From 4c79c63286769f95f0420f45410d9e2d583042ba Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 23 Jul 2024 12:46:54 +0000 Subject: [PATCH 1/7] Add chapter 5 introduction --- src/SUMMARY.md | 2 +- src/chapter_5.md | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 src/chapter_5.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index bbff312..e57e538 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -5,4 +5,4 @@ - [Chapter 2](./chapter_2.md) - [Chapter 3](./chapter_3.md) - [Chapter 4](./chapter_4.md) - +- [Chapter 5](./chapter_5.md) diff --git a/src/chapter_5.md b/src/chapter_5.md new file mode 100644 index 0000000..a6fe6b3 --- /dev/null +++ b/src/chapter_5.md @@ -0,0 +1,5 @@ +# Chapter 5 + +Encryption tools are a non-separable part of security, privacy, and anonymity online. You can't achieve anonymity if you don't have privacy, you can't have privacy if you are not secure, and you can't be secure if there's no encryption. + +Encryption is like the house you build in Minecraft; it only allows you inside, not the zombies and the mobs, and keeps your stuff safe when you're not home. The encryption algorithm and scheme would be the material that your house is built with. A weak encryption scheme/algorithm is like a Minecraft house built with dirt or wood; it can be destroyed by a creeper blowing up near it or catch on fire if you accidentally light a flint on it. The more proven and tested the algorithm is, the more secure it becomes. So, the first rule of encryption is to never roll your own encryption, as that can be like building a Minecraft house out of thin air, with no structure and no good quality material, and it will fall apart with the most effortless attacks of a professional. From d5cc2d05d4c5ab00012c7ecaafe33cc2eabbab79 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Thu, 25 Jul 2024 10:50:43 +0000 Subject: [PATCH 2/7] Write "Don't Roll Your Own Cryptography" --- src/chapter_5.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/chapter_5.md b/src/chapter_5.md index a6fe6b3..f510d33 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -3,3 +3,19 @@ Encryption tools are a non-separable part of security, privacy, and anonymity online. You can't achieve anonymity if you don't have privacy, you can't have privacy if you are not secure, and you can't be secure if there's no encryption. Encryption is like the house you build in Minecraft; it only allows you inside, not the zombies and the mobs, and keeps your stuff safe when you're not home. The encryption algorithm and scheme would be the material that your house is built with. A weak encryption scheme/algorithm is like a Minecraft house built with dirt or wood; it can be destroyed by a creeper blowing up near it or catch on fire if you accidentally light a flint on it. The more proven and tested the algorithm is, the more secure it becomes. So, the first rule of encryption is to never roll your own encryption, as that can be like building a Minecraft house out of thin air, with no structure and no good quality material, and it will fall apart with the most effortless attacks of a professional. + +## Don't Roll Your Own Cryptography + +If you're new to the cryptography world, you might think if a cryptographic algorithm is not known to others it will be more secure, but this is not true in any way. A cryptographic algorithm should be secure not because no one knows how the algorithm works but rather due to the security of the algorithm itself. It should go through all sorts of attacks, both the algorithm and the implementation of the algorithm. When it comes back untouched, then it is considered safe to use. For example, algorithms like AES, Twofish, Serpent, and ChaCha20 have all gone through the process of testing by actual mathematicians and cryptographers and have been around long enough for their security to be proven. + +When you decide to create your own cryptographic scheme or algorithm, it's like witchcraft compared to a well-known cryptographic algorithm because you're not a mathematician, cryptographer, or cryptography analyst. You can't build your own algorithm nor test and attack your algorithm effectively. When your algorithm faces a real professional who has been working with this type of stuff for decades, your algorithm doesn't stand a chance. + +Here is a quote from the book, *Introduction to Cryptography*, by the creator of PGP: + +> When I was in college in the early 70s, I devised what I believed was a brilliant encryption scheme. A simple pseudorandom number stream was added to the plaintext stream to create ciphertext. This would seemingly thwart any frequency analysis of the ciphertext, and would be uncrackable even to the most resourceful government intelligence agencies. I felt so smug about my achievement. +> +> Years later, I discovered this same scheme in several introductory cryptography texts and tutorial papers. How nice. Other cryptographers had thought of the same scheme. Unfortunately, the scheme was presented as a simple homework assignment on how to use elementary cryptanalytic techniques to trivially crack it. So much for my brilliant scheme. +> +> From this humbling experience, I learned how easy it is to fall into a false sense of security when devising an encryption algorithm. Most people don’t realize how fiendishly difficult it is to devise an encryption algorithm that can withstand a prolonged and determined attack by a resourceful opponent. +> +> -- Creator of PGP, Phil Zimmermann From 4c82882759a7aab543d0ea5d19a890f7bc9dae59 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Fri, 26 Jul 2024 08:21:54 +0000 Subject: [PATCH 3/7] Write "Even the Most Secure Algorithms Can Be Vulnerable" --- src/chapter_5.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/chapter_5.md b/src/chapter_5.md index f510d33..42a7089 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -19,3 +19,24 @@ Here is a quote from the book, *Introduction to Cryptography*, by the creator of > From this humbling experience, I learned how easy it is to fall into a false sense of security when devising an encryption algorithm. Most people don’t realize how fiendishly difficult it is to devise an encryption algorithm that can withstand a prolonged and determined attack by a resourceful opponent. > > -- Creator of PGP, Phil Zimmermann + +## Even the Most Secure Algorithms Can Be Vulnerable + +It is not only the cryptographic algorithm that has to be secure; the implementation of it needs to be secure, well-known, and audited as well, both for hardware and software level implementations. Several attacks can be done through the implementation of an algorithm, for example: + +- **Timing Attacks**: An attacker measures the time it takes to perform cryptographic operations and uses this information to deduce secret keys. +- **Simple Power Analysis (SPA)**: An attacker analyzes power consumption traces