Feed aggregator

By Jonathan McAnulty AAW Games Pathfinder Level 3

Waves of supernatural darkness sweep over the subterranean city of Stoneholme, quenching lights and bringing with it foul creatures of shadow. After heroically defending a group of dwarven children from being ravaged by a group of these shadow beings, the PCs are approached by Shtawn Deppenkhut—one of the king’s own advisers—and are offered the task of finding the source of the darkness that threatens the city. The PCs investigation takes them through the Underworld to hidden caverns, where demon worshipping priests offer living sacrifices in an attempt to plunge Stoneholme into everlasting darkness, a first step in destroying the hated city once and for all, but as it turns out the priests aren’t the only ones behind this unfolding plan to destroy Stoneholme.

*Withering Sigh*

This thirty page adventure details an eleven room dungeon in the underdark, and a couple of linear city and “journey there” combats. It shows no understanding of formatting or organization, other than the stat block. Wanna fight? That’s all you’ll be doing here.

Evil McEvil-man hires the party to look in to some evil. He’s got an evil plan and, for some reason, hires the party to meddle, no doubt to further his evil plan. This is like, what, the six billionith time an adventure has done this? Whatever. It’s all crap anyway. SO you save some dwarf kids from baddies in the streets, get hired to look in to a warehouse, and from there get hired to go through the underdark to kill some goblins in their lair. Then you find evidence that … some fellow dwarves were behind it all! Oh the humanity! Errr, dwarfmanity.

The typical massive amount of stat block place is present. Also present are HUGE amounts of poorly formatted DM text. Just long paragraph blocks full of words running on and in to each other. The paragraphs are all left justified as well, so you can’t really tell where one ends and another begins. Excellent for for making your content as incomprehensible as possible. Seriously, this thing has NO idea how to format a paragraph or convey information. To quote Gauntlet “I have not seem such bravery!” or something … 

Information is repeated time and again for no reason. Dwarf construction is weak-ass stuff, wil recent constructions breakings. Huh. I thought the trope was the opposite? Shadow rats, which could be cool, get no description at all and instead are just black looking rats. There was some real opportunity to generate horror and mystery with them, but no. Not to be. At multiple times in the adventure there are DC check gates. AT the end, find a DC14 letter to reveal the dwarven conspiracy, the rest of the adventure/dungeon essentially just being a pretext for this skill check. I wonder what would happen if the party failed it and the DM didn’t fudge it? That would be fun.

This is just crap on top of crap. Linear design. Fight a monster because it’s in your way and you’re on the way to that final skill check. Combat after combat. Tactical information but no real exploration or interactivity. Boring ass writing that’s not evocative at all. Absolutely NO attempt to make the text usable by the DM at the table, instead just vomiting words with no thought or care to their presentation.

This is $7 at DriveThru. The preview is six pages, but you don’t get to see anything of the adventure, just the preamble. As shitty a preview as one could possible provide while still providing a preview. These things just scream “Look! I paid for a pretty background text and art!” while giving you absolutely no idea how useful the actual adventure is. 

https://www.drivethrurpg.com/product/145615/U01-Dark-Days-in-Stoneholme?1892600

Only three days left on the 10 game Kickstarter. Just a few pledges away from unlocking the Bigger Games Stretch Goal! 

The Chic Halftime Shawl is trendy, warm, tweedy, and so speedy you’ll finish it in half the time! Perfect for chilly days and quick gifts, it’s a free crochet shallow shawl pattern on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations. A Special Collaboration – for Shawl Lovers! For this pattern, I...

Read More

The post Chic Halftime Shawl appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

1

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Sometimes there will be a theme, or a reason behind the choices. Other times there will be none. Since we talked about the […]

The post Friday Larchive – Art Krunch appeared first on Looking For Group.

Paint Night is a date night for married couples. Through our marriage ministry, we will be hosting a night for couples to take time to grow and invest into their marriage, while having fun by painting.  Child care is available for the evening. Sign up is required for couples and child care.

Come with your spouse and join us at the North End Campus, 239 Selkirk Ave, on  Friday November 15, 2019 at 7pm. For more information contact Dale and Laura Lawrence and to register your kids for child care call the Church office at 204.261.0070 to speak to Alisha.

