Resultados 1 a 7 de 7
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Equifax website borked again

    Reports emerged of another potential hack on the credit reporting group that is already reeling from a huge data breach.

    Malware researcher encounters bogus download links during multiple visits.

    Dan Goodin

    n May credit reporting service Equifax's website was breached by attackers who eventually made off with Social Security numbers, names, and a dizzying amount of other details for some 145.5 million US consumers. For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

    Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to check what he said was false information he had just found on his credit report.

    He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the influence of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once.

    Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. The picture above this post is the higher-resolution screenshot he captured during one visit. He also provided the video below. It shows an Equifax page redirecting the browser to at least four domains before finally opening the Flash download at the same page.

    The file that got delivered when Abrams clicked through is called MediaDownloaderIron.exe. This VirusTotal entry shows only Panda, Symantec, and Webroot detecting the file as adware. This separate malware analysis from Payload Security shows the code is highly obfuscated and takes pains to conceal itself from reverse engineering. Malwarebytes flagged the site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains,

    It's not yet clear precisely how the Flash download page got displayed. The group-sourced analysis here and this independent assessment from researcher Kevin Beaumont—both submitted in the hours after this post went live—make a strong case that Equifax was working with a third-party ad network or analytics provider that's responsible for the redirects. In that case, the breach, technically speaking, isn't on the Equifax website and may be affecting other sites as well. But even if that's true, the net result is that the Equifax site was arguably compromised in some way, since administrators couldn't control the pages visitors saw when trying to use key functions, some which require visitors to enter Social Security numbers.

    Several hours after this post went live, an Ars reader e-mailed to say he recently encountered a sketchy ad when putting a temporary fraud alert on his Equifax file. The reader wrote:

    When I clicked it (from Gmail on Android) I was redirected to a spam page shortly after seeing the Equifax credit file form. I thought maybe it was an anomaly because it didn't happen again. But after reading your article about how sometimes hacks will redirect randomly I tried the link again just now and sure enough I got a spam page again ( saying I won an iPhone X). This is Chrome-in-a-tab from Gmail so i don't believe there's any extensions or other malware on my device that could have caused this redirect.

    In the hour this post was being reported and written, Abrams was unable to reproduce the redirects leading to the malicious download, but he said they returned early Thursday morning. Shortly after that, a section of the site was taken down. In an e-mail sent mid Thursday morning, an Equifax represesentative wrote:

    We are aware of the situation identified on the website in the credit report assistance link. Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.

    Equifax takes down webpage to investigate another potential hack

    In a statement Equifax said: “Our IT and Security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline. When it becomes available or we have more information to share, we will.”

    Shares in Equifax were down 1.8 per cent by early afternoon in New York.

    The S&P 500 company has been the subject of a public and political storm because of its botched handling of sensitive information earlier this year, which has put about half the adult population of the US at risk of identity theft.
    Última edição por 5ms; 12-10-2017 às 17:49.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Equifax: vendor was “serving malicious content”

    Kevin Dugan
    October 12, 2017

    Equifax shot down reports on Thursday that its website was hacked, and instead put the blame on a third-party vendor that was compromised.

    “Despite early media reports, Equifax can confirm that its systems were not compromised,” Marisa Salcines, a spokeswoman for the company, said in a statement.

    A vendor that Equifax uses to measure website performance, like visits and hits, was “serving malicious content,” Salcines said.

    It’s unclear if any visitors were nevertheless compromised because of code that it appeared on its site.

    Earlier on Thursday, the tech website Ars Technica reported that the credit bureau’s website may have been compromised, and showed how one visitor to a page on the site was directed to a fishy scam that used a fake Adobe Flash download prompt.

    Soon after the report surfaced the company took the web page down.

    “Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis,” she said.

    The confirmation that Equifax allowed compromised software on its website is the latest embarrassment for the company. Just last month Equifax announced that hackers broke into its servers and, over a period of three months, stole the private data of 145.5 million customers.

    The data stolen included Social Security numbers, addresses, credit card numbers, and, in some cases, driver’s license numbers.

