The odd-musings of Jared, the Director of Network Security for IAPS Security Services.

Folks, some have asked me what I would recommend for enhancing browser speed and reliability as well as privacy needs for the Fire Fox web browser. My recommendations are as follows:

SmarterFox: Browse Faster 2.0.2
Better Privacy 1.29
Fox Filter 7.0
Request Policy 0.5.8
Cipher Fox 2.2.1
Ad Block Plus 1.1
Crypt Fire – Encryption made easy 1.0
Force-TLS 1.0.2
No Script 1.9.7

All of these links and downloads are provided courtesy of Mozilla, the open-source Free Fire Fox web browser.

These are my recommendations for a cleaner, faster, and more reliable internet experience.

The following items affect VPN performance on the client side:

1.) CPU processing power of the client computer.
2.) Bandwidth (speed) of the Internet connection.

Techniques to increase VPN tunnel performance:

1.) Increase CPU processing power.
2.) Eliminate or stop nonessential processes that use CPU time.
3.) Increase the bandwidth of the Internet connection by using direct access (cable/DSL) in place of dial-up connections, if possible.

Folks, over the past several weeks I’ve been working on the Goldenhawk server on and off again. I’ve finally gotten it back to where it should be and I’ve seen excellent results today and I’m very pleased with the results. As such, I’m releasing it again for public use. I believe the clients assigned to this server will be rather impressed with this server now. For those of you who already have accounts, including IAPS Moderators, Beta Testers, and Technical Staff, please get in touch and let me know what you think. Thank you.

Folks, I wanted to hit on this topic again as it is very critical in these days and times. You do not have to carrying state secrets, be a criminal, or any other devious act to want private communications within your email account. You also don’t have to be a technical expert either. This blog post is intended to be a step by guide in setting up a FREE encrypted email account.

I always recommend purchasing your own domain name. I say this because its always preferred to run your own email services on a private server rather than using the services provided by Hotmail, Yahoo, or Gmail. For those of us in the technical security field, we know who’s in bed with the U.S. Government and who’s not. Let’s look at Gmail, provided by the good folks at Google. Who runs Google’s technical department? None other than ex-NSA (U.S. Government National Security Agency) Matt Cutts. Now why would an ex-NSA agent quit the National Security Agency to run the technical side of things for Google? Its the world’s largest database and guess what? Uncle Sam wants constant access to it! With their own man running the show, they have it. Even though he claims he got out, we all know there’s no official out for agents. Once Uncle Sam owns you, he always owns you.

There’s not much to say in regards to the Microsoft Hotmail brand. Again, this is another U.S. corporation well documented as being in bed with the U.S. Government. Yahoo doesn’t have a clean past either. The makers of Hushmail surely have just as bad a record as well, currently only offering 2048 bit encryption keys at best that reside on their own servers so that they can capture your passphrase when decrypting your emails which will then allow them instant access to all past and future emails that are encrypted with your key.

This step by step guide will show you how to use encrypted email that doesn’t require a key to remain on any server, uses the strongest encryption known to man (currently 4096-bit RSA), and uses a completely open-source application infrastructure. It is currently not known if the NSA can yet crack a 4096-bit key, but it is highly unlikely. Even the best super computers would have quite a difficult time at it. Some estimate it would take nearly 200 years to crack a 4096-bit encryption key while others think it may only be 20-30 years away. Either way, this is excellent news for the common folk that wish to have truly private email correspondences.

Ok, now on to the guide. You will need to obtain the following tools before we get started. These tools are based on the most common operating systems currently in use: Microsoft Windows XP and Vista (all versions). All these things are completely free of charge.

Mozilla Thunderbird
GTK+
Mozilla Enigmail
GNU Privacy Guard

The first thing we want to do after obtaining the above pieces of software is to install them one at a time. Start with GTK+ and GNU Privacy Guard. Once these are installed, move on to the Thunderbird installation and then finally the Enigmail add-on for Thunderbird.

Before we go any further its best to reboot your computer. This way all the pieces of the puzzle have a proper chance of being formally initialized. Once that’s done, we can proceed with the rest of the setup.