The post Paint Night for Married Couples appeared first on Church of The Rock.

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default browser, ads in the notifications, and even ads via home screen widget. All while, ironically, posing as an ad blocker vaguely named Ads Blocker.

Upon installation: trouble

Diving right into this mobile threat, let’s look at its ease of infection. Immediately upon installation, it asks for Allow display over other apps rights.

This is, of course, so it can display all the ads it serves.

After that, the app opens and asks for a Connection request to “set up a VPN connection that allows it to monitor network traffic.” Establishing a VPN connection is not unusual for an ad blocker, so why wouldn’t you click OK? 

To clarify, the app doesn’t actually connect to any VPN.  Instead, by clicking OK, users actually allow the malware run in the background at all times.

Next up is a request to add a home screen widget.

This is where things get suspicious. The added widget is nowhere to be found. On my test device, it added the widget to a new home screen page.  Good luck finding and/or clicking it though.

The fake ad blocker then outputs some jargon to make it look legit.

Take a good look, because this will most likely be the last time you’ll see this supposed ad blocker if you are one of the many unfortunate victims of its infection.

Extreme stealth

Ads Blocker is inordinately hard to find on the mobile device once installed. To start, there is no icon for Ads Blocker. However, there are some hints of its existence, for example, a small key icon status bar.

This key icon was created after accepting the fake VPN connection message, as shown above. As a result, this small key is proof that the malware is running the background.

Although hard to spot, another clue is a blank white notification box hidden in plain sight.

Warning: If you happen to press this blank notification, it will ask permission to Install unknown apps with a toggle button to Allow from this source. In this case, the source is the malware, and clicking on it could allow for the capability to install even more malware.

If you try to find Ads Blocker on the App info page on your mobile device to remove manually, it once again hides itself with a blank white box.

Luckily, it can’t hide the app storage used, so the floating 6.57 MB figure show above can assist in finding it. Unless you spot this app storage number and figure out which app it belongs to (by process of elimination), you won’t be able to remove Ads Blocker from your device.

Android malware digs in its fangs

This Android malware is absolutely relentless in its ad-serving capabilities and frequency. As a matter of fact, while writing this blog, it served up numerous ads on my test device at a frequency of about once every couple minutes. In addition, the ads were displayed using a variety of different methods.

For instance, it starts with the basic full-page ad:

In addition, it offers ads in the notifications:

Oh look, it wants to send ads through the default web browser:

Last, remember the request to add a widget to the home screen that seemed to be invisible? Invisible widget presents: even more ads.

The ads themselves cover a wide variety of content, and some are quite unsavory—certainly not what you want to see on your mobile device.

Infections on the rise

Needless to say, this stealthy Android malware that plasters users with vulgar ads is not what folks are looking for when they download an ad blocker. Unfortunately, we have already counted over 500 detections of Android/Trojan.FakeAdsBlock. Moreover, we collected over 1,800 samples in our Mobile Intelligence System of FakeAdsBlock, leading us to believe that infection rates are quite high. On the positive side, Malwarebytes for Android removed more than 500 infections that are otherwise exceedingly difficult to remove manually.

Source of infection

It is unclear exactly where this Android malware is coming from. The most compelling evidence we have is based on VirusTotal submission data, which suggests the infection is spreading in the United States. Most likely, users are downloading the app from third-party app store(s) looking for a legitimate ad blocker, but are unknowingly installing this malware instead.

Moreover, from the filenames of several submissions, such as Hulk (2003).apk, Guardians of the Galaxy.apk, and Joker (2019).apk., there’s also a connection with a bogus movie app store as another possible source of infection.

Additional evidence demonstrates the Android malware might also be spreading in European countries such as France and Germany. A forum post was created on the French version of CCM.net regarding Ads Blocker, and a German filename was submitted to VirusTotal. 

A new breed of mobile malware

A new breed of stealthy mobile malware is clearly on the uptick. Back in August, we wrote about the hidden mobile malware xHelper, which we detect asAndroid/Trojan.Dropper.xHelper. At that time, xHelper had already been removed from 33,000 mobile devices—and the numbers continue to grow. Ads Blocker is even more stealthy and could easily reach the same rate of infection.