to extract keys or other sensitive information. +- **Differential Power Analysis (DPA)**: An attacker collects power consumption data over many encryption operations and uses statistical methods to deduce the secret key. +- **Electromagnetic (EM) Attacks**: An attacker uses EM emissions to gain information about the internal state of the device and extract secret keys. +- **Fault Injection Attacks**: An attacker uses techniques like voltage glitching, clock glitching, or laser fault injection to induce faults and analyze the erroneous outputs to deduce the secret key. +- **Cache Attacks**: An attacker uses cache timing information to infer which memory accesses are made during cryptographic operations and deduces secret keys. +- **Cold Boot Attacks**: An attacker freezes the RAM to preserve its state and then reads the memory contents after rebooting the system to extract encryption keys. +- **Differential Fault Analysis (DFA)**: An attacker compares faulty and correct outputs to deduce information about the internal state and secret keys. +- **Glitching Attacks**: An attacker uses power or clock glitches to cause incorrect operations in cryptographic algorithms, then analyzes the faulty outputs to extract keys. +- **Buffer Overflow**: An attacker crafts input data that causes buffer overflows and gains control over the execution flow to extract keys or sensitive data. +- **Side-Channel via Shared Resources**: An attacker running code on the same machine as the cryptographic software can use shared resource behavior to infer secret keys. +- **Physical Attacks**: An attacker uses techniques like microprobing to directly read out memory contents or manipulate hardware components. + +These attacks can be done on algorithms that are considered unbreakable, only through the implementation side of things. All these attacks can be prevented as well. A well-known software or device that has been audited is probably secure against all or most of these attacks. + +Some best practices would be keeping the software updated, looking for independent audits, using proven libraries (if you are developing a tool that needs encryption), and using standard encryption algorithms, modes, and schemes. From f6735aa3772104f25857cd22252b383786ca5521 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Sun, 28 Jul 2024 10:25:22 +0000 Subject: [PATCH 4/7] Write "Encrypt Your Data at Rest" --- src/chapter_5.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/chapter_5.md b/src/chapter_5.md index 42a7089..6dd551f 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -40,3 +40,26 @@ It is not only the cryptographic algorithm that has to be secure; the implementa These attacks can be done on algorithms that are considered unbreakable, only through the implementation side of things. All these attacks can be prevented as well. A well-known software or device that has been audited is probably secure against all or most of these attacks. Some best practices would be keeping the software updated, looking for independent audits, using proven libraries (if you are developing a tool that needs encryption), and using standard encryption algorithms, modes, and schemes. + +## Encrypt Your Data at Rest + +Encryption doesn't always have to be for communication channels, messengers, VPNs, etc. Your offline data needs encryption too. Just like when you put your important stuff in a safe box and it is available to you only when the safe box is opened, your data on your phone, computer, NAS, USB sticks should be encrypted as well, so only when they are opened is their data available. At rest, encryption doesn't mean that if malware finds its way to your computer it cannot access your data; it means when you don't use it, when it's locked, it is not accessible. + +Imagine someone robs your laptop. If it's not encrypted, they can simply take out the hard drive and steal all the data on it, but if it's encrypted and locked, there should be no way to access any of your data. + +For the encryption of your hard drives, you can use software like VeraCrypt if cross-platform compatibility matters to you. On Windows, there's BitLocker, and on Linux, you can use cryptsetup or a file system that allows encryption. + +But there are differences between container encryption tools like VeraCrypt and cryptsetup and file system-level encryption like fscrypt. Here are some of the key differences: + +| Feature | File System Encryption | Container Encryption | +| -------------------- | ---------------------------------------------- | -------------------------------------------- | +| **Encryption Scope** | Individual files/directories | Entire volumes/containers | +| **Integration** | Built into file system (e.g., ext4, F2FS) | Separate from file system | +| **Performance** | Lower overhead, selective encryption | Higher overhead, encrypts all data | +| **Key Management** | User-specific keys, multiple keys per file/dir | Single key or passphrase per container | +| **Ease of Use** | Transparent after setup | Requires mounting/unmounting containers | +| **Cross-Platform** | Limited to supporting file systems | Broad support (Windows, Linux, macOS) | +| **Security** | Encrypts data, but not always metadata | Encrypts all data and metadata | +| **Use Cases** | Selective encryption, performance-sensitive | Full volume encryption, cross-platform needs | + +When it comes to full disk encryption, having modern hardware really helps with the security and performance of encryption, as modern CPUs have built-in AES accelerating features allowing them to encrypt and decrypt AES without affecting the I/O performance as much. Also, most modern devices have TPMs (Trusted Platform Modules) which are hardware microcontrollers designed to enhance security at the hardware level by providing a secure environment for generating, storing, and managing cryptographic keys. \ No newline at end of file From de6cf1c5115fc93950a4b7b2d94ca7e95a0f15ea Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Mon, 29 Jul 2024 10:34:02 +0000 Subject: [PATCH 5/7] Write "Keep your backups off-site and encrypted" --- src/chapter_5.