Jun
23
Support us by visiting our sponsors and win a €20 Amazon Voucher every month
Follow us on Twitter or RSS 2.0 feed
Jun
23
According to the human resources association World at Work, 17.2 million Americans worked from home or remotely at least one day per month for their employer last year and the 2007 book 'Microtrends' estimates that 4.2 million Americans work full-time from home.
Good security is a key to good productivity...
Good security is a key to good productivity...
Continue reading "Seven Deadly Sins of Home Office Security"
Jun
18
Echoing an article I wrote for www.ecsuite.com
To what extent are you prepared to protect your investment from the myriad of vulnerabilities today’s businesses have to deal with? Understanding how the security puzzle is structured is the first step to knowing how to apply a holistic approach. Given that the implementation of this approach does take time, not addressing any one part is guaranteed to have a negative effect on the overall running of your business.
Deciding where and how to start implementing security measures in your company can be a daunting task. No matter if you’re just starting up a new business or whether you already have a number of security controls in place, often complying to standards doesn’t necessarily mean you’ve got your assets covered. This puts your company in a critical position to work toward protecting your investments. Ad hoc implementations of security controls will spiral out of control often leaving you in a more vulnerable position than when you started off. Thinking of what a business might stand to lose has never been more important in this day and age.
To what extent are you prepared to protect your investment from the myriad of vulnerabilities today’s businesses have to deal with? Understanding how the security puzzle is structured is the first step to knowing how to apply a holistic approach. Given that the implementation of this approach does take time, not addressing any one part is guaranteed to have a negative effect on the overall running of your business.
Deciding where and how to start implementing security measures in your company can be a daunting task. No matter if you’re just starting up a new business or whether you already have a number of security controls in place, often complying to standards doesn’t necessarily mean you’ve got your assets covered. This puts your company in a critical position to work toward protecting your investments. Ad hoc implementations of security controls will spiral out of control often leaving you in a more vulnerable position than when you started off. Thinking of what a business might stand to lose has never been more important in this day and age.
May
26
Statistically it has been shown that often many breaches to a business happen from the inside -- most notably becuase employees already have access to systems and enjoy a certain level of trust.
Reading a recent article by Ron Codon, UK Bureau Chief -- it becomes apparent that according to Matthjis van der Wel; who is head of forensics at Verizon Business; 80% of 600 breaches which happened over the last five years come from outside an organisation! This can be found in the following report published by Van der Wel in April.
The report goes on to emphasise that "organisations are making stupid (information security) mistakes as in failing to patch vulnerabilties, using default passwords and forgetting to close down user accounts when employees leave an organisation. The end result is data loss.
Quoted from the original article, some simple rules for reducing damage are the following:
- Do not use default passwords.
- Ensure that third-party suppliers (such as maintenance companies) do not use default passwords or shared credentials for all their clients.
- Do regular network scans to check what servers you have. If you don't know what you have, you can't protect it.
- Patch regularly, using an up-to-date network diagram to ensure all systems are covered.
- Ensure user accounts are closed when employees leave. "In the majority of the cases we've seen, a terminated employee was involved," says van der Wel. "Go through the user accounts list and check that all users are still employed within your organisation."
- Examine system file logs to establish what is normal behaviour on the system. Then you will be in a better position to recognise abnormal behaviour.
- Get IT staff to come up with different attack scenarios.
- Analyse IDS alerts, or outsource the process to a specialist service company. Do not just ignore the alerts like an annoying car alarm that keeps going off.
- Analyse IP addresses of outgoing connections.
Van der Wel's advice is to use your own staff to spot the systems' weaknesses. "Sit down with a couple of knowledgeable IT guys and come up with different attack scenarios. Ask how they would attack their own organisation. Imagine how that would show up in the log files. After that, go and look in the log files to see if anyone has done it. If you can think of it, so could others. We don't see many IT organisations spending their money doing things like that. They would rather spend the money on a new box." -- very well said!
