More simply, Google plans to prevent bad websites on the internet from attacking a visitor’s devices (like printers or routers) in your home or on your computer. People usually consider these devices safe as they’re not directly connected to the internet and are protected by a router.

Block unsafe requests to internal networks

The proposed “Private Network Access protections” feature, which will be in a “warning-only” mode in Chrome 123, conducts checks before a public website (referred to as “site A”) directs a browser to visit another site (referred to as “site B”) within the user’s private network.

The checks include verifying if the request comes from a secure context and sending a preliminary request to see if site B (e.g. HTTP server running on loopback address or router’s web panel) permits access from a public website through specific requests called CORS-preflight requests.

Unlike existing protections for subresources and workers, this feature focuses specifically on navigation requests. Its primary purpose is to shield users’ private networks from potential threats.

In an example provided by Google, the developers illustrate an HTML iframe on a public website that performs a CSRF attack that changes the DNS configuration of a visitor’s router on their local network.

<iframe href="https://admin:admin@router.local/set_dns?server1=123.123.123.123">
</iframe>

Under this new proposal, when the browser detects that a public site attempts to connect to an internal device, the browser will send a preflight request to the device first.

If there is no response, the connection will be blocked. However, if the internal device responds, it can tell the browser whether the request should be allowed using an ‘Access-Control-Request-Private-Network‘ header.

This allows requests to devices on an internal network to be automatically blocked unless the device explicitly allows the connection from public websites.

While in the warning stage, even if the checks fail, the feature won’t block the requests. Instead, developers will see a warning in the DevTools console, giving them time to adjust before stricter enforcement begins.

“Private Network Access protections will not apply in this case since the feature was designed to protect users’ private network from more-public web pages,” warns Google.

To prevent this, Google proposes to block auto-reloading of a page if the Private Network Access feature previously blocked it.

When this happens, the web browser will display an error message stating that you can allow the request to go through by manually reloading the page, as shown below.

This page would include a new Google Chrome error message, “BLOCKED_BY_PRIVATE_NETWORK_ACCESS_CHECKS,” to tell you when a page can’t load because it didn’t pass Private Network Access security checks.

The motivation behind this development is to prevent malicious websites on the internet from exploiting flaws on devices and servers in users’ internal networks, which were presumed safe from internet-based threats.

This includes protecting against unauthorized access to users’ routers and software interfaces running on local devices—a growing concern as more applications deploy web interfaces assuming nonexistent protections.

According to a support document, Google started exploring this idea in 2021 to prevent external websites from making harmful requests to resources within the private network (localhost or a private IP address).

While the immediate goal is to mitigate risks like those from “SOHO Pharming” attacks and CSRF (Cross-Site Request Forgery) vulnerabilities, the specification does not aim to secure HTTPS connections for local services—a necessary step for integrating public and non-public resources securely but beyond the current scope of the specification.

The post New Google Chrome Feature Blocks Attacks Against Home Networks appeared first on Veiliant Inc..

As a result, concluded Auditor General Karen Hogan, it did not deliver the best value for taxpayer dollars spent.

But Hogan also said the lack of documentation makes it almost impossible to find out the exact cost of all the work paid for the app.

Canada Border Services Agency, the Public Health Agency of Canada, and Public Services and Procurement Canada were faulted by Hogan in the report filed in Parliament this morning.

The application was created in 2020 to digitally collect traveller contact and health information when they entered Canada during the COVID‑19 pandemic, so information could easily be presented to border authorities. The audit estimated that the ArriveCAN application cost approximately $59.5 million but emphasized that the exact cost was impossible to calculate because of the Canada Border Services Agency’s poor financial record keeping.

“The agency’s decision to continue relying on external resources throughout the application’s development, launch and updates, beyond the initial pandemic crisis, increased costs and brings into question the value achieved for money spent,” the auditor general’s office said in a statement.

The lack of documentation and controls extended to contracting practices, the statement says. The audit found that the Canada Border Services Agency’s “disregard for policies, controls, and transparency in the contracting process limited opportunities for competition and undermined value for money. There was little documentation to support how and why  a company called GC Strategies was awarded the initial ArriveCAN contract through a non‑competitive process.”

