Internet Security SECRETS

John Vacca

Publisher: IDG, 1996, 758 pages

ISBN: 1-56884-457-3

Keywords: IT Security

Last modified: March 15, 2022, 2:27 p.m.

Uncover the little-known and undocumented security features of the world's most popular network with this insider's guide from security guru John Vacca. Vacca reveals how to protect yourself against the greatest threat to Internet growth — hackers with too much free time on their hands! You'll learn the best ways to protect your data on the Internet, the easiest ways to effectively manage and distribute large databases of public keys, the safest ways to connect your Local Area Network to the Internet, and much more" Don't let security concerns keep you from exploring everything the Internet has to offer — minimize your risks with the tips and techniques you'll learn in Internet Security SECRETS.

Learn the Best Security Secrets NOW!

  • Expert Advice for fending of the most common forms of security attacks, including snooping, masquerading, message modification, message replay, message delay, and service denial.
  • Implement security strategies corporate-wide — determine goals, roles and responsibilities
  • Learn the ins and outs of Secure HTTP (S-HTTP) from message protection to negotiation headers
  • Insider tips and techniques for implementing secure messaging with Privacy Enhabced Mail (PEM) specification, Riordan's Privacy Enhanced Mail (RIPEM) progrm, Pretty Good Privacy (PGP), Firewalls, and more!
  • Effectively use digital signatures and timestamps quickly and easily
  • Two's company and three's a security breach — learn how to share files safely
  • Comprehensive coverage of security on the World Wide Web, including international implications and protocol enhancements for secure commercial transactions
  • Two BONUS appendixes provide a survey of, and improvements to, password security, and a glossary of terms and acronyms
  • Part I: Identifying Internet Security Threats
    1. Computer Crime
      • Computer Crime Initiative
        • Determining the scope of the computer crime problem
        • Internet vulnerabilities versus World Wide Web site system vulnerabilities
        • Training prosecutors and agents
        • Domestic law enforcement investigative coordination
        • Formulating an international response to computer crime
        • Current laws and proposals for legislative change
        • Formulating uniform policies
      • Improving Security on the Internet
        • Recent incidents weren't the first…
        • …and wont be the last
      • Fighting Criminals in Cyberspace
        • White-collar crime
        • Theft
        • Smuggling
        • Terrorism
        • Bomb making
        • Porn
        • Kiddie porn
        • Combating cybercrime
      • The National Performance Review
        • Internet security
        • National Crisis Response Clearinghouse
      • A Self-Fulfilling Prophecy
      • Guardians of the Internet: Security Incident Response Efforts
        • CERT
        • Behind the scenes
        • Be alert
        • Frequent hacks
        • Minimizing risks
        • FIRST
      • Endnotes
    2. Problems in Managing Keys
      • An Overview of Public-Key Systems
      • Certificates
        • Using certificates
        • Issuing certificates
      • Storing Keys
        • Attacks on certifying authorities
        • Lost keys and compromising positions
      • Certificate Revocation Lists
        • Expired keys
        • Lost private keys
        • Compromised private keys
        • Validity of time-stamped documents
        • Storing private keys
        • Finding someone else's public key
      • Endnotes
    3. Internet Security Attacks
      • Hack Attack!
        • FBI manhunt nabs Kevin Mitnick
        • Hiring hackers
      • Recent Internet Security Incidents
        • Password sniffers
        • Vulnerability in NCSA HTTP Daemon for UNIX
        • Internet security sniffer cracker program
        • Government Internet security incidents
      • Real-World Attack Examples
        • The Air Force Information Warfare Center
        • Johnson Space Center
      • Endnotes
  • Part II: Preparing a Defense
    1. Network Service Providers' Computer Security Mission
      • NSP Guidelines
        • Security guidelines
        • Elaborating on the guidelines
      • Improving Local Security
      • Internet Security Accounting Architecture for NSPs
      • Goals for a Usage Reporting Architecture
      • The Usage Reporting Function
        • Measuring policy compliance
        • Rational cost allocation recovery
        • Network policy and usage reporting
        • The nature of Internet security usage reporting
      • Meters
        • Meter placement
        • Meter structure
        • Collection issues
      • Examples
        • A single segment LAN
        • An extended (campus or facility-wide) LAN
        • A regional network
        • A national backbone
      • Endnotes
    2. Organizations, Roles, and Responsibilities