    The scandal has led to the resignation of the company’s CEO and at least two other executives. Richard Smith, the ex-chief, was flayed through three days of Congressional testimony last week. Numerous federal agencies and state attorneys general have opened investigations.

    The company has apologized for the breach.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Equifax Was Warned

    Last year, a security researcher alerted Equifax that anyone could have stolen the personal data of all Americans.

    Lorenzo Franceschi-Bicchierai
    Oct 26 2017

    Months before its catastrophic data breach, a security researcher warned Equifax that it was vulnerable to the kind of attack that later compromised the personal data of more than 145 million Americans, Motherboard has learned. Six months after the researcher first notified the company about the vulnerability, Equifax patched it—but only after the massive breach that made headlines had already taken place, according to Equifax's own timeline.

    This revelation opens the possibility that more than one group of hackers broke into the company. And, more importantly, it raises new questions about Equifax's own security practices, and whether the company took the right precautions and heeded warnings of serious vulnerabilities before its disastrous hack.

    Late last year, a security researcher started looking into some of the servers and websites that Equifax had on the internet. In just a few hours, after scanning the company's public-facing infrastructure, the researcher couldn't believe what they had found. One particular website allowed them to access the personal data of every American, including social security numbers, full names, birthdates, and city and state of residence, the researcher told Motherboard.

    he site looked like a portal made only for employees, but was completely exposed to anyone on the internet. It displayed several search fields, and anyone—with no authentication whatsoever—could force the site to display the personal data of Equifax's customers, according to the researcher. Motherboard saw multiple sets of the data they were able to access.

    "I didn't have to do anything fancy," the researcher told Motherboard, explaining that the site was vulnerable to a basic "forced browsing" bug. The researcher requested anonymity out of professional concerns.

    "All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app," they said. In total, the researcher downloaded the data of hundreds of thousands of Americans in order to show Equifax the vulnerabilities within its systems. They said they could have downloaded the data of all of Equifax's customers in 10 minutes: "I've seen a lot of bad things, but not this bad."

    While probing Equifax servers and sites, the researcher said that they were also able to take control—or get shell access as hackers refer to it—on five different Equifax servers, and found several others vulnerable to simple bugs such as SQL injection, a common, basic way of attacking sites. Many servers were running outdated software. According to one analysis performed in early September, Equifax had thousands of servers exposed on the internet, indicating both massive sprawl and loose control of its infrastructure, which increased the company's attack surface.

    After discovering all these issues in December, the researcher said they immediately reported them to the company.

    "It should've been fixed the moment it was found. It would have taken them five minutes, they could've just taken the site down," they told me. "In this case it was just 'please take this site down, make it not public.' That's all they needed to do."

    According to the researcher, Equifax didn't take the site down until June.

    Everyone knows what happened next.

    On September 7, Equifax, the largest credit reporting agency in the United States, disclosed this massive hack of its internal systems. The firm, which, ironically, sells services to monitor data breaches, revealed hackers had stolen the sensitive personal data of 145.5 million Americans, including social security numbers, names, home addresses, and driver's license numbers. For many former Equifax employees, this breach came as no surprise.

    Given that banks and other financial institutions rely on Equifax's data to verify the identity of potential customers seeking credit, this was a massive, damaging hack not only to the 145.5 million victims, but the whole US economy. Equifax has publicly blamed the breach on an unpatched vulnerability in the web application software Apache Struts and on one employee who failed to identify it and patch it on a specific consumer dispute portal.

    The consumer dispute portal where Equifax says the the breach happened is not the same one that the security researcher identified as vulnerable last year. But the type of data exposed is similar, and according to Equifax's own timeline, the vulnerable website discovered by the researcher was still up when the company was hacked in May, and was still up three months after a reported separate breach.

    The researcher's findings, in other words, showed there were multiple ways into Equifax's networks. Months later, the hackers, who stole the records of 145.5 million Americans and 700,000 Brits, exploited more than 30 different servers, according to Bloomberg. Considering all the bugs and vulnerabilities they identified, the anonymous security researcher is convinced Equifax wasn't just hacked by one group of attackers.

