Hack

Maker Faire halts operations and lays off all staff

Posted by | Education, Entertainment, Exit, Fundings & Exits, Gadgets, Hack, hardware, layoffs, MAKE, maker faire, Maker Media, Media, Personnel, robotics, Startups, Talent, TC | No Comments

Financial troubles have forced Maker Media, the company behind crafting publication MAKE: magazine as well as the science and art festival Maker Faire, to lay off its entire staff of 22 and pause all operations. TechCrunch was tipped off to Maker Media’s unfortunate situation which was then confirmed by the company’s founder and CEO Dale Dougherty.

For 15 years, MAKE: guided adults and children through step-by-step do-it-yourself crafting and science projects, and it was central to the maker movement. Since 2006, Maker Faire’s 200 owned and licensed events per year in over 40 countries let attendees wander amidst giant, inspiring art and engineering installations.

Maker Media Inc ceased operations this week and let go of all of its employees — about 22 employees” Dougherty tells TechCrunch. “I started this 15 years ago and it’s always been a struggle as a business to make this work. Print publishing is not a great business for anybody, but it works…barely. Events are hard . . . there was a drop off in corporate sponsorship.” Microsoft and Autodesk failed to sponsor this year’s flagship Bay Area Maker Faire.

But Dougherty is still desperately trying to resuscitate the company in some capacity, if only to keep MAKE:’s online archive running and continue allowing third-party organizers to license the Maker Faire name to throw affiliated events. Rather than bankruptcy, Maker Media is working through an alternative Assignment for Benefit of Creditors process.

“We’re trying to keep the servers running” Dougherty tells me. “I hope to be able to get control of the assets of the company and restart it. We’re not necessarily going to do everything we did in the past but I’m committed to keeping the print magazine going and the Maker Faire licensing program.” The fate of those hopes will depend on negotiations with banks and financiers over the next few weeks. For now the sites remain online.

The CEO says staffers understood the challenges facing the company following layoffs in 2016, and then at least 8 more employees being let go in March according to the SF Chronicle. They’ve been paid their owed wages and PTO, but did not receive any severance or two-week notice.

“It started as a venture-backed company but we realized it wasn’t a venture-backed opportunity” Dougherty admits, as his company had raised $10 million from Obvious Ventures, Raine Ventures, and Floodgate. “The company wasn’t that interesting to its investors anymore. It was failing as a business but not as a mission. Should it be a non-profit or something like that? Some of our best successes for instance are in education.”

The situation is especially sad because the public was still enthusiastic about Maker Media’s products  Dougherty said that despite rain, Maker Faire’s big Bay Area event last week met its ticket sales target. 1.45 million people attended its events in 2016. MAKE: magazine had 125,000 paid subscribers and the company had racked up over one million YouTube subscribers. But high production costs in expensive cities and a proliferation of free DIY project content online had strained Maker Media.

“It works for people but it doesn’t necessarily work as a business today, at least under my oversight” Dougherty concluded. For now the company is stuck in limbo.

Regardless of the outcome of revival efforts, Maker Media has helped inspire a generation of engineers and artists, brought families together around crafting, and given shape to a culture of tinkerers. The memory of its events and weekends spent building will live on as inspiration for tomorrow’s inventors.

Powered by WPeMatico

WhatsApp exploit let attackers install government-grade spyware on phones

Posted by | Apps, Facebook, Hack, Mobile, NSO Group, Security, WhatsApp | No Comments

WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.

The vulnerability (documented here) was discovered by the Facebook-owned WhatsApp in early May, the company confirmed to TechCrunch. It apparently leveraged a bug in the audio call feature of the app to allow the caller to allow the installation of spyware on the device being called, whether the call was answered or not.

The spyware in question that was detected as having been installed was Israel-based NSO Group’s Pegasus, which is usually (ostensibly) licensed to governments looking to infect targets of investigations and gain access to various aspects of their devices.