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/src/chapter_5.md b/src/chapter_5.md index 6dd551f..d08484a 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -62,4 +62,58 @@ But there are differences between container encryption tools like VeraCrypt and | **Security** | Encrypts data, but not always metadata | Encrypts all data and metadata | | **Use Cases** | Selective encryption, performance-sensitive | Full volume encryption, cross-platform needs | -When it comes to full disk encryption, having modern hardware really helps with the security and performance of encryption, as modern CPUs have built-in AES accelerating features allowing them to encrypt and decrypt AES without affecting the I/O performance as much. Also, most modern devices have TPMs (Trusted Platform Modules) which are hardware microcontrollers designed to enhance security at the hardware level by providing a secure environment for generating, storing, and managing cryptographic keys. \ No newline at end of file +When it comes to full disk encryption, having modern hardware really helps with the security and performance of encryption, as modern CPUs have built-in AES accelerating features allowing them to encrypt and decrypt AES without affecting the I/O performance as much. Also, most modern devices have TPMs (Trusted Platform Modules) which are hardware microcontrollers designed to enhance security at the hardware level by providing a secure environment for generating, storing, and managing cryptographic keys. + +## Keep your Back Ups Off site and Encrypted + +Most important thing about taking back ups of your data is that they need to be stored off-site, other wise you just made copy of your data, it is not back up. A good back-up can be restored even if your whole house got burnt down, and it should be restored only by you not anyone else. + +You need to always store your back ups securly encrypted, specially for things like crypto wallets, backups of GPG keys and passwords, etc. and it should be done strategicly and routinly. for some data that are really important to restore like crypto wallets and GPG keys, you might need to store them several places, including outside your house(it can be a cloud service as well, just in case of physical disasters), and in different devices like DVDs, usb sticks, hard drives, sd cards. + +For that you should first develop a back up strategy, to know what data is most important, how you going to perform back ups, how you are going to encrypt the backups and where you going to store them. and do this on a regular basis if the data tends to change, some datas might not need to be backed up weekly, but some do, some might change daily. it is based on your data and your back up strategy. + +A good and well known back up strategy is the 3-2-1 rule, it means: + +- **Three** copies of your data: one primary and two backups. +- **Two** different media types: such as internal/external hard drives, SSDs, and cloud storage. +- **One** copy off-site: store a backup in a remote location or in the cloud to protect against physical disasters. + +For the cloud storages it is better to use a reputable cloud storage, even something like Google Drive even though it's privacy is not good but it will be more reliable option compared to other stuff, or you can host your own cloud storage but it will never be as reliable as a huge company like google. + +You can Also invest in a NAS for automatic and centralized back ups and you can also configure it for RAID(Redundant Array of Independent Disks) for data redundancy and protection. and be sure to take snapshots and version your back ups to be able to restore them easily. + +And always regularly test your backups, make sure their valid, and restorable, otherwise you might be backup corrupted data for years and when you need to restore your data you can't, all your data is gone. + +And lastly develop a disaster recovary plan, ensure you have clear procedures for data restoration in case of data loss incidents. + +## Five dollar wrench attack + +No matter how securely a hard drive is encrypted, it is always vulnrable to the 5$ wrench attack, meaning someone can always beat you up with a 5$ wrench to give up your passwords. but how it can be prevented? well it is complicated but there are some things you can do. + +### 1. Have a kill switch + +Creating a kill switch system in which if a specific password is entered the key file is permanetly wiped could save your data, by making it unaccesibale forever for everyone including yourself. Now even you can't restore your data. + +Or you can create a panic button instead, in case of something like kidnapping it would alert the authorities. it all boils down to your own unique threat model, based on the threats that might target your data you might need to change this to suit the situation. + +### 2. Have a decoy system + +You can create fake wallets and fake accounts and reveal those instead of the real ones, for example some activists have created a version of telegram called partisan telegram to help belarus protesters. the way it works is you can set a lock on your telegram and have multiple pin codes on it and program each pin code to do a certain things, for example if you enter pin "1234" it will wipe all data and send a message to everyone to alert them, but if you enter "1349" it will show a decoy account and if you enter "6782" it will function normally. + +These decoy systems can really help with such situtations like a protest where you might get arrested or have your devices searched, combining them with kill switches can both fool the attacker and at the same time delete all the datas. + +### 3. Reduce the value of target + +Store minimal sensetive data on the devices that are most vulnrable to this kind of physical attacks, for example you don't need so many sensetive data on the phone you take out with yourself. frequently back up sensetive data securly to a secure location, it can be physical location or a remote cloud. so they're not all in one place and they're not always with you. + +### 4. Use multi factor authentications for sensetive datas + +Use physical authentication devices like YubiKey that require both possession of the token and a PIN or password. and keep them at a safe place, This way your data is not accessible without the authentication device, you can hand them the passwords but they still won't be able to get inside. + +And avoid biometric authentications, it is not that resistant against physical forces, some one can forcefully use your fingerprint if they need to. + +### 5. Be aware of social engineering tactics + +Some might use social engineering tactics instead of force specially if they in position of authority. always be aware of the tactics and mind games someone might play to get you to hand them sensetive information or your passwords and credentials. + +Also Understand your legal rights regarding self-defense and data protection in your jurisdiction and Have a list of emergency contacts, including legal counsel, who can provide immediate assistance in case of coercion or threats. \ No newline at end of file From f0768c3e2b2775db7ba33c559fcdbca17e39a627 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Mon, 29 Jul 2024 10:34:19 +0000 Subject: [PATCH 6/7] Write "Five Dollar Wrench Attack" --- src/chapter_5.md | 50 ++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/src/chapter_5.md b/src/chapter_5.md index d08484a..624b049 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -64,56 +64,56 @@ But there are differences between container encryption tools like VeraCrypt and When it comes to full disk