RSA Conference 2011                                                            Security intelligence       Prinya Hom-Anek...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                     Security intellige...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                     Security intellige...
RSA Conference 2011                     Security intelligence                      APT in the news
RSA Conference 2011                                    Security intelligence                      APT - NASDAQ ATTACK     ...
RSA Conference 2011                                                                                                 Securi...
RSA Conference 2011                 Security intelligence                      ZEUS BOTNET                                ...
RSA Conference 2011                 Security intelligence                      ZEUS BOTNET                                ...
RSA Conference 2011                   Security intelligence                      SpyEye BOTNET
RSA Conference 2011                   Security intelligence                      SpyEye BOTNET
RSA Conference 2011                   Security intelligence                      SpyEye BOTNET
RSA Conference 2011                     Security intelligence        SpyEye BOTNET – Credit Card Grabber
RSA Conference 2011                         Security intelligence                      Zeus BOTNET Tracker
RSA Conference 2011                           Security intelligence                      SpyEye BOTNET Tracker
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                            Security intelligence                      STUXNET – SCADA ATTACK          ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                         Security intelligence                      ปลอดภ ัยแน่นอน !!!!
RSA Conference 2011                                                                              Security intelligence    ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                              Security ...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                                  Secur...
RSA Conference 2011                                                                                                      S...
RSA Conference 2011                                                                                   Security intelligenc...
RSA Conference 2011                                                                                          Security inte...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                    Security intelligen...
RSA Conference 2011                                                                                  Security intelligence...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                 Security intelligence ...
RSA Conference 2011                                                                                Security intelligence  ...
RSA Conference 2011                           Security intelligence       Web : http://www.acisonline.net       Email : pr...
Upcoming SlideShare
Loading in …5
×

Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันที่ 24 กุมภาพันธ์ 2554

853 views

Published on

Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันที่ 24 กุมภาพันธ์ 2554

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Presentation : CIO challenges by AJ.Prinya ในงานสัมมนาผู้บริหารไอที เมื่อวันที่ 24 กุมภาพันธ์ 2554

  1. 1. RSA Conference 2011 Security intelligence Prinya Hom-Anek CGEIT, CISSP, CSSLP, CISA, CISM, SSCP, SANS GIAC GCFW, ITIL Expert, CompTIA Security+, IRCA: ISMS Lead Auditor, BCMS Auditor (ISC)2 Asian Advisory Board; ISACA Thailand Committee, Thailand Information Security Association (TISA) Committee, ACIS Professional Center Co., Ltd. , President and Founder
  2. 2. RSA Conference 2011 Security intelligence Agenda Introduction Social Networks Security Update Malware Security Update Mobile Devices and Smart phones Security Update Secure Software Development Security Update © Copyright, ACIS Professional Center Company Limited, All rights reserved 2
  3. 3. RSA Conference 2011 Security intelligence RSA CONFERENCE © Copyright, ACIS Professional Center Company Limited, All rights reserved 3
  4. 4. RSA Conference 2011 Security intelligence The previous RSA Conference Theme © Copyright, ACIS Professional Center Company Limited, All rights reserved 4
  5. 5. RSA Conference 2011 Security intelligence RSA Conference 2011 (ISC)2 member reception © Copyright, ACIS Professional Center Company Limited, All rights reserved 5
  6. 6. RSA Conference 2011 Security intelligence Conference Theme Rivest used fictitious placeholder names to explain the RSA encryption method and the many steps involved in the complex system. Alice & Bob were born to make the subject matter easier to grasp – replacing Person A and Person B. Bruce Schneier, author of Applied Cryptography and another forefather of information security, introduced a host of other characters to make technical topics more understandable. This cast of friends and enemies – including Eve the Eavesdropper, Mallory the Malicious Attacker and Walter the Warden, among others – populate Alice & Bobs universe and evolved into common parlance in cryptography and computer security. © Copyright, ACIS Professional Center Company Limited, All rights reserved 6
  7. 7. RSA Conference 2011 Security intelligence Example of an "Alice and Bob" analogy used in cryptography © Copyright, ACIS Professional Center Company Limited, All rights reserved 7
  8. 8. RSA Conference 2011 Security intelligence Example of an "Alice and Bob" analogy used in cryptographic hashing © Copyright, ACIS Professional Center Company Limited, All rights reserved 8
  9. 9. RSA Conference 2011 Security intelligence SOCIAL NETWORKS SECURITY © Copyright, ACIS Professional Center Company Limited, All rights reserved 9
  10. 10. RSA Conference 2011 Security intelligence Social Networks Survey © Copyright, ACIS Professional Center Company Limited, All rights reserved 10