      • Why Internet Security Management Is Important
        • Responsibilities of network managers
        • Responsibilities of host system managers
        • Problems and resolutions
        • The illusion of Internet security management
      • Roles
        • NIST's Internet Security Activities
      • Information Infrastructure Task Force
      • OMB Circular A-130
      • Federal Networking Council
        • National Research and Education Network
        • Security architecture for the NREN
        • Security action plan for the NREN
      • Internet Society Security Activities
        • Internet security policy
        • Privacy-Enhanced Mail
      • International Standards Bodies
        • ISO
        • ITU
        • CEN
        • ECMA
        • Internet Standards
        • ISO Standards
        • Obtaining standards documents
      • Endnotes
    3. Facets of Internet Security
      • Security Services
        • Advanced authentication
        • Public-key infrastructure
        • Obstacles to deployment
      • Data Integrity: Penetration Testing
        • Intrusion detection
        • Security awareness
        • Exercise of due care
        • Key-management issues
        • Assessment and identification of infiltration threat sources
        • Controlled simulation
        • Risk management
        • Penetration-testing methodology
        • Formation of a penetration-testing team
        • Penetration-team functions
        • Capabilities and requirements
        • Physical working requirements
        • Organizational requirements
        • Conducting a penetration test
      • Endnotes
    4. Privacy and the National Information Infrastructure
      • The Role of the Internet in the NII
      • Principles for Providing and Using Personal Information
        • General principles for the National Information Infrastructure
        • Principles for information collectors
        • Principles for information users
        • Consequences of providing personal information to others
      • Privacy and the NII
      • Authentication
        • Definition of authentication
        • Authentication techniques
        • Authentication devices
        • Message authentication
        • An authentication service
      • Specialized Secured Servers
        • Names and credentials
        • Identity-based authorization
      • Access Control
        • Examples of access control
        • Controlling access
        • Enforcement
        • Accessing networks remotely
        • A security challenge
        • Remote access
        • Encryption
        • Algorithms
        • Firewall protection
        • Security management
      • Endnotes
    5. Physical Security
      • What Is Physical Security?
      • Management Reviews
      • Review of Construction Plans
        • Site location
        • Computer room and equipment location within a building
      • Access to Equipment and Facilities
      • Physical Security Guidelines
      • Electrical Considerations
      • Environmental Controls
        • Environmental physical security guidelines
        • Air conditioning
      • Links Outside Central Computer Rooms
        • Guidelines for links
        • Access doors
      • Emergency Procedures
      • Fire Detection
      • Fire Suppression
        • Fire suppression guidelines
        • Water damage guidelines
      • General Housekeeping
      • Endnotes
  • Part III: Implementing Internet Security Strategies
    1. Data Encryption Standard
      • NIST Data Encryption Standard Limitations and Guidelines
        • The RSA digital signature
        • The certificate
        • Certification hierarchies
      • DES Software and Technical Data Controls
        • Problems with the status quo
        • National security issues
        • Banking transactions
        • Domestic personal and corporate communications
        • Authentication in the private sector
        • Technology issues
        • DES is doomed
        • Economic issues
        • Constitutional issues
        • Regulatory issues
        • Recommendations for implementation
      • Endnotes
    2. Clipper Technology
      • Encryption: A Law Enforcement Perspective
        • Wiretaps is a tool of law enforcement
        • Technology and the capability to tap
      • Strong Cryptography: A Double Standard
        • Telecommunications transformed government
        • Communications intelligence
        • Communications security
        • Export control
        • Prospects for the future
      • EES Encryption
        • EES decryption by law enforcement
        • Security of the system
        • Use of escrowed encryption
      • The DES Dilemma
        • Holding keys in escrow
        • Safeguards
        • Whom do you trust?
        • Escro alternatives
        • Will Clipper catch on?
      • EES Issues
        • Privacy concerns raised by EES
        • Impact of EES on export
        • Interoperability issues raised by EES
        • EES: Hardware versus software