This is, as you can imagine, an extremely severe security hole, and it is difficult to fix the window during which it was open, or how many people were affected by it. Without knowing exactly what the exploit was and what data WhatsApp keeps regarding that type of activity, we can only speculate.

The company said that it suspects a relatively small number of users were targeted, since it would be nontrivial to deploy, limiting it to advanced and highly motivated actors.

Once alerted to the issue’s existence, the company said it took less than 10 days to make the required changes to its infrastructure that would render the attack inoperable. After that, an update went out to the client that further secured against the exploit.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

So what about NSO Group? Is this attack their work as well? The company told the Financial Times, which first reported the attack, that it was investigating the issue. But it noted that it is careful not to involve itself with the actual applications of its software — it vets its customers and investigates abuse, it said, but it has nothing to do with how its code is used or against whom.

WhatsApp did not name NSO in its remarks, but its suspicions seem clear:

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

Naturally when a security-focused app like WhatsApp finds that a private company has, potentially at least, been secretly selling a known and dangerous exploit of its protocols, there’s a certain amount of enmity. But it’s all part of the 0-day game, an arms race to protect against or breach the latest security measures. WhatsApp notified the Department of Justice and “a number of human rights organisations” of the issue.

You should, as WhatsApp suggests, always keep your apps up to date for situations like this, although in this case the problem was able to be fixed in the backend before clients could be patched.

Powered by WPeMatico

Fortnite bugs put accounts at risk of takeover

Posted by | computer security, cryptography, fortnite, Gaming, Hack, hacking, Password, Prevention, Security, security breaches, software testing, spokesperson, vulnerability | No Comments

With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm that says the bug is now fixed.

Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token set on the gamer’s device once they entered their password.

Once stolen, that token could be used to impersonate the gamer and log in as if they were the account holder, without needing their password.

The researchers say that the flaw lies in how Epic Games, the maker of Fortnite, handles login requests. Researchers said they could send any user a crafted link that appears to come from Epic Games’ own domain and steal an access token needed to break into an account.

Check Point’s Oded Vanunu explains how the bug works. (Image: supplied)

“It’s important to remember that the URL is coming from an Epic Games domain, so it’s transparent to the user and any security filter will not suspect anything,” said Oded Vanunu, Check Point’s head of products vulnerability research, in an email to TechCrunch.

Here’s how it works: The user clicks on a link, which points to an epicgames.com subdomain, which the hacker embeds a link to malicious code on their own server by exploiting a cross-site weakness in the subdomain. Once the malicious script loads, unbeknownst to the Fortnite player, it steals their account token and sends it back to the hacker.

“If the victim user is not logged into the game, he or she would have to log in first,” said Vanunu. “Once that person is logged in, the account can be stolen.”

Epic Games has since fixed the vulnerability.

“We were made aware of the vulnerabilities and they were soon addressed,” said Nick Chester, a spokesperson for Epic Games. “We thank Check Point for bringing this to our attention.”

“As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,” he said.

When asked, Epic Games would not say if user data or accounts were compromised as a result of this vulnerability.

Powered by WPeMatico

Daily Crunch: Well Facebook, you did it again

Posted by | Apps, Daily Crunch, Facebook, Fundings & Exits, Gadgets, Hack, hardware, Mobile, Security, Social, Startups, WeWork | No Comments

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here:

1. Facebook is the new crapware 

Well Facebook, you did it again. Fresh off its latest privacy scandal, the troubled social media giant has inked a deal with Android to pre-install its app on an undisclosed number of phones and make the software permanent. This means you won’t be able to delete Facebook from those phones. Thanks, Facebook.

2. The world’s first foldable phone is real 

Chinese company Royole has beaten Samsung to the market and has been showing off a foldable phone/tablet this week at CES. While it’s not the most fluid experience, the device definitely works at adapting to your needs.

3. CES revokes award from female-founded sex tech company
Outcries of a double-standard are pouring out of CES after the Consumer Tech Association revoked an award from a company geared toward women’s sexual health.