encryption, having modern hardware really helps with the security and performance of encryption, as modern CPUs have built-in AES accelerating features allowing them to encrypt and decrypt AES without affecting the I/O performance as much. Also, most modern devices have TPMs (Trusted Platform Modules) which are hardware microcontrollers designed to enhance security at the hardware level by providing a secure environment for generating, storing, and managing cryptographic keys. -## Keep your Back Ups Off site and Encrypted +## Keep Your Backups Off-Site and Encrypted -Most important thing about taking back ups of your data is that they need to be stored off-site, other wise you just made copy of your data, it is not back up. A good back-up can be restored even if your whole house got burnt down, and it should be restored only by you not anyone else. +The most important thing about taking backups of your data is that they need to be stored off-site. Otherwise, you just made a copy of your data; it is not a backup. A good backup can be restored even if your whole house gets burnt down, and it should be restored only by you, not anyone else. -You need to always store your back ups securly encrypted, specially for things like crypto wallets, backups of GPG keys and passwords, etc. and it should be done strategicly and routinly. for some data that are really important to restore like crypto wallets and GPG keys, you might need to store them several places, including outside your house(it can be a cloud service as well, just in case of physical disasters), and in different devices like DVDs, usb sticks, hard drives, sd cards. +You need to always store your backups securely encrypted, especially for things like crypto wallets, backups of GPG keys, and passwords. This should be done strategically and routinely. For data that is really important to restore, like crypto wallets and GPG keys, you might need to store them in several places, including outside your house (it can be a cloud service as well, just in case of physical disasters), and on different devices like DVDs, USB sticks, hard drives, and SD cards. -For that you should first develop a back up strategy, to know what data is most important, how you going to perform back ups, how you are going to encrypt the backups and where you going to store them. and do this on a regular basis if the data tends to change, some datas might not need to be backed up weekly, but some do, some might change daily. it is based on your data and your back up strategy. +For that, you should first develop a backup strategy to know what data is most important, how you are going to perform backups, how you are going to encrypt the backups, and where you are going to store them. Do this on a regular basis if the data tends to change. Some data might not need to be backed up weekly, but some do, and some might change daily. It depends on your data and your backup strategy. -A good and well known back up strategy is the 3-2-1 rule, it means: +A good and well-known backup strategy is the 3-2-1 rule, which means: - **Three** copies of your data: one primary and two backups. - **Two** different media types: such as internal/external hard drives, SSDs, and cloud storage. - **One** copy off-site: store a backup in a remote location or in the cloud to protect against physical disasters. -For the cloud storages it is better to use a reputable cloud storage, even something like Google Drive even though it's privacy is not good but it will be more reliable option compared to other stuff, or you can host your own cloud storage but it will never be as reliable as a huge company like google. +For cloud storage, it is better to use a reputable cloud storage provider. Even something like Google Drive, though its privacy is not good, will be a more reliable option compared to other services. You can also host your own cloud storage, but it will never be as reliable as a huge company like Google. -You can Also invest in a NAS for automatic and centralized back ups and you can also configure it for RAID(Redundant Array of Independent Disks) for data redundancy and protection. and be sure to take snapshots and version your back ups to be able to restore them easily. +You can also invest in a NAS for automatic and centralized backups, and you can configure it for RAID (Redundant Array of Independent Disks) for data redundancy and protection. Be sure to take snapshots and version your backups to be able to restore them easily. -And always regularly test your backups, make sure their valid, and restorable, otherwise you might be backup corrupted data for years and when you need to restore your data you can't, all your data is gone. +Always regularly test your backups to make sure they're valid and restorable. Otherwise, you might be backing up corrupted data for years, and when you need to restore your data, you can't; all your data is gone. -And lastly develop a disaster recovary plan, ensure you have clear procedures for data restoration in case of data loss incidents. +Lastly, develop a disaster recovery plan and ensure you have clear procedures for data restoration in case of data loss incidents. -## Five dollar wrench attack +## Five Dollar Wrench Attack -No matter how securely a hard drive is encrypted, it is always vulnrable to the 5$ wrench attack, meaning someone can always beat you up with a 5$ wrench to give up your passwords. but how it can be prevented? well it is complicated but there are some things you can do. +No matter how securely a hard drive is encrypted, it is always vulnerable to the 5-dollar wrench attack, meaning someone can always beat you up with a 5-dollar wrench to make you give up your passwords. How can this be prevented? Well, it is complicated, but there are some things you can do. -### 1. Have a kill switch +### 1. Have a Kill Switch -Creating a kill switch system in which if a specific password is entered the key file is permanetly wiped could save your data, by making it unaccesibale forever for everyone including yourself. Now even you can't restore your data. +Creating a kill switch system in which, if a specific password is entered, the key file is permanently wiped could save your data by making it inaccessible forever for everyone, including yourself. Now even you can't restore your data. -Or you can create a panic button instead, in case of something like kidnapping it would alert the authorities. it all boils down to your own unique threat model, based on the threats that might target your data you might need to change this to suit the situation. +Or you can create a panic button instead. In case of something like kidnapping, it would alert the authorities. It all boils down to your own unique threat model. Based on the threats that might target your data, you might need to change this to suit the situation. -### 2. Have a decoy system +### 2. Have a Decoy System -You can create fake wallets and fake accounts and reveal those instead of the real ones, for example some activists have created a version of telegram called partisan telegram to help belarus protesters. the way it works is you can set a lock on your telegram and have multiple pin codes on it and program each pin code to do a certain things, for example if you enter pin "1234" it will wipe all data and send a message to everyone to alert them, but if you enter "1349" it will show a decoy account and if you enter "6782" it will function normally. +You can create fake wallets and fake accounts and reveal those instead of the real ones. For example, some activists have created a version of Telegram called Partisan Telegram to help Belarus protesters. The way it works is you can set a lock on your Telegram and have multiple PIN codes on it and program each PIN code to do certain things. For example, if you enter the PIN "1234," it will wipe all data and send a message to everyone to alert them, but if you enter "1349," it will show a decoy account, and if you enter "6782," it will function normally. -These decoy systems can really help with such situtations like a protest where you might get arrested or have your devices searched, combining them with kill switches can both fool the attacker and at the same time delete all the datas. +These decoy systems can really help with situations like a protest where you might get arrested or have your devices searched. Combining them with kill switches can both fool the attacker and, at the same time, delete all the data. -### 3. Reduce the value of target +### 3. Reduce the Value of the Target -Store minimal sensetive data on the devices that are most vulnrable to this kind of physical attacks, for example you don't need so many sensetive data on the phone you take out with yourself. frequently back up sensetive data securly to a secure location, it can be physical location or a remote cloud. so they're not all in one place and they're not always with you. +Store minimal sensitive data on the devices that are most vulnerable to this kind of physical attack. For example, you don't need so much sensitive data on the phone you take out with you. Frequently back up sensitive data securely to a secure location. It can be a physical location or a remote cloud, so the data is not all in one place and not always with you. -### 4. Use multi factor authentications for sensetive datas +### 4. Use Multi-Factor Authentication for Sensitive Data -Use physical authentication devices like YubiKey that require both possession of the token and a PIN or password. and keep them at a safe place, This way your data is not accessible without the authentication device, you can hand them the passwords but they still won't be able to get inside. +Use physical authentication devices like YubiKey that require both possession of the token and a PIN or password, and keep them in a safe place. This way, your data is not accessible without the authentication device. You can hand them the passwords, but they still won't be able to get inside. -And avoid biometric authentications, it is not that resistant against physical forces, some one can forcefully use your fingerprint if they need to. +Avoid biometric authentication; it is not resistant to physical force. Someone can forcefully use your fingerprint if they need to. -### 5. Be aware of social engineering tactics +### 5. Be Aware of Social Engineering Tactics -Some might use social engineering tactics instead of force specially if they in position of authority. always be aware of the tactics and mind games someone might play to get you to hand them sensetive information or your passwords and credentials. +Some might use social engineering tactics instead of force, especially if they are in a position of authority. Always be aware of the tactics and mind games someone might play to get you to hand them sensitive information, passwords, and credentials. -Also Understand your legal rights regarding self-defense and data protection in your jurisdiction and Have a list of emergency contacts, including legal counsel, who can provide immediate assistance in case of coercion or threats. \ No newline at end of file +Understand your legal rights regarding self-defense and data protection in your jurisdiction. Have a list of emergency contacts, including legal counsel, who can provide immediate assistance in case of coercion or threats. \ No newline at end of file From be72e44d0e78d9519dd6dd2859ce23e05e1f6187 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Mon, 29 Jul 2024 10:45:47 +0000 Subject: [PATCH 7/7] Write "Chapet 5 outro" --- src/chapter_5.md | 8 +++++++- src/pictures/xkcd-security-meme.png | Bin 0 -> 26341 bytes 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 src/pictures/xkcd-security-meme.png diff --git a/src/chapter_5.md b/src/chapter_5.md index 624b049..4fcb4dc 100644 --- a/src/chapter_5.md +++ b/src/chapter_5.md @@ -90,6 +90,8 @@ Lastly, develop a disaster recovery plan and ensure you have clear procedures fo No matter how securely a hard drive is encrypted, it is always vulnerable to the 5-dollar wrench attack, meaning someone can always beat you up with a 5-dollar wrench to make you give up your passwords. How can this be prevented? Well, it is complicated, but there are some things you can do. +![XKCD Security Meme](./pictures/xkcd-security-meme.png) + ### 1. Have a Kill Switch Creating a kill switch system in which, if a specific password is entered, the key file is permanently wiped could save your data by making it inaccessible forever for everyone, including yourself. Now even you can't restore your data. @@ -116,4 +118,8 @@ Avoid biometric authentication; it is not resistant to physical force. Someone c Some might use social engineering tactics instead of force, especially if they are in a position of authority. Always be aware of the tactics and mind games someone might play to get you to hand them sensitive information, passwords, and credentials. -Understand your legal rights regarding self-defense and data protection in your jurisdiction. Have a list of emergency contacts, including legal counsel, who can provide immediate assistance in case of coercion or threats. \ No newline at end of file +Understand your legal rights regarding self-defense and data protection in your jurisdiction. Have a list of emergency contacts, including legal counsel, who can provide immediate assistance in case of coercion or threats. + +--- + +These were all I had on encrypting and securely storing sensitive information. The next chapter will be about footprints and fingerprints and what actions can be taken to minimize or even erase the trace you left behind when you didn't care much about privacy. diff --git a/src/pictures/xkcd-security-meme.png b/src/pictures/xkcd-security-meme.png