You can call it shameless plugging if you like, but this trend of stealthy Android malware highlights the necessity of a good mobile anti-malware scanner, like Malwarebytes. With more and more users turning to their mobile phones for banking, shopping, storing health data, emailing, and other sensitive, yet important functions, protecting against mobile malware has become paramount. Beware of third-party app stores, yes, but have backup in case apps like Ads Blocker have you fooled.

Stay safe out there!

The post Stealthy new Android malware poses as ad blocker, serves up ads instead appeared first on Malwarebytes Labs.

"A rich, complex world and a complete set of rules, Empire of the Petal Throne includes rules for character generation, magic, monsters, adventuring, societies and languages. It is set in the 2,354th Year “After the Seal” – the accession of the first Emperor of Tsolyánu, just before the events chronicled in Man of Gold, the first of several novels written by Prof. Barker. Included with the rules is a four page set of charts and tables, errata for the original game, a map of the City of Jakalla, a b&w map of the Five Empires, and a citizenship document for Tsolyanu, the Empire of the Petal Throne!"


Technically speaking Empire of the Petal Throne by M.A.R. Barker is a current game in print due to the machinations of the Tékumel: Empire of the Petal Throne Foundation. The set of rules that I'm going to be talking about today is the original Dungeons & Dragons Style rules set. If you wanna use Tékumel: Empire of the Petal Throne setting elements in your favorite rpg table top rules set then The Tekumel Sourcebook - Swords & Glory Vol. 1 for the classic material is the route to go. 



The world of the five empires is a complex cultural painting completely different from the high fantasy worlds of Dungeons & Dragons. Tékumel  is a setting created from within the fertile imagination of MAR Barker. Its vastly different from the original Dungeons & Dragons settings of Greyhawk & Blackmoor. How this is a quasi Middle Eastern, Indian, Mayan settings &  locations with ancient science fantasy overtones. The whole setting makes it clear that at any moment your player's PC's could be sacrificed, murdered, etc. in terrifying different realms of dungeons & ruins. Even though this game uses the familiar character generation, classes, etc. as original Dungeons & Dragons, EMP is vastly different because of its language, principles, & don't get me started on the cultures  of the game.  M.A.R. Barker was a brilliant weaver of tales, creator of setting, & definer of his world. Those who get invested are in for a ride.
For original Dungeons & Dragons players & DM's the trade cities provide a fertile place where you can plunk down your player's PCs. Adventuring means citizenship with lots of minor advantages. Within moments of plunking down in town PC's might wander into trouble or vast ruins that make the Undermount look like a pile of rubble. EMP is a mix of urban & dungeon crawl with lots of monsters not seen by the average Dungeons & Dragons players. They will learn to fear the smell of cinnamon there are vast numbers of alien races, weird creatures, robotic lifeforms & other strangeness left over in the depths of the underworld. Their waiting to say hi & murder your  adventurers.
The Empire of  The Petal Throne Rpg review on Drivethrurpg by Brit B. brings up a very important point with reference to the monsters;"Simple but striking black & white illustrations are frequent, which is good since I’m pretty sure you don’t know what a Pé Chói is, but you will soon. Each monster has about a paragraph of description for inspiration and a basic stat block. There’s a hex map of the main country along with ungridded maps of the main city, Jakálla, and the five empires to get you started. It is old school in my favorite sense, they give you the basics and let you run with it."
Its the sense of flavor that melts like candied Middle Eastern wax of imagination from the annals of Empire of the Petal Throne.  Jakálla has such setting flavor for me as a trade city that it reeks of spices, intrigue, incense, & adventure oozing through the cracks of its flag stones. Sorcerers & priests around every corner with their own sinister agendas. 
A word on combat, this is a 1975 game & the combat is a lethal affair with players expecting a high mortality rate. The game is more tool kit then actual whole cloth game that modern gamers might not be used to. Expect to die in unexpected & sinister ways of mayhem with monsters & NPC 's involved. Everything you need is contained within this book, so get those character sheets ready!  Jakálla or one of the many other trade cities await your PC's!  Do I think that Empire of the Petal Throne is fantastic? Yes I do but this is the rules set that I grew up with & so there's a bit of nostalgia on my part. Is it perfect? Not by a long chalk folks but for me & many others its a fantastic entry & exit point for the world, setting, & game of the Petal Throne. 