    "If it took me three hours to find that website, I definitely think I'm not the only one who found it," they said. "It wasn't just one breach. It was maybe dozens."

    Equifax declined to answer any specific questions about the researcher's findings. "As a matter of policy, Equifax does not comment publicly on internal security operations," the company told me in a statement.


  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Given the sensitivity of the data Equifax handles, as well as the way it botched the breach's disclosure, many in the information security world say Equifax didn't do enough to keep our data safe.

    That opinion is also held by many former Equifax employees, who told me the company didn't take security seriously enough.

    Motherboard spoke to 14 former Equifax employees to gauge whether a spectacular hack like this one was something the company should've foreseen and prepared for. We granted anonymity to these employees because they signed nondisclosure agreements with the company. While there was no consensus, the majority of former employees, some of whom worked in the security team or alongside it, said a breach like this was inevitable.

    "The degree of risk [Equifax] assumes is found, by most of the IT staff who worked elsewhere, to be preposterous," said a former employee, who worked in IT at Equifax and is now a cybersecurity engineer.

    "Being a trusted steward of data is vital to the mission of Equifax," the company's former CEO Richard Smith, who resigned in the wake of the data breach, told lawmakers during a hearing on October 4. "I've been there for 12 years, Mr. Chairman, and we embarked upon a very aggressive ramp-up in creating a culture, creating processes investing in people, in tools to put security top of mind."

    Another former employee, who was part of the cybersecurity team and left the company this year, said that Equifax hired Deloitte last year to do a security audit. The audit found several problems, including a careless approach to patching systems, according to the former employee.

    "Nobody took that security audit seriously," the former cybersecurity team employee told me. "Every time there was a discussion about doing something, we had a tough time to get management to understand what we were even asking."

    When I asked a current employee on the cybersecurity team to confirm this fact, they replied that they weren't sure about Deloitte specifically because Equifax brings in security consultants regularly. A Deloitte spokesperson declined to comment, saying "confidentiality prohibits us from confirming or discussing client engagements."

    Equifax declined to answer a series of specific question for this story. Instead, a spokesperson sent the following statement:

    "As a matter of policy, Equifax does not comment publicly on internal security operations. However, as our former CEO recently testified to Congress, Equifax has in the past conducted thorough security reviews using expert external review teams," the statement read. "He further testified that Equifax expended significant resources to install industry standard cybersecurity defenses and put in place processes to address vulnerabilities. Since the recent breach, additional remediation steps have been taken. It is incorrect to suggest reports were ignored."

    Perhaps, Equifax's disastrous data breach was a foregone conclusion, given the company's history of security mishaps. Some of the former employees we spoke to had specific stories about vulnerabilities that remained unpatched, internal portals that weren't as secure as they should have been, and infrastructure that didn't require two-factor authentication to log in to.

    One year, according to the former employee who worked in IT, he and his team found that someone had programmed files to be inappropriately wiped on multiple servers—an act of internal sabotage, he said. But the team had no way of discovering who did it—there were no activity logs or ways to track who had set up the script.

    "Luck is what found it," he said. "It isn't like [Equifax] had file integrity monitoring or anything like that to discover it—not even on systems with sensitive information."

    These issues have been the norm at Equifax, according to the people I spoke to. One person, who worked at Equifax around 10 years ago, recalled that during his time there he warned the company of some servers that needed to be patched because they had open file-sharing ports that could be exploited by worms. The company did nothing, and, three months later, some servers got infected with the infamous Conficker worm, the source said.

    "It's the same problem, but 10 years later," the source said.

    As Bloomberg reported in September, Equifax employees were so worried a hack might be coming that they used to joke that the over-100-year-old company was just one hack away from bankruptcy.

    "It's a strange company. Given the amount of data they have access to and the sensitivity of it, security isn't at the forefront of everybody's mind, not how it should be," another former Equifax cybersecurity employee told me. "It was always a bit of a struggle there to get anything done."