  11. 11. RSA Conference 2011 Security intelligence Social Engineering Techniques on Social Networks One of the more common types of attack hitting users is “clickjacking”, also called “UI redressing” These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different. Often sharing or “liking” the content in question sends the attack out to contacts through newsfeeds and status updates, propagating the scam. Clickjacking attacks not only spread social networking link- spam, they also regularly carry out other actions such as granting access to valuable personal information and even making purchases. © Copyright, ACIS Professional Center Company Limited, All rights reserved 11
  12. 12. RSA Conference 2011 Security intelligence Example of Clickjacking © Copyright, ACIS Professional Center Company Limited, All rights reserved 12
  13. 13. RSA Conference 2011 Security intelligence How Clickjacking works? © Copyright, ACIS Professional Center Company Limited, All rights reserved 13
  14. 14. RSA Conference 2011 Security intelligence How to Avoid From Social Engineering Techniques on Social Network? 1. If something sounds too good to be true, it probably is. 2. Ask yourself—why would you be singled out for a windfall or other special treatment out of the millions of other Internet users. If you can’t find a good reason, it’s probably a scam. 3. Don’t believe everything you read. 4. Be patient. Too many users end up the victims of Internet crime because they do not stop to think, but instead act on impulse clicking on a “sexy” link or an interesting looking attachment without thinking of the possible consequences. © Copyright, ACIS Professional Center Company Limited, All rights reserved 14
  15. 15. RSA Conference 2011 Security intelligence How to Avoid From Social Engineering Techniques on Social Network? (Cont.) 5. Never provide your personal information or information about your company/organization. 6. Double-check the URLs of websites you visit. Some phishing websites look identical to the actual site, but the URL may be subtly different. 7. Be cautious about sending sensitive information over the Internet if you’re not confident about the security of the website. 8. Be suspicious of unsolicited phone calls and emails that ask for information about your employees or other information. It could be a scammer calling. © Copyright, ACIS Professional Center Company Limited, All rights reserved 15
  16. 16. RSA Conference 2011 Security intelligence Applications Facebook has a major problem in the form of its app system. Any user can create an application, with a wide range of powers to interact with data stored on user pages and cross-site messaging systems, and these applications, like survey scams, can then be installed and run on any users’ page. To combat this serious problem, a “walled garden” approach may be more suitable. This refers to a closed or exclusive set of information services provided for users, in contrast to allowing open access to applications and content. © Copyright, ACIS Professional Center Company Limited, All rights reserved 16
  17. 17. RSA Conference 2011 Security intelligence Privacy Setting Facebook comes under regular criticism for its provision, implementation and explanation of user privacy features. Directions for setting privacy preferences are vague and unclear—if and when they’re provided. Plus, once uploaded, information and content may be difficult or impossible to remove. © Copyright, ACIS Professional Center Company Limited, All rights reserved 17
  18. 18. RSA Conference 2011 Security intelligence Types of Personal Data Likes: a person, band, movie, web page, or any other entity represented in Facebooks social graph that has a "like" button. "Likes" started with status updates, but have now grown to encompass pretty much everything. Name, Picture, Gender, Birthday, Contact Info: self- explanatory Extended Profile Data: Your family members, city, place of birth, religious views, favorite authors, schools attended -- anything that is an entity you can list a relationship to in your profile. Friends: The people youve added to friends. Networks: The personal networks youve set up on Facebook (e.g. colleges & universities or companies). Wall posts & Photos: Self-explanatory. © Copyright, ACIS Professional Center Company Limited, All rights reserved 18
  19. 19. RSA Conference 2011 Security intelligence MALWARE © Copyright, ACIS Professional Center Company Limited, All rights reserved 19
  20. 20. RSA Conference 2011 Security intelligence Target Software Cybercriminals tend to target Microsoft, because its Office and Internet Explorer solutions are ubiquitous. Many users view this software as an integral part of the Windows platform, rather than separate software that may need a separate regime of updating and patching. Lately, cybercrooks targeted Adobe to enable malware distribution, as its PDF Reader and Flash player are also widely, if not universally, installed. PDF exploits became ever more widespread, and new vulnerabilities in Reader emerged regularly. Maliciously-crafted PDFs are placed on websites or mailed out in spam runs, hoping that they will be opened in vulnerable Reader software and their payloads will be given free rein to infect systems. © Copyright, ACIS Professional Center Company Limited, All rights reserved 20
  21. 21. RSA Conference 2011 Security intelligence Top 10 Vulnerable Vendors © Copyright, ACIS Professional Center Company Limited, All rights reserved 21
  22. 22. RSA Conference 2011 Security intelligence Best and worst patchers © Copyright, ACIS Professional Center Company Limited, All rights reserved 22
  23. 23. RSA Conference 2011 Security intelligence Exploit effort versus potential reward matrix © Copyright, ACIS Professional Center Company Limited, All rights reserved 23