So why haven't I reviewed Jeff Dee's Bethorm: the Plane of Tekumel RPG from Uni games? Well that's a separate review completely coming up. 

MooglyCAL2019 Block #23 is courtesy of Kirsten Holloway Designs – and it’s absolutely stunning! Settle in for an evening or two of crochet fun with the penultimate square of 2019! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Furls, and Chetnanigans. Just getting started with the Crochet Along? CLICK HERE for the intro...

Read More

The post MooglyCAL2019 – Afghan Block #23 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0

Thursdays are LFGTBT, where we look back on LFG’s long history and share interesting trivia and commentary. As I mentioned Monday, one of my first assignments at Blind Ferret was reformatting the LFG scripts from before Sohmer used proper script […]

The post A Blüdraj By Any Other Name appeared first on Looking For Group.

Cryptozoic Entertainment and Warner Bros. Consumer Products, on behalf of DC, today announced the November 22 release of CZX Super Heroes & Super-Villains. The CZX super premium trading card release features thick, glossy cards with gold Deco Foil and imagery from movies starring DC’s characters, spanning from 2005’s Batman Begins to the recent Shazam! The unprecedented list of Autograph Card signers is led by stars Gal Gadot, Ben Affleck, Henry Cavill, Ezra Miller, and Jason Momoa.

 

The post 1348 appeared first on Looking For Group.

So I've been going through an  original Dungeons & Dragons recon to connect with my roots. I'm taking a vacation from the original Swords & Stitchery blog. Because while I've got lots to say my attitudes lately about the sales & marketing of the OSR have left me very jaded. Rereading OD&D has led me back to my love for M.A.R. Barker's  Empire of the Petal Throne. Empire of the Petal Throne's background leaves a lot of room to play around.  I'm sticking with the original Nineteen Seventy Five rules for EPT because these are the rule set that I cut my teeth on. They differ a bit from Original Dungeons & Dragons but not by much. The rules can be used to drop a party of OD&D adventurers onto one of the trade cities scattered across Tekumel surface.



"Tekumel, the world of fantasy and adventure. The setting for this fantasy campaign game is an alien planet, Tekumel, where a cosmic cataclysm stranded human and extra-territorial invaders eons past. A hostile world of poisonous flora and fauna, with intelligent and vengeful native races! Mankind and its allies must battle for survival with nothing save Medieval technology — but magic aids them . . . and there are certain supernatural powers which may intervene.
The game contains three large full-color maps and 8 1/4" x 11" book with a brief history of Tekumel, rules, descriptions of various races and creatures involved, and more. Share in this exciting fantasy world by playing EMPIRE OF THE PETAL THRONE."
1975 ... TSR 1005 "
Taken from Wayne's Books section on Empire of the Petal Throne 

Now I've been involved with short run ninety day campaigns over the last five years or so due to the demands of work. This means an actual beginning, middle, & end of campaign regardless of the outcome. Over last couple of years since 2016 I've been quietly involved with the Godbound rpg. It works best with original Dungeons & Dragons I've found. But it also works well with M.A.R. Barker's Empire of the Petal Throne game from TSR. The good news is that I've got a ton of material sitting in notebooks for this..
When I started in on this one of the resources that I originally didn't have were Cha'alt by Venger Satanis nor Adventurer, Conqueror, King's Barbarian Conquerors of Kanahu. 



What I'm going to be doing is attacking this campaign from a totally different avenue. I'm going to be using some of the original time line from Empire of the Petal Throne. So we'll see if the players notice this turn of events as things start getting weirder. 

Please enjoy the fourth preview of Sketch Cards from CZX Super Heroes & Super-Villains! 

The Hygge Diamond Pillow Tutorial demonstrates how to crochet this reversible cushion that’s full of gorgeous texture – on Moogly, in both right and left-handed videos! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Clover USA and Furls. Hygge Diamond Pillow Tutorial: How to Crochet the Hygge Diamond Pillow – Right Handed How...