        • Impact of EES on the U.S. computer industry
      • Endnotes
    3. Pretty Good Privacy (PGP) Program
      • How PGP Works
      • PGP Availability as a Programming Library
      • Usable PGP Platforms
      • Obtaining PGP
        • MIT PGP 2.6.2
        • ViaCrypt PGP 2.7.1
        • PGP 2.6.2I
        • A note on ftpmail
      • Encrypting/Decrypting Messages
      • Creating a Secondary Key File
      • Handling Multiple Addresses
      • Obtaining Scripts to Integrate PGP with E-mail
      • Decrypting Encrypted Messages
      • Generating a Key with PGP for UNIX
      • How Secure Is PGP?
      • Breaking Up PGP by Trying All Possible Keys
        • Securing conventional cryptographic options
        • NSA — Cracking RSA
        • Cracking RSA publicly
        • Securing option
        • Pass phrase or password
        • Forgetting pass phrases
        • The best way to crack PGP
        • Secret decoder ring
        • Choosing a pass phrase
        • Remembering a pass phrase
        • Tamper-proof
        • Verifying signatures
        • Trapdoors
        • Multiuser systems
        • RSA: A hybrid mix
      • Keys and Sizes
        • Adding new keys to a key ring
        • Extracting multiple keys
        • Specifying which keys to use
        • Unknown signator
        • Getting PGP to display trust parameters on a key
        • Make your key available via finger
      • Message Signatures
        • Signing a message while still leaving it readable
        • Forging signatures
        • Legally binding signatures
      • Key Signatures
        • To sign a key
        • Signing your own key
        • Signing X's key
        • Verifying someones identity
        • Signing bogus keys
        • Key signing parties
      • Revoking a Key When It's Lost or Stolen
      • Public-Key Servers
      • Genesis: And Then There Was PGP
        • Who are the users?
      • The Safety Factor
      • The Illegal Factor
      • The Legal Factor
        • Is PGP legal?
        • Back door legality
        • Revealing your pass phrase
        • Paranoia
      • Intellectual Property Restrictions
        • Intellectual property restrictions in Canada
        • Intellectual property restrictions outside of North America
      • Commercial Versions of PGP
      • Cost
      • Commercial Use
      • Endnotes
    4. Firewalls
      • Why Firewall?
      • Design Decisions
      • Levels of Threat
      • Firewalls and Their Components
        • Screening router
        • Bastion host
        • Dual-homed gateway
        • Screened-host gateway
        • Screened subnet
        • Application-level gateway (proxy gateway)
        • Hybrid gateways
      • Firewalls Using Screening Routers
      • Dual-Homed Gateways
      • Screened-Host Gateways
      • Screened Subnets
      • Hybrid Gateways
      • IP Packet Filtering for Improving Firewall Security
        • How packet filters make decisions
        • How packet filtering rules are specified
        • A packet filtering example
        • Packet filtering caveats
        • Filtering-related characteristics of application protocols
        • Problems with current packet filtering implementations
        • Providing better filter specification mechanisms
        • Conclusions
      • UNIX Internet Security Firewalls
        • Risk, threat, and vulnerability
        • UNIX Internet security architecture
      • Public or Nonprivate Connectivity
        • Router (firewall physical layer)
        • Dual-homed UNIX gateway server (firewall logical layer)
        • Computers on the local-area network
        • Additional security enhancements
        • Security policy
      • Endnotes
    5. Toolkits and Methods for Building Internet Firewalls
      • Overview
      • Design Philosophy
      • Configuration and Components
      • Logging
      • Electronic Mail
      • Domain Name Service (DNS)
      • File Transfer Protocol
      • Telnet
      • UDP-Based Services
      • TCP Access and Use
      • TCP Plug-Board Connection Server
      • User Authentication
      • Testing Firewalls
      • Future Directions
      • Observations
      • Availability
      • Endnotes
    6. Digital Signatures and Timestamps
      • Cryptography
        • Modern symmetric ciphers
        • Public-key cryptography
        • Public-key cryptosystems in practice
      • Electronic Payment
        • Net Cash
        • Credit card
        • Encryption
        • E-credit card
        • E-check
        • Simple e-cash
        • Complex e-cash
      • Privacy of Electronic Transactions
        • Handling cryptographic transactions
        • Digital credentials
      • Comparing Prepaid Smart Cards
        • Card types
        • Comparison
      • Digital Signatures
        • Security of a signature scheme
        • IBM's digital signature scheme
      • Plain Text Signatures: Are They Legal?
        • Forming contracts
        • Proving it
        • Forgeries
        • Cryptography's role