GC Strategies is an IT staffing company — that is, it hires, or subcontracts, developers to do work for organizations it contracts with.

The report says evidence shows GC Strategies was involved in setting the requirements that the Canada Border Services Agency later used to tender a competitive contract.

The audit found that Canada Border Services Agency managed contracts poorly, which raised concerns about value for money. Essential information, such as clear deliverables and required qualifications, was missing from contracts. Canada Border Services Agency routinely approved and paid invoices that contained little or no details on the work completed.

“Public servants must always be transparent and accountable to Canadians for their use of public funds”, said Hogan. “Many questions that Parliamentarians and Canadians are asking cannot be answered. The lack of information to support ArriveCAN spending and decisions has compromised accountability.”

The report says

• 18 per cent of invoices submitted by contractors that Hogan’s office tested did not provide enough information to determine whether expenses related to ArriveCAN or another information technology project. This made it impossible to accurately attribute costs to projects;
• the AG’s office estimated that the average per diem cost for the ArriveCAN external resources was $1,090, whereas the average daily cost for equivalent IT positions in the Government of Canada was $675. The Canada Border Services Agency continued to rely on external resources, increasing the cost of the application;
• between April 2020 and October 2022, the Canada Border Services Agency released 177 versions of ArriveCAN, with often little to no documentation of testing. In one update, in June 2022, around 10,000 travelers were wrongly instructed to quarantine.

As a result of that incident, the federal Privacy Commissioner found that the Canada Border Services Agency (CBSA) contravened the Privacy Act by not taking all reasonable steps to ensure that information about individuals recorded in the app was accurate;

• there was no formal agreement between the Public Health Agency of Canada and the Canada Border Services Agency from April 2020 to July 2021 to clarify roles and responsibilities, the report says. “Each agency believed that its counterpart was responsible for establishing a governance structure. In our view, the Public Health Agency of Canada, as the business owner, was responsible for establishing the governance structure.
  “As a result of the missing governance structure, good project management practices were not developed and implemented,” the report says. “For example, the Public Health Agency of Canada did not develop project objectives and goals, budgets and cost estimates, assessments of resource needs, or risk management activities.” It was only in July 2021, when a letter of intent was signed, that responsibilities for funding the development, implementation, management, and support of ArriveCAN was clarified;
• the AG’s office found no evidence to show that some Canada Border Services Agency employees complied with the agency’s Code of Conduct by disclosing that they had been invited to dinners and other activities by contractors;
• one reason the cost of the app went up: The Canada Border Services Agency added a digital customs and immigration declaration form into the ArriveCAN application at a cost of about $6.2 million, to replace a paper-based system. The new digital declaration form remained in use after government requirements to collect travellers’ contact and health information stopped in October 2022.

The Canada Border Services Agency was responsible for developing and managing the ArriveCAN application on the basis of the Public Health Agency of Canada’s health requirements. These requirements were implemented to meet Covid-19 emergency orders. The Public Health Agency of Canada assists the federal Minister of Health. The agency was the business owner of ArriveCAN until April 1, 2022. Public Services and Procurement Canada is the government’s central purchasing and contracting authority, and was responsible for issuing and administering contracts on the agencies’ behalf when the contract value exceeded their delegated authority to procure.

While the Treasury Board of Canada Secretariat introduced some flexibility into the procurement and contract processes during the pandemic to achieve results quickly, the report notes, it still required government organizations to demonstrate due diligence and controls around expenditures and to document their decisions.

Hogan recommends:

• the Canada Border Services Agency maintain accurate financial records by correctly allocating expenses to projects. To better support these actions, the agency should work with contractors to obtain invoices that accurately detail the work completed by each resource by project, contract, and task authorization;
• the Canada Border Services Agency and the Public Health Agency of Canada fully document interactions with potential contractors and the reasons for decisions made during non‑competitive procurement processes and should put in place a process to ensure compliance with the requirements of the contracting policies;
• the Canada Border Services Agency should ensure that potential bidders are not involved in developing or preparing any part of a request for proposal, and should put in place controls that will prevent this from occurring.

In response to the AG report, the government issued a statement admitting there were “unacceptable gaps in management processes.”