Full article
Reading a recent article by Ron Codon, UK Bureau Chief -- it becomes apparent that according to Matthjis van der Wel; who is head of forensics at Verizon Business; 80% of 600 breaches which happened over the last five years come from outside an organisation! This can be found in the following report published by Van der Wel in April.
The report goes on to emphasise that "organisations are making stupid (information security) mistakes as in failing to patch vulnerabilties, using default passwords and forgetting to close down user accounts when employees leave an organisation. The end result is data loss.
Quoted from the original article, some simple rules for reducing damage are the following:
- Do not use default passwords.
- Ensure that third-party suppliers (such as maintenance companies) do not use default passwords or shared credentials for all their clients.
- Do regular network scans to check what servers you have. If you don't know what you have, you can't protect it.
- Patch regularly, using an up-to-date network diagram to ensure all systems are covered.
- Ensure user accounts are closed when employees leave. "In the majority of the cases we've seen, a terminated employee was involved," says van der Wel. "Go through the user accounts list and check that all users are still employed within your organisation."
- Examine system file logs to establish what is normal behaviour on the system. Then you will be in a better position to recognise abnormal behaviour.
- Get IT staff to come up with different attack scenarios.
- Analyse IDS alerts, or outsource the process to a specialist service company. Do not just ignore the alerts like an annoying car alarm that keeps going off.
- Analyse IP addresses of outgoing connections.
Van der Wel's advice is to use your own staff to spot the systems' weaknesses. "Sit down with a couple of knowledgeable IT guys and come up with different attack scenarios. Ask how they would attack their own organisation. Imagine how that would show up in the log files. After that, go and look in the log files to see if anyone has done it. If you can think of it, so could others. We don't see many IT organisations spending their money doing things like that. They would rather spend the money on a new box." -- very well said!
Full article
May
26
During the 2008 cycles of ISACA exams, the CISA Refresher Webinars created a positive impact on numerous exam-takers and in many cases made a world of difference for those who passed the exam. Thanks to all ISACA Chapters and other friends, exam-takers from all over the world have registered for these free classes and benefited from the teachings offered.
FREE refresher webinars and the offering has been expanded to cover the June 2009 CISA, CISM and CGEIT exams. These webinars are designed to review the concepts to be tested in each exam and are not intended to replace or provide the knowledge you would learn in a complete review class. This is a free service to all exam-takers in the interest of increasing the passing rate.
Please find below the links to register for the CISA, CISM and CGEIT web-based seminars:
CISA May 26 at 3PM EST: https://www2.gotomeeting.com/register/830376282
CISA June 1 at 9AM EST: https://www2.gotomeeting.com/register/119400850
CISM: https://www2.gotomeeting.com/register/789736306
CGEIT: https://www2.gotomeeting.com/register/566801275
Source
FREE refresher webinars and the offering has been expanded to cover the June 2009 CISA, CISM and CGEIT exams. These webinars are designed to review the concepts to be tested in each exam and are not intended to replace or provide the knowledge you would learn in a complete review class. This is a free service to all exam-takers in the interest of increasing the passing rate.
Please find below the links to register for the CISA, CISM and CGEIT web-based seminars:
CISA May 26 at 3PM EST: https://www2.gotomeeting.com/register/830376282
CISA June 1 at 9AM EST: https://www2.gotomeeting.com/register/119400850
CISM: https://www2.gotomeeting.com/register/789736306
CGEIT: https://www2.gotomeeting.com/register/566801275
Source
May
15
In 2008, ISACA entered into a formal agreement with the University of Southern California (USA) Marshall School of Business Institute for Critical Information Infrastructure Protection to continue the development of its Systemic Security Management Model. The Business Model for Information Security takes a business oriented approach to managing information security, building on the foundational concepts developed by the Institute. It utilizes systems thinking to clarify complex relationships within the enterprise, and thus to more effectively
manage security.
This session introduces the model and its core concepts to organisations, particularly to:
-Senior business executives;
-Information security managers;
-Those who have responsibility for managing business risk;
-Individuals who have responsibility for the design, implementation, monitoring and improvement of an information security management system.