new file mode 100644 index 0000000000000000000000000000000000000000..d05d29d4045a2e62169c0173d5f96f9b7a1b830d GIT binary patch literal 26341 zcmV)EK)}C=P)U8P*7-ZbZ>KLZ*U+lnSp_Ufq@}0xwybFAi#%#fq@|}KQEO56)-X|e7nZL z$iTqBa9P*U#mSX{G{Bl%P*lRez;J+pfx##xwK$o9f#C}S14DXwNkIt%17i#W1A|CX zc0maP17iUL1A|C*NRTrF17iyV0~1e4YDEbH0|SF|enDkXW_m`6f}y3QrGjHhep0GJ zaAk2xYHqQDXI^rCQ9*uDVo7QW0|Nup4h9AW240u^5(W3f%sd4n162kpgNVo|1qcff zJ_s=cNG>fZg9jx8g8+j9g8_pBLjXe}Lp{R+hNBE`7{wV~7)u#fFy3PlV+vxLz;uCG zm^qSpA@ds+OO_6nTdaDlt*rOhEZL^9ePa)2-_4=K(Z%tFGm-NGmm}8}ZcXk5JW@PU zd4+f<@d@)yL(o<5icqT158+-B6_LH7;i6x}CW#w~Uy-Pgl#@Irl`kzV zeL|*8R$ca%T%Wv){2zs_iiJvgN^h0dsuZZ2sQy$tsNSU!s;Q*;LF<6_B%M@UD?LHI zSNcZ`78uqV#TeU~$eS{ozBIdFzSClfs*^S+dw;4dus<{M;#|MXC)T}S9v!D zcV!QCPhBq)ZyO(X-(bH4|NMaZz==UigLj2o41F2S6d@OB6%`R(5i>J(Puzn9wnW{e zu;hl6HK{k#IWjCVGqdJqU(99Cv(K+6*i`tgSi2;vbXD1#3jNBGs$DgVwO(~o>mN4i zHPtkqZIx>)Y(Ls5-Br|mx>vQYvH$Kwn@O`L|D75??eGkZnfg$5<;Xeg_o%+-I&+-3%01W^SH2RkDT>t<8AY({UO#lFTB>(_`g8%^e z{{R4h=>PzAFaQARU;qF*m;eA5Z<1fdMgRa~M@d9MRCwC#opoRp$M?5C@q`dakU(&E zcX#*V?k)w26_;WK3I$4Wmtv*3ySoQ>4G=OT4-0t|k?d^h^n zZrXXkst5r8n@85o8F}UX3NTv_zLdA+Xyhjc_yu4NjXiT$+g3IT1EzXCf~^VE%EZXb z4zh_C&uy)7%d3-dO7I6l4+jIjy^e#~+YF~J8`lDlZa5P8o=-IL698N|=ItB80^gM_ zIHQte$&^ebmJe@SG>IhX$o%1le{gm3qdB#-`U4qn{RL{hIe z)>r$Q@ppj^1e{ycHl^h3G?p<^wlvCfmGN>bmQHH=6!vHn5WI16)ZYY~=Vd%2&o)m2^mr!~oyxL}X#K9hWbh=O+Y3mMm!tKTK}nm}|(rE+Pc zs+O;*n(Ivfmg;mLNx7;v9lkZPiz=KU>gPn6UXHW5N#v=n%IC|MRe^O`(y#oxzCcPO z3bCH)X%jM2mw^YG&r$86u}%Zj)8m+2+0#W?538kkon2#=NHgec=M4caUvON50eb5= zFjJ+XKP$lJsZ-siK#rJ)*r+mZSXt#oE~#wyCP|acQ{_;Ys`=;g8I5pN*GN+d7_P}a zQ_Rh@(a6|A{Q+376Bjbu?6bfw9BDw^)jNe5V5KUVj^2i`YX0VL>p~f!>ww>Lphi;0 zX_fcsjo)Y^Q}iHUf<^)~SL}%1%JzljD8j4OLRE)l$rIczn*$(6KBj9cz(m~#Xr+eT?HdC;aVuc5 z0Q7ifAUaJ)7em55>QoiXk9QZy98@B&@dJIe5}2>Hf8!X)X3Ydz=MEq;WqC$erqpYw zraUR6iU1vTJto(5U9ueAQR6)JSAk{flC~E>O^2|~x@EkT=Kv0B>gNRLmn5?v?AI>K z#d(@-5gBV010qtEr@s~q)=oCr6suh*o>b@@QK=ijP?x6w43Z&}HMcXMtkXq0JG?Qy z2?Mg%UR@%;gG$^WXMUsHCysR>D0!a9zZ2kNr)qFY8jrUI(N~I}s&HQYOfE@YNsH=%Uv}(?)1FdtY4zNn?wF#h5`q%F50NA7>0R9fWJ}1CVHje;GHL-}G87fze(?OvItrV8r)v}pkqNe<<07q$?uS40NRi&Dn56#j7T+-TmngqOZC(vMKy_yyD3Kv5Hd|jkYVXlj6Srw3U+B9V ztBUH<5#SL?_O1yN^wI{S#Zxr0-Zo0I9}x)f z&}IX$(dK>(K)YE`+%mVSpVDBTza894l`(X@?vbmer7v+_k@IenG!q)@ zi+QCJK4-1cN|FYaIL)gzRw zYNn9aUP~cOU2pt-02wRKwLs3i0Whn=-M5r`=M$X9oV!Y#FOaIzK{iO`qTzV$JT-O! zkIPE>2{uZ(`j4M~Y}1Yf)uhs^Kc^-pGHnLSG`w-j2mt0AYRcd&vwG(s{99Yk3vgQt zfvtLOE#Z~E1I8*{hql?>4H1Ud_T!9cq-w*Qlqu7t%9gv?1dT8hQmU}WMRF_Me#vVf zbl5q#qrrb8zy|}p0WRGEqJA~=j=Bci4vKr~v`hU67*_mo+>@rQi_QZ+?dOC8{;pDv zj=#L`6MbBO=QY4`a=wll@=5B7z>~sNX`2n$sXW2F&VCrUJ2j@>rk;lZ4!0~=WPtUv zyyZC6GOJhx1Vu(i0hHTlExul||oi`hbEz zF2M2HVtrt>G7eT~_^IjfOT3{|nrL8>8b$GE%ob*Ei!NYK=({c-elT`Q?0*a0q{2V* z4+i+j(#HfCLP1-r2F6@c#~Ho%n-x+O^dff8N}B`Huj2aM}Za?MY>usY+?PHWmpxn`O42*FF$9JMUdWSjgn| zIrFw#elE@_f182;%xz}+tN^!fHk4&I$~om<6AVO!1P8x776Nc*z8T=Os|ErQaY~5p z`Zd5_y{#}?SlbUU0YvmmCfRqo%!>LRO3>jR5BqkhRIdB>05J5*CuW&G9YCK}8)7b; zTWry%rIY(ASgb_Tp95plyojDS9jK_pcK|A8iiV|?GAo;03*sJj=w*H&P6@>EF* zLU5i=hBD(a5S>@IAvA|}807>HIRwyFhcS1|vlYyZrPRaADPC_IWv`x29$PmX)+*0O zchk)QsHGR50AN&nuVCP!Isngl^}NjO1S)bJ;Jj^XPur7`9+@pB&QKzgIr&3%XB7+r zie)iF(bP>esYSJ7ne8M=32r2;3(QlQ6yxCfP!$WHQThV_tkr4Yk!{XP?*O>)lL9;$ z18}Jtj8rWX>{M~g13LAPtm+)CC;nh5=exfO>^DI}+Rg#4J;>Bkg_cU@W8u1x4&C3yzXc^qHCz7>%ltH%0y z+O%oY#yO@82K?+h0u!ZpCpN2-ikpGi@wwzwe!13L@B!U)4+=F{p@u;I!tmIBh1n@< zI){{n>bQEe?%aAAr8C3*cn!iHUIX}9T^Jzyg#eFi76A9Up8f5!j8cPXA2HpCE&1N} z)22QcS^_>UX+rs4b7>ntkTa?P5STDmG(Z8{ zv-|AQSqHa3_u>HC^$RuQttq00FEM-OfyiD`njm1IrdD<{?mZ;+fvC)hgLvU#aoPCm zHC}D?@lG2IgnKpv7Heas)Q#QfqDw%nydh!Dl+^Av+-#EBv)vPzuM3d10YfzuvX_UM z%H7s6X{Un`P_zI5HF7~mw-}quc-`A*A5ZIm$YkAr?`0bGaoyIxjQedH$pY}6mci>3 zUau(>-};PM(?$d9bp)uP`{n{R>yI?lL%h`pAl$1c0DEncd05Td5S_7@@o7&YSISEp z6RWC;jEVbJb(g(cDl&L&%sjos38LfF}bwbIxP}75b zRdvd&G}=rJIXL9-g`=vgxAgq>|DBCSwewcpKoU&1}}BIRLeDL^DMm zWg0XtBE>Vjb@CO59l8c(Qb!S1%H?#D4){BbjJV&!@F{4UEF7S5RZbbb69CV&Z&!Q_ zYj@6$0KVOJzGDnr^zjC~)#?+s}*Me+BTB(uRFfDRj}> z0H?)~LIYDf=c`=4R8F~t%+emqEko^I0}FK*{2j*gwXOqob?cIhiR+g#M(xN!>JVFS zP1^$1+ATX_Gkd+319#Ols%UEC<8r)rWLGGdvgUpi46t8YLknwT<~m@`t{ESt#!)$b z1+YqGz?`Xpae0aDeF_x>2=&P0S3}ETqi(=X9fAh7FMuDVDU8=OFy%}X0JOn^ZcV{TeTyvh3BVtsL|5nFJv;sE~fwoTM7AS7`vY9)&T7!u#`#S2N;1mOCG4O++T zBo6jffrhH_X#iHw7ztF$VGOa}TI4UoKW0$L$f&L=HqfKK8Mf*)w9+{svRc6_^wNFc zM=b~H8vbS_8xxr^i^UYN$Nei9QUXkQ6TdlXdjWWrL6!Ji0GDgetCvBc+*LnHYdUZ^ zoc>;sz(LJrufBtZx(5U%@;q(Zh*!I2?YnEIQr!nnjv~;lW^BRbivt8WkD2Io6EJ6K z#Nf_mfZ-_&4V5X6Ypd=p3#;;2U4*@M>IQ5pKlRf9?4lPyFS}<(cVBnc6^Hr8WB39` z>SXU03>?uOXdmwyKzINg9UTe;dZrD9;_n-rNiA6Js7cI;D3+ITmuf^1 z;9M=X;JO*3fv7^xPmJmLK_AS9rsej2t6?C4q{Llb49#l-mgao*5o`P#fa@k3W%VFL-l34$062OjFh8k7j%>~;THFF?l+&0`sK?)<3;lh7Z<407 zRI1+?xYjPdTzA2bqX4-0Me%RqtT8f0u-?nD@Q{V!K;Xs8K&V$7TjuwZ%m6nJ{lSym z+p+GTANU!F!}yc{En2h=PyaBRZ`)_Tdo6pvIRCs}Htxr57TswjV@w!OH1u-=ysbuW zSLf1;KP>6ZuP)z-{AdsPi2%NLG6z}Bhf%v8M7(=>$GQo|z#7Hp1{gN`*}uh{^w9u@ zTRVnm%qH_c!XEesW8lBX9vBB;ihn?L#(#2vjsIZ)$A2tz6`g{B{!lumoqyP`;pO@x+9DwEni~b2|ng1sR7`}GVKP~;m8pi?KsQ!R7whp#MC zzCTP6I|4uGneK=2bj8d?E4@u4yEQM9E1ql}tzKe)IrGP5 z`(A$_z;hY~Ft(og&H@vrS@U-9j%lrOj>eZT%PwAvJ9rn)ldt0@e+Yea=i#GQ@Z?uM zl;iYk-^n}2cK>Yst#fw))6!mB0bXA7z8y*EjzD0s!_o6b;Gk-fq>>#n+nou!eQ3)a zrpczs_#Fr8>6_0C@WuA26KCy;6;<2_|So_d2~|4Wd$~B<$kXR*C-+%^Y1ipF zU5B0nrnZb#dYYT&E>}Odq)e8tG9*DWpqr$f%xRfKQqFbf^%ZzK6!krzp@(nPrXlFdic_+F5F@)S2hfvQO~VKn~QgRT}+Zx| zK{~ic^*65UDf^=z2yhv|h=lCWFSNDk|IMXNB>)V`i;Kwu{+#wN`5{P88p z>m@+|KB@(#`IS-)G!r&Co1IRq_Cp^|Kj_R2Z0z2sS}Ugs(1-5Lta zR;J(&0eD(V0Y-VUPfJLbGVZ;pjRo_AQURH(vsOpokz>P%wt4~?6FeuY!$V&w>&9y* z%W64bZmY!Bl`-3#YZ(XUrJsPo@%(6Pe-9#^WtpImeZycrEis$p(Rdq*XwNAQQ z6_qrZ*UhyY0=)9=-D|3?qHC_lSS!vaur1%QaoK+6U(&7v4r>U}ZRO~sgZE3xy<9m* z{g^p#^exwP!R^!upsuF3)uI!3xvPqnkZi9UY5;WAln()TRJ9LWId!^0R?cVv<(!vI z>|tFr?C(4hfPBTTojOt0)3j9Go|w;S5hLs#a7q(lj|MY4VNW15O};3Yu2umtCFja# z{Jm@^_lvMxkA2*X;ExY91s*w$gUwR*XrQ^{*nU~0xo}l`VUZF#s1MvRqA2m55sl!( z0k)|QK;6vzps6X-ztx@UJ3|CZ+KOpfeAiRm3G8a;R#*i#o!G1`mBp&}WN*Tm9n}8?Y|zr?YF13^39@ej(8)2fr9&WaO0@>` z7#<8nq{<8MDxt^g4*+OYHf4^!rB&=rC`sdtOHXW80lZEuNpcG~=ODW*Dj3EO4t{*) z_!=mZ#zg7D_x&U2rU&>Wag8n6TsWO&ka3)o$m=n`==OHY@EV$|+KCf+3x)$<7?!%h zl2mg$a6_wMwo(DR`-DG8f57x`umf- zaM+Usg@E`2eAEXT%bVR!$sTXlq;Ll7CN!39Jl6&XVoEMvmhiv`7%X{sb4Fvxl;$No z4y@-C0H#`r!~Kg$UqVQ-tOqadX`zu+b`Ju!N>YNCfH_;1Xn@*(CTQ1h0G?Fo(fvj* zN|nxh!Db)a-Ei(n1xG{hxM8~=;H*uGQgvE1akv)|zjyyat?t41_OB?H4`8$&(p+*) zol%(sIVg3Ei8vOTPDM(e2bQ{UG*LdE6FNK48gs6iWRv0{z-^nh0Q1yqrP24^w^e8^&j!Iq}((*fbl%RmJSdx`+mzYV2iVc1L8S`z>SUGI$|WwA+HDkUQ4*Cj-_pQ6nhrpJ9pY#O zErpv-+5@J1l9Z%>G*uIa0JF7W&*A$3=FEA_0A1w$0RYcvB0!OXoU(?kYmmVZV=mhq z0$8e3z?@cI$5Ak?}gP*!cx}RCc#^ zb;x76)WTj$yAi;gt}4JUvI^0+ZMMS-R{&l{t&SH0yX>2@weHiu0&syO>8tAL*`rlN zoO{Czt9RikL(-+4bEUkQk|lUeMJcnIa#pi3=SUn3q^@w!E=`^S-D0G>dsTJEa@a(+ z85^F1XX^c>WTBumlSf6ToCR=Ot7(!WPWizT z?Iv2^dgmtqERi?NQ!1_R?|ch5-1L5b&y5XS)g>HgoZj$nUuMbmNXucC{iG#}zb)Zd zdYc-zt)>EgK2BQwR{+kjS>gTIJEUv|wrDcC1_;(Ts1V%AYCKSVFqMT%!