As I recommended above, it’s better to own your own domain name and operate your email services from your own server rather than a public one where you don’t know who has administrative access to it. While I understand that that is not always the ideal situation for every one, I’ll dab a little into what we can do with Gmail to make it compatible.

If you cannot obtain your own domain and a private server that hosts that domain, then you need to use a free email service that is POP3 (Post Office Protocol version 3) compatible. Gmail is just such a service. Yahoo wants you to pay for it so they will not be included in this article. At this time I’m not sure if Hotmail offers free POP3 services or not.

Once you’ve rebooted, open up the Thunderbird application. Add your POP3 compatible email accounts into Thunderbird. Once all your account(s) are loaded in there and you’ve properly tested them to make sure they are working, then we can proceed to the next step. You will see a tab for OpenPGP in the upper left hand tab. Click on that. Now scroll down to “Key Management” and click on that as well. A mini screen will appear. Click on “Generate” and then “New Key Pair.” Now a third box appears with a lot of options.

With this third box, we select one of our email addresses that we wish to generate an encryption key for. Once that’s selected, we assigned a passphrase for this encryption key. (This passphrase is like a password and will be needed to decrypt all future emails that are encrypted to your private key.) I wholly recommend a 10-15 character alpha-numeric passphrase. Anything less than that can be considered insecure. Do not use dictionary words, pet names, birthdays, pin numbers, your address or street name. Use something very unique. I highly recommend a 20 character alpha-numeric passphrase.

Now we choose when the key will expire. The default is 5 years. I’ve personally set mine to never expire and recommend all of you to do the same. Now we can click on the Advanced Tab. You’ll see “Key Size.” There are several options here and I highly recommend setting a 4096-bit key size. Directly below that is “Key Type.” There are 2 choices in this section. RSA and DSA El Gamal and I recommend going with the RSA key.

Now we click on the “Generate” button. It will take your computer some time to generate a random key based on your computers ability. Some computers are quick to do it and others take a few minutes and this is primarily based on your computers processing power. Once the key generation is complete, it will ask you if you want to back up these new keys so you can create revocation certificates if you ever lose control of your private keys. I highly suggest you take this option. Save the revocation certificates any where but your main hard drive. A pen drive, usb thumb drive, or an external hard drive are ideal places to keep these.

Once your revocation certificates are safely tucked away in an external location, we need to go back to the main screen of Thunderbird. On the left hand side of the screen you’ll see a pane for your email accounts. Click on the name of one of the email accounts. You’ll be taken to another screen where there are several options. Click on “View Settings For This Account.” A new mini screen will pop up. You’ll see an option for “OpenPGP Security.” Click on that.

Make sure the box is ticked for: Enable OpenPGP Support (Enigmail) For This Identity.” Directly below that, make sure the circle is tick for: “Use Specific OpenPGP Key ID.” Your specific encryption key should automatically be in the box already. Directly below that you’ll see 4 options. Make sure the first 2 boxes are always checked. This is just the signature part and is an integral part of letting others know that you have encryption ability. Since not every one uses encryption, don’t check the other boxes just yet.

Remember, you must exchange public keys with anyone that you plan on sending and receiving encrypted emails to and from. You cannot decrypt email in a normal free email account and this email must reside on a POP3 compatible email service. Using this particular method, emails can only be decrypted and encrypted from within Thunderbird. There is no server interaction here in the actual encryption or decryption as that resides on your individual computer only. This is the most absolute secure way to use encryption.

I will write another article later this week regarding the transport of your email and how TLSv1 (Transport Layer Security version1) can provide much better security than the traditional SSLv3 (Secure Socket Layer version 3) could ever do and how we can integrate SSHv2 (Secure Shell version 2) to help us achieve this effect. (SSHv2, besides providing transport security under an immense amount of encryption can also be used to completely hide the origin of where the email actually originated.)

Written by: Jared @ IAPS

Folks, the American TV Sale will begin at July 12, 2009 immediately following the end of the British TV sale. As with the British TV sale, the American TV sale will also be 50% off for 48 hours.