    The anonymous researcher who could've downloaded all Americans' data knows this very well.

    "I couldn't believe it, it was shocking," they told me. "It was just disgusting to see them take this long to do anything about it."

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Senado conclui votação de nova lei do cadastro positivo

    O texto principal tinha sido aprovado na terça (23) mas faltava a votação dos destaques (propostas para alterar o texto), todos rejeitados. Agora, o texto segue para votação na Câmara dos Deputados.

    Pela lei atual, os consumidores precisam autorizar a inclusão das informações no sistema do cadastro positivo.

    De acordo com o autor da proposta, senador Dalirio Berber (PSDB-SC), essa exigência provocou baixa adesão ao cadastro.

    O cadastro positivo existe desde 2011 mas nunca decolou –hoje, a estimativa é que apenas 5 milhões de consumidores tenham aderido ao chamado cadastro de bons pagadores.

    O projeto aprovado estende ao cadastro positivo a mesma regra que hoje vale para o negativo: as instituições financeiras podem incluir informações no sistema sem autorização específica dos clientes.

    Outra novidade é a inclusão de novas fontes de informações.

    Além dos bancos, prestadores de serviço, como concessionárias de luz, gás, água e telefone, serão obrigados a informar sobre pagamentos, o que vai aumentar o alcance do cadastro. O governo estima que 150 milhões de brasileiros serão cadastrados compulsoriamente.

    Segundo o senador, isso não deve ser considerado quebra do sigilo bancário.

    Ponto a ponto

    Saiba abaixo o que prevê o texto-base aprovado pelo Senado:

    • Fornecimento de dados: Além dos bancos, também poderão fornecer os dados administradores de consórcio, instituições autorizadas a funcionar pelo Banco do Brasil e prestadores de serviços de água, esgoto, eletricidade, gás e telecomunicações;
    • Pontuação: As empresas que consultarem o sistema terão acesso à pontuação que indica se o consumidor é bom pagador ou não;
    • Autorização: Os consumidores serão incluidos sem autorização nos bancos de dados, mas precisarão ser comunicados. A pessoa física ou jurídica poderá solicitar a retirada do cadastro.
    • Compartilhamento: Será permitido o compartilhamento das informações de crédito entre bancos, "agências de crédito", e outras instituições sem autorização prévia do consumidor.

    ICYMI: Senado aprova texto-base sobre adesão ao cadastro positivo




    A inclusão automática dos consumidores, porém, é alvo de polêmica. A senadora Lídice da Mata (PSB-BA) apresentou destaque retirando essa mudança, justificando que a adesão deveria continuar sendo voluntária.

    Entidades de defesa do consumidor temem ainda que as informações sigilosas dos consumidores possam ser vendidas ou "vazem" para eventuais interessados, uma vez que o projeto de lei altera as regras do sigilo bancário.

    Conforme adiantou a Folha, o projeto prevê que apenas birôs de crédito terão acesso às informações dos consumidores. Essas casas terão regulação apertada pelo Banco Central.

    Hoje são quatro as entidades habilitadas a produzir essas informações: Serasa Experian, Boa Vista SCPC, SPC Brasil e GIC (empresa recém-criada pelos cinco maiores bancos do país e que passa a operar em janeiro).

    Pelo projeto, elas vão produzir notas para cada cliente, uma síntese do histórico do tomador de crédito.

    As notas serão vendidas a lojas, bancos e outros potenciais usuários da informação [Google, FB].

    O senador Randolfe Rodrigues (Rede-AP) apresentou destaque propondo que o trecho que permite a quebra do sigilo bancário seja excluído.

    Outra sugestão de alteração ao texto base que será analisado pelo Senado, de autoria da senadora Lídice da Mata, é a mudança no artigo sobre a responsabilização em caso de vazamento de informações ou de prestação de informações equivocadas sobre os consumidores.

    A legislação atual prevê que a responsabilidade é solidária, ou seja, alcança os provedores de informação (bancos), os birôs de crédito e também os usuários (lojas, por exemplo).