  24. 24. RSA Conference 2011 Security intelligence Advanced Persistent Threat (APT) Increasingly sophisticated cyber attacks by hostile organizations with the goal of: Gaining access to defense, financial and other targeted information from governments, corporations and individuals. Maintaining a foothold in these environments to enable future use and control. Modifying data to disrupt performance in their targets. © Copyright, ACIS Professional Center Company Limited, All rights reserved 24
  25. 25. RSA Conference 2011 Security intelligence APT in the news
  26. 26. RSA Conference 2011 Security intelligence APT - NASDAQ ATTACK The Attacker were persisting within NASDAQ’ Directors Desk servers for over 12 months 25-Feb-11 26
  27. 27. RSA Conference 2011 Security intelligence Malware Evolution Sophistication SpyEye Zeus High Man in the SilentBanker Man in the Browser Middle Smishing Trojan/Virus Vishing SpywareMedium Phishing Fake Web Sites Mouselogging Screen Capture Keylogging Low 2002 2003 2004 2005 2006 2007 2008 2009 2010
  28. 28. RSA Conference 2011 Security intelligence ZEUS BOTNET 28
  29. 29. RSA Conference 2011 Security intelligence ZEUS BOTNET 29
  30. 30. RSA Conference 2011 Security intelligence SpyEye BOTNET
  31. 31. RSA Conference 2011 Security intelligence SpyEye BOTNET
  32. 32. RSA Conference 2011 Security intelligence SpyEye BOTNET
  33. 33. RSA Conference 2011 Security intelligence SpyEye BOTNET – Credit Card Grabber
  34. 34. RSA Conference 2011 Security intelligence Zeus BOTNET Tracker
  35. 35. RSA Conference 2011 Security intelligence SpyEye BOTNET Tracker
  36. 36. RSA Conference 2011 Security intelligence Top ten countries hosting malware © Copyright, ACIS Professional Center Company Limited, All rights reserved 36
  37. 37. RSA Conference 2011 Security intelligence Top malware spreading via email attachment © Copyright, ACIS Professional Center Company Limited, All rights reserved 37
  38. 38. RSA Conference 2011 Security intelligence Stuxnet Stuxnet is a Windows computer worm discovered in July 2010 that targets industrial software and equipment. The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Supervisory Control And Data Acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. Some of Iran’s sensitive nuclear program computers were reportedly affected by it. A report issued by the Congressional Research Service (CRS) claims that Stuxnet could hit the U.S. as well. The so-called military-grade malware may have been an advanced threat, showing a number of flaws in many layers of security processes. © Copyright, ACIS Professional Center Company Limited, All rights reserved 38
  39. 39. RSA Conference 2011 Security intelligence STUXNET – SCADA ATTACK 39
  40. 40. RSA Conference 2011 Security intelligence © Copyright, ACIS Professional Center Company Limited, All rights reserved 40
  41. 41. RSA Conference 2011 Security intelligence MOBILE DEVICES AND SMARTPHONES © Copyright, ACIS Professional Center Company Limited, All rights reserved 41
  42. 42. RSA Conference 2011 Security intelligence Mobile Devices and Smartphones According to Gartner analysts, one in six people will have access to a high-tech mobile device by the end of 2010. In the last few years, we’ve witnessed a radical change in the way we access and use the Internet. The rapid upswing in sophistication of mobile technology resulted in a swift change in the way we provide mobile content and interact with it. However, this change brings with it a wealth of new problems for security. In our new, always-connected age, maintaining the integrity and privacy of networks, business data and personal information is increasingly important and difficult. © Copyright, ACIS Professional Center Company Limited, All rights reserved 42
  43. 43. RSA Conference 2011 Security intelligence iPhone Hackers released the source code for potential iPhone spyware to the Internet (this also affected BlackBerry). iPhone smartphone users into joining a mobile botnet by spreading a seemingly innocuous weather application. The majority of security issues continue to focus on jailbroken devices, where the mobile security settings are unlocked to get more functionality. Users continue to jailbreak their devices in droves, tempted by the possibility of installing applications not approved by the company. When iPhones are plugged in to home or company computers or are set up on unapproved wireless networks to provide phone connectivity, threats are transferred from the iPhone to more vulnerable systems and networks. You can use a blend of policies and technologies to keep your network and machines safe. “Acceptable use” policies can attempt to control what users plug into company devices. © Copyright, ACIS Professional Center Company Limited, All rights reserved 43
  44. 44. RSA Conference 2011 Security intelligence Android Google’s Android tried to keep pace with the iPhone in terms of functionality, and as devices diversify, the Android user base continues to grow. Google found and removed banking malware from the site when a wallpaper application gathered information on over 1 million Android users. Android phones represent a considerable exposure point, but again one that relies heavily on social engineering to lure users into installing rogue or malicious applications that give the bad guys access to their phones. © Copyright, ACIS Professional Center Company Limited, All rights reserved 44
  45. 45. RSA Conference 2011 Security intelligence BlackBerry BlackBerry is still the device of choice in corporate environments. The BlackBerry security-built-in model is fairly successful so far, although potential spyware applications have been introduced. Most new developments—if anything—weaken that security model, with several nations pressuring RIM to slacken their policy of transporting all data through their central servers in strongly encrypted form, preventing government snooping on traffic. © Copyright, ACIS Professional Center Company Limited, All rights reserved 45
  46. 46. RSA Conference 2011 Security intelligence ปลอดภ ัยแน่นอน !!!!