CBSA has already created an Executive Procurement Review Committee to approve contracts and task authorizations, the government said, “which is already providing additional oversight on all contracting activities, focusing on delivering value for money.” CBSA has also established a procurement centre of expertise to help employees fully understand their obligations and authorities. The agency also now requires employees to disclose all interactions with potential vendors.

Public Services and Procurement Canada “will continue to strengthen all aspects of the federal procurement regime and will use the findings from this report to improve the way the Government of Canada does business with its suppliers,” the statement says. New measures have already been added to ensure that tasks and deliverables are clearly defined in professional services contracts, the government says, and the policy and guidance documentation used by procurement officials to ensure consistency has been updated.

The post Government Departments Ignored Management Practices, Failed to Oversee ArriveCan App: Auditor General appeared first on Veiliant Inc..

When new hardware is added to a Windows computer, the operating system connects to a Microsoft-operated website called the Windows Metadata and Internet Services (WMIS) to download metadata packages associated with the particular hardware.

“If a device metadata package is available, the Device Metadata Retrieval Client (DMRC) that runs on the local computer downloads the package from WMIS and installs the package on the local computer.”

These metadata packages contain information about the hardware, such as its model name, description, OEM provider, various properties and actions, and the device’s associated hardware categories.

This information is then used in various Window dialogs, such as the Devices and Printers settings page.

Windows Metadata services unavailable

However, since November, Windows has been unable to connect to the Metadata service located at http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409, which redirects to http://dmd.metaservices.microsoft.com/metadata.svc.

When visiting the URL from a browser, the site shows an error stating “502 Bad Gateway,” indicating something is wrong with the site.

As reported by BornCity in December, this caused occasional Event ID 201 connection error events and repeated Event ID 131 errors for ‘DeviceSetupManager’ to appear in the Windows Event Viewer logs, with a description of “Metadata staging failed, result=0x80070490”.

BleepingComputer was told by an admin dealing with these errors that the inability to connect to the Windows Metadata services is causing problems in their organization.

These problems include 4-5 minute delays when troubleshooting printer problems or adding and deleting print queues, usually leading to support tickets being filed about the issues.

For a large organization with thousands of Windows devices, this can quickly become a problem for IT staff.

However, Windows admins had short-lived happiness this week, as Microsoft released the Windows 10 KB5034763 and Windows 11 KB5034765 cumulative updates as part of the February 2024 Patch Tuesday with what they claim is a fix for the Window Metadata connection issues.

These updates both state that they resolve the problems connecting to the Windows Metadata servers, and as an added bonus, the connection will be over HTTPS, making them more secure.

“This update addresses an issue that affects the download of device metadata,” reads both support bulletins.

“Downloads from the Windows Metadata and Internet Services (WMIS) over HTTPS are now more secure.”

After installing the updates, BleepingComputer can confirm that the new Metadata server URL, https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409, is using HTTPs and redirects to the new URL https://devicemetadataservice.trafficmanager.net/dms/metadata.svc?LinkID=2257403&clcid=0x409, which also uses HTTPs.

However, Microsoft has failed to associate an IP address to devicemetadataservice.trafficmanager.net in DNS, causing connection attempts to fail.

BleepingComputer is now told that this is causing the Event Log to show repeated Event ID 201 connection errors, stating, “A connection to the Windows Metadata and Internet Services (WMIS) could not be established.”

“Same here – no 131’s anymore but **** of 201’s,” reads a post on the Microsoft forums.

It is unclear why Microsoft disabled the Metadata servers in the first place and why they are not bringing them back online as expected.

BleepingComputer contacted Microsoft about this issue yesterday but has not received a response to our email.

The post Microsoft Says it Fixed a Windows Metadata Server Issue That’s Still Broken appeared first on Veiliant Inc..

Exchange ActiveSync (EAS) is an Exchange synchronization protocol using HTTP and XML to let users access their email, calendar, contacts, and tasks.

“We have to use Activesync in order to connect to our cloud-hosted email server. Other syncing may not be impacted,” one impacted user said.

While the Outlook Team has yet to provide an explanation for this syncing issue, it’s currently investigating and will provide a fix as soon as a solution is found.

Workaround available

Until this EAS syncing issue is resolved, Microsoft provides a temporary fix for affected users to revive their Outlook desktop clients.

