About these ads

Archive

Posts Tagged ‘Vodafone’

1-15 February 2014 Cyber Attacks Timeline

And here we are with the timelines of the main Cyber Attacks happened during the first half of February.

It is very hard to summarize these days from an Infosec perspective, considering the noticeable number of massive breaches: Kickstarter (potentially 5.6 million of records affected), Forbes (1 million records leaked), Orange (800,000 users impacted) and St. Joseph Health System (400,000 users affected) are the main examples, but they must not overshadow other ‘minor’ events such as the the attack against Bell.ca (‘only’ 40,000 users affected).

15 days in which Cybercrime and Hacktivism dangerously overlapped, ‘thanks’ mainly to the infamous Syrian Electronic Army, author of the hack against Forbes but also of several account hijacking attacks that have become their unique fingerprint, but also ‘thanks’ to the RedHack collective who, once again, targeted (directly or indirectly) the Turkish Government with three noticeable attacks.

Last but not least, the Cyber Espionage: the first half of February has brought us the discovery of “The Mask” (AKA Careto), a massive Operation targeting 31 countries around the world, but also the revelation of an alleged attack carried on by Huawei against the Indian provider BSNL and a further purported Chinese attack against some bio-medic industries in the U.S.

Finally, the Cyber War between India and Pakistan deserves a special mention, despite only defacements have been reported, the end of the fight is far from being reached.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 Feb 2014 Cyber Attacks Timelines Read more…

About these ads

16-30 November 2013 Cyber Attacks Timeline

December 4, 2013 Leave a comment

It is time for the report of the cyber landscape of the second half of November.

This month will be probably remembered for the discovery of the giant breach targeting Cupid Media and involving potentially 42 million users. However, this was not the only remarkable breach of November: chronicles report of 77,000 customers of Vodafone Island having their details leaked.

Other interesting events involve a brute-force attack to GitHub, forcing several users to change password, and yet another attack against a Bitcoin Wallet (the equivalent of $1 million stole).

Not only Cyber Criminals. Even Hacktivists were particularly active in this period: the attacks of Indonesian hackers against Australian targets continued in the second part of November, as also the mutual defacements between Pakistani and Indian crews. Last but not least, the Anonymous leaked some documents and emails allegedly belonging to the Italian Governor of Lombardy and the details of 40,000 individuals from an Israeli Job search portal.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

16-30 November 2013 Cyber Attacks Timeline Read more…

1-15 September 2013 Cyber Attacks Timeline

September 20, 2013 Leave a comment

So unfortunately the Summer is nearly gone, but, despite the sadness for the beautiful season fading away, here we are with the usual analysis of what’s happened in September from a Security Information perspective.

The main event for the first half of September is the massive attack against Vodafone Germany, potentially compromising more than 2 million customer records. Actually it was very hard to declare a main event, since even Belgacom performed was on the infosec news, unleashing some information related to a targeted attack, it was victim of. Always on the Cyber Crime front, it’s also worth to mention the failed (luckily) attack against Santander.

Nothing new under the Hacktivism front, that offered a minor revamp of the Syrian Electronic Army, despite the claims of them being dox’ed, some events in Turkey, where the cyber temperature remains hot despite the Summer fading away, and again some small attacks related to Syria and the NSA affair.

As usual, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012 and now 2013 (regularly updated). You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).

1-15 September 2013 Cyber Attacks Timeline Read more…

September 2011 Cyber Attacks Timeline (Part I)

September 15, 2011 5 comments

So here it is, also for this month, the first part of My Cyber Attacks Timeline covering the first half of September.

Apparently It looks like the wave of the Anonymous attacks that characterized August has stopped. Even if several isolated episodes occurred, their impact was slightly lower than the previous months.

Probably the most important security incident for this month was the Diginotar Hack, not only because the Dutch Certification Authority has been banned forever by the main browsers and OSes but also because all the authentication model based on CAs is under discussion. Moreover once again a cyber attack has been used as a mean of repression. This incident is a turnkey point for information security but in my opinion also the DNS hacks by Anonymous Sri Lanka and Turkguvenligi are noticeable since they reinforce the need for a quick adoption of DNSSEC.

For the first time not even the Linux Operating System (an open world) was immune from hackers: both the Linux Kernel and the Linux Foundation Web Sites were hacked during this month, two episodes that Penguin Lovers will remember for a long time.

Easily predictable an attack recalling 9/11 carried on against the Twitter Account of NBC News was also reported.

Other noticeable events: three huge data breaches were reported, four attacks with political motivations targeting India, Nigeria, Colombia, and the Russia Embassy in London were perpetrated and another security vendor (Panda Security) was indirectly targeted.