      • Digital Timestamping Service
      • Endnotes
    7. Improving Management of Keys
      • Keeper of the Keys
        • Get a key pair
        • Sharing private keys among users
      • Public-Key Servers
      • Stable Large E-Mail Databases (SLED)
      • Verifying 30-Year-Old Signatures
      • Endnotes
    8. Securing Electronic Mail
      • Reviewing PGP — Pretty Good Privacy
        • PGP — what is it?
        • Why use PGP?
        • Where to get PGP
        • What's in PGP?
      • PGP/PEM Encryption
        • Using PGP and PEM within HTTP
        • Distribution of keys
        • Deflector shields
      • Secure Solutions for Message Encryption and Authentication
      • An Overview of Message Processing
        • Types of keys
        • Processing procedures
        • Processing steps
        • Error cases
        • Encryption algorithms, modes, and parameters
        • Privacy-enhancement message transformations: constraints
        • Encapsulation mechanism
        • Per-message encapsulated header fields
        • Encrypted
        • MIC-Only
        • MIC-Clear
        • CRL
        • Content-Domain field
        • DEK-Info field
        • Per-message fields in encapsulated headers
        • Originator-ID fields
        • Originator-ID-Asymmetric field
        • Originator-ID-Symmetric field
        • Originator-Certificate field
        • MIC-Info field
        • Variable occurrence of fields in encapsulated headers
        • Issuer-Certificate field
        • Per-recipient fields in encapsulated headers
        • Recipient-ID fields
        • Recipient-ID-Asymmetric and Symmetric fields
        • Key-Info field
        • Symmetric key management
        • Asymmetric key management
      • Key Management
        • Data encrypting keys (DEKs)
        • Interchange keys (IKs)
        • Subfield definitions
        • Cryptoperiod issues
      • User Naming
      • Example User Interface and Implementation
      • Minimum Essential Requirements
      • Patent Statement
      • Certificate-Based Key Management
      • Overview of Approach
      • Architecture: Scope and Restrictions
        • Relationship to X.509 architecture
        • Entities' roles and responsibilities
        • Interoperation across boundaries of a certification hierarchy
        • Certificate revocation
        • Certificate definition and usage: contents and use
        • Version number
        • Serial number
        • Subject name
        • Issuer name
        • Validity period
        • Subject public component
        • Certification signature
        • Validation conventions
        • Relation with X.509 certificate specification
      • Algorithms, Modes, and Identifiers
        • Symmetric encryption algorithms and modes
        • Asymmetric encryption algorithms and modes
      • Integrity-Check Algorithms
        • Message authentication code (MAC)
        • RSA-MD2 message digest algorithm
      • RIPEM
        • Obtaining RIPEM
        • Om what mailer will RIPEM run?
        • RSA — what is it?
        • DES — what is it?
        • Fingerprint "like MD5"
        • Distributing and authenticating keys
        • Patented algorithms in standards such as PEM
        • RSADSI and PKP
        • RIPEM public keys
        • PGP
        • RPEM — what about it?
        • MIME
        • TIS/PEM
      • Attacks on RIPEM
        • Cryptanalysis attacks
        • Key-management attacks
        • Playback attacks
        • Local attacks
        • Untrusted partner attacks
        • Traffic analysis attacks
      • Secure Electronic Mail
        • Sending cipher text through secure e-mail channels: radix-64 format
        • Setting parameters in the PGP configuration file
        • Sending ASCII text files across different machine environments
        • Using PGP as a better uuencode
      • Liability for En-Route or Encrypted E-Mail
        • Facts
        • Criminal law
        • Civil law
        • Analysis
        • Encryption
        • Threats to your e-mail privacy
        • Secure electronic mail projects
        • Advanced health information systems: telemedicine and the law
      • Endnotes
    9. Securing Servers
      • Purpose
      • Secure Server Requirements and Pilot Scenario
      • Scope
      • Making Your Server More Secure
      • Proposals for Secure Servers/HTTP
        • NCSA HTTP: PGP/PEM encryption scheme
        • Secure NCSA HTTPD
        • CERN HTTP
        • The IETF HTTP Security Working Group
        • Shen
        • Netscape SSL protocol
        • S-HTTP
        • AT&T Bell Laboratories
        • SimpleMD5
        • Digest security scheme
      • Securing Internet Information Servers
        • Need for security
        • General guidelines for establishing information servers
      • Securing Anonymous FTP Servers
        • FTP server vulnerabilities
        • FTP server configuration issues
        • How to secure an anonymous FTP server: Create the FTP user
        • Additional configuration for SunOS