When: 1st June 2009
Where: Radisson SAS Baypoint Resort, St. Julians
Time: 17:00 - 19:00
Speaker: Mr. Derek Oliver, Chair of the Development Team
The attendance fee for this event is €20 including coffee break. ISACA members will be entitled to free entrance to this event.
manage security.
This session introduces the model and its core concepts to organisations, particularly to:
-Senior business executives;
-Information security managers;
-Those who have responsibility for managing business risk;
-Individuals who have responsibility for the design, implementation, monitoring and improvement of an information security management system.
When: 1st June 2009
Where: Radisson SAS Baypoint Resort, St. Julians
Time: 17:00 - 19:00
Speaker: Mr. Derek Oliver, Chair of the Development Team
The attendance fee for this event is €20 including coffee break. ISACA members will be entitled to free entrance to this event.
May
13
Back in October 2007, I remember seeing an article about a next-generation credit card that incorporates a 12-button keyboard, a microprocessor and an embedded alphanumeric display promises to provide unprecedented security in phone and online banking transactions.
Once again in BBC news today I come across another similar article on the same lines regarding a similar credit card to combat fraud.
A credit card with a built-in display is being tested by Visa with the aim of reducing online fraud. The Emue Card generates and displays a unique code each time it is used. Developers say that the new technology would make it very hard for fraudsters, as any transaction would require the pin to generate the code. The card is currently being trialled by 500 employees of Deloitte with the aim of assessing the technology by the end of the year.
Sandra Alzetta, head of innovation at Visa, said that the card was bringing the principles of chip and pin technology to the online world.
"The card needs to be globally compatible: that means embossed characters for mechanical swipes, a magnetic strip for systems that require a signature, the fixed three digit security code and now the unique four figure code. "
"Once certified by Visa it is then down to the banks and credit card companies to decide if they take up the new technology, but Ms Alzetta said she was confident they would"
"One of the things we're testing is how long the battery lasts - the plan is for it to work for more than three years, which means your card should expire before it runs out of power."
Source
May
12
Whether you’ve been accepted to a degree program and want to work ahead, already have a degree and want to learn more or just want to delve into the world of computer and information systems, you’ll find plenty to keep you busy through a variety of open courseware offerings. From courses that teach the basics of computer science to those that delve into specialty areas, you’re sure to find something that will help you learn more and gain confidence in the field.
http://tinyurl.com/q285ym
Thanks goes to Kelly..
May
11
The European Commission is proposing that software makers give guarantees about the security and efficiency of their code
Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law.
[BSA director of public policy Francisco Mingorance] said the performance of a piece of software depends on the environment it operates in, how the code is updated, whether it is possible to adapt and modify the software, and whether the code is attacked.
According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.
Right now, under the current EU Sales and Guarantees Directive, physical products are expected to carry a guarantee of two years. Extending those terms to software would have the effect of limiting customer choice, as contract terms would have to be extended to a minimum of two years, Mingorance added.
Software companies have long argued against accepting responsibility for the security and efficiency of their code. Linux kernel developer Alan Cox in 2007 told a House of Lords Committee that neither proprietary nor open-source developers should be held accountable for their code.
Source
Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law.
[BSA director of public policy Francisco Mingorance] said the performance of a piece of software depends on the environment it operates in, how the code is updated, whether it is possible to adapt and modify the software, and whether the code is attacked.
According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.
Right now, under the current EU Sales and Guarantees Directive, physical products are expected to carry a guarantee of two years. Extending those terms to software would have the effect of limiting customer choice, as contract terms would have to be extended to a minimum of two years, Mingorance added.
Software companies have long argued against accepting responsibility for the security and efficiency of their code. Linux kernel developer Alan Cox in 2007 told a House of Lords Committee that neither proprietary nor open-source developers should be held accountable for their code.
Source
May
11
This year the Information Security Solutions Europe Conference (ISSE 2009) will be held on 6-8 October 2009 in The Hague, The Netherlands.
ISSE is Europe's only independent, interdisciplinary, security conference. It is designed to educate & inform on the latest developments in technology, solutions, market trends and best practice.