The remainder of the month was characterized by many smaller attacks (mostly defacements and data leaks) and an actress (Scarlett Johansson) was also victim of data leaks.

Useful Resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Date Author Description Organization Attack
Sep 1

?

Kernel.org

The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days.


rootkit (Phalanx)
Sep 1
Apple, Symantec, Facebook, Microsoft, etc.

The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days,  posting the news and records of its exploits on Pastebin.


DNS Cache Snoop Poisoning
Sep 1 ?
Birdville Independent School District

Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers. Estimated cost of the breach is around $3,000,000.

?
Sep 2 Texas Police Chiefs Association

As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month.

SQLi?
Sep 2
EA Game Battlefield Heroes

One of the most famous games over the world Battlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin

SQLi?
Sep 2
vBTEAM Underground

Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum in pastebin.

SQLi?
Sep 3 Nomcat
Indian Government

An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information.

SQLi?
Sep 4

Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone

Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day.


DNS Hijacking
Sep 5
Mobile App Network Forum

Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2).

SQLi?
Sep 5

European Union Institute For Energy and Transport

One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine.

http://ie.jrc.ec.europa.eu
Defacement
Sep 5  Cocain Team Hackers United Nations Sub Domain of Swaziland

United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. 

UN Logo
Defacement
Sep 5
Uronimo Mobile Platform

The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000.


SQLi?
Sep 6 Comodo Hacker
Diginotar

The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in a pastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates.


Several Vulnerabilities
Sep 7 ?
Beaumont Independent School District

The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed.  Estimated cost of the breach is $3,210,000.


Human Mistake
Sep 7 ?
Stanford Hospital, Palo Alto, Calif.

A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000.

Human Mistake
  Sep 9 Comodo Hacker
GlobalSign

After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the http://www.globalsign.com website.


?
Sep 9
 Comodo Hacker
Google

As consequence of the infamous Diginotar Breach Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is  directly contacting users in Iran who may have been hit by a man-in-the-middle attack.


Man In The Middle
Sep 9
NBC News

The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes.


Trojan Keylogger  via Email
Sep 9 ?
Samsung Card

Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000.


Unauthorized Access
Sep 10 ?
BuyVIP (Amazon Owned)

Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers.


SQLi
Sep 11 ?
Linux Foundation

Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Linux Foundation
SQLi?
Sep 11
AryansBook.com

Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind.

AryansBook
SQLi?
Sep 12 ?
Bitconitalk Forum

An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin.

Bitcoin
0-day exploit in SMF
Sep 12 ?
Nigerian Government Website

Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page.


Defacement
Sep 12 ?
Vacationland Vendors

A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort  and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000.


N/A
Sep 12 X-Nerd Panda Security

Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website:  Panda Security.


SQLi?
Sep 12 ?
Russian UK Embassy

Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow.

DDoS
Sep 13 Cyb3rSec
thetvdb.com

Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com.

SQLi?
Sep 13
top100arena.com

Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire.

SQLi
Sep 14
President of Bolivia (presidencia.gob.bo)

SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data on pastebin.

Various Exploits
Sep 14 ?
uTorrent.com

The uTorrent.com Web servers has been compromised and consequently the standard Windows software download was replaced with a type of fake antivirus “scareware” program.

  SQLi
Sep 14 ?
Bright House Networks

Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached.

  ?
Sep 14 ?
Scarlett Johansson

Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year.

  ?
Sep 15 Stohanko
Various Sites

More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data.

?

Is It Time for DNSSEC?

September 5, 2011 2 comments

DNSSEC in European Country Code Top Level Domains (green=deployed, yellow=planning to deploy) Source RIPE NCC

The media are in a frenzy today, reporting a wave of attacks against popular websites such as Daily Telegraph, The Register, UPS, Acer, Vodafone.com and others. All the attacks utilized the same method (DNS Hijacking) and have been carried on by the same Turkish Group: Turkguvenligi.

Turkguvenligi is not new to such similar actions (early this August, the same crew defaced the web site of HSBC Korea), what is really new is the fact that in this last month the current DNS protocol is showing all its limits and security issues, recalling the need for a quick adoption of DNSSEC, the well known and long awaited evolution of the Domain Name System Protocol, which aims to prevent attacks such as DNS Hijacking or DNS Cache Poisoning by mean of digitally signing the records for DNS lookup using public-key cryptography.