4. Everything Google announced at CES 2019 

Google went all in on the Assistant this year at CES. The company boasted that the voice-enabled AI will make its way onto a billion devices by the end of the month — up from 400 million last year. But what’s most exciting is the expanded capabilities of Google’s Assistant. Soon you’ll be able to check into flights and translate conversations on the fly with a simple “Hey Google.”

5. Rebranding WeWork won’t work 

The company formerly known as WeWork has rebranded to the We Company, but its new strategy has the potential to plunge the company further into debt.

6. Despite promises to stop, US cell carriers are still selling your real-time phone location data

Last year a little-known company called LocationSmart came under fire after leaking location data from AT&T, Verizon, T-Mobile and Sprint users to shady customers. LocationSmart quickly buckled under public scrutiny and promised to stop selling user data, but few focused on another big player in the location tracking business: Zumigo.

7. The best and worst of CES 2019 

From monster displays to VR in cars, we’re breaking down the good, the bad and the ugly from CES 2019.

Powered by WPeMatico

Hackers hijack thousands of Chromecasts to warn of latest security bug

Posted by | Amazon, chromecast, computing, echo, Gadgets, Google, Hack, hardware, iPad, media streamer, Security, smart devices, smart home devices, spokesperson, technology, wi-fi | No Comments

Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks.

The culprits, known as Hacker Giraffe and J3ws3r, have become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hackers hijacked forced the affected Chromecasts to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like themselves.

Not one to waste an opportunity, the hackers also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As the two say, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the underlying issue — that the Chromecast can be tricked into allowing an unauthenticated attacker the ability to hijack a media stream and display whatever they want.

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found a hijack bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch. (Google said in a follow-up email that it’s working to fix the deauth bug.)

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.

Updated at 9pm ET: with a new, clearer headline to better reflect the flaws over the years, and added additional comment from Google.

Powered by WPeMatico

3D-printed heads let hackers – and cops – unlock your phone

Posted by | 3d printing, biometrics, face id, facial recognition, facial recognition software, Hack, Identification, iOS, iPhone, learning, Mobile, model, Prevention, privacy, Security, surveillance | No Comments

There’s a lot you can make with a 3D printer: from prosthetics, corneas, and firearms — even an Olympic-standard luge.

You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.

Bad news if you’re an Android user: only the iPhone X defended against the attack.

Gone, it seems, are the days of the trusty passcode, which many still find cumbersome, fiddly, and inconvenient — especially when you unlock your phone dozens of times a day. Phone makers are taking to the more convenient unlock methods. Even if Google’s latest Pixel 3 shunned facial recognition, many Android models — including popular Samsung devices — are relying more on your facial biometrics. In its latest models, Apple effectively killed its fingerprint-reading Touch ID in favor of its newer Face ID.

But that poses a problem for your data if a mere 3D-printed model can trick your phone into giving up your secrets. That makes life much easier for hackers, who have no rulebook to go from. But what about the police or the feds, who do?

It’s no secret that biometrics — your fingerprints and your face — aren’t protected under the Fifth Amendment. That means police can’t compel you to give up your passcode, but they can forcibly depress your fingerprint to unlock your phone, or hold it to your face while you’re looking at it. And the police know it — it happens more often than you might realize.

But there’s also little in the way of stopping police from 3D printing or replicating a set of biometrics to break into a phone.

“Legally, it’s no different from using fingerprints to unlock a device,” said Orin Kerr, professor at USC Gould School of Law, in an email. “The government needs to get the biometric unlocking information somehow,” by either the finger pattern shape or the head shape, he said.

Although a warrant “wouldn’t necessarily be a requirement” to get the biometric data, one would be needed to use the data to unlock a device, he said.

Jake Laperruque, senior counsel at the Project On Government Oversight, said it was doable but isn’t the most practical or cost-effective way for cops to get access to phone data.