Now in its eleventh year and jointly organised by EEMA, ENISA, TeleTrusT and the municipality of the Hague; ISSE 2009 will attract over 400 representatives from across Europe, providing an informal and stimulating environment for attendees to learn, share experiences and explore solutions with their European counterparts, focusing on security and related issues like cost of ownership, risk management and interoperability.
To join them or for further information please visit the event website at http://www.isse.eu.com
ISSE 2009 is co-organised by ENISA
ISSE is Europe's only independent, interdisciplinary, security conference. It is designed to educate & inform on the latest developments in technology, solutions, market trends and best practice.
Now in its eleventh year and jointly organised by EEMA, ENISA, TeleTrusT and the municipality of the Hague; ISSE 2009 will attract over 400 representatives from across Europe, providing an informal and stimulating environment for attendees to learn, share experiences and explore solutions with their European counterparts, focusing on security and related issues like cost of ownership, risk management and interoperability.
To join them or for further information please visit the event website at http://www.isse.eu.com
ISSE 2009 is co-organised by ENISA
May
8
Now I lay me down to sleep
I pray that safe my apps will keep
If hacked they be before I wake
I pray it was a (DEV || OPS) mistake
Source
May
7
In an effort to stop spreading the FUD about Twitter insecurity, DanaEpp shares some of her thoughts through a quick set of safe twittering rules.
@DanaEpp's 5 Rules of Safer Twittering
1. Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
2. There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her.
@DanaEpp's 5 Rules of Safer Twittering
1. Never share information in a tweet that you wouldn't share with the world. You can never expect to take it back once it's on the Internet. Even though you can delete a tweet, 3rd party clients may still have it archived. If you feel you want to share private thoughts through Twitter, consider using a "Private Account" and limited it to only people you trust and want to share with. Of course, remember nothing prevents your friends from sharing your tweets with the world. So never share private information on Twitter. Ever. it's just easier that way.
2. There is no assurance that a Twitter account is the person you believe it is. Deal with it. Anyone can register an account if it doesn't already exist. As a real world example, for some time @cnnbrk was NOT an official CNN account, even though most of the Twitter world thought it was. It wasn't until recently that CNN bought the account from James Cox (the account holder) for an undisclosed amount of money. Another example is the fact that one of Susan's Twitter accounts was actually created by a fellow SBS MVP, and not actually her.
Apr
30
The British Computer Society - Malta Section are organizing an event entitled "Optimizing Application Development for business performance"
The event would share with you some information regarding the current state of the application development industry, primarily looking at the problems facing most IT organizations today. As a means to address the issues most companies are facing, some vendor offerings which can help your organization overcome many of these challenges. During this time you will be able to see exactly how this platform can help you deliver better quality applications with higher levels of team collaboration, and greater visibility into the development process.
The presentation will be given by Mr. Karl Davies-Barrett who is currently a Developer Platform Evangelist with Microsoft. Karl has had a successful past in applications development and would share his experience on the subject with you.
Details:
Date: 5th of May
Time: 6:00pm
Interested members are to send an email to chair[at]bcs.org.mt or call 7945 2015 / 9945 7076 for confirmation.
This event is free of charge.
Apr
22
Once again on social networking sites, I came across an excellent article by Tim Bass entitled The Promises and perl of Twitter which reminded of an article I had written for the Times of Malta entitled The perils of popular facebook
For those who are new to Twitter.. in a nutshell, Twitter is a one-to-many communications service that uses short messages (140 chars or less). Following on the heels of the blogging phenomena, Twitter has been primarily used for microblogging and group communications.
The conclusion of the article couldn't say it better.. it’s said that the road to hell is paved with good intentions.
Source: ISC2
For those who are new to Twitter.. in a nutshell, Twitter is a one-to-many communications service that uses short messages (140 chars or less). Following on the heels of the blogging phenomena, Twitter has been primarily used for microblogging and group communications.