Looking back to the last cyber attacks, DNS has been under pressure and has become a privileged direct and indirect target: at the end of August Anonymous Sri Lanka claimed (although not confirmed) to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations by mean of DNS Cache Poisoning. Moreover DNS protocol was also involved on the propagation of the infamous RDP capable W32.Morto worm which established, according to Symantec, a new (DNS) record, since the researchers of the security firm discovered on the malware a communication mechanism using the DNS TXT records towards hard coded domains a customary to receive binary signature and an IP address where to download a file (typically another malware) for execution.

Of course not even the dramatic Diginotar affair (whose impact is much greater than expected since it looks like the attackers forged fake SSL certificates for more than 200 domains including Mossad, CIA, etc.) can be considered completely unrelated to the question since, if used in combination (and as a complement) with SSL, although not perfect, DNSSEC could provide an alternative method to validate that the surfer is connecting to the correct site (this attack is particularly meaningful, today we do not have DNSSEC and we cannot trust CAs anymore…).

Unfortunately, although designed to be fully backward compatible with the current protocol implementation, DNSSEC is not something which can be enabled by the user, but involves a reconfiguration at the server level (and introduces new concerns such as Zone Enumeration Issue and Key Management).

Nevertheless more and more ISPs and agencies are adopting this technology since 2005 (for instance RIPE NCC). A crucial step has been made on 2010 with the DNSSEC adoption at the root level, and also client applications are offering DNSSEC validation, as Google Chrome does, which provides full DNSSEC Validation in version 14.

And Italy? It looks like we will be slave of DNS Security issues for a long time: in the “DNSSEC Deployment Today” Document issued by NCC RIPE, Italy is sadly marked gray, indicating there is no adoption plan so far.

Phonarchy in the U.K.

July 15, 2011 1 comment

It looks like that the Perfidious Albion is not what one should exactly define a Paradise for Mobile Security. Not only the echoes of the Scandal concerning “voicemail hacking” led the infamous tabloid News Of the World to close on Sunday, the 10th of July 2011, and Rebekah Brooks to resign as CEO of News International today; but also the flow of events has unexpectedly brought mobile security issues to the attention of a wider audience, no more confined to the sole and exclusive attention of information security professionals.

This is partially due to the relative easiness in implementing similar hacking techniques in mobile communications, which is raising doubts and misgivings in many other countries. As a matter of fact, as actually happened, voicemail hacking is relatively easy to implement and is based, as usual, on two factors:

  • From the user perspective, on the poor attention for default (in)security settings;
  • From the operator perspective, on the necessary trade-off between security, user experience, and convenience, (almost) always favoring the latter, which turns out not to be an optimal choice from a security perspective.

A lethal mix wich may be quite easily exploited by a balanced blend made of (little) hacking and (a lot of) social engineering. At this link a really complete and interesting description very helpful to understand how relatively easy is to perform voicemail hacking with some U.K. operators (but keep in mind that procedures vary from Operator to Operator). Accorrding to the above quoted article, in theory, it is possible to elude the meshes of the security procedures of the operators, simply calling the voicemail of the victim impersonating the legitimate user, claiming to have forgotten the PIN and voila, that’s it!

Voicemail hacking does not need further components, but unfortunately is not the only issue that may happen: in theory entire conversations may be hijacked (and unfortunately it is something we are quite familiar to, here in Italy). The Security Process of a phone conversations is an end-to-end chain, inside which technology is only a component, and the human factor is the weakest link. In this context weak means leak so that often it happens that some information that should not be disclosed are delivered to media (even if irrelevant to any ongoing investigations) with devastating aftermaths for investigations themselves and for victims’ privacy.

The scenario is further complicated with the new generation of smartphones, where technology (and the ongoing process of Consumerization of Information Technology) leaves virtually no limits to the imagination of attackers: not only voicemail hacking, but also mobile malware (a threat which does not need the unintended cooperation of the Operator) capable of extracting any information from devices. The dramatic events in U.K. involved using stolen data for squalid journalistic purposes, but, since mobile devices are nowadays indispensable companions of our everyday lives, nothing prevents, in theory, to use the same or different methods to steal other kinds of information such as confidential data, banking transaction identifiers, etc… Do you really need a confirm? For instance the recent evolution of the Infamous ZiTMo mobile malware that has just landed on Android (the continuing metamorphosis of this malware is really meaningful: born on the Windows platform, it has rapidly spread on Windows CE, Symbian, and now, last but not least, Android). Since it is expected that 5.6% of iPhones/Android handsets is going to be infected in the next 12 months, there is much to worry. In this context what happened in U.K. may constitute a dangerous precedent and a dramatic source of inspiration for organized cybercrime.