Read More

The post Hygge Diamond Pillow Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2

We’re a playful bunch at Blind Ferret, so you shouldn’t be surprised that a lot of the product we developed was full of play potential. Our most famous example is 2017’s Richard The Warlock action figure, which I’ve talked a […]

The post ♫ We Built These Minis! ♩ appeared first on Looking For Group.

Cryptozoic will showcase recently released tabletop games at BGG.CON 2019, November 20-24 in the Hyatt Regency Dallas. At Booth #404, Cryptozoic will demo and sell Rick and Morty: The Morty Zone Dice Game, DC Deck-Building Game Crossover Pack 8: Batman Ninja, DC Deck-Building Game: Rebirth, Epic Spell Wars of the Battle Wizards: ANNIHILAGEDDON Deck-Building Game, and Spyfall: Time Travel.

The team at Malwarebytes Labs is at it again, this time with a special edition of our quarterly CTNT report—Cybercrime tactics and techniques: the 2019 state of healthcare. Over the last year, we gathered global data from our product telemetry, honeypots, threat intelligence, and research efforts, focusing on the top threat categories and families that plagued the medical industry, as well as the most common attack vectors used by cybercriminals to penetrate healthcare defenses.

What we found is that healthcare-targeted cybercrime is a growing sector, with threats increasing in volume and severity while highly-valuable patient data remains unguarded. With a combination of unsecured electronic healthcare records (EHR) spread over a broad attack surface, cybercriminals are cashing in on industry negligence, exploiting vulnerabilities in unpatched legacy software and social engineering unaware hospital staff into opening malicious emails—inviting infections into the very halls constructed to beat them.

Our report explores the security challenges inherent to all healthcare organizations, from small private practices to enterprise HMOs, as well as the devastating consequences of criminal infiltration on patient care. Finally, we look ahead to innovations in biotech and the need to consider security in their design and implementation.

Key takeaways: the 2019 state of healthcare

Some of the key takeaways from our report:

• The medical sector is currently ranked as the seventh-most targeted global industry according to Malwarebytes telemetry gathered from October 2018 through September 2019.
• Threat detections have increased for this vertical from about 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3, a growth rate of 45 percent.
• The medical industry is overwhelmingly targeted by Trojan malware, which increased by 82 percent in Q3 2019 over the previous quarter.
• While Emotet detections surged at the beginning of 2019, TrickBot took over in the second half as the number one threat to healthcare today.
• The healthcare industry is a target for cybercriminals for several reasons, including their large databases of EHRs, lack of sophisticated security model, and high number of endpoints and other devices connected to the network.
• Consequences of a breach for the medical industry far outweigh any other organization, as stolen or modified patient data can put a stop to critical procedures, and devices locked out due to ransomware attack can result in halted operations—and sometimes even patient death.
• New innovations in biotech, including cloud-based biometrics, genetic research, and even advances in prosthetics could broaden the attack surface on healthcare and result in far-reaching, dire outcomes if security isn’t baked into their design and implementation.

To learn more about the cyberthreats facing healthcare and our recommendations for improving the industry’s security posture, read the full report:

Cybercrime tactics and techniques: the 2019 state of healthcare

The post Labs report finds cyberthreats against healthcare increasing while security circles the drain appeared first on Malwarebytes Labs.

By Justin Becker, Michael Thomas Dreamscape Design Blueholme Level 1

… introduce a group of 1st level characters to the thrills of Underworld exploration as they attempt to unravel they secrets of the evil necromancer’s lair and deal with some bandits, too.

Yes, this line is for you.

This 22 page adventure features a two level dungeon with about thirty rooms. Classic encounters harken back to a time when D&D was fresh. Inconsistencies, and twice as many words as needed, require highlighting and notes to use it as intended. 

Sweet cover. And that cover is indicative of the mood created by the adventure. There’s a malaise, or ennui, presented in parts of the adventure. A feeling of weariness. Not in the designers, but an intentional effect in the setting they have created. The cover, the Harry Clarke illustrations (does ANYONE do elves better?) the elves wearying leaving the world, the downfall and doom of the mage Nuroman; the elements combine with the writing style to produce this effect. A magical world of folklore, a weariness in it. It’s done well.

The elements present in the encounters are classical ones. Bottomless pits, rushing underground rivers, skeletal arms wielding swords, or skeletons dicing at a table. There are statues to fuck with and riddles to learn secrets to elsewhere in the dungeon. A sparseness of creatures is balanced though by the wanderer table, and I suspect we could all learn a lesson from this. Is all monsters were lair creatures, and sparsely populated, then the wanderers push the party forward, limiting their careful explorations. Ten creature encounters, about half of which are avoidable and/or triggered by a careless party. There’s a good mix of interactivity and creature encounters, with roleplaying possibilities present in a few and others, as noted, avoidable. 

There’s a decent amount of treasure, probably the correct amount for a Gold=XP game, as well as other rewards like stat bonuses and being labeled “Elf friend” by the elves. It’s always good when the party receives accolades when they choose to be good. Magic items are all generic book items and that’s a major disappointment. Not OD&D, but book monsters and book magic treasure means Holmes. Which is what Blueholme is, but it could have been better.

The adventure is plagued by two major issues: excessive trivia and inconsistent details. The later first.

Early in the adventure there are sections describing the forest, the town, the people, the road, and so on. Buried in that is a small section describing a rocky hilltop, ruins, and a black hole in the earth. Then it quickly switches to another rando forest section, leaving those two paragraphs behind. Later on when the dungeon environs proper is reached we get a second, much weaker, description of the area. It has none of the mystery and melancholy of the first section. It doesn’t feel like a writing or editing mistake, but rather a layout issue, lie someone took one of the most effective “dungeon entrance” description and just pasted it in at random earlier. All of that melancholy is lost in the actual dungeon entrance section, which is much more genero ruins oriented. To continue with the entrance, the hole is described as 100 feet deep with last fifty feet choked with rubble. But then, the actual “room one” at the bottom has none of this. It’s not the bottom of a rubble filled pit. It’s a room with a river running through it and you can see the remains of the bridge collapsed in it. And the map shows a room that is, essentially, devoid of rubble. The adventure does this repeatedly, the map and text disconnected and different parts of the text disconnected from each other. Perhaps the two designers did not marry their individual efforts well? Double Doors, mentioned in the text, are single doors on the map. Doors that can’t be closed are represented as standard door symbols. The different elements just don’t make sense together. This, then, is basic consistency checking that an editor can provide. I can be hard on editors, but MOST adventures, even bad ones, can pass some basic consistency checks. 

The encounter writing, proper, is full of trivia. I suspect the adventure could be trimmed of at least half its words and the end result would be better for it. I am, frequently, met with a common response to his criticism: “More is better, right?” and it’s cousin “The DM might need it.” No. These are not true. Excessive detail gets in the way of the DM actually running the adventure during the game. It requires a highlighter, notes and a ton of prep work beforehand. If the trivia were NOT present then the DM can focus on the elements of the adventure that actual impact the play of the game. Scanability it much easier. Everyone is happier. 

The devil, of course, is in the definition of “Trivia.” What is trivia vs what is needed to run the room, or add flavour to it. Because, of course, we want all of the flavour with none of the trivia. Room 3 is titled “The Old Armoury.” Given that this is a ruin, and that has been properly established, and that it happened in an instant, what would you, gentle reader, then make up about the room, in play, if that’s all you had to go on? The first line of the “The old Armory” is “Here Nuroman’s guards stored their shields, armor and weapons.” The adventure does this over and over again. It will introduce a room and then tell us that the Kitchen is where food was prepared. We know that. It’s a platonic quality of ‘Kitchen.’ This is a classic example of superfluous text that gets in the way. (In fact, I think the classic online example wherein I was introduced to the concept did indeed involve a Kitchen. On rpgsite?) A centipede “that has crawled in through some unknown fissure.” Again, detail unneeded. This is an attempt to explain WHY, and those attempts are (almost)always unneeded. It’s a giant centipede in a dungeon. Vermin need little explanation, except perhaps in extreme circumstances and even then perhaps only if it provides some springboard for the adventure. Coins litter the ground “where they fell from their owners frayed purses.” Worldbuild, history, justifications for what IS. “The magical bones must be defeated before the treasure can be had.” Yes, and while technically correct we do not have a line in each room that says “the door must be opened before someone can walk through it.” Padding, conversational padding. I’m not heartless, throw in some goodies every once in awhile, an aside, or something. But too much and you clog up the text, as is done here.