        • Establishing an incoming file area
        • Advanced features: Public FTP servers
      • Securing Gopher Servers
        • Gopher server vulnerabilities
        • How to configure a Gopher server using configuration options
      • Securing World Wide Web Servers
        • WWW network protocol
        • WWW server vulnerabilities
        • How to configure a WWW server: General guidelines
        • Using configuration options
      • Global Internetworking
        • The need for network security
        • Network considerations
        • Network security issues
        • Secure network management
        • A view into the future
      • Endnotes
    10. Security Aspects of the World Wide Web
      • Secure HTTP
        • Features of S-HTTP
        • Modes of operation
      • HTTP Encapsulation
        • The request line
        • The status line
        • Secure HTTP header lines
        • Content
      • Message Format Option Cryptographic Encapsulation
        • Content-Privacy-Domain: PKCS-7
        • Signature
        • Content-Privacy-Domain: PEM/PGP
      • Negotiation Overview
      • Negotiation Header Format
      • Parametrization for Variable-Length Key Ciphers
      • Negotiation Headers: S-HTTP-Privacy-Domains
      • S-HTTP-Certificate-Types
      • S-HTTP-Key-Exchange-Algorithms
      • S-HTTP-Signature-Algorithms
      • S-HTTP-Message-Digest-Algorithms
      • S-HTTP-Symmetric-Content-Algorithms
      • S-HTTP-Symmetric-Header-Algorithms
      • S-HTTP-privacy-Enhancements
      • Your-Key-Pattern
        • Cover key patterns
        • Auth key patterns
        • Signing key pattern
        • Kerberos ID pattern
      • Example
      • Defaults
      • New HTTP Header Lines
        • Secureity-Scheme
        • Encryption-Identity
        • Certificate-Info
        • Key-Assign
        • Nonces
      • Retriable Server Status Error Reports
        • Retry for option (re)negotiation
        • Specific retry behavior: Unauthorized 401 and PaymentRequired 402
        • Limitations on automatic retries
      • Other Issues: Compatibility of Servers with Old Clients
        • HTML and URL format extensions
        • Server conventions: certificate requests
        • Browser presentation: transaction security status
      • Implementation, Recommendations, and Requirements
      • Protocol Syntax Summary
        • S-HTTP (unencapsulated) non-negotiation headers
        • HTTP (encapsulated) non-negotiation headers
        • Encapsulated negotiation headers
        • HTTP methods
        • Server status reports
        • HTML anchor attributes
        • HTML elements
        • Server conventions
      • Future Work
        • Encapsulation formats
        • Interaction with future versions of HTTP
      • Beyond S-HTTP
        • Combining industry-leading Secure HTTP and SSL technologies
        • What is SSL?
        • What about S-HTTP?
        • Unified security approach to electronic commerce
      • Endnotes
  • Part IV: Results and Future Directions
    1. Ensuring Secure Commercial Transactions on the Internet
      • The New Approach and How It Differs
        • Securing commercial communication transactions on the Internet
        • Commercial payment transactions
        • Blind signatures for untraceable payments
        • Extending the envelope analogy
        • Leaving the analogy
        • Ensuring secure credential commercial transactions on the Internet
        • The basic credential system
        • Revealing only necessary information
        • Preventing use of untimely information
        • Micr- and macro-comparisons: Advantages to individuals
      • NetBill: A Secure Internet Commercial Transaction System
        • The market for information
        • A NetBill scenario
        • NetBill architecture
        • The NetBill transaction protocol
        • Protocol failure analysis
        • NetBill account management
        • NetBill costs and interaction with financial institutions
        • An example of NetBill with Mosaic
      • Additional Issues
      • Personal Privacy and Security during Commercial Transactions on the Internet
        • Tools
        • Collusion analysis
        • Anonymous credit card
        • National health insurance
        • Generalizations of collusion analysis
      • The Secure Commerce Model
        • Transactions
        • Funds transfer
        • Settlement
        • Security considerations
      • Payment Switches for Commercial Transactions on the Internet
        • Network-based order entry
        • On-line payment servers
        • Off-line digital cash
        • Digital analogs of conventional financial instruments
        • Multiple authentication technologies
      • The NetCheque Perspective
        • Requirements
        • Payment models
        • The NetCheque system
        • Implementation overview
        • Status
      • High-Security Digital Payment Systems on the Internet
        • Devices
        • Basic functionality