Also going on sale at 50% off is our Switzerland TV service. So if your a big fan of Swiss TV, in the German language of course, now is your chance to stock up for the entire year!

First, broadband tweaks should be made only after your network is tested and running reliably. Speed tweaks are performance optimizations only, not designed to fix installation errors or basic network configuration issues.

You should expect broadband tweaks might yield only small speed increases, and then only in certain situations. For example, a tweak to improve the performance of one online game may only benefit that title and then only initially when it is loading. Broadband tweaks may help certain applications like games but at the same time slow down others like Web browsing. In general, assume any performance benefits you obtain may be on the order of 10-20% gain rather than 100-200%.

Finally, speed tweaks also can create instability on some networks. Depending on the type of equipment and Internet service you use, some tweaks will be technically incompatible and need to be avoided.

The most common broadband tweaks involve adjusting various parameters of the TCP/IP network protocol, typically:

* TCP receive window size
* Maximum Transmission Unit (MTU)
* Maximum Segment Size (MSS)
* Time-To-Live (TTL)

The Microsoft Windows Registry contains default values for TCP/IP parameters. You can apply these speed tweaks to your computers by using a Registry editor or the TCP Optimizer utility (see below) to change some of the default values on each, rebooting the computers each time. Other operating systems like Linux and Mac OS X provide alternative mechanisms to tune TCP/IP parameters.

Another common broadband tweak entails manipulating Web browser settings. For example, suppressing the download of large images saves network bandwidth that can be used instead to download other data faster.

Finally, though less common, a few speed tweaks modify settings on routers and modems. For example, TCP/IP MTU settings can be changed on a broadband router separate from individual computers on the network.

Because speed tweaks can cause computer and network crashes if made improperly, test each change methodically. If possible, use a proven Web accelerator program rather than configuring tweaks manually, and test each change individually before making the next one.

To determine whether a speed tweak is working, use an Internet speed test service to measure your Internet performance before and after making a tweak. In addition, try local file transfers, Web downloads, online games, and other applications you use often to assess whether a tweak makes any noticeable difference. Don’t hesitate to undo a change if you cannot observe any benefit.

Literally dozens of different utility programs are available on the Net, often free downloads, that promise to increase the performance of a home network. These utilities alter the computer operating system’s default settings so that Web surfing, email, Internet conferencing, and other Web-based applications may work faster (and more reliably) than before.

The vast majority of these programs run on the Microsoft Windows family of operating systems and are designed for broadband networks. In theory, those with high-speed network access stand to gain the most from network optimization.

Most speed patches change TCP/IP settings in the Windows Registry such as the MTU size and other related sizes. Some patches alter parameters in Windows .INI files. Some may even replace system library files.

Consider the following tips when experimenting with this type of software:

1. Be sure to download programs that work with your specific operating system and network configuration. A patch designed for Windows 95 dial-up networking will probably not produce the desired results on a Windows 98 system using cable modem.

2. Stick with programs developed by or reviewed by well-known companies. Microsoft, for example, occasionally releases patches that are generally helpful bug fixes to operating system components. Newly-announced utilities from lesser-known organizations, on the other hand, may be more experimental or speculative patches that may do more harm than good in some situations.

3. Finally, consider making performance tweaks to your system manually rather than through use of a utility. Making changes “by hand” allows one to experiment more methodically and understand clearly where the modifications were made and where they can be undone. With utility software, much of it available only in binary form, the nature of modifications made may not be apparent or well-documented and thus much harder to undo. NEVER rely on the automatic uninstall capability of these programs!

Broadband speed patches can improve the performance and reliability of home networks with high-speed Internet service like cable modem or DSL. However, with so many variables involved in network performance, the only sure way to evaluate the quality of these packages is to (carefully) try them out on your systems.