Twitter, and Twitter-like technologies, has great promise in many areas. For example, you could be subscribed to the @tsunamiwarning channel on your dream island vacation and get instant updates on potential disasters. A team of people working in network management could subscribe to the @myserverstatus channel and receive updates on their health of their company IT services. Passengers could subscribe to the @ourgatestatus channel and follow up-to-date information on their fight.
Twitter was created to answer the simple question, "What are you doing now?"
What are you doing now? can be extended to many services like:
- What is the status now?
- What is the danger now?
- What is the breaking news now?
- What is a good buy now?
The list goes on and on. Obviously Twitter-like communications has great promise, all of which assumes Twitter is used without malicious intent and is secure.
The wide-spread adoption of Twitter, and Twitter-like technologies, also brings risk. Very bad things can happen when certain Twitter channels are compromised or hijacked and the channel is used maliciously. For example, think of the peril of someone kidnapping a child who is using Twitter to covey her status to her parents and the kidnapper hijacks the channel, broadcasting "I am having fun at the mall" types of Tweets while he repeatedly rapes her.
Less dramatic, think of the peril to business when a channel followed by millions of people is injected with a malicious message such as "The AJAX company lost their main contract, may declare bankruptcy." Or think of the peril when someone angry with their boss simply Tweets "John is having a affair with his secretary," or perhaps "John is HIV positive."
As with all things great and small, where there is great reward, there is great risk. Great promise can bring great peril if we are not careful and diligent moving forward. Twitter, as a communications phenomena brings great promise. On the other hand, Twitter and Twitter-like technologies to come can also bring great peril in the hands of malicious users and criminals.
The conclusion of the article couldn't say it better.. it’s said that the road to hell is paved with good intentions.
Source: ISC2
Apr
20
GFI have relaunched one of their software products, LanGuard as FREEWARE!
For those who are not acquainted with the product, GFI LANguard is a security scanner that checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. Its powerful reporting allows you to easily lock down your network against hackers. GFI LANguard can also remotely deploy missing patches and service packs in applications and operating system.
Some of the top features of LanGuard include:
- Identify security vulnerabilities and take remedial action
- Detect Virtual Machines
- Automatic remediation of unauthorized applications
- Automatic deployment of network-wide patch and service pack management
- Easily analyze and filter scan results
The full press release can be found here.
More information on the award winning product can be found here.
For those who are not acquainted with the product, GFI LANguard is a security scanner that checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. Its powerful reporting allows you to easily lock down your network against hackers. GFI LANguard can also remotely deploy missing patches and service packs in applications and operating system.
As more and more businesses bear the brunt of the economic downturn and budgets are drastically cut, security is often the first area to suffer. With cybercrime on the increase and threats becoming more dangerous and frequent, businesses can ill-afford to ignore security. If anything, they need to beef up their defenses. This is why GFI is giving away a 5-IP freeware version of its award-winning product GFI LANguard™– to assist organizations shore up their defenses and secure their networks.
Some of the top features of LanGuard include:
- Identify security vulnerabilities and take remedial action
- Detect Virtual Machines
- Automatic remediation of unauthorized applications
- Automatic deployment of network-wide patch and service pack management
- Easily analyze and filter scan results
This software will switch to a fully functional 5-IP freeware version after the 10 day trial period unless you enter a 30-day evaluation key or a purchased full license key. If you use the 30-day evaluation key, upon expiry the software will switch to the freeware 5-IP version.
The full press release can be found here.
More information on the award winning product can be found here.
Apr
14
The next educational event organised by the ISACA MALTA CHAPTER will be held on the 30th of April 2009 at the Malta Financial Services Authority (MFSA) in Attard between 16:30 and 19:00.
Titles of topics to be discussed include:
- To Patch or not to Patch - Is that the question?
- IT Security Risks and the Financial Recession: Difficulties, Traps and Actions
Kindly refer to attached flyer for details of the event or log on to www.isaca-malta.org.
Bookings to attend the event are to be made online.
Apr
7
Once again the front page for Google Malta has been defaced. According to the Times of Malta ...