    O projeto de lei pretende estipular a responsabilidade objetiva, ou seja, culpa-se apenas o responsável pelo erro ou irregularidade.

    O objetivo, segundo Monteiro, é evitar que bancos, lojas e birôs deixem o cadastro positivo em desuso, com medo de que haja erros ou irregularidades ao longo da cadeia.

  6. #6
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Para MPF, adesão automática ao cadastro positivo prejudica consumidor

    O órgão aponta que a medida foi apresentada sem o necessário debate com a sociedade e o arcabouço jurídico adequado

    30 de Dezembro de 2016

    A inclusão automática dos consumidores no cadastro positivo - bancos de dados com informações de pagamento de dívidas e outras obrigações financeiras - viola direitos e garantias fundamentais e não garante os benefícios pretendidos.

    O alerta faz parte de um nota pública divulgada na última quinta-feira (29/12) pela Câmara de Consumidor e Ordem Econômica do Ministério Público Federal (3ª CCR/MPF).

    As informações foram divulgadas pela Secretaria de Comunicação Social da Procuradoria-Geral da República. A proposta de alteração na Lei 12.414/2011, que disciplina a questão, integra o pacote de medidas econômicas anunciadas pelo governo federal no último dia 15.

    O objetivo, segundo o governo, é garantir aos bons pagadores acesso a crédito com juros mais baixos e condições diferenciadas, além de diminuir o inadimplemento nas instituições financeiras.

    Para o Ministério Público Federal, no entanto, da forma como apresentada, sem o necessário debate com a sociedade e o arcabouço jurídico adequado, a medida coloca o cidadão em situação de ampla vulnerabilidade em relação às instituições financeiras, além de violar o direito à privacidade e de proteção de dados pessoais nas relações de consumo.

    "A situação agrava-se ainda mais porque não há no Brasil um marco legal sobre a tutela de Proteção de Dados que resguarde os consumidores nacionais dos abusos cometidos pelas empresas pela utilização e venda indevidas de dados dos cidadãos de modo geral", diz a Procuradoria.

    A nota cita ainda pesquisa realizada pelo Instituto Brasileiro de Defesa do Consumidor (Idec) que concluiu que, embora esteja em vigor desde agosto de 2013, o funcionamento e os benefícios deste cadastro não são apresentados de maneira clara ao consumidor.

    "Em que pesem os benefícios pretendidos, sem o enfrentamento adequado das vulnerabilidades e riscos que recaem sobre os consumidores, como a ausência de legislação específica sobre a proteção de dados pessoais e claro disciplinamento dos modelos de avaliação e classificação de risco de crédito, (a adesão automática ao cadastro positivo) afronta direitos e garantias fundamentais", conclui a nota do Ministério Público Federal.

  7. #7
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Para Idec, novo cadastro positivo é abusivo ao consumidor

    Para o Instituto, mudanças nas leis de Sigilo Bancário e Cadastro Positivo desrespeitam o Código de Defesa do Consumidor

    26 de setembro de 2017

    Na próxima quarta-feira, 27, a Comissão de Constituição, Justiça e Cidadania do Senado Federal pode votar o PLS 212/2017. Proposto pelo Senador Dalírio Beber (PSDB/SC) e com parecer favorável pelo Senador Armando Monteiro (PTB/PE), o projeto altera as leis de Sigilo Bancário (Lei Complementar 105/2001) e Cadastro Positivo (Lei 12.414/2011). Para o Instituto Brasileiro de Defesa do Consumidor (Idec), as mudanças são abusivas e desrespeitam o Código de Defesa do Consumidor (CDC).

    Em carta enviada aos senadores que compõem a Comissão, o Instituto manifestou posicionamento contrário às mudanças previstas. Se aprovados os PLs, os bancos poderão acrescentar o nome de cidadãos ao cadastro positivo sem necessidade de autorização prévia. Também poderão compartilhar informações cadastrais com outros bancos de dados, sem autorização do cliente.