This requires reverting Office M365 Click-to-Run installations to an unaffected Office build (the suggested build is Version 2312 Build 17126.20132) or switching to an Office Channel that does not have this sync issue.

To apply this workaround, you will have to go through the following procedure:

1. Disable updates temporarily to ensure Outlook doesn’t automatically update to the broken version from File > Office Account> Update Options>Disable Updates.
2. Exit all Office applications, Select Start, type cmd in the Search box, right-click  Command Prompt (or cmd.exe), and then select Run as administrator.
3. In the command prompt dialog window, type the following two command lines, pressing Enter after each command line:
   • cd %programfiles%\Common Files\Microsoft Shared\ClickToRun
   • officec2rclient.exe /update user updatetoversion=16.0.17126.20132
4. When the repair is done, open Outlook and select  File > Office Account.
5. After the version revert process is finished, launch Outlook to check if it’s operating normally again.

Microsoft is also investigating an issue triggering Outlook security alerts when trying to open .ICS calendar files after December 2023 Patch Tuesday Office security updates are installed.

Redmond fixed another known Outlook issue this month that was causing connection issues for desktop and mobile email clients when using Outlook.com accounts.

The post Microsoft: Outlook Clients Not Syncing Over Exchange ActiveSync appeared first on Veiliant Inc..

The company is also working on open-sourcing the new tool and recommends Gerardo Grignoli’s gsudo as an alternative with more configuration options and a more extensive feature set.

The new Sudo tool is rolling out to Windows Insiders in the Canary and Dev Channels running Windows 11 Insider Preview Build 26052.

“This project is not a fork of the Linux sudo project, nor is it a port of the Linux sudo project. Instead, Sudo for Windows is a Windows-specific implementation of the sudo concept,” Microsoft explains.

“As the two are entirely different applications, you’ll find that certain elements of the Linux sudo experience are not present in Sudo for Windows, and vice versa.”

Since Linux sudo and Sudo for Windows are different beasts, scripts written for Linux sudo may not work with Sudo for Windows without some (heavy?) modification.

Those who want to enable the sudo command on their system have to go to Settings > For Developers page in the Windows Settings app and toggle the “Enable Sudo” option.

It can be configured to run applications in a new elevated console window, in the same window but with input disabled, or inline (the new elevated process takes input and routes output to the current window).

After elevating a new process using sudo, a UAC dialog will appear to ask the user for confirmation and escalate privileges once confirmed, using the configuration option the user selected.

Sudo for Windows was accidentally revealed by Microsoft two weeks ago, together with some other in-development features, and was first spotted by Albacore while looking into changes added to updated language packs included with a leaked Windows Server 2025 Insider preview build.

“Over the coming months we will be working on expanding documentation for Sudo for Windows and will be sharing more details about the security implications of running sudo in the ‘Inline’ configuration,” Adoumie said.

“Our team is working on open-sourcing Sudo for Windows and we’re excited to share more details about our plans in the coming months.”

The post Microsoft Unveils New ‘Sudo for Windows’ Feature in Windows 11 appeared first on Veiliant Inc..

On Windows systems with more than one monitor affected by this known issue, the desktop icons will move between displays or jump out of alignment when using Copilot in Windows (in preview).

“If your organization is using Windows Update for Business reports, the safeguard ID is 47615939,” Redmond said.

Microsoft has now resolved the bug via a server-side change for Windows 11 23H2 devices with updates older than January 9, 2024, and removed the safeguard hold on Wednesday, February 7, making Windows Copilot available on systems with no other compatibility holds.

“Eligible Windows 10 and Windows 11 devices with no other safeguards should now be able to upgrade to Windows 11, version 23H2,” Microsoft said.

“Please note, it can take up to 48 hours before the update to Windows 11, version 23H2 is offered. Restarting your device might help it offer faster.”

In January, the company confirmed another known issue causing Sysprep Windows validation 0x80073cf2 errors on Windows 10 22H2 systems.

Additionally, it’s working to fix a bug triggering 0x80070643 errors when installing the KB5034441 security update to patch a BitLocker vulnerability tracked as CVE-2024-20666.

Earlier this month, Redmond also began investigating an Outlook bug triggering security alerts when opening .ICS calendar files after the December 2023 Patch Tuesday Office security updates are installed.

The post Microsoft Fixes Copilot Issue Blocking Windows 11 Upgrades appeared first on Veiliant Inc..

Microsoft 365 users affected by this issue report seeing dialog boxes warning them that “Microsoft Office has identified a potential security concern” and that “This location may be unsafe” when double-clicking ICS files saved locally.

The company also revealed that the security warning will be displayed after deploying a security update that patches the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability.

If left unpatched, the security flaw can be exploited by attackers to trick users of unpatched Outlook installations into opening maliciously crafted files to steal NTLM hashes (their obfuscated Windows credentials).

The attackers can later use them to authenticate as the compromised user, gain access to sensitive data, or spread laterally on their network.

​Workaround available

Until a resolution is available, Redmond shared a temporary fix for those impacted in the form of a registry key that would disable the security notice.

However, once this workaround is deployed, it’s also important to note that you’ll stop receiving security prompts for all other potentially dangerous file types, not just ICS calendars.

Those affected by this known issue have to add a new DWORD key with a value of ‘1’ to:

• HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\common\security (Group Policy registry path)
• Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Security (OCT registry path)

Impacted customers can also disable the dialog by following the step-by-step instructions available in the ‘Enable or disable hyperlink warning messages in Office programs‘ support document.

Microsoft fixed another known Outlook issue earlier this month, causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.

In December, the company addressed two more bugs causing problems for users with lots of folders when sending emails and one more causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts.

The post Microsoft Outlook December Updates Trigger ICS Security Alerts appeared first on Veiliant Inc..

As previously reported by BleepingComputer, after the January 2024 Google Play system updates came out, some owners of various Google Pixel models experienced internal storage access problems, the inability to open apps or the camera, or even take screenshots.

Google acknowledged the problem and told BleepingComputer that they were looking into the issues, and owners who hadn’t applied the January 2024 Play system update were advised to hold off.

Today, Google shared a temporary and somewhat complicated fix on the Google Pixel support forums that could help impacted users restore their phones to normal working status.

“We are aware of a storage issue occurring on a small number of Pixel phones that have received the January Google Play system update, causing some devices to behave incorrectly,” reads a post by a Google community manager on Pixel’s support forums.

“If your device was impacted, you might notice multiple apps crashing, screenshots not saving, and external storage working inconsistently.”

Although Google hasn’t shared any details regarding the root cause of the issue, it stated it’s more prevalent on Pixel devices with multiple user accounts.

The company says they are working on fixing the root cause of the system update issue and will provide further updates when they learn more.

A complicated fix

While Google is working on a fix that will be pushed out to all Pixel phones via an update, it has released a fairly complicated temporary solution that requires installation of the Android Platform Tools developer toolkit.

If you are comfortable using the command, then you can follow these steps to fix your Google Pixel device:

1. Enable ‘Developer options’ within Settings on your Pixel phone by:
   • Navigating to Settings > About phone > Build number
   • Tapping the Build Numberoption seven times until you see the message ‘You are now a developer!’ This enables Developer options on your device
   • Go to Settings > System > Developer options
   • Under Developer optionsenable USB debugging
2. Connect your Pixel phone to your computer via USB-C cable.
   • If device shows “Charging this device via USB” -> tap for more options and set to “File Transfer”
3. Click hereto download Android’s folder of Platform Tools to your computer, which includes the Android Debug Bridge (ADB) application.
4. After unzipping the downloaded folder, open your terminal / command prompt.
5. Within Terminal / Command prompt:
   • Change your working directory to the platform-tools directory you just extracted the tools to.
   • Type “./adb devices” (“adb devices” in Windows) and press the Enter key.
     • If the result within Terminal lists your phone as “Unauthorized” – your Pixel phone is likely prompting you to allow USB debugging. Tap Allowand retry this step so that your phone is listed as “device” within Terminal.
   • Input the following commands in your Terminal, pressing the Enter key after each line:
     • “./adb uninstall com.google.android.media.swcodec”
     • “./adb uninstall com.google.android.media”

6. Disconnect your Pixel phone from your computer
7. Restart your Pixel phone (your device might disconnect from network, this is OK)
   • On Pixel 5a and earlier: Press your phone’s Power button for about 30 seconds, or until your phone restarts
   • On Pixel 6 and later, including Fold: Press and hold the Power and Volume up buttons at the same time until your phone restarts
8. Return your phone and computer to their previous settings:
   • Turn off USB debugging
     • Go to Settingsand scroll to the System section (on Android 8 and above, go to Settings > System)
     • Tap Developer Options.
     • Tap the button to toggle developer options Off. USB Debugging is included in Developer Options
   • Stop adb:
     • Type “./adb kill-server” in your Terminal window and press the Enter key. Exit the Terminal application.

