the decrypted file.

When choosing a password to protect your private key, be sure to consider the suggestions in the Password/Passphrase Security section of this document.



3. File Encryption

You can use WinPT/GnuPG to encrypt and decrypt files, but ultimately, this proves to be a hassle because each time you decrypt a file, you have to securely delete it, and then, if you modified the file, you have to encrypt it again.  Luckily, another type of program exists that will create an encrypted file on you hard disk, and then allow you to "mount" the encrypted volume, so that you can read and write on it as if it were another hard drive.

TrueCrypt is a free open source program that can do this for you.  Once again, I would recommend that you read the manual, which can be found at http://truecrypt.sourceforge.net/TrueCrypt%20User%20Guide.pdf.

When choosing a password to protect your encrypted volume, be sure to consider the suggestions in the Password/Passphrase Security section of this document.








Appendices
----------



A. Recommended Software

GNU Privacy Guard

Website: http://www.gnupg.org

Open source encryption program.


Windows Privacy Tools

Website: http://winpt.sourceforge.net/en/

GUI interface for GNUPG that also incorporates a secure deletion tool.  Somewhat buggy, but functional.


Java Anonymous Proxy

Website: http://anon.inf.tu-dresden.de/index_en.html

Academically developed proxy program that encrypts and disguises your web surfing.


Eraser

Website: http://www.heidi.ie/eraser/download.php

Open source fully featured secure deletion tool.


Firefox

Website: http://www.mozilla.org/products/firefox/

Open source web browser.  Far better than Internet Explorer.


Opera

Website: http://www.opera.com

IMO, the best web browser available.  Opera is a commercial product, and the free version is ad supported, so if you can't afford to buy it, Firefox is probably the way to go.


TrueCrypt

Website: http://www.truecrypt.tk/

Open source volume encryption program.

Comments:
Great!! Thanks!!!
 
Hi Blogger, I find it quite refreshing to occasionally find a article like yours with an familair topic such as Computer Security Essentials. Its not was I was searching for but somehow ads to ones list of lifes experiences.

I have a soft spot for sites and blogs related to private detective and /or sites that have a central theme around private detective type items.

Once again, thank you Blogger, look forward see more posts from you in the future :-)
 
Good blog. I like what I have read. Like the colors too. I have a unlimited internet access, website. If unlimited internet access is of interest to you, then please take a look at it!
 
Hi, heute hast du mir mit deinem blog die langweile vertrieben. Nach stunden des gelangweielten surfens bin ich hier gelandet. Absolut interessantes Thema.
Ich denk hier werde ich öfter vorbei schauen !

Ich habe eine Seite über Workstation. Hier findest du alles über Workstation und noch viel mehr !

Wenn du Zeit hast, schau doch mal vorbei ! :-)
 
Blogger, do you have any other blogs? I have been looking around at
blogs related to Computer Security Essentials and I found your site. I have a site that is
some what related to your blog and I thought it would help. So I wanted
to leave you a quick message while I was here. Take a look; you will be
happy you had did! My site deals with work at home home business idea to make money online related information.
Also I have some great stuff on my site that may be of assistance to
you.
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?