        • The special security goals of CAFE
        • Security techniques
      • Endnotes
    2. Commercial Satellite and International Encryption Options, Implications, and Enhancements
      • Overal Goal of the Unidata IDD
        • Current system
        • National system
        • Leveraging the investment
        • The problem
        • Model Internet distribution system
        • The work to be done
        • Current status: Software development
        • Network management
        • Functions of IDD sites
        • Deployment
        • Regional redistribution
        • Network information servers
        • Contributions
      • Commercial Satellite Link Traffic Analysis and Confidentiality
        • Traffic analysis
        • Confidentiality
        • Link physical security characteristics
        • Protocol specifications
        • Protocol implementation
      • Space Flight Projects: Command Uplink and Downlink
        • Signal power
        • Uplink and downlink
        • Modulation and demodulation
        • Multiplexing
        • Coherence
      • Endnotes
    3. National Security Agency's Multilevel Information Systems Security Initiative for the Internet
      • The MISSI Approach
        • Evolution
        • Affordability and performance
      • Current DOD Web Site Systems Communications Environment
      • Future DOD Internet and Web Site Systems Communications Environment with MISSI Solutions
      • MISSI Product Suite
      • MISSI Security Profiles
      • NSA Mosaic-Fortezza Technology Project
        • Infrastructure
        • Mosaic-Fortezza security services
        • Fortezza Crypto Card
        • Mosaic-Fortezza
        • Early solutions for providing secret-to-unclassified capability
        • MISSI solution for providing unclassified through secret and beyond Applique
      • Endnotes
    4. Moral and Ethical Concerns
      • Privacy in a Technological Society
      • Invasions of Privacy
      • Digital Privacy: Ethical and Moral Issues
        • The Clipper chip: pros and cons
        • Other encryption alternatives
        • Clinton administration policy: rants and raves
        • Ethical considerations
      • The End of Privacy
        • Ubiquitous computing
        • Universal connectivity
        • Wireless technology
        • Public key cryptography and digital signatures
        • Global positioning systems
        • Unicard utopia
        • Where are they now?
      • Endnotes
    5. Summary and Recommendations
      • General Principles for the National Information Infrastructure
      • Responsibilities of Original Collectors of Personal Information
      • Responsibilities of Information Users
        • Acquisition and use principles
        • Protection principle
        • Education principle
        • Fairness principle
      • Rights and Responsibilities of Individuals Who Provide Personal Information
        • Awareness principles
        • Principle of redress
      • The New Alliance: Gaining on Security
      • Break-Ins to the NASA Internet Gateway
        • The scenario
        • Masquerade strategies
        • Consequences of the attacks
        • Lessons learned
      • Information Warfare
      • Secrecy — Smoke and Mirrors
        • Practical application of encryption devices: Time value of information
        • Determining the security level of a device
        • Selection of device level
        • Selection of device type
        • Voice: What is it?
        • Common factors of voice communication systems
        • Data communication over voice systems
        • Special concerns for cellular systems
        • What does this have to do with encryption?
        • Telephone systems: The future
        • Radio systems: The future
        • DES: The data encryption standard
        • Software-based encryption
        • The security of cellular telephones
        • A cruise to danger on a Clipper chip
        • The ultimate question
      • Web Site and Internet Security Solutions
        • Encrypting data
        • Freedom of speech
        • Hate speech
        • Intellectual property
        • Trade war
        • Safe Internet practices for children
      • Recommendations
        • Lessons and conclusions
        • Recommendations for action
      • Endnotes
  • Part V: Appendixes
    1. Foiling the Cracker: A Survey of, and Improvements to, Password Security
      • Password Vulnerability
        • The survey and initial results
        • Method of attack
        • Summary of results
      • Action, Reaction, and Proaction
        • A proactive password checker
      • Conclusion (and Sermon)
      • Endnote
    2. Glossary of Terms and Acronyms

Reviews

Internet Security Secrets

Reviewed by Roland Buresund

Bad ** (2 out of 10)

Last modified: Nov. 14, 2008, 4:50 p.m.

A giant tomb which seems to be the result of someone learning to use a word-processor. Chapter 21 is probably the chapter worth reading. Dime a dozen.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required