The above fix requires having a Windows, Linux, or macOS computer available and a certain level of comfort or familiarity working with developer tools, so it’s certainly not ideal for everyone.

Rightfully, some users complained that the fix was far too complicated. Others underlined that Google was too late to share a fix, noting that many impacted users have performed a factory reset by now.

Those still on the November 2023 Play Services update would be better off postponing the installation of the latest update, especially if they use multiple user profiles.

If you’re already impacted and need extra help resolving the issue, it is recommended that you ask your questions in Google’s support forums.

The post Google Shares Fix for Pixel Phones Hit by Bad System Update appeared first on Veiliant Inc..

Affected customers again report having connectivity issues and experiencing delays when sending and receiving messages in mobile and desktop Teams clients.

Teams users affected by these ongoing issues can find more information in an incident report tagged as TM710900 in the Microsoft 365 admin center.

“Some users may be unable to access Microsoft Teams or some features,” the company says in the incident report.

“This Service Health post is in response to some external customer reports and will be updated with further details as we confirm the service’s operational health.”

Microsoft has yet to update its service health page for the Teams consumer service, which says, “Everything is up and running.”

On Friday, Redmond attributed a widespread outage affecting customers across North America, Europe, the Middle East, and Africa regions to an undisclosed networking issue impacting a portion of database infrastructure used by multiple APIs.

Just as today, customers reported experiencing login and server connection issues, desktop and mobile Teams apps frozen on loading screens, and various message delivery problems.

While Microsoft addressed the issue behind the Friday outage within roughly 12 hours since it was acknowledged, customers were still reporting experiencing problems, including delays in receiving messages and Teams clients crashing.

Update January 30, 12:40 EST: Microsoft says affected services are now operational.

“Investigation continues to show the service remains in a healthy state. We’ll enter a period of extended monitoring and provide future updates under TM710900 in the admin center,” Microsoft said.

The post Microsoft Teams Hit by Second Outage in Three Days appeared first on Veiliant Inc..

“Since starting around 1/23/24 users have reported issues connecting with Outlook 2013, Outlook 2016, Outlook for Microsoft 365, Thunderbird, and mobile email apps when connecting with POP, IMAP, and Exchange connections,” Microsoft says.

Customers reported experiencing sign-in problems linked to this issue since last Tuesday on Microsoft’s community platforms and social networks like Reddit.

Those impacted see pop-up messages asking them to enter their password and giving them a “Remember my credentials” option. However, even when entering the correct password, the dialog will still pop up while the app tries connecting to the account.

“I put in the existing app password, it tries to connect, doesn’t, and the security window pops up again,” one affected customer says. “I signed in online, removed the app passwords, made a new one, and tried that. Same thing. I tried my regular (non-app) password, but that didn’t work as expected.”

Affected customers who cannot use their clients to connect to their Outlook.com accounts are advised to use Outlook.com on the web until the issue is addressed.

Other Outlook.com issues fixed in recent months

In December, the company fixed another issue, causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts in Version 2311 Build 17029.20068.

Microsoft advised users who disabled auto-updates to click “Update Now” under File > Office Account > Update Options to mitigate the issue.

The Outlook team also solved a bug caused by a configuration issue that was triggering 401 exception errors and breaking email searches for Outlook.com users in July.

Earlier in June, Microsoft confirmed that some of its services, including Outlook.com, OneDrive, and the Azure Portal, were disrupted or taken down by DDoS attacks claimed by the Anonymous Sudan threat actor believed to have Russian ties.

The post Microsoft Says Outlook Apps Can’t Connect to Outlook.com appeared first on Veiliant Inc..