“A situation where you couldn’t get the actual person but could use a 3D print model may exist,” he said. “I think the big threat is that a system where anyone — cops or criminals — can get into your phone by holding your face up to it is a system with serious security limits.”

The FBI alone has thousands of devices in its custody — even after admitting the number of encrypted devices is far lower than first reported. With the ubiquitous nature of surveillance, now even more powerful with high-resolution cameras and facial recognition software, it’s easier than ever for police to obtain our biometric data as we go about our everyday lives.

Those cheering on the “death of the password” might want to think again. They’re still the only thing that’s keeping your data safe from the law.

Powered by WPeMatico

Utah man pleads guilty to causing 2013 gaming service outages

Posted by | computing, cyberattacks, Gaming, Hack, Internet traffic, lizard squad, playstation network, Security, sony playstation | No Comments

A Utah man has pleaded guilty to computer hacking charges, after admitting to knocking several gaming services offline five years ago.

Austin Thompson, 23, launched several denial-of-service attacks against EA’s Origin, Sony PlayStation and Valve’s Steam gaming services during the December holiday season in 2013.

At the time, those denial-of-service attacks made it near-impossible for some gamers to play — many of whom had bought new consoles or games in the run-up to Christmas, including League of Legends and Dota 2, because they required access to the network.

Specifics of Thompson’s plea deal were not publicly available at the time of writing, but prosecutors said Thompson — aged 18 at the time of the attacks — flooded the gaming giants’ networks “with enough internet traffic to take them offline.”

Thompson would take to his Twitter account, @DerpTrolling, to announce his targets ahead of time, and posted screenshots of downed services in the aftermath of his attacks. Thompson’s attacks caused upwards of $95,000 in damages, prosecutors said.

“The attacks took down game servers and related computers around the world, often for hours at a time,” said Adam Braverman, district attorney for Southern California, in a statement.

“Denial-of-service attacks cost businesses millions of dollars annually,” said Braverman. “We are committed to finding and prosecuting those who disrupt businesses, often for nothing more than ego.”

Thompson faces up to 10 years in prison and is scheduled to be sentenced in March.

Powered by WPeMatico

Buggy software in popular connected storage drives can let hackers read private data

Posted by | Axentra, computer security, computing, firewall, Gadgets, Hack, hardware, Netgear, Security, vulnerability, web interface | No Comments

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user’s private and sensitive data.

The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested — NetGear Stora, Seagate Home and Medion LifeCloud — can allow an attacker to remotely read, change and delete data without requiring a password.

Yibelo, who shared the research with TechCrunch this week and posted the findings Friday, said that many other devices may be at risk.

The software, Hipserv, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies — including PHP — to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any command they wanted as “root” — the built-in user account with the highest level of access — making the data on the device vulnerable to prying eyes or destruction.

We contacted Axentra for comment on Thursday but did not hear back by the time of writing.

A Netgear spokesperson said that the Stora is “no longer a supported product… because it has been discontinued and is an end of life product.” Seagate did not comment by our deadline, but we’ll update if that changes. Lenovo, which now owns Medion, did not respond to a request for comment.

The researchers also reported a separate bug affecting WD My Book Live drives, which can allow an attacker to remotely gain root access.

A spokesperson for WD said that the vulnerability report affects devices originally introduced in 2010 and discontinued in 2014, and “no longer covered under our device software support lifecycle.” WD added: “We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

In all four vulnerabilities, the researchers said that an attacker only needs to know the IP address of an affected drive. That isn’t so difficult in this day and age, thanks to sites like Shodan, a search engine for publicly available devices and databases, and similar search and indexing services.

Depending on where you look, the number of affected devices varies. Shodan puts the number at 311,705, but ZoomEye puts the figure at closer to 1.8 million devices.

Although the researchers described the bugs in moderate detail, they said they have no plans to release any exploit code to prevent attackers taking advantage of the flaws.

Their advice: If you’re running a cloud drive, “make sure to remove your device from the internet.”