We do get abstractions though. A scabbard is ‘macabre.’ That’s a conclusion. A good description would make the DM and/or players think “man, that’s macabre!” The challenge is to NOT resort to a conclusion and to communicate ‘macabre’ in a terse manner. This is GOOD detail, the kind that impacts play. The adventure needs more of it. At one point there’s a key hanging on the wall. Only it’s not recognizable as a key, just as the lock it fits is is not recognizable as a lock. That’s it. Nothing more. What does the thing look like? What does the lock look like? Nothing. That’s exactly the sort of thing you SHOULD be spending your word budget on, the things that directly impact the adventure and it’s actual play.

What this all leads to is a foul smelling room, that is then described in two paragraphs as an elegant dining room. Halfway through the third paragraph we’re told it’s befouled with harpy excrement. Well shit, that’s the sort of detail that goes in the first paragraph. Things immediately noticeable should (generally) go higher up in the description where the DMs attention will immediately be focused and thus be able to communicate it to the players. While they interact and ask questions the DM is scanning the next section of text. You can’t make a DM read four paragraphs of text, during the game at the table, before they describe a room. It takes too long and it’s too much to hold in your head at once. 

I will make one more Monday Morning Quarterback observation. In one particular room there are skeletons at a table, engaged in a dice game. It you touch the dice they come to life and attack. BORING! They should instead invite the players to dice with them. Then, things could devolve in to a combat. A bit of the ultra-violence is always an option in an RPG, but it’s almost always advisable to have something else BEFORE that, or that leads to that. Plan B, stabbing the fuck out of something/someone, is always an option. It’s the fact that a Plan A also could exist that gives RPG’s some of their charm.

I’m not gonna Regert this, but it’s close. If only the writing could be gotten under control in more places.

This is Pay What You Want at DriveThru with a suggested price of $3. There’s no preview, but it is Pay What You Want, so essentially you could just buy it for $0 to get a preview. 

https://www.drivethrurpg.com/product/110292/BLUEHOLMETM-The-Necropolis-of-Nuromen?1892600

I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector?

Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That percentage is even bigger in less industrial countries. That amounts to a lot of money. And that’s just agriculture. For every farmer, 10 others are employed in related food businesses.

In fact, the food and agriculture sector is made up of many different contributors—from farmers to restaurants to supermarkets and almost every imaginable step in between. They range in size from a single sheepherder to multinational corporations like Bayer and Monsanto.

With a growing population and a diminishing amount of space for agriculture, the sector has grown to rely on more advanced techniques to meet the growing demands for agricultural products. And these techniques rely on secure technology to function.

Precision agriculture

Precision agriculture is an advanced form of agriculture, and as such, it uses a lot of connected technology. This basically puts it in the same risk category as household IoT devices. When looking at these devices from a security standpoint, it doesn’t matter a whole lot whether you are dealing with a web printer or a milking machine.

The connected technologies that are in use in agriculture mostly rely on remote sensing, global positioning systems, and communication systems to generate big data, analytics, and machine learning.

The main threats to this type of technology are denial-of-service attacks and data theft. With limited availability of bandwidth in some rural areas, communication loss may be caused by other factors outside a cyberattack— which makes it all the more important to have something to fall back on.

Data protection and data recovery are different entities but so closely related that solutions need to account for both. Data protection mostly comes down to management tools, encryption, and access control. Recovery requires backups or roll-back technology, which is easy to deploy and the backups require the same protection as the original data.

Supply chain

The supply chain for our food is variable, ranging from farmer’s supplies to the supermarket where we buy our food. Depending on the type of food, the chain can be extremely short (farm-to-table) or quite long. You may find a pharmaceutical giant like Bayer as a supplier for a farmer, but also as a manufacturer that gets its raw materials from farmers. Recently, Bayer was the victim of a cyberattack, which was likely aimed at industrial espionage.