    Para o advogado do Idec, Rafael Zanatta, a eliminação do consentimento informado, previsto anteriormente, representa retrocesso aos direitos do consumidor. “Desde que foi criado, a adesão ao cadastro depende de autorização expressa, garantindo seu direito de escolha. Com a suspensão desse princípio, o novo sistema de cadastro positivo viola o artigo 43 do CDC e se torna abusivo na coleta de dados pessoais”, explica.

    Outro ponto criticado pelo Instituto é a modificação do regime de responsabilidade civil dos gestores de bancos de dados, que elimina a responsabilidade solidária entre eles em caso de danos causados por um dos agentes na cadeia de fornecedores de serviços.

    “Os bancos de dados são mantidos por empresas privadas que disponibilizam informações dos consumidores aos fornecedores de crédito. Por isso, ambos devem ter responsabilidade pelo tratamento dessas informações. Além disso, é preciso que haja uma regulação para fiscalizar e garantir o uso dos dados com a finalidade específica do crédito”, finaliza o advogado.

    Em seu relatório, o senador Armando Monteiro defende o projeto. Afirma que garantir o acesso aos dados dos cidadãos aos bancos tornará mais barato o processo de liberação de crédito, em melhor análise do risco de empréstimos e, consequentemente, barateamento dos juros praticados ao consumidor.

    Pontos também questionados pelo Idec, que afirma não haver estudos que deixem claro essa relação. “Para o Instituto, mudanças nas leis de Sigilo Bancário e Cadastro Positivo desrespeitam o Código de Defesa do Consumidor”, afirma, na carta enviada aos senadores.

    Sistema de Informações de Crédito

    Denis Siqueira
    07 de ago de 2009


    Existente deste de 1997 como Central de Risco de Crédito, o atual SCR – Sistema de Informações de Crédito, passou por aperfeiçoamentos e inovações para se tornar o que é hoje.

    O sistema tem por objetivo principal permitir que o Banco Central supervisione o risco de crédito à que as instituições financeiras estão se expondo.

    Este sistema é baseado em informações positivas fornecidas pelas instituições financeiras e contém dados sobre o comportamento dos clientes no que se refere as suas obrigações de crédito contraídas juntos a estas instituições.

    De quebra”, o sistema funciona como bureau de crédito, permitindo que as instituições financeiras compartilhem estas informações para avaliar melhor a capacidade de pagamento dos clientes, “podendo” adequar individualmente a taxas de juros ao risco de crédito.

    Com a previsão de trabalhar com 400 milhões de registros, as informações são de clientes que contratarem operações de crédito cuja responsabilidade total seja igual ou superior à R$ 5.000,00.

    As informações são atualizadas mensalmente com as transações que ocorreram no último período, independente de estarem em atraso ou em dia. Mantendo-se em registro somente os últimos 14 meses.

    O cliente e o SCR

    Para o cliente, o sistema oferece máxima transparência e respeito ao sigilo bancário. Cada cidadão, cujo volume de operações de crédito esteja no patamar estabelecido, poderá consultar seus próprios dados via Internet.

    Para isso será necessário se cadastrar no Banco Central ou solicitar diretamente na central de atendimento ao público.

    - Centrais de atendimento do Bacen
    - SCR na Internet
    - Dúvidas – 0800 979 2345

    Autorização do cliente

    Para que a instituição financeira possa consultar a base de dados do SCR, deverá obter a autorização específica do cliente.

    Futuramente o sistema deverá abranger valores inferiores à R$ 5.000,00, o que incluirá as operações de crédito das classes C e D.

    Um ponto de vista

    Vejo a obrigatoriedade como grande diferencial deste sistema. Enquanto que a iniciativa privada depende da boa vontade de seus parceiros comerciais para formar uma base de dados completa, atualizada e confiável, a participação das instituições financeiras no SCR não é uma opção.

    É isso aí. Uma quadrilha no governo, politicos corruptos no Congresso, e um povo bovino que mantém esses desonestos lá.
    Última edição por 5ms; 26-10-2017 às 16:07.

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens