back to article Intel ME controller chip has secret kill switch

Security researchers at London-based Positive Technologies have identified an undocumented configuration setting that disables Intel Management Engine 11, a CPU control mechanism that has been described as a security risk. Intel's ME consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction …

  1. jake Silver badge

    The mind absolutely boggles.

    Do TheIdiotsInCharge not get it? Security by obscurity has never worked.

    With the sheer number of people looking at these things, you can't keep anything baked into widely available hardware secret anymore. It just can't be done. Why do they keep trying?

    How does that old saw go ... "One sign of insanity is doing the same thing over and over again, each time expecting a different result" ... By this metric, either the chip manufacturers or their government handlers are clinically insane. Or both. I'm not sure which option worries me more.

    1. bazza Silver badge

      Re: The mind absolutely boggles.

      It kinda cuts both ways.

      Intel build in a ME, don't properly tell anyone about it or what it can do, cock it up badly, and we're all left with machines we're wondering whether we can trust or not. And unbeknownst to us (until now), to placate some TLA there's a way of turning it off.

      On the other hand there's a bunch TLAs somewhere who have presumably set this mysterious bit in some config file who are perhaps more vulnerable than they anticipated. It turns out that a simple config change can turn the whole damned thing back on again. So they're asking themselves, did our techs really get the config right, and is the config still right?

      I don't think Intel have done anyone at all any favours whatsoever.

    2. fajensen
      Headmaster

      Re: The mind absolutely boggles.

      Why do they keep trying?

      They are not very smart, and, even while funded by enough black-budget money to run several EU states with, the instigators still have to do Internal Procurement!

      The Smart, Defense-y, Thing to do would be to have special bug-free silicon made all for themselves - of course this means that someone has to sign for a minimum order of at least one wafer at the time ... AKA - a lot of CPU's. Probably it was "cheaper" relative to procurement limits and such to go COTS and let everyone have the "Secret Bit"?

      1. Anonymous Coward
        Anonymous Coward

        Re: The mind absolutely boggles.

        The minimum order size is one hell of a lot more than one wafer. The mask set for a modern CPU is probably $50 million, so that "one wafer" order that netted you say 500 chips at Intel's current sizes would mean they cost $100K each just for the mask set. Costs even more than that to design the thing (especially if it is from scratch) and verify it, port the toolchain, and so forth.

        Its not practical for even the NSA to design their own chips. Yes, they have unlimited funds, but not unlimited manpower and time.

        1. Cynic_999

          Re: The mind absolutely boggles.

          "

          The mask set for a modern CPU is probably $50 million

          "

          But it would not require a different mask set.

          Putting a different 64 bit hard-wired serial number onto every individual chip does not require a new mask set for every wafer.

          To produce a variant that enables or disables one bit in a register could be achieved at the packaging stage (strapping a chip pad high or low at bonding time), or blowing a fusible link on the chip post-packaging.

          Very complex variations to a chip's functionality is often achieved by changing the relatively coarse (=cheap) mask of just a single metal layer. This can for example determine the data in the chip's internal program ROM (firmware) which can give versions of what is otherwise an identical chip radically different behaviours, or it could be the interconnect between non-dedicated gates to make a custom gate-array ASIC. Wafers without the final metal layer can be tested & stored until needed, and then the final metal layer put on after an order has been received.

          1. Anonymous Coward
            Anonymous Coward

            @Cynic_999

            I was taking the 'NSA making their own chips' to mean they'd design and make their own x86 compatible CPUs to be sure there's no backdoor. Having a way to disable ME is fine, but what if there are backdoors to enable a way to get to ring 0 from user mode via a certain instruction sequence? OK, if such a backdoor really existed the NSA probably put it there, but what if Intel were infiltrated by the Chinese and someone managed to put something like that in the instruction decoder? That's where I was thinking as far as having them roll their own secure CPU.

          2. Anonymous Coward
            Anonymous Coward

            Re: The mind absolutely boggles.

            And if you look at the contents of ark.intel.com, Intel are masters at either product differentiation or obfuscation depending on your point of view.

          3. Anonymous Coward
            Anonymous Coward

            Re: The mind absolutely boggles.

            486SX, 487 CoPro and 486DX being a case in point, it's barely more difficult to design a chip that can have features permanently disabled before encapsulation to give you a 'range' to sell from, it would be no more difficult to do that and offer chips that have MEP disabled in hardware if there was a market (which there obviously is) but it's simpler to have it configurable by integrators (an undocumented jumper or cuttable PCB trace on the board perhaps) or even software houses because that means you can sell commodity hardware as 'secure' so costs are rock bottom.

            1. Alan Brown Silver badge

              Re: The mind absolutely boggles.

              "486SX, 487 CoPro and 486DX being a case in point"

              As with many things, the seeming "deliberate disabling of parts of the chip" wasn't actually the case and it was actually a case of extreme binning.

              Yes, sections of the CPU were disabled, but the reason they were disabled is that they FAILED testing - disabling the CoPro enabled Intel to sell a CPU which in other circumstances would have been a dead loss. Once yields rose to "better" values 486sx CPUs became a very rare beast indeed - because there's no added value in zapping a perfectly functional copro and selling the results at a knockdown price.

              AMD are doing exactly the same thing now with their various RyZEN CPUs. Those lower-end chips with disabled CPUs onboard are sold that way because not all the CPUs passed testing.

              The ME's existence and functionality has been documented for years - what's NOT documented is that it's there on the non vPRO chipsets too (just disabled - supposedly). Because the code and internals have always been a secret, we've always been a little suspicious of the things - to the point where we watch for network activity on the ports it uses.

        2. Anonymous Coward
          Anonymous Coward

          Re: The mind absolutely boggles.

          50 million? 500 million? For the masks to make computers that may actually be moderately secure?

          Cheap at the price, given what the secrets you are trying to protect cost.

        3. ChasTheOne

          Re: The mind absolutely boggles.

          They don't need unlimited manpower and time, only the right manpower and enough time, just like anyone else who designs silicon.

      2. TimeMaster T
        Mushroom

        Re: The mind absolutely boggles.

        "They are not very smart,"

        Never underestimate the intelligence of your opponent. The reason the TLA's keep doing this kind of BS is because they believe everyone else is too stupid to care or powerless to do anything about it.

        And sadly, they are for the most part correct.

    3. Sir Runcible Spoon
      Paris Hilton

      Re: The mind absolutely boggles.

      How does that old saw go ... "One sign of insanity is doing the same thing over and over again, each time expecting a different result"

      I said this to my wife yesterday whilst we were in the garden enjoying the Sun. She was trying to stand up a water bottle on sloping ground and it kept falling over (6 or 7 times). After uttering the above phrase she just looks at me and says 'it only has to work once'. At which point the bottle remained upright after being placed down.

      I had to concede that she was right and that I was speechless.

      1. Disk0
        Thumb Up

        Re: The mind absolutely boggles.

        'it only has to work once'

        ...I like that, it reflects the mindset of a spook agency trying to keep a lid on its operations. It doesn't neccesarily matter if the "killswitch/backdoor" is not configurable, or that it could be disabled by a technician - "it only has to work once", for example using software (that would only be installed on agency computers) that activates when the equipment is unplugged without an authorization code.

        Nobody else would really be affected. In theory.

        The terms "Liability" "Potential single point of failure" and "Critically compromised" seem more apropos...

      2. Charles 9

        Re: The mind absolutely boggles.

        The thing is, no one ever FINISHES the quote. There's a second part.

        Insanity is doing the same thing over and over and expecting a different result.

        Persistence is doing the same thing over and over and actually getting a different result.

        So, you see, it's only insane until something different happens. Then it becomes persistence...and praiseworthy.

        1. Sir Runcible Spoon

          Re: The mind absolutely boggles.

          @Charles 9 - Thanks for helping to restore some sanity and harmony to my household :)

      3. BinkyTheHorse
        Headmaster

        Re: The mind absolutely boggles.

        "I had to concede that she was right and that I was speechless."

        Nitpick - since there weren't any changes in Earth's gravitational field that we're aware of, your wife obviously tried a *different* way that time, otherwise the bottle would have fallen over as well.

        Not that it wasn't a good idea to concede, mind you...

        1. anonymous boring coward Silver badge

          Re: The mind absolutely boggles.

          since there weren't any changes in Earth's gravitational field that we're aware of, your wife obviously tried a *different* way that time

          Define "different". Or, more to the point, define "same". Exactly the "same"!

          Pretty hard.. The universe is ageing, if nothing else...

  2. Ole Juul

    Intel back doors

    Positive Technologies in its blog post acknowledged that it would be typical for government agencies to want to reduce the possibility of unauthorized access.

    I'm not too adverse to reducing unauthorized access myself. What gets me is that if Intel didn't advertise this as a feature, then they probably know a lot of people don't want it.

    1. TReko

      Re: Intel back doors

      AMD has a similar feature.

      Both are sold as a "central management" feature, but also probably have some backdoors included by a three letter agency.

    2. Mark 85
      Black Helicopters

      Re: Intel back doors

      This has all the smell of something done at the bidding of a TLA or FLA. If it's not advertised, someone doesn't want anyone else to know about it. So, who and why, becomes the question. If we're not supposed to know about this "feature" I'm assuming that it could prevent someone (say a TLA or FLA) from accessing the device. Or in the case of a TLA or FLA, it keeps their secrets? Or did I get it wrong?

      Icon.. yeah.. too much information lately on what the spooks have done makes me wonder how much more is out there.

      1. Anonymous Coward
        Anonymous Coward

        maybe it is for covering tracks/preventing access, after leaking the system's secrets.

        or enables controlled third party access.

        A feature for everyone that only one wants?

        Psst! All bears, there is the honeypot!

      2. Swarthy
        Headmaster

        Re: Intel back doors (@Mark 85)

        I hate to be pedantic (that's a lie, I quite enjoy it), but you used the wrong initialism for the Four Letter Agencies. the correct initialism is ETLA (Extended Three Letter Agency/Acronym) because it makes more sense that if TLAs have a three-letter acronym, then the ETLAs should have a four-letter acronym.

        1. Uffish

          Re: Pedantry

          Oh well done Sir! Pedantry like is welcome anytime.

    3. Voland's right hand Silver badge

      Re: Intel back doors

      I have alarm bells ringing when I read this.

      I suspect that it does not turn it OFF. It turns OFF "unauthorized access" and the possibility for access with proper "authority" by someone in possession of a magic key still stands.

  3. This post has been deleted by its author

  4. Chozo
    Big Brother

    Fool me once tovarisch

    In 1962, the CIA contracted the Xerox company to place a miniature camera inside the photocopier at the Soviet Union's embassy in Washington DC. A team of four Xerox engineers working in secret shoe-horned a modified home movie camera into the machine that triggered the device whenever a copy was made. In 1963, this was installed by a Xerox technician during a regular maintenance visit to the Soviet embassy. On subsequent visits the Xerox man retrieved and replaced the film.

    http://electricalstrategies.com/about/in-the-news/spies-in-the-xerox-machine/

    1. Anonymous Coward
      Anonymous Coward

      Re: Fool me once tovarisch

      Yeah, and in part because of that little stunt, nearly all imported photocopiers (the only kind that actually worked) in the Soviet Union until at least the mid-1980s ended up installed in Faraday cages. You also had to sign and account for everything either entering or leaving the copy room.

      On the balance, it was much less trouble to learn short-hand and just write down the gist of anything you wanted to have a copy of, than to actually copy it - so thanks a lot, господа шпионы.

      1. Anonymous Coward
        Anonymous Coward

        Re: Fool me once tovarisch

        Errr how would a Faraday cage stop a small camera built into the copier from stealing their secrets?

        1. Anonymous Coward
          Anonymous Coward

          Re: Fool me once tovarisch

          Errr how would a Faraday cage stop a small camera built into the copier from stealing their secrets?

          Are you asking for the security to actually make sense? What planet are you from?

        2. Charles 9

          Re: Fool me once tovarisch

          The cage prevented wireless transmissions, allowing the checkpoint to search for cameras and so on.

  5. John Smith 19 Gold badge
    WTF?

    So first with the "no password" management account (but) then remote turn off entirely.

    It's like every single home security, or CCTV system in the world had the same shutdown code on them. Handy should you want to break in somewhere and leave no evidence of what you look like.

    The first looked like they'd just cut 'n' pasted both the MIPS chip and its management code but this looks like someone added at least one register bit as well.

    BTW for those who remember "Back Orifice" was also described as a "remote management tool."

    1. anonymous boring coward Silver badge

      Re: So first with the "no password" management account (but) then remote turn off entirely.

      BTW for those who remember "Back Orifice" was also described as a "remote management tool."

      In fairness to those who minted the expression, it's pretty darn clear what it means. I always assumed it meant exactly what is says.

  6. bombastic bob Silver badge
    Big Brother

    I guess I know what architectures to avoid...

    self-explanatory

    1. scarletherring

      Re: I guess I know what architectures to avoid...

      > I guess I know what architectures to avoid...

      Well, yeah. But what remains?

      1. eldakka

        Re: I guess I know what architectures to avoid...

        >Well, yeah. But what remains?

        Abacus?

      2. Daniel 18

        Re: I guess I know what architectures to avoid...

        You could try ARM.

        Particularly when you can get them from scores of chip vendors, or with a big enough budget, fab your own..

        Add a carefully put together Linux, and you have the start of something with better chances of being/remaining secure.

    2. alain williams Silver badge

      Re: I guess I know what architectures to avoid...

      What would be far more useful is a list of architectures that I can trust.

      1. imanidiot Silver badge

        Re: I guess I know what architectures to avoid...

        @alain williams:

        Pretty much only Intel chips produced before circa 2008. Anything after that most likely contains some version of the ME. AMD chips started having something similar circa 2013.

        I doubt there is many chips out there that don't have a remote access vulnerability backed in.

        1. Alan Brown Silver badge

          Re: I guess I know what architectures to avoid...

          "Anything after that most likely contains some version of the ME"

          They've had the ME for a _lot_ longer than that. The venerable i815 chipset had it and that was released around 2000

      2. mythicalduck

        Re: I guess I know what architectures to avoid...

        It's probably not the "architecture" that you need to be trusting, rather the chips. I bet the pre-pentium chips are probably trustworthy. After all, the older back the chip design, the less likely that it was designed for "internet" usage.

        So really, what you want to look at is dusting off your old retro computers, and see if you can equip with with an Ethernet card :)

        1. jake Silver badge

          Re: I guess I know what architectures to avoid...

          I have a couple mid-1980s 386SX16s with NE2000 Ethernet cards connected to TehIntraWebTubes as I type. Yes, they are functional, and doing useful work.

          1. Down not across

            Re: I guess I know what architectures to avoid...

            I still have stack of various 3Com Etherlink III (3C509) cards as they were very well supported by just about anything and performed pretty well.

            You can also do stuff with them and a PIC18F452 :-)

      3. whitepines

        Re: I guess I know what architectures to avoid...

        ARM and OpenPOWER systems both come in versions that can be trusted, at least far more than x86 can. POWER9 is due out shortly and should give x86 a run for its money hardware-wise; it remains to be seen software-wise what the uptake will be.

        1. mathew42

          Re: I guess I know what architectures to avoid...

          > it remains to be seen software-wise what the uptake will be.

          For the target audience, the question is most likely to be 'how good is the linux build and compiler'?

          1. eldakka

            Re: I guess I know what architectures to avoid...

            Redhat support PPC with their RHEL Linux distribution. It's a full distribution so includes compilers (gcc) and most other common GNU/open source software (apache software etc.)

            IBM also release some of their enterprise software for Linux on PPC and AIX on PPC, Oracle database is available on AIX for PPC.

        2. WorBlux

          Re: I guess I know what architectures to avoid...

          The only open ARM platforms are fairly low-features, and lack proper a proper MMU that can enforce memory protections. (Anything with access to the DMA function, can access the entire memory space)

      4. Anonymous Coward
        Anonymous Coward

        Re: What would be far more useful is a list of architectures that I can trust.

        Here you go:

      5. Uffish

        Re: architectures that I can trust

        I believe that an abacus is fairly unhackable, that and an edible notebook should be sufficient for most requirements.

        1. imanidiot Silver badge

          Re: architectures that I can trust

          What do you mean? I can hack your abacus with something as simple as a ballpoint pen. Just poke the operator in the ribs and while he's not looking slide one of the beads over. Or just poke him hard enough so he shakes the thing.

          1. jake Silver badge

            Re: architectures that I can trust

            When I use my abacus, I can't turn my back on it for even a minute. If I do, one of the cats invariably uses it as a toy. The Wife says they aren't playing, they are plotting world domination, and I should keep the tools stowed when I'm not using them ...

  7. Destroy All Monsters Silver badge
    Windows

    "High Assurance Platform"

    That means someone is getting the "Low Assurance Platform".

    That's you.

    "You can't turn off the telescreen if not inner party member, prole!"

  8. Denarius
    Unhappy

    repeating it gain

    See Reflections on Trusting Trust Proceedings of ACM. Also explains why the Chinese were correct in their assumptions that western hardware was intrinsically insecure and created their own silicon.

    However it is known that their consumer phones also have interesting additions if run inside the Middle kingdom. Such as full remote control

    Now where was that 486 motherboard ?

    1. kuiash

      Re: repeating it gain

      Any irony there would be that "the West" would not trust the Chinese hardware for the same reasons... and they'd be right too...

      Sheesh.

  9. DagD

    To be fixed in the next patch

    "We are quite sure that Intel ME is unable to exit this mode because we have not found code capable of doing so in the RBE, KERNEL, and SYSLIB modules." (quote taken from original Positive Technologies post)

    count on an NSA patch to this oversight in future releases.

  10. Anonymous Coward
    Windows

    No, seriously!

    I expect the next release of Windows 10 will allow HAP to be disabled as one of MSFT's many initiatives to ensure personal privacy

  11. Anonymous Coward
    Anonymous Coward

    Gives new meaning to Back Orifice.

    And I'm not happy either.

    Now you need to rethink firewall strategies etc.

  12. Anonymous South African Coward Bronze badge
    Trollface

    Maybe start using ReactOS or WinNT4?

  13. Anonymous Coward
    Anonymous Coward

    saferer

    it looks more and more like '98/XP systems from 10+ years ago (with a good firewall) are safer than anything today :/ all that money I could have saved.

    1. Anonymous Coward
      Anonymous Coward

      Re: saferer

      And if THEY were compromised in secret? Suppose we learn the TLAs were secretly compromising chips as far back as the 80s?

  14. Anonymous Coward
    Anonymous Coward

    Good to hear that Dmitry Sklyarov is still giving the powers that be a headache or two.

    1. Woodnag

      Since Adobe sicked USG on him that time for doing lawful engineering in Russia, oh yes, I'm sure he's not feeling overly incentivized to conceal USG secrets.

  15. John Sanders
    Linux

    Let's reimplement

    The Motorola 68k using a fast FPGA, at least the assembler is enjoyable.

    We can run AmigaOS or Linux in it...

    We're toasted...

    1. Anonymous Coward
      Black Helicopters

      Re: Let's reimplement

      Aside from any efforts in that direction, I'm also looking at the various other retro-computers out there, e.g. Spectrum Next, for offline encryption/decryption to be connected to my inner network by a data-diode. There's a bunch of us tucked here and there looking at the problem.

      In any case, bringing back mi Amiga would be justification enough ;-).

  16. Hans 1
    Boffin

    Irony ?

    A bunch of nerds discuss the vulnerability of Intel ME, yet, all are very happy running proprietary OS filled with binary blobs even the purveyors of said OS' don't know what they are doing ... especially hardware drivers ...

    Hilarious.

    Listen, if you run Windows or macOS, then your opinion on security simply does not count - it sadly IS as simple as that.

    OpenHardware, heard of it ? We need hardware experts, we need crowd funding ... we want a laptop with, octa-core ARM chips, accepting DDR4 SO-DIMM's say 64 or even 128Gb max and PCI lanes for graphics, ssd etc no proprietary binary blobs anywhere with Linux support ... a system one can trust

    1. jake Silver badge

      Re: Irony ?

      All run a proprietary OS? That's a mighty broad brush you paint with, sir.

      1. Hans 1

        Re: Irony ?

        All run a proprietary OS? That's a mighty broad brush you paint with, sir.

        Point taken, slightly exaggerated ... ;-)

        As for the others talking OpenBSD, note, BSD fanboy here, you have no clue. You get Debian without the non-free repos, well, you get free drivers. FreeBSD, BTW, is quite the same ... OpenBSD just has better default settings (more restrictive, takes know-how to use) ... what was it, one OpenBSD CVE in 20 years with the default settings ? Something like that, maybe two, I have not looked in a long time ... compare that to several dozens of CVE's every single month for Windows, because IE and a hell of other BS is built-in, even in server editions (Ok, not nano ... but try and install non-MS software on that ... good luck!) ... also, in Windows, hardware drivers are provided by manufacturers, so they do not count towards the Windows CVE list ...

        macOS has decent Unix userspace, yet, proprietary, so as unsafe as Windows, by definition.

        1. Anonymous Coward
          Anonymous Coward

          Re: Irony ?

          Truth is, nothing can ever really be safe as long as it's made by man. Think: both Heartbleed and Shellshock were serious exploits in open-source software.

    2. Anonymous Coward
      Anonymous Coward

      Re: Irony ?

      @ Hans 1

      maybe running OpenBSD?

      No OS is perfect, but I think that group does more to fix and or replace insecure or buggy code than any other.

      1. Charles 9

        Re: Irony ?

        OK, so what graphics manufacturer do you trust. ALL of them IINM release their state of the art as blobs because they're all in competition with each other and don't want to Give Information To The Enemy. Any manufacturer you could find that is willing to divulge probably isn't sought out for its performance, meaning your graphics are going to be seriously underpowered.

    3. BinkyTheMagicPaperclip Silver badge

      Re: Irony ?

      Crowd funding has been tried. No-one cares. They want cheap and fast hardware.

      You can run OpenBSD and be guaranteed a blob free operating system.

      However, what it still has is binary firmware uploaded to the hardware - because the hardware is non functional without it.

      Graphics adapters are probably the worst offenders in opaque hardware. They all require firmware blobs, and interfaces are not always entirely open. It has been tried crowd funding a completely open low end GPU design, and the funding failed (funding a high end competitive GPU is a non starter, remember Matrox failed to keep up and reverted to its niche market).

      In an ideal world ARM would be a decent alternative, but it's actually often even worse than x86 for openness.

      1. jake Silver badge

        Re: Irony ?

        Graphics? For security? Well, there's your problem.

        Sometimes I go a week or more without turning on a display more complex than a Wyse 50 or IBM 3152.

        1. Charles 9

          Re: Irony ?

          Last I checked, though, those systems can't run Crysis or any of its sequels. So what now?

          1. jake Silver badge

            Re: Irony ?

            Frankly, who the fuck cares? When I have the time to fritter away on computer games, I bake pie instead.

            1. Charles 9

              Re: Irony ?

              Quite a few people, actually, given gaming is one of the few things that keeps the likes of nVidia and AMD busy. You're just in the minority, which us part of the problem. As noted, the unwashed masses will willingly give up security for performance and value. We frankly need a better human being first.

        2. Hans 1

          Re: Irony ?

          Graphics? For security? Well, there's your problem.

          Well, I agree, totally open hardware well performing graphics is a problem ... yet, without graphics, how do you use a browser ? I know, lynx, curl ... tedious ... that was part of my point ... we need totally open graphics, hence my call ... we can do it!

          As for the gamers, I thought we were grown-ups, here ... of course, we will need to cater for the youth, later ... I am sure, if you look at GNU/Linux, we should be able to do it!

          1. Charles 9

            Re: Irony ?

            "Well, I agree, totally open hardware well performing graphics is a problem ... yet, without graphics, how do you use a browser ? I know, lynx, curl ... tedious ... that was part of my point ... we need totally open graphics, hence my call ... we can do it!"

            As one commenter noted, no we can't. It's been tried already. People just aren't that interested in security when it interferes with productivity. Why do you think "hoop jumping" has such a negative connotivity? Get in the way of people's jobs and people will find a way around you. It's practically part of the human condition.

    4. phuzz Silver badge

      Re: Irony ?

      Well, given the readership of elReg, a lot of us here probably rely on a management systems like Intel ME to do our jobs.

      Only we have to pay extra for it and it's called iLO or DRAC.

      1. GreenReaper
        Trollface

        Re: Irony ?

        Huawei's iBMC comes included, with love from Shenzhen!

        No nickle-and-diming you over VNC - there's even a shared mode...

  17. thomn8r

    Intel does not and will not design backdoors for access into its products. [...] Intel does not participate in any efforts to decrease security of its technology.

    Technically this is correct: this function has been outsourced to the NSA

  18. Anonymous Coward
    Anonymous Coward

    Sue sue sue

    Class action lawsuit everyone!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like