The following list contains the Error Codes that you may receive when you try to make a VPN connection:

600
An operation is pending.

601
The port handle is invalid.

602
The port is already open.

603
Caller’s buffer is too small.

604
Wrong information specified.

606
The port is not connected.

608
The device does not exist.

609
The device type does not exist.

610
The buffer is invalid.

612
The route is not allocated.

615
The port was not found.

616
An asynchronous request is pending.

617
The port or device is already disconnecting.

618
The port is not open.

619
The port is disconnected.

621
Cannot open the phone book file.

622
Cannot load the phone book file.

623
Cannot find the phone book entry.

624
Cannot write the phone book file.

625
Invalid information found in the phone book.

627
Cannot find key.

628
The port was disconnected.

629
The port was disconnected by the remote machine.

630
The port was disconnected due to hardware failure.

631
The port was disconnected by the user.

632
The structure size is incorrect.

633
The port is already in use or is not configured for Remote Access dialout.

635
Unknown error.

636
The wrong device is attached to the port.

638
The request has timed out.

645
Internal authentication error.

646
The account is not permitted to log on at this time of day.

647
The account is disabled.

648
The password has expired.

649
The account does not have Remote Access permission.

651
Your modem (or other connecting device) has reported an error.

652
Unrecognized response from the device.

653
A macro required by the device was not found in the device .INF file section.

654
A command or response in the device .INF file section refers to an undefined macro

655
The macro was not found in the device .INF file section.

656
The macro in the device .INF file section contains an undefined macro

657
The device .INF file could not be opened.

658
The device name in the device .INF or media .INI file is too long.

659
The media .INI file refers to an unknown device name.

660
The device .INF file contains no responses for the command.

661
The device .INF file is missing a command.

662
Attempted to set a macro not listed in device .INF file section.

663
The media .INI file refers to an unknown device type.

664
Cannot allocate memory.

665
The port is not configured for Remote Access.

666
Your modem (or other connecting device) is not functioning.

667
Cannot read the media .INI file.

668
The connection dropped.

669
The usage parameter in the media .INI file is invalid.

670
Cannot read the section name from the media .INI file.

671
Cannot read the device type from the media .INI file.

672
Cannot read the device name from the media .INI file.

673
Cannot read the usage from the media .INI file.

676
The phone line is busy.

677
A person answered instead of a modem.

678
There is no answer.

679
Cannot detect carrier.

680
There was no dial tone.

691
Access denied because username and/or password is invalid on the domain.

692
Hardware failure in port or attached device.

693
ERROR NOT BINARY MACRO

694
ERROR DCB NOT FOUND

695
ERROR STATE MACHINES NOT STARTED

696
ERROR STATE MACHINES ALREADY STARTED

697
ERROR PARTIAL RESPONSE LOOPING

698
A response keyname in the device .INF file is not in the expected format.

699
The device response caused buffer overflow.

700
The expanded command in the device .INF file is too long.

701
The device moved to a BPS rate not supported by the COM driver.

702
Device response received when none expected.

703
ERROR INTERACTIVE MODE

704
ERROR BAD CALLBACK NUMBER

705
ERROR INVALID AUTH STATE

707
X.25 diagnostic indication.

708
The account has expired.

709
Error changing password on domain.

710
Serial overrun errors were detected while communicating with your modem.

711
RasMan initialization failure. Check the event log.

713
No active ISDN lines are available.

716
The Remote Access IP configuration is unusable.

717
No IP addresses are available in the static pool of Remote Access IP addresses.

718
PPP timeout.

720
No PPP control protocols configured.

721
Remote PPP peer is not responding.

722
The PPP packet is invalid.

723
The phone number, including prefix and suffix, is too long.

726
The IPX protocol cannot be used for dial-out on more than one port at a time.

728
Cannot find an IP adapter bound to Remote Access.

729
SLIP cannot be used unless the IP protocol is installed.

730
Computer registration is not complete.

731
The protocol is not configured.

732
The PPP negotiation is not converging.

733
The PPP control protocol for this network protocol is not available on the server.

734
The PPP link control protocol terminated..

735
The requested address was rejected by the server.

736
The remote computer terminated the control protocol.

737
Loopback detected.

738
The server did not assign an address.

739
The remote server cannot use the Windows NT encrypted password.

740
The TAPI devices configured for Remote Access failed to initialize or were not installed correctly.

741
The local computer does not support encryption.

742
The remote server does not support encryption.

749
ERROR_BAD_PHONE_NUMBER

752
A syntax error was encountered while processing a script.

753
The connection could not be disconnected because it was created by the multi-protocol router.

754
The system could not find the multi-link bundle.

755
The system cannot perform automated dial because this connection has a custom dialer specified.

756
This connection is already being dialed.

757
Remote Access Services could not be started automatically. Additional information is provided in the event log.

764
No smart card reader is installed.

765
Internet Connection Sharing cannot be enabled. A LAN connection is already configured with the IP address that is required for automatic IP addressing.