@UbJ60 zk8Bn~Dd#|l^yv2}CYXTr6}HZSt7d*03E=P2Bsjg>54NpRSzHhgN>UdKp>`0NrlM7% z$_3EhX61%8t9R|&x4NNfUK!Q9K}mhf-FiJD-xJ_yqvI`Dkvoa^z!x@kZF2`$Kh84E z6ROr%_HO`lfvn`JU|eXO$sFy~AMmN^e23<_-};5B*)0bfHTKfY%acMk=qNB;nsY#j z2M#T%20?T5n(H;x0qAZU3`~-B<%_>ffB3-|m-F@bUUK$o{0!g9P44~`fb(<>pjzJQzd*0+@A zR=GWKDfY|3rjDZ}{_%13Xlkdt>jARXgFx5j7F}V6JODjn>`SSeoa`dmc~uQEl~A7W z_XN0avKgSs7jV`Dhbwv2ePW&1R+Fkuyf-CnIKWTS={M5y&~^coOY6^}G%2^kmnp4M z+4fOK&Wy2{ZY^1olq}+;_5(~v3c1kf4z3krIYoK0nD6Z&TKe=-qiQN&Ps_~8~Ac^jJ59fb4tn{ zt5@h?!9QyJGziV84LRM{-#9;~tn(=S3~Vo@0kCX8L`;8V$@1-XfD0dHng4j^q`9R_ ze{aOX+i$I0=$0`v9=t~p*Mr=0!Ip!=Ue_dkID z0en|F)jt&O#z;D0x852eB5uB?oh>HgVrvA1W7qjV!_Y)U1-y*@*8&Xu5P>0%6BQayZjp^;HHkkZ~hyXAb)j2N2pJSctWm1w>Kg7fqFt@kq|GPhJ zIvW76^E&WwqZv%6N+oI=z{_nWxG78MaG&_ebEGak_5~1dGa6vP&}azT7zl8C=<;9) zuaY~NQ@-!Q-Unc`_klBpLiNOkQ+^+@x$mu9bK!SA(;o!~-8{E(j$zE&{hbMz*)N1Q zSK$0tcfoJOlHcT+k}DN?UyRY4MN$z< zV1~H~9lh%0knBcU=NIybWB3U+0o>pI23~gE!7o|` zc&j%sKvxK9AW7Ajrq%G&#PYTS;XAD5C(NkPb4`{wO2ld6>Gg`1wW; z=xli(O_^N-ayx{2*LIU6RSE+F_J+J0V9&%aEpwh+JNGPK!n4hj6Qrm$p=*UR>as$#LDas`aPdsa6?3%I>;=jl#S6P3My@LrQkw}Jpeg3uN~pvq2~J!BXzb(% zjMMDqDiK8wt>SUBUk5w>eSjBiq*C2myJ{&%l(B!OQqtl5scrzJ_4HvLspuNZyl|bd zkk;3sUzAH**0|)@#&?pe)(7*vvSlZQ04+5PsGj;t0;f@L_OCTeq(*zf`D}z%tH02uavI43MWeN62O#CmMyn}5>}$Q-u#jzlWMKpRzWv_ zXhQKw==NsMMqD4UGM6V5P zlo7c8x#QOijM;+1TS_0aT7_$9F;`TNlsN&$={oR(uF_xo2qtUs;nLSUwHaZ_HZw^$ zkU7s;)p@ZlVG4hLhjw7fp2-XmDH}m!oipMJzjmqqX91p8?(=|m)+E8rbp%+YN#pep zSfZ^1RHT|RTgF{K&y-<6m}f_4U^eS{RnOCZo=dkCC-=0A_0H<+T2hb`YDH$%dej$X8bQ!BiJ)1n4&S8h0sH#eAGxJwz;$h)o&2Zh5->zp z4VAVL2xhNN6SH4gCA(Ju1&fd)7yE3otEJm4tAz+QYS)A68V+Ae zgQ23+ImdPYTWqXO7PAeT&P#{huvoKUqmEh4Gs&X~y0y%u5g{I>n5o4D^S@x7#ns+F zVHV>Zx}g!YwRsBXH47GMA8=n?-wp5^8$&1L=i2hoHD80lPe7ns?O_Y765><4gAJt$ zro&nYoYa1*Brr8e90ts_xdjjw&uE`X8qlk-wAjeEOy}xItDs~SZfJzzd}Gd13Sg|w zBY($60C{tlsc_q=q_=*2BsuFgQ`1BOtCLhs5(1PedtAHWxrPAaR4|pDT_h+-+>-`5f41 zxcGE*ODuOwP_KuMN46K2ayHU>V4<#(suXz&0DNcr3gEE5wb;fak18p%7{&Khz-p!S zg{CRFp}woN35ZHn9$=_K?yDmZ;Ls?^niQL_+u&OQ zutU~87Q0Fb3N#$%RTrwK;fUd(cwM6{a+bbd?3CjLP3)i3&BY%MX*VoUs}X$)C?>Y~ zuK;#+GmaiPr7e{8i(ufC`T_)ngq^HvYjoaMoX*4kc9OOLHBv@Bw4FezDgXl<{efKx zN(Tc3dF2~+;0-@oM!_a&qJzsG1sY`Fx;hOpx{`cp0eZPdKDTWTtVpokb_k}5vcGB3 zmQTn9oYA7r?%_bT5knmP;6d_Y(bp#=sqF`Jbqw!eC$)L{9sp}+hz8i8eGhHZd#FFq zEE7Nzw}3p!!{NS7Bdet)S(dC`*3bVe zpw)BrfkW|5&1;vg;?@f8YdWl!b#6Q;`OVir(dy76A^Wt>kP!zOS3^=Kagl~ZxRr&L z?!oZ0PQg@3@~Eqk?*`a3i}Bw0Id!#|8g3eIVvX^z)?%aE?)n0tm(&U-YBz_phBSqq zzkGBkZGu3UsMPlWIAjFKd0;aMz?`d!#ePvOGq=>TpB_g3^hIGO_3c;MuV)H#WYUuG z+Oyv*Z2_NBF`fL9RJ@rHuNZT53Qozpw-;}EI!RfT!RA|lA$sve&L3QqdZz!M2G}fq zFmNMfv8b0ey{~3aJ%8ru1pKI%xV~Eoh8U*3X0BCo=Tayp(RFH7Jq@|%Gz=4 z+RF`XpRCgUS1IG?aJ%I`3b>sojWrnFE9aqxeK>O{4>b{{I9X?%9gV$33YCK)w!s^; z4d7DD$JIfaUC^VR7DGe(S1`rqF$~w>MSK13so%Q+R<2^1vAMM(?Ac?V*X98G9LD%H zbem^ZWAd@m(`0&mcV~fk8C9>Gmck~@qpoaiC0C~#rz@)7J*#c_6u?76r15iUY5A3$ znebDSnQD|(u0@Bs%cf&gcjsUlI$ou#TopSEVRNSG!qR zRjftr9K(E)EHcF6gH(bp}&~by5;PsH2B4$o4g~O9XJ&`kDS3VEzsO zKXrVVIC=GyHnJ@nMt5UA_N|o3qTHHpQ#8G+&DTX^#%bLy^yT0n%r&$U=+iMAdgvK^;TjCw)`)ilERc8ehS3F; z`*8*-b&a00Es%4*sx|uEiqX;qJ+$8B_jtvaJ26?NT4G}#j|AAGzEoV zcH86FuGbBm5o2ebT`CY@TrDn7iZuW75Fo%Ul_4?>u^5C~t-oJ=1w61R6Fm6x!JqcT zeTrU&+NOC8Ga+N%z?GPo<7@ML|5+e=qF!^mzg2pMQvs@Ku+C|JN;kZ~mela`%xx3Gmr6?_YNPxnM8vGWqr? zWB`18>h1IM-r>k;`JS%${@F_W-eX-j81uBXYlX-cMA6^5|@8h}ja_i6*?FWwA`*{FHx8L#je-EJl zhAHdc0GHxKL_W4M6kuACVXx1ezddyLv7dK=--+YTV1IQt$@N#^hMxOgTr;ul=(oAY|HO2=Y=J;E*y^>}=5-6zRYp z+Ey)?D2XK1_q!46_8H{mxPFnl4yP*BBd@Z&0=&<>1UTm+Dc{qPO#oI{_8l?bkAm@1 zDz}oy_b;4wWYCR#~=~!cPfC(=tD*Chu_UX}yRwEQsk~|2>{cB%K4x@xnDQljX1X?g z>R`_#UoUt*Kq}avjMwo#>J86}#4N<#EXhs|^(U@7vpA!pM^oz?y94qKP90?E;w7;SCk^ z5RN)4Tj@?#Iexc;B#-XTAS7|ckW2HXjU98@>S|CS&XyDhR3)V(X>4>2W*FexZPw&2( zP62Gy6;@jJ3(DOPsGsmG5XKdUd=OM2p0!tewP5G%Cs~^Ur|l&vr^PPQ#qkM1pu@Lt zM!n!mH7TlM<_&5Lgt0~YOl{TF;?xn5#U=wyWBHClCaf`~lsE9qwgSvh zzJ99ctu_E(Bn*xnUu&6wZ?)x>JR@Mf!9GC}r(AoXwO)J}z;G`Q%N%E$vHqu}a6e5RKgReGlsrGfb(M!n8a|7c*BCp~YZUOrrV9SaQoUl$ zPmhgd^tJ6`xcJ)UHUVetN?fq9y9gcCYSwUlC**O%nte z8tIYzQproBqk#f7fw7X31p&S6+@+as7u%*7Y%`Xn6*dHrpoE5tfGJ(A%{9~>wrLAI z)8cBWjV|k@hg3VZgl`-T|HMKCKLJ4RNe8BA7f>}dz<0Vz6DMDm*g1U@t38~giPaLO zFgTTQEa)h8k9C$H|7I{0&UE)w$83@uEOU|FzSe$fndekf7rjcP8j6T0l9V?++t=d|hL4j=+!*!)f zp9bJwZ3Idh@c^72kt<&`z^42fW!0CB7?#V`UX4w_>U>AwlBX`jv|IY(VCp#@%sI1# zGC|7r8mK5K)f32@I;+hVBGTr4Z1%?XFvb^K zusy7;@k8{-2e=i?*^5jWI&t45J&STTItqeaE5_bbv_Pg(x)h_5sjJwLzKz2xHc9Jv zW;-7GODcUFN~P#fwP`S9Eq%ht;~c4rT(h=H8|51E^Ob?J%CS7r5P-Y-u5v2AQ4_BM zuvc>-Fy3%3Y4isIe3iy&kqLMW!{t(T$h7b3s>6()4pl;*JIY46_5b!pRn z$jnudH;uL8(IeuhOP1Te*{)s61Nl&l=f0^8lD@8>1%( zNzfNyq?>P^>`+rG4?k!(ymFku<+!^uz27wAND5`FSwE-81I)*s14Ml7Ca)thV=Gjye>^NN8sY4%elt%*f) zUS|A;Icw4gz?7mT=J{X0_~>2eZmomxWVHcS>gN|~NmSRiH}-nQI3h=8tXnN{iVTiE z=D`+6v7(BNUv^dtH|xNcI@TjmDAdY~|2Hmb*eOS($>;R8n~4j+bR|+(Q!#Zs8S!R( zjbSiMuxNzTz67==%ssb$9^@}HT**X;`3eUUj6LXDwBb*1CkR-eYD>)kXKI9=c9Lp8fpP`Ru+GgAB!c|S0L+CK zeVQ?Fr}hImivt|j{$MpBB#WdHv5qxAOY!V9mGDIB=L3&AEB=#MMSxfS6s63^)HZuv zpg6bV$bjYGbjBXzylRu{@*3!DDQp^U~>sc_7&cWo_V3nabTxy+8$^Q(xe~>~OZ}Qsuzh@8p4`7^hFXUecFy#LufdBaP0RYeCxc48x|7CzHtqY+3 z1NgrQ@bWu$pZ*^O_{8UT9nT{6d;c_~L*J?Qjei$+4hN#oZ&`5r4}LN7{=>(QZ=K%W zXO3m}T)1=Y{^4EgtQt_?Q@ghwIvomgs~TQFHy4dK27U`#4tzXd1weSC)iAfDp|g8+ z%Lm}_jFtC4B0y6S9sZX9tXkXDB5$AZo4fUQxVO->q8HP7@y4$9KF%WOJ3i z{f5I{8uy&X#;Vw3TIu7O%2QK$AmwXa#X+s(XWcm^h3W)Ykv2Lyoz2NOrT3CIgy(bg>8P*PtcX<$ zm_75sV#8oxwCrxDw6VcY_R8%U5arNyrNat+!7P;nZYR}3z}K-az!qI^ualRusB>`q ziomV-Zf+I8r-8ouXaHBK{XYnk|IPOYINs8S43BTxscyf{7Zg7)P$$i`7ZE^cqFzAh zG*Q%jYp=$puKvIRHFS4>TjP~8eH0Ij1!xV@P&yN@taMESv=+Fl5l!>cQ(J2&apg(Z zr^xes1dyu~zzo}UPHo|3b!~2%1{kSh9rYL@%jxXL0(e5L|3LuTCJugYfVUj-p7cJt zWo)r{ejy(5OBOErmYOpveb#8`B-!N+fdIEzK=HIuJj}1$eKuJIxDwf;0spj;@(+&d zsGKi@iQuH!e^@g6t1PLg@0crIZ|kLtS_!){6ug?S_S)V`{>!W$RUMp0H*r*kv9D;K zF#MT6U&XJfv%piwZo?DaSXNBE8KXPEnOG-|zY6ejswDf8b;FZ2P?u_mstoE-q)vrC4zE;HejW&r0lzj!Yx zv|YUM-!DG)Y`V=8Mr*6T>23R2&StAK}C#UE>;jcfVdbB@$b7z~8Pn+)tJs4_O)l_a33 zEJ1cMHXJNDZ3fob+y!3R4gOdFuPOUqFc>}^`~XW}vi~bRncbu7R)9&aaZLds?xpsB zQzMZi#hdit+Yp}Dk|i?rp9MJ91%S=E!YujxI%D>hz$pjA|0pn3#??b=meAxqb1yuA zsGP}-IYS@a1y&fbHlho~cI5SQU=3Q*JD#~+k~m$*b-Nk6ec*{h2Y{`*1H7;^!e$kh zgQN**GTU@8B-Z5v9m+`!ud_kdfZLk=u>hV^?ho)WdeVH7AHY=2;Ca;q)nj%9xiYF{ zwaQKVJpi5!{srL9>irL25c*|eNow#4=2!!>7#(1aboP>mYVEt~7X(mKjW#`dFM#U} zPnRuP!#b58Ibi7bbJtypv9;!G4E&=|zuC<1g8^Puwhu6qZ;>+Y1V(EK?UY1CEVA1JcPUA7 zH*F)RUIN8C3%9%^2d`5PWZ!kunnEi4f&*F>S7TDnYtfbm7j3K~@lD&t?>mvdYN!Km zsd8+T`b06WRJN+X3d`w6+&mfv4}U(xuI71Cw2rX@*H+pr%5yik^Qe>8H+seFUq-=l zK-KJKVCQP)sr(lWTeoOgd@XRz_7HGiZm$3$La(d#%7l%B{5e!ZbxobLey!{tUUOH* za!H(y(9kWCH)EVsM^~@4NUhFctJXz-6oB{a(tUs~?XHW1oDachoqOX@?MX9rw5nEn zUkeEjydTbJNy;8VO?91|LM3)94-nKul}v~9*82L!&QV}WVRc?!piS=!FsS4P0CU}M z*gx^^p(6(m?%Q`QW?;`-A21(1d1TMx6&v23BgD~%_)TfidZ9l-;&c@%R#Php^I z5ldSijVDPq2@6~S?q~(@YM6EFuJHZ|?905UkT|Pyu7G3ThHzjvTpe1!?%3YUP z7A}ozpQ-m1;1lEXbL;-2dk>!*Egw4l(XaCQK8KCv8!i3=p(5(xk3S^&f9;)jKvP#6 z#-AkYr7}cR1P6-Zo+$3UN8PKgy7%6qb&J+jweD>lt=3(w3$1(9y%iA<6a-|Ckmvg& zfeeBsk_5x&`3r9Dx%Zy@a?g0r`#x{UwPf0nGrH+QSq-nW2bfmTTD%IiqxR$PvF7i| zOMYe>N%AnR?-m9tUTTsklw?l}+0W=`6+6^^ z_08-?eA2@;!(w%4%qDxwUCgy8V{n7M@Lr7V11)1nvBOU!c>xni&IEdOHv2$wpiIv; z-frNCk`j{KY!-DuxeHy7S0oo^h>kIGqsZm%_w6K&i(iJ|sWxRFPLb0AtXhi8WVGF4 zlDvZ0O1dT0c>|(k=v$+^b0SuM7pq?