Given the sensitive nature of the food supply chain which directly influences our health and happiness, it is only natural that we want to control the security of every step in the process. In order to do so, we look at suppliers other than those of physical goods and systems.

Financial institutions, for example, are heavily invested in agriculture, since it is one of the largest verticals. Back in 2012, a hacking group installed a Remote Access Trojan (RAT) on the computer of an insurance agent and used it to gain access to and steal reports and documents related to sales agents, as well as thousands of sent and received emails and passwords from Farmers Insurance.

Traceability across the supply chain is increasingly in demand by the public and sellers of the end-products. They want to know not only where the ingredients or produce came from, but when the crop was harvested and how they were grown and treated before they ended up on stores’ shelves.

Physical protection

Besides disrupting the industry supply chain, cyberattacks could potentially be used to harm to consumers or the environment. An outbreak of a disease and the consequential fear of contamination could devastate a food processor or distributor.

Given the number of producers and their spread across the country, a nationwide attack as an act of war or terrorism seems farfetched. But sometimes undermining the trust of the population in the quality of certain products can serve as a method to spread unrest and insecurity.

We have seen such attacks against supermarkets where a threat actor threatens to poison a product unless the owner pays up. In Germany, for example, a man slipped a potentially lethal poison into baby food on sale in some German supermarkets in an extortion scheme aimed at raising millions of Euros.

In Mexico, a drug cartel used government information about one of the most lucrative crops, avocado, to calculate how much “protection money” they could ask of its farmers, implying they would kidnap family members if they didn’t pay.

Cybersecurity for food

In the food and agriculture sector, cybersecurity has never been a prominent point of attention. But you can expect the technology used in precision agriculture to become a target of cybercriminals, especially if resources become more precious. Whether they would hold a system hostage until the farmer pays or whether they would abuse connected devices in a DDoS attack, cybercriminals could take advantage of lax security measures if the industry doesn’t sit up and take notice.

The use of big data to enhance production and revenue makes sense, but with the use of big data comes the risk of data corruption or theft.

Meanwhile, the food and agriculture sector is operating in chains and is dependable on other chain organizations or third parties. What is true for any chain is that it is only as strong as its weakest link, which in this case tends to be single farmers or small businesses. And as in most sectors, budgets of small businesses are tight, and cybersecurity is somewhere near the bottom of the list in spending. Even though an attack on expensive farming equipment could be costly, Not to mention shutting a company down for a while in a ransomware type of attack.

You’ve got that backwards

As the farming equipment industry has no problem forcing farmers to have their maintenance done by authorized dealers, farmers have resorted to installing firmware of questionable origin on their tractors to avoid paying top dollar for repairs and maintenance. This opens up a whole new avenue for cybercriminals to get their malware installed by the victims themselves. Apparently, all you have to do is offer it up as John Deere firmware on an online forum. You can even get paid for selling the software and then collect a ransom to get the tractor operational again as a bonus.

Recommendations

While farmers are renowned to cooperate when buying and selling goods, and to exchange information about illnesses and diseases, there is no such initiative when it comes to sharing information about cyberthreats and how to thwart them. Setting up such an initiative might be a first step in the right direction.

In our society being able to track back where a product or its ingredients came from becomes more important. Implementing the traceability could be an ideal moment to couple it with data security.

For the same reason as with household IoT devices manufacturers should be held accountable for providing an acceptable level of security or the possibility to apply such a level into their products. No hardcoded credentials, hard to change passwords, or weak default security settings.

Stay safe everyone!

The post Vital infrastructure: securing our food and agriculture appeared first on Malwarebytes Labs.

We’re having a Found Inventory Sale to sell our remaining exclusive vinyl figures and trading cards from various conventions directly to our fans! Figures include Golden Goddess Wonder Woman Movie Collectible, Black & Gold Batman DC Lil Bombshells, and Black Dragon Cryptkins. For trading card fans, we’ll have convention-exclusive packs based on Outlander, Steven Universe, and Rick and Morty!