766
A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.

767
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network has more than one IP address configured. Please reconfigure the LAN connection with a single IP address before enabling Internet Connection Sharing.

768
The connection attempt failed because of failure to encrypt data.

769
The specified destination is not reachable.

770
The remote computer rejected the connection attempt.

771
The connection attempt failed because the network is busy.

772
The remote computer’s network hardware is incompatible with the type of call requested.

773
The connection attempt failed because the destination number has changed.

774
The connection attempt failed because of a temporary failure. Try connecting again.

775
The call was blocked by the remote computer.

776
The call could not be connected because the remote computer has invoked the Do Not Disturb feature.

777
The connection attempt failed because the modem (or other connecting device on the remote computer is out of order.

778
It was not possible to verify the identity of the server.

780
An attempted function is not valid for this connection.

782
Internet Connection Sharing (ICS and Internet Connection Firewall (ICF cannot be enabled because Routing and Remote Access has been enabled on this computer. To enable ICS or ICF, first disable Routing and Remote Access. For more information about Routing and Remote Access, ICS, or ICF, see Help and Support.

783
Internet Connection Sharing cannot be enabled. The LAN connection selected as the private network is either not present, or is disconnected from the network. Please ensure that the LAN adapter is connected before enabling Internet Connection Sharing.

784
You cannot dial using this connection at logon time, because it is configured to use a user name different than the one on the smart card. If you want to use it at logon time, you must configure it to use the user name on the smart card.

785
You cannot dial using this connection at logon time, because it is not configured to use a smart card. If you want to use it at logon time, you must edit the properties of this connection so that it uses a smart card.

786
The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication.

787
The L2TP connection attempt failed because the security layer could not authenticate the remote computer.

788
The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.

789
The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

790
The L2TP connection attempt failed because certificate validation on the remote computer failed.

791
The L2TP connection attempt failed because security policy for the connection was not found.

792
The L2TP connection attempt failed because security negotiation timed out.

793
The L2TP connection attempt failed because an error occurred while negotiating security.

794
The Framed Protocol RADIUS attribute for this user is not PPP.

795
The Tunnel Type RADIUS attribute for this user is not correct.

796
The Service Type RADIUS attribute for this user is neither Framed nor Callback Framed.

797
A connection to the remote computer could not be established because the modem was not found or was busy. For further assistance, click More Info or search Help and Support Center for this error number.

798
A certificate could not be found that can be used with this Extensible Authentication Protocol.

799
Internet Connection Sharing (ICS cannot be enabled due to an IP address conflict on the network. ICS requires the host be configured to use 192.168.0.1. Please ensure that no other client on the network is configured to use 192.168.0.1.

800
Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection.

801
This connection is configured to validate the identity of the access server, but Windows cannot verify the digital certificate sent by the server.

802
The card supplied was not recognized. Please check that the card is inserted correctly, and fits tightly.

803
The PEAP configuration stored in the session cookie does not match the current session configuration.

804
The PEAP identity stored in the session cookie does not match the current identity.

805
You cannot dial using this connection at logon time, because it is configured to use logged on user’s credentials.

806
A connection between your computer and the VPN server has been started, but the VPN connection cannot be completed. The most common cause for this is that at least one Internet device (for example, a firewall or a router) between your computer and the VPN server is not configured to allow Generic Routing Encapsulation (GRE) protocol packets. If the problem persists, contact your network administrator or Internet service provider.