The Maltese version of the Google homepage has been hacked. Someone added the text: Kull ma trid tkun taf fuq Samuel Borg.
This is not the first time that Google Malta has been hacked, informed sources said. The last time was in April 2005.
Other translations of Google have been hacked in a similar fashion along the years. This was only a superficial hack, involving only the text of the main page, and the search facility worked normally, the sources said.
Samuel Borg must be the new Joe Borg!
Apr
1
In light of recent news regarding the distribution of malware in servers across different countries, we begin to see how easily vulnerable our systems are -- and more importantly how unprepared we are to tackle widespread targeted attacks. Moreover it clearly shows that as we depend more and more on various ICT networks, the more we rely on critical information structures.
As the European Network and Information Security Agency (ENISA) tells us, these networks tend to be decentralised, highly interconnected and interdependent --- and failures of these structures could cascade and spread beyond national borders --- as indeed could have happened.
So.. the European Commision is launching a policy initiative to protect these Critical Information Infrastructures with the ultimate aim to protect Europe from large scale cyber-attacks and disruption.
Where do we start? To achieve an enhanced level of awareness and preparedness throughout the EU, the commission proposes the following set of actions:
You can get to the full article here. Concluding, at the moment we have a set of guidelines which amount to a set of disaster recovery procedures for nations instead of individual entities. As The Register reports, they're typically designed to cover incidences such as natural disasters, terrorist attacks, hackers, rupture of submarine telecom cables and hardware failure.
Curiously, although here in Malta we don't really suffer from natural disasters, we have indeed suffered hacks and ruptured submarine cables -- and that brings me to the my final question -- what part will Malta play as a fellow member EU state? Time will tell.
As the European Network and Information Security Agency (ENISA) tells us, these networks tend to be decentralised, highly interconnected and interdependent --- and failures of these structures could cascade and spread beyond national borders --- as indeed could have happened.
So.. the European Commision is launching a policy initiative to protect these Critical Information Infrastructures with the ultimate aim to protect Europe from large scale cyber-attacks and disruption.
Where do we start? To achieve an enhanced level of awareness and preparedness throughout the EU, the commission proposes the following set of actions:
Preparedness and prevention
Detection and response
Mitigation and recovery
International and EU wide cooperation
You can get to the full article here. Concluding, at the moment we have a set of guidelines which amount to a set of disaster recovery procedures for nations instead of individual entities. As The Register reports, they're typically designed to cover incidences such as natural disasters, terrorist attacks, hackers, rupture of submarine telecom cables and hardware failure.
Curiously, although here in Malta we don't really suffer from natural disasters, we have indeed suffered hacks and ruptured submarine cables -- and that brings me to the my final question -- what part will Malta play as a fellow member EU state? Time will tell.
Mar
29
If you didn't read the latest article by John Markoff, be sure to check it out. The article called Vast Spy System Loots Computers in 103 Countries talks about a web of espoinage that has been going on on various embassies, government and private offices around the world. Most fingers point towards the Chinese and I personally think that this has been coming for quite a while.
What is interesting is that the paper on which the NYTimes article is based, mentions Malta quite a few times. Here's a quote in page 5:
On page 43 the authors provided a table which lists the organizations infected, the location and number of infections. On the whole, the Embassies of Malta appear to have had 17 infections! Many other embassies are mentioned, and organizations like Deloitte & Touch in the NY as well.
What is interesting is that the paper on which the NYTimes article is based, mentions Malta quite a few times. Here's a quote in page 5:
Significantly, close to 30% of the infected computers can be considered high-value and include the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan; embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan; the ASEAN (Association of Southeast Asian Nations) Secretariat, SAARC (South Asian Association for Regional Cooperation), and the Asian Development Bank; news organizations; and an unclassified computer located at NATO headquarters.
On page 43 the authors provided a table which lists the organizations infected, the location and number of infections. On the whole, the Embassies of Malta appear to have had 17 infections! Many other embassies are mentioned, and organizations like Deloitte & Touch in the NY as well.
(Page 1 of 9, totaling 164 entries)