Fears that similar occurrences could happen in other countries are rapidly spreading. As a consequence some countries are moving fast to prevent them.

In the U.S., in wake of U.K. Hacking, Representative Mary Bono Mack, a California Republican who chairs the House subcommittee on commerce, manufacturing and trade, is contacting handset manufacturer companies including Apple, Google, Research in Motion, and wireless companies as well, such as AT&T, Verizon Wireless and Sprint Nextel, to determine if there are any vulnerabilities in cell phones or mobile devices which can be exploited by criminals and other unscrupulous individuals. Clearly the final target is to prevent similar events from ever happening in the United States.

For the Chronicle, on June 13 Bono Mack released draft legislation which aims to tighten data security for companies victims of data breaches. Under the proposal, companies that experience a breach that exposes consumer data would have 48 hours to contact law enforcement agencies and begin assessing the potential damage.

Immediately after U.S. Attorney General Eric Holder is considering investigation into News Corp. for the same reson.

Anyway U.S. is not the only country worried about, as similar concerns are raising in Canada, and I may easily imagine that other countries will soon deal the same stuff.

A final curious notice: a further confirm that U.K. is not the paradise for mobile security came this morning when I stumbled upon this wiki which happily shows how to hack a Vodafone femto cell (just released to public) in order to, among the other things, intercept traffic, perform call frauds (place calls or send SMS on on behalf of somebody else SIM card).

The best (or the worst, it depends on the points of view) is yet to come…

(Dis)informazione via SMS

February 5, 2011 1 comment

 

I social media e gli smartphone sono stati senza dubbio protagonisti degli eventi in Egitto. Dapprima i cinguetti su twitter che hanno permesso al Mondo di assistere  in diretta agli eventi, poi il grossolano tentativo delle autorità di fermare la diffusione virtuale della protesta staccando i bocchettoni del Web e ammutolendo la rete mobile, grossolano tentativo che ha dimostrato, più dei proverbiali fiumi di parole e delle seguenti analisi sociologiche a cui nostro malgrado siamo ormai abituati, l’importanza del social network nel microcosmo di ciascuno e nel macrocosmo del Pianeta.

Ieri è trapelata la notizia che la rete mobile non era proprio del tutto silente, anzi… In quelle drammatiche ore  le Autorità  Egiziane si sono attivate (anzi sarebbe il caso di dire hacktivate) e decine di migliaia di utenti hanno improvvisamente udito, con sorpresa, i propri telefonini trillare, temporaneamente risvegliatisi dal coma farmacologico etereo imposto dalle Autorità. La causa del “miracoloso” risveglio? Messaggi di propaganda del governo che tentavano (tentativo vano ho la sensazione) di calmare le acque. Tra le proteste degli operatori, in particolare Vodafone, le autorità egiziane si sono appellate al Telecom Act che consente al Governo, in particolari condizioni di sicurezza nazionale, di eludere il controllo e la volontà dei carrier al fine di inviare messaggi agli utenti delle compagnie di telefonia mobile Mobinil, Etisalat e Vodafone. Di seguito il contenuto di alcuni messaggi:

 

“Egypt’s youth. Beware rumors and listen to the voice of reason. Egypt is above all so preserve it.”

“To each mother-father-sister-brother, to every honest citizen. Preserve this country because the homeland stays forever.”

“A sweeping demonstration starting at noon on Wednesday from the Mustafa Mahmoud square in Mohandessin to support president Mubarak.”

 

Vodafone Egitto, che ha subito passivamente il broadcast di SMS nella propria rete, ha protestato con le Autorità ed ha rilasciato il seguente comunicato:

 

Statement – Vodafone Egypt Thursday 3 February 2011

Under the emergency powers provisions of the Telecoms Act, the Egyptian authorities can instruct the mobile networks of Mobinil, Etisalat and Vodafone to send messages to the people of Egypt. They have used this since the start of the protests. These messages are not scripted by any of the mobile network operators and we do not have the ability to respond to the authorities on their content.

Vodafone Group has protested to the authorities that the current situation regarding these messages is unacceptable. We have made clear that all messages should be transparent and clearly attributable to the originator.

 

La facile ironia è d’obbligo… Per motivi diversi (e purtroppo meno nobili) anche la temperatura del suolo politico italico in questo momento è piuttosto hot. Chissà che, sulla spinta dell’esempio accaduto all’ombra delle Piramidi, anche sotto l’ombra del Colosseo a qualcuno non venga l’idea, per motivi di interesse nazionale, di ripulirsi l’immagine con sms di massa…

Follow

Get every new post delivered to your Inbox.

Join 2,898 other followers