807
The network connection between your computer and the VPN server was interrupted. This can be caused by a problem in the VPN transmission and is commonly the result of internet latency or simply that your VPN server has reached capacity. Please try to reconnect to the VPN server. If this problem persists, contact the VPN administrator and analyze quality of network connectivity.

808
The network connection between your computer and the VPN server could not be established because the remote server refused the connection. This is typically caused by a mismatch between the server’s configuration and your connection settings. Please contact the remote server’s Administrator to verify the server configuration and your connection settings.

809
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g., firewalls, NAT, routers, etc.) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

810
A network connection between your computer and the VPN server was started, but the VPN connection was not completed. This is typically caused by the use of an incorrect or expired certificate for authentication between the client and the server. Please contact your Administrator to ensure that the certificate being used for authentication is valid.

811
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This is typically caused by a pre-shared key problem between the client and server. A pre-shared key is used to guarantee you are who you say you are in an IP Security (IPSec) communication cycle. Please get the assistance of your administrator to determine where the pre-shared key problem is originating.

812
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

813
You have attempted to establish a second broadband connection while a previous broadband connection is already established using the same device or port. Please disconnect the earlier connection and then re-establish the connection.

814
The underlying Ethernet connectivity required for the broadband connection was not found. Please install and enable the Ethernet adapter on your computer via the Network Connections folder before attempting this connection.

815
The broadband network connection could not be established on your computer because the remote server is not responding. This could be caused by an invalid value for the ‘Service Name’ field for this connection. Please contact your Internet Service Provider and inquire about the correct value for this field and update it in the Connection Properties.

816
A feature or setting you have tried to enable is no longer supported by the remote access service.

817
Cannot delete a connection while it is connected.

818
The Network Access Protection (NAP) enforcement client could not create system resources for remote access connections. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

819
The Network Access Protection Agent (NAP Agent) service has been disabled or is not installed on this computer. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

820
The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NAP Agent) service. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

821
The Network Access Protection (NAP) enforcement client was unable to process the request because the remote access connection does not exist. Retry the remote access connection. If the problem persists, make sure that you can connect to the Internet, and then contact the administrator for the remote access server.

822
The Network Access Protection (NAP) enforcement client did not respond. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

823
Received Crypto-Binding TLV is invalid.

824
Crypto-Binding TLV is not received.

825
Point-to-Point Tunnelling Protocol (PPTP) is incompatible with IPv6. Change the type of virtual private network to Layer Two Tunnelling Protocol (L2TP)

Note In this 8255 error message, the word “Tunnelling” is a misspelling for the word “Tunneling.”

826
EAPTLS validation of the cached credentials failed. Please discard cached credentials.

827
The L2TP/IPsec connection cannot be completed because the IKE and AuthIP IPSec Keying Modules service and/or the Base Filtering Engine service is not running. These services are required to establish an L2TP/IPSec connection. Please ensure that these services have been started before dialling the connection

Folks, my sincere apologies for not being able to start the previously mentioned British TV sale on time. Its now active and ready if you are interested in this service. This is a 48 hour sale only and once its gone, its gone. As some of you know we rarely run sales and this is the best one by far. So grab it while its available! If you have any questions or comments, they are always welcomed on this page.

Hi Folks. A big welcome to all Tenerife forum users. We’ve just completed an exclusive deal with the Tenerife Forum owners/operators that we believe will be beneficial to all. We’ve gone through many months of negotiations both back and forth and have ironed out the details and the terms of service for this contract. We have signed as the only exclusive supplier of our services for this forum and service has already commenced.

In pre-preparation of this event, we have brought online many additional servers of high class standards to fulfill this new service need. We have spared no expense and have an awesome line of equipment standing by for use at a moments notice. We’ve got plenty of servers and plenty of space.

My personal thanks and gratitude go out to Kirsty Jay and Zarion as the administrators of this forum who have both tirelessly worked and negotiated the best deal for their forum members and we are proud to be their exclusive suppliers. This was a contract deal a long time in the works and now the power of the IAPS Networks are being offered at a discounted rate for a limited time for Tenerife Forum members and contributors. Once again, thanks go out to Kirsty Jay and Zarion.