*PAC{*X&` zX;IE$8_9maxTm5nAm;{bXrZsYvSq$;*&A z9Q`pkB6Ydw>34t{mmBEv6}P&Dxg;Zspgm`z-OX86(h2!&>?U~`%XYz!OexgD+Vc~+ z8Naf3C6a#9ph2bi^9gLHf?`=u*t@GsO#U5UR^^?b#aG$w-~hQpfXW!a#J&J3Mv+aeTAE>40?9y=^gwNr zWPrswQYo*Rw(G$EbAVz`yJ+oi6}9cM`Va2;Hm$#oB>j7r>J~%t@Q+hJlKjnDmM@Vv zP+Vyi^H`%qRNnz+S-RjWJPWnApFX=TTi>Sozxj%`eFvCjnSkp?(6(#>OnRJq0j|J- z+z)Vh(WG1p@OSmw`?(8X8-(OqfcMZd_XDgU2+XwrKUtSe%k=Xq?EyQO9U@a#kM~m=q$GR% zbqcV5ZU%S=`Gd3#}(%9B$l9tl*Ct|*lSU(X#|Hn#J$5c1QKkW0P1 zY)k;D_}d3FE5DnuS4*1T<~RU(XDh@irn(dt>k{Bl+{wKFp9|_}JqX5ImJ~CpE1vMW z1)S;$HgYrCtv2x{$&JpN6wX`)08XeB$rl*rYv$Pqbq-1`F_IPqN%Eyx?++$!2j+Re zpX811^HWH&8{X;?;7r`hy#UiH3AA43COS7EpZj1Rf5eQqYhL$Q$uWh0FZPe*D>Em> zu!9YjmCghwoWN2_Di%rlC<&79KTeU_fLuB}#u75R$qn+n9ndq4^d05Kh_?@md5}qQ|eN&K)yc7s^N% z8!a~l{Rb`Cb3f9_XB8$(cv&PBR7@>VF5a;SDX~|G+kPxOMv_0{c>IFIKk}ljJC~_c}JEv6F3NHUK_ETZR8tV>2Fj+ zdGd&VaE)Z}88W;+VD>mj)Py8?3-g$;`iU+9&c~x{0Q7@`Z6YdvE0V|1n9o(!up=z0 zk>oJEG&sPt`uJ1(S~5kB^nY*t6hp>u_(@e_IPBkZ@(%H$Jh9^2Rv8_)ht)hG{C)aF-DknQ?YNjR3^zGU-@gvme^g0 zbDjX^a7jrI_j(?}^T1Xe0(_|C3a4%9fU_jIz}ym;Gr?U7wG|^x1}dKym#;oa4##7| z1LPT$ea~;GY+0SELxACC9kcN)n`QDB5mEQdn%0$SmXz^jnD8g%^FCSiB*_`Ln*#tj z4XwUismkmEO!Fw84K09_CIVTq?N_E1sum;3fILt5MletLypO_ZBsn!_0E#Q&X08Ru zAIv^x&VjHqUMc{FyCoZ&-0S4^)Vord=$$x--^{P^d!M8g8)g9V0v0}~|% z0=Nv%vh$qxYr=Zs{a|mwZU#6wo=v`Hah|*{H_S`RVe}=*dALcA04^99U=Eavo^K5V z@QidG^7UnR1HjVa7|GLl;UXADGI+AeCcs~1Z;<4?+F^`ygi~nl2RIui4FoXUWI=Wx z_STrb(zp28q^>K~_b1Z5iuZA3N_UUb%>4l8%Yy6m4^ZOikz&xMiM3a=))t^bRLRF5 zl$Y^gyS8U!c1qs%ntXZf?DY@2Z{=7`_vx}98`1wO?OO&c8UYOK+HOH4NnUPTV0;wG zwAAF}_&As1imR?C#Q}IvzRR^W!+8r0BqIR8W~$Ep(+6v6bjm)!{b~ZYjRIh5>br0; znQr&$0ia4CdEUyb0$Sdk*|A({H@D_o3I*|xxH1^Bb%ZtY1oyxzhL^FrZB>2R8sE}b zq3cKPX!6le0N)CF8zaEDwq=Sy=sqco_gxN>3>3Dzy99L^QPBDx&rk0KKv>*k7MClE ze~iZrl2KbQ#=BG+xf=@|{vsLfP(#;`T+1!RPyo})*niSD0r9m|T?34%hNgo@x5N)T zhCL*A<2KnFS7%5qje$oV6!b_GlXG3<-(*rD7wK+zF-NPJBwq_BJ1>n3`uM4;ZGvta zoK~`=q1J)q_{<6mx-RGKBXtds7fgdm*6hKRCT~douyxJ*+#CWT2IW znR(uZXCYOL9VmRt$@!B=CJtAyG)=@mB*ThTPAt)c94ZWqx7?I6#T0Gd>A1mvVwV8{ zz7Y)6Gr+n&)H%R+f^nf2!`7LUblyPn1(t+H#4@pfXJQ1&ZMemOvRuCb3Ts6(x4&Qh zQ!4Kh_7grnjn({Uv4*_f4DLFPFc^iW1_a2O`Sl!VUE5vvU1+Fa6iKcGwv$iK${e0s z*iChO!;^VCrLn)Om?XQJ50Z~?n}q=KUnOst3Nea|mIgG;gQHI0L2+q^SVIC_giHDb z*f&qC&H+9~{Q#0DfbJ{m!d#Y7c@Em3P8T$bC70nX$^Xoh{L*fW`e}X;N&eOC=M+*r zR_Y_LymhoL+Z!aTOhW>EA=I-(|KdDxItTdH6(%i)j&>_t2{5TQw#q(|))?IKa7iZWZYY4PVHKp;294DNK)&ByLj*XVf4^u)04ZCp2lkI=tm2F* zqT@Kj=Ym{`-wX?I9=7PULG8=weiB2Hp|@{+;5SwzBztMP8>lOQAMzB5&}XB(8tDh% zH&`UeB+C~HH!MI-)T>BWl=XcU z#|Qt3G(5mHvMI3v0dk$HBbhGCev<&*1HALI@3hhV>${o!di)wm{tExSHNv=Sr2Ln- zw+R53!}P0V*tfR|{0$B;+1=u;-WoL3K2i4orvU(pR`=dlpax0yLy#{nu%a+yMJFkR zemmwmmVQqDWSD;QO+-`Ld&CEuyW-{`Qpt+1Jf2bk<- z@lj7LineS>-2;4`k*e}EHj@z+!+9FlSlmNywHt01Ptv)0wdN#w)$;7i1Gt!GkFu|s zT5y!U045f63eEw547{(e7Cq87&RHXXv3AWa-nGO2LIG# z1NN`su9;y{FBHZw!jP>jVLM04S*s$joG`@ee!aOXLCE zWFdvO{df3`>V_X#W&%kLgp&z?#-ki2pg(JTNz*>+!DB;AeT)I1cU|fMAUoOh?AZM^ zNk*FYelMIx9>!g|HkY4q1hzJ=!;{mBj3&wUR>f*|EQ4KVMZtq`#;5gXZ+UuvGf-&c zgYN*zK+&Ii0r+F_j6b{DH#QF;TZE1GXtGK|z9Y{t>&s`=9XDe5q z{1jSrILUDHMX^}H3j%m&dAqQ-K?Sg%^Q|mymedga zGaO~_m4oFvEmjb@5MYu=W9kVY85foL;K}8uGHnICxhWsY7F_)N&88@Rql_E{tk-O@ zG_`vLSFajv7C+2sfUkcYR@=K(zgg>E>jK~soYo&eeJondDkwWyZWM_$FvX|%ngV(A z7tALFdgtgmFl2-YP{gx{1zH<|_q}zr;{Vs4f5(qL=%Dy?(;+;VGXNtBTPa3+-UG51cQqb$Xh?t|M|_7gD^Xb1gGnAG zGxqRDGHFMre8T*d>WoVA0FbxaSu)wVu+-=sGX|(A-@a>vqnWOnkpJ`FLP`sCP@M|9 z$L0vYMasHO2~AMrOWl9UzDcup96fR`Rqf?mAL>qH5Ss39<8qZzO{jV1n53Zk98F_{%E6!Yp{lC;B zz|@K+5p09rhl1Y9wgAIT=945xpn(Y%@RM~TjuE^gImuGiqn*Vul9RE6q&mF8qUeqilfxqE+U|b zZ!*1$su>HW38OyqbR*SlcfL0(m1=l^Z-r&VnR|~jpQ$kdO%+yoN9}bLQ~0b(HfF0G=R%gR0wVl zDUTMZ^eV6B{?%Pnf`7skTiG4IXZ~e7)XRY`^d2(1Gya2lSywoYB1%C$hfFJqTuvGc z;7u&zP5|ae7h)X)ps=KN1(K}Um}P$8@cgm>3BW#xjJ2Idatlr{Ad_^r_*N|0q*!LV z!z1)&^si$kZ@KXBecY$Whx>=-w@^@lX{#nQD8}~38~}Jxo;)U_1PexIy#}r%R53C= zPTCC1*MP} znb(0at_2d}TrhaWppNz3?28un>a}L8qP?akj%2#b4UJuUbqR2-no#S9Sd!)Wv($Zd z4BHI_P~z2$e6S`Urbk6tzxNaaNuEZhmr=c(6F3i-qii5V!7jGeV|MvpzkY4K4dA|5 zOma8!soVT{Z(UDy`*|5w^0BB0$+saS#pIa-=q&$yb*8yHc@S%J0N@xk4#obTd7*}? zTdm&6@b=R?K(=s`a5<1SBLP%|v};=gSYZ$OY+5RJb{~5tg)L>PRan;ABIUNh{b#lJ z>YMShrZ>pkErokv(YRf8YwHdJYgcL4pyC3|Q5YhHmYLiLTjNR&0GxphnT}2Uj81ty z(|77-Ldy&W@Z?G|*{{CO`1HH zJu8ZBnO)6L}%U$MJhZ3pk zWk2g}xnuc9@>5uKF66vK*Z`~vC};5$*Z%<~$x zN_cUxB%h*%T5HaE;|9pt@VG3SW?$$D;d+v6gzGCZq&h?+_- zsNn#nRkBt|N*-1^pPER;m>*r72fgBTrL-*>1EWi-kptvFpyR^TGk@yn0W`WulBwl{ zp#y(S|2(Qjf0e=JfjeL|OS-y`-%?VW+`T%rh0ez~Wz$RvwcB|^P{bX@-v$Y4W&SL| zWhjjuVC*O->5QjvH(75IZfz6OHe-|ad6~gjq+F#U$_N1Oelvahy8#QCLjXTGS}U%? z1Iq}fs&VOzu&Fh7&SK19eeL zK@i?})T(wbczoN=D>01neVtPPle)m9&yE0+$tUYVuu1JnKV#bT z#=E>L@BzxIes)a{b5Mf={OAB!?NR=g7stsv&7(EPsiqzlj}>BH`qMT*rNPgA zxoKp^8f++_MTDo$-3nvRjIRs8vR@XS%Wu3yryHV3t(7DXpt#af{%&dWt2BOqPfP&- zJ^>j=+T!9TzStA;a6v~i%Lanp%`>MAn+KU?XA=Mv{*+??$<)7Y?cA27JA6~josUJ* zr9yH`RF_+kKCH3Kb{x_-0q{IpyPeE*%C51!YV8vq`~nw6;esS{9D zI*P>Pv59Vn%>m0Bi*qu3|>?lNo1z!Y_0IdgUO%7QnzPrjkh=FoEvY^3}te z&Op^ReTVd|0hIRDm+X~+0j|ZpL{}W=#)2^4OOiKCY@eJSziF_C5XjTi*DH^Asr+!+ zp;YMzCXr;IRh3j$1}tCY7{E{m0HxIDYx@a(IYfC4w5h5C0GM|^qrY#|zyNwq%SI^lJ7eK$mL&hdplGum=F2+mpm4!5?)WsQj z(l>)eSHfxwfs%i82Kr2Lc$7RV9~%52v#^C&c%<^BX^BLVqp^s!u_I>yJ~IV2lKjI_ zB?0>>3)2Bp%}WNTuQm~N8vzqDy44gT2Dk;cNcNHSHOno~ciXyo<2$*+!nIs|z|5x5 zmbC@@+#y5j0(R-Ml?v7o>@N-DUVyp00;jMX0eBpaf@36kGmp}2<&KMe9U!YLQKL}h zLsvj>F*kIf8*!iHMYzY2*DAqO7GoVW5GXvhp_%8p3zvEpn)&MFNGpguTcq#64S|1{ zsEuqLGMMZq|2Z2J;7{lwkiL3XT|~d$Id$gF%`=zwj;(4X7@r5oA|1j6Gz(`PyJ70w z)Qk_{KHMOgQUXV~(E?s_*U9tk0cZP~ZJhHCJ2Evt;5z@VeCD`zGlVn%X3Hp}NHI025t{T*CbHWrI(xrY#zE z=-GXg2NwPY*I9oAN&8CxUFEC!-%&YInr&tW8sq|ik=6%E@~H_>NY$exX;nd()-yrT zS*p%nfmTT0e!C?Vp=qy)f0wQSJ{C+5!vLj2(f@^PHR*N|)k4x6v32PZH<-_tbstZy z3Opxy8$%iEuEsam=m5spNPoe7DohQ@{Ao}xpwPn1#_CV`kzY0=y@!etl7V@xpBNnA z7VH#TDQV!`a0XE2M82X*#-Yd!l&e2uz4NPlh>esjPHP1qKR8EZ=1at{xln)NcI?|;i zJE*+A#t2YS&iV7Hh}43Wc-f{qrrnhJ>!p-e<8`lJfN>5sku23y;YhHk*|i8z z3j(#$Vm|}uDEqq)?n!6U9gQB~q|e3FX;2P9CWR=e^ToY+9Rpl}HKey+Z9pIm+ku8PHmGU>ZduHbgodaxadp|Tl+EstZ6EYO_cP3+r!dl}0VcQu4gp_ZKe@i*rcIij$H1}JORjGGE6MW3pPXIR*#*4{RnuM~ zvM(~C>Lfnap~ejG918bEtFN!WKFeJ3V=s#td*ShOmytdBigpA7Hh?0KOIUX3}jdpJ{?<^42dT=i={1!pGWP=Q)}vytO}= zM;I}{F4)fV$p5u@twZggg)t+$05{=eqPIEhtt|dwpvxc$+0NoqJMH%r?m$sb=7AdF z2BQI(QlelyIZ8DIP~&nI0^|)g6u@Sp4eo6X7ofKZLf1cDQcYU zaMEZ2UP614@AFppO23}Ds9i&Iv7BrIOm=ln;KJghzm-QGkzeiJd@h%P$foQ0hvIp%A<3)*1i3`{o=z#vggNpw>$@~=EgT+-f3jAtKEBz>jvAI zg-~1tmvaNa<^?kRkOqk!X2(DLSdK()TwEaDk%xmY>%4rJX1*jcwhnVfI~} z1N=`Y6OkNb^HIYpm*5&fk_m;&89%`KHVRrBuS~V|GjEyBBS2NU*-!xcrdy@2;5QAc zOiAB~@D*G$c7Rc~EfxQ5YxhyB>VZ}wnO1LF=~CjH0GLuZJ?}%3eIpIcFeTGij| zmE1M4=LMQthbX+jXN(%)Cp%Rk_a3U+uAeLZu$RAeaduq|570k7vW+B1LKF4KBdD)9 zgbp@pfSaM3GyWPpG}o}5t>jMH&ML~_04FMLVqW}AmM_Icgo4U)nwMjYF$1htIFlz+ z6ZNSx)Q%>#u|?tEzdn<9N>2b|3n*sVNiA#o?8~EOHKpnDH24`Yz$;$W$Qt# zvt{^~s*J~MrT+u0izOH&iee)L z_@{DwKzd2?((E^R0X0=x9^>eA-;e;8sU{G7DyaH}DtpmV^-!aX945vFu(A0)wa1s5 zJkX?i+SMS{L!&XmkO1pIB{#REqS+TTLx#)kXzAs5luI#6fKLR&)PL~dx39hAt1l*` z)g{0eW>%_8fT>vX*(xbsqD(*9=mNSHoiq@@{@AMXYaRK(Yree6G&M%sFVt4>s0e#t1M+iVgw30Wy!(i$8zK z4|~*^J{#+}FZvEpvsGX}HMZB+6@sR0hqWK%ZHxCe`dtpMdL-Et^fc407*qoM6N<$f}mi&v;Y7A literal 0 HcmV?d00001