Powered by WPeMatico

Hackers stole customer credit cards in Newegg data breach

Posted by | eCommerce, Gadgets, Hack, newegg, Security | No Comments

Newegg is clearing up its website after a month-long data breach.

Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.

The code also worked for both desktop and mobile customers — though it’s unclear if mobile customers are affected.

The online electronics retailer removed the code on Tuesday after it was contacted by incident response firm Volexity, which first discovered the card skimming malware and reported its findings.

Newegg is one of the largest retailers in the US, making $2.65 billion in revenue in 2016. The company touts more than 45 million monthly unique visitors, but it’s not known precisely how many customers completed transactions during the period.

In an email to customers, Newegg chief executive Danny Lee said the company has “not yet determined which customer accounts may have been affected.” When reached, a Newegg spokesperson did not immediately comment.

Klijnsma called the incident “another well-disguised attack” that looked near-identical to the recent British Airways credit card breach, and earlier, the Ticketmaster breach. Like that breach, RiskIQ attributed the Newegg credit card theft to the Magecart group, a collective of hackers that carry out targeted attacks against vulnerable websites.

The code used in both skimming attacks was near identical, according to the research.

“The breach of Newegg shows the true extent of Magecart operators’ reach,” said Klijnsma. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.”

Like previous card skimming campaigns, he said that the hackers “integrated with the victim’s payment system and blended with the infrastructure and stayed there as long as possible.”

Anyone who entered their credit card data during the period should immediately contact their banks.

Powered by WPeMatico

This $20 DIY kit makes your NES, SNES or Mega Drive controller wireless

Posted by | 8bitdo, Gadgets, Gaming, Hack, hardware | No Comments

I have to hand it to 8BitDo. At first I thought they were just opportunistically hawking cheap hunks of plastic in an era of unparalleled nostalgia for retro games, but… well, who am I kidding? That’s exactly what they’re doing. But they’re doing it well. And these new DIY kits are the latest sign that they actually understand their most obsessive customers.

While you can of course purchase fully formed controllers and adapters from the company that let your retro consoles ride the wireless wave of the future, not everyone is ready to part with their original hardware.

I, for example, have had my Super Nintendo for 25 years or so — its yellowing, cracked bulk and controllers, all-over stains and teeth marks compelling all my guests to make an early exit. I consider it part of my place’s unique charm, but more importantly I’m used to the way these controllers feel and look — they’re mine.

8BitDo understands me, along with the rest of the wretches out there who can’t part with the originals out of some twisted concept of loyalty or authenticity. So they’re giving us the option to replace the controllers’ aging guts with a fresh new board equipped with wireless connectivity, making it a healthy hybrid of the past and present.

If you’re the type (as I am) that worries that a modern controller will break in ways that an SNES controller would find laughable, if it could laugh, then this will likely strike your fancy. All you do is take apart your gamepad (if you can stand to do so), pull out the original PCB (and save it, of course), and pop in the new one.

You’ll be using more or less all the same parts as these famously durable controllers came with (check out this teardown). The way the buttons feel shouldn’t change at all, since the mechanical parts aren’t being replaced, just the electronics that they activate. It runs on a rechargeable battery inside that you recharge with an unfortunately proprietary cable that comes with the kit.

If you’re worried about latency… don’t be. On these old consoles, control latency is already like an order of magnitude higher than a complete wireless packet round trip, so you shouldn’t notice any lag.

You will, however, need to pick up a Bluetooth adapter if you want to use this on your original console — but if you want to use the controller with a wireless-equipped setup like your computer, it should work flawlessly.

If you buy it and don’t like it, you can just slot the original PCB back into its spot and no harm is done!

There are conversion kits for the NES and SNES, the new Classic Editions of both, and the Sega Mega Drive. At $20 each it’s hardly a big investment, and the reversible nature of the mod makes it low risk. And hey, you might learn something about that controller of yours. Or find a desiccated spider inside.

Powered by WPeMatico