  47. 47. RSA Conference 2011 Security intelligence Attacks Using Internet Marketing Techniques The search engine is our gateway to the web, and cybercrooks are skilled at manipulating search results from the engines such as Google, Bing and Yahoo! to lure victims to their malicious pages. These pages host security risks and browser exploits just waiting to infect users who are directed to these sites. Legitimate Search Engine Optimization (SEO) techniques are regularly used as marketing tools, but when SEO is abused by the bad guys, and supplemented by more devious methods, it’s known as Black Hat SEO. With Black Hat SEO attacks—known as “SEO poisoning”—search engine results are poisoned to drive user traffic to the rogue site. Google reported that up to 1.3% of their search results are infected. © Copyright, ACIS Professional Center Company Limited, All rights reserved 47
  48. 48. RSA Conference 2011 Security intelligence SECURE SOFTWARE DEVELOPMENT © Copyright, ACIS Professional Center Company Limited, All rights reserved 48
  49. 49. RSA Conference 2011 Security intelligence Trusted Software Security profile for trusted software in the context of software assurance includes the following: Protection against confidentiality, integrity, and availability threats Assurance that authentication cannot be circumvented Validation of authorization credentials before access to resources are granted Effective implementation of auditing functionality for business-critical and administrative transactions Management of Sessions, Exceptions, and Configuration parameters. © Copyright, ACIS Professional Center Company Limited, All rights reserved 49
  50. 50. RSA Conference 2011 Security intelligence Software Security Profile Confidentiality Integrity Availability Authentication Authorization Auditing Session Exceptions Configuration Management Management Management © Copyright, ACIS Professional Center Company Limited, All rights reserved 50
  51. 51. RSA Conference 2011 Security intelligence Threats that Impact Trust There are several threats to software that can impact one’s level of confidence or trust in it. These threat agents take advantage of vulnerabilities in software and may be human or non-human. © Copyright, ACIS Professional Center Company Limited, All rights reserved 51
  52. 52. RSA Conference 2011 Security intelligence Software Threat Agents Categorization Software Threat Agents Non-Human Human User Error Hacker Malware (Accidental) (Intentional) © Copyright, ACIS Professional Center Company Limited, All rights reserved 52
  53. 53. RSA Conference 2011 Security intelligence Types of Malware Malware Proliferative Stealthware Viruses & Spyware & Rootkits Trojans Worms Adware © Copyright, ACIS Professional Center Company Limited, All rights reserved 53
  54. 54. RSA Conference 2011 Security intelligence Types of Malware (cont.) Proliferative Malware Proliferative malware includes malicious software programs that, upon exploiting weaknesses in networks, hosts, and software applications, aim at propagating their malicious operations to other networks, hosts, and software applications connected to the victim. Viruses and worms are the most common form of proliferative malware. Stealthware Stealthware includes malicious software programs such as spyware and adware, Trojans, and rootkits that remain hidden and operate often without the consent or knowledge of the victimized system or user. © Copyright, ACIS Professional Center Company Limited, All rights reserved 54
  55. 55. RSA Conference 2011 Security intelligence Types of Embedded CodeBackdoors Embedded Backdoors are code constructs embedded in Code code to allow programmers to bypass security mechanisms.Logic bombs Maintenance Hook/ Logic Bomb Like backdoors, logic bombs are also embedded Backdoor code constructs that remain dormant in code and are executed when specific events and/or time conditions are met. © Copyright, ACIS Professional Center Company Limited, All rights reserved 55
  56. 56. RSA Conference 2011 Security intelligence Trusted Software Characteristics Functions as expected (reliable) Ensures security policy (resilient) Is fault-tolerant and robust (recoverable) Maintains confidentiality, integrity, and availability of software and the data it handles Prevents circumvention of authentication Handles sessions, configurations, and and access control checks exceptions securely Is deployed on host systems that are Ensures protection against proliferative adequately hardened malware (viruses and worms) Defends against malware that causes Ensures protection against harmful disclosure and destruction (spyware and malware that is purported as benign adware) (Trojans) Does not allow privilege escalation from Is deployed/released without any user land to kernel land (rootkits) maintenance hooks (backdoors) Ensures that there are no embedded Anti-tampering (obfuscation) and code security threats that can be authenticity (signed code) controls are conditionally triggered (logic bombs) present Tested, validated, and verified for software security by the organization or by an independent third party. © Copyright, ACIS Professional Center Company Limited, All rights reserved 56
  57. 57. RSA Conference 2011 Security intelligence RSA Conference Highlight Application and Development Security Best Practices from the Front Lines: The Fight for Secure Software Software Security: The Big Picture Stop Exposing Yourself: Principles of Attack Surface Analysis and Reduction The Evolution of Software Security Assurance and its Relevance Today Innovation in Application Security Intelligence on the Intractable Problem of Insecure Software Agile Development, Security Fail Strategies for Security in Software QA Dont Teach Developers Security Planned vs. Agile for Security Software Development © Copyright, ACIS Professional Center Company Limited, All rights reserved 57
  58. 58. RSA Conference 2011 Security intelligence RSA Conference Highlight (Cont.) Cloud Computing Security Put a SOC in it: Operationalizing Security in a SaaS Environment Securing Cloud Access – Beyond Enterprise IA&M Cloud Investigations and Forensics Hacking Exposed - Exploiting the Cloud and Virtual Machines © Copyright, ACIS Professional Center Company Limited, All rights reserved 58
  59. 59. RSA Conference 2011 Security intelligence RSA Conference Highlight (Cont.) Social Networks Security Social Engineering in a Social Media World: Risk, Liability, and Control Blocking Social Media Is So 2010 - How to Embrace the Social Web Safely Is Social Networking Making Your Network Insecure? Proactively Tackling Social Networking and Data Security The Dark Side: Measuring and Analyzing Malicious Activity on Twitter Social Engineering in a Social Media World: Risk, Liability, and Control © Copyright, ACIS Professional Center Company Limited, All rights reserved 59
  60. 60. RSA Conference 2011 Security intelligence RSA Conference Highlight (Cont.) Mobile Security Are Mobile Security Threats Real? A Panel of Mobile Experts Weigh In... Why You Cant Trust Your Mobile Network Trends in Mobile Authentication and Fraud Deterrence Mobile Security: What Perimeter? What Defense? The Big Picture Never Say "Mobile Cloud Leak“ Mobile Security the Ugly Truth There’s an App for That: What the Mobile App Explosion Means for Security © Copyright, ACIS Professional Center Company Limited, All rights reserved 60
  61. 61. RSA Conference 2011 Security intelligence RSA Conference Highlight (Cont.) APT (Advanced Persistent Threats) Cyber War: How We Learned to Stop Worrying and Love the Cyber Bomb Advanced Persistent Threats: War Stories from the Front Lines Hypebusters: The Advanced Persistent Threat and You Bring Your Doctor Masks: Live Zeus Trojan Dissection © Copyright, ACIS Professional Center Company Limited, All rights reserved 61
  62. 62. RSA Conference 2011 Security intelligence RSA Conference Highlight (Cont.) Technical Security Databases Under Attack - Securing Heterogeneous Database Infrastructures Seven Steps to Protecting Databases The Death of Signature-Based AV Cutting-Edge Hacking Techniques © Copyright, ACIS Professional Center Company Limited, All rights reserved 62
  63. 63. RSA Conference 2011 Security intelligence Ref: http://www.rsaconference.com/ © Copyright, ACIS Professional Center Company Limited, All rights reserved 63
  64. 64. RSA Conference 2011 Security intelligence Web : http://www.acisonline.net Email : prinya@acisonline.net Twitter : www.twitter.com/prinyaacis Facebook : www.facebook.com/prinyah

×