Feed aggregator

Weird Revisited: Five Kooky Cults

Sorcerer's Skull - Fri, 11/08/2019 - 12:00
I came upon this post when searching for another one. I had forgotten some of these (this post was original presented in 2011), so it seemed worth a revisit... 

Here are a few minority religious groups seen at least as bit odd (if not outright dangerous) by the majority of the City's citizens:


The Abattoir Cult: Secret followers of the sinister and bloody-handed Lord of the Cleaver. A liturgical text (anthropodermically bound) honoring this obscure eikone is known to exist in a private collection in New Lludd. His cult tends to crop up in districts devoted to meatpacking or slaughter pens and is associated with the emergence of serial killers.

The Temple of Father Eliah Exalted: This Old Time Religion sect preaches racial and gender equality, chastity--and the godhood of its prophet, Father Eliah Exalted. The Temple owns a number of groceries, gas stations, hotels, and other business. These are ostensibly held by acolytes but seem mainly to enrich the Father. The Temple is politically active and the Father’s support can sway elections. Many are suspicious that Exalted’s powers of oratory and occasional miracles suggest that he is one of the Gifted or perhaps a secret thaumaturgist, but proof has been hard to come by.

Serpent-spotters: An informal collection of people forgotten by society--mostly poor and elderly spinsters and widowers--who are convinced that the monster that appeared in the Eldritch River 30 years ago, and supposedly delivered secret prophecies to City fathers, will return, heralding the apocalypse. On days individually chosen they hold vigil in Eldside Park. They hope to be present at the time of the serpent’s return so it will reward their faith with a ride on his back to a watery Paradise.

The Electrovangelic Church of the Machine Messiah: A worldwide movement dedicated to building the perfect construct to manifest the Messiah and usher in a new age of mechanical spiritual perfection.

The Followers of the Rabbit: Not an organized religion, but instead a collection of superstitions and cautionary urban legends forming a secret liturgy for some folk working along the boardwalk of Lapin Isle. They hope to placate the godling of the island, the dark personification of the rabbit in the moon--the man in the rabbit suit that is not a man.

Link Love: My Favourite Things This Week

Knitted Bliss - Fri, 11/08/2019 - 11:00

www.knittedbliss.com

My Favourite Articles and Links This Week This was such an interesting article- why you never see your friends anymore. The top ten worst plastic polluters in the world. These fantastic quotes have been tumbling in my brain all week. If you have been stumbling through this past week like I have (I hate daylight

The post Link Love: My Favourite Things This Week appeared first on %%www.knittedbliss.com%%.

3
Categories: Knitting Feeds

Not us, YOU: vendor email compromise explained

Malwarebytes - Thu, 11/07/2019 - 21:49

Silent Starling, an online organized criminal group hailing from West Africa, seem to have reminded SMBs and enterprises alike the perils of business email compromise (BEC) scams once more. This time, they’ve advanced BEC into a more potent modality by widening the scope of its potential targets and methodically preparing for the attack from timing to execution. Thus, vendor email compromise (VEC) is born.

If you may recall, BEC is a form of targeted social engineering attack against institutions by baiting certain staff members—usually a CFO or those in the finance, payroll, and human resource departments—who either have access to company monetary accounts or the power to make financial decisions.

A BEC campaign always starts off with an email, either phishing or a spoofed email. Some BEC scams wants money from the get-go while others are more interested in sensitive information, such as W-2 forms.

BEC is remarkably effective at ensnaring victims. Although it may seem like mere trickery, an impressive level of sophistication is actually put into these campaigns to succeed. In fact, a typical BEC campaign so closely follows the kill chain framework used by advanced persistent threats (APTs) that it is deemed APT-like. As such, BEC deserves attention worthy of an APT attack.

So if BEC is already sophisticated enough to warrant APT-level protection, where does that leave businesses hit vendor email compromise?

BEC changed targets and gets a new name?

Before we launch into logistics of how to protect against VEC, let’s rewind and unpack naming conventions.

It’s true that scam campaigns change targets all the time and on occasion, in a heartbeat. But this particular scam evolution is quite unconventional because the amount of resources required to pull off a highly-successful VEC attack are easily quadruple that of a traditional BEC scam. To look at it another way, threat actors have introduced more friction into their operation instead of removing or minimizing it. However, they’ve also opened up the capacity to inflict far more damage to the target organization and to businesses worldwide.

While a typical BEC campaign baits one staff member at-a-time to extract money from a targeted organization, a VEC scam doesn’t go after a company for their money. Instead, VEC scammers look to leverage organizations against their own suppliers.

It’s typical for global brands to have hundreds of thousands of suppliers around the world. Proctor & Gamble, for example, has at least 50,000 company partners. This translates to at least 50,000 potential victims if VEC scammers can get a foothold in Proctor & Gamble’s systems. And these aren’t 50,000 individuals—it’s 50,000 organizations open to compromise.

This seems like a surefire money-making scheme, but it costs VEC scam operatives much more time and effort to sift through and study communication patterns based on thousands of current and archived email correspondences between the target business and their supply chain.

Okay, now I’m listening. How does VEC work?

According to the Agari Cyber Intelligence Division (ACID), the cybersecurity bod that has been engaging with Silent Starling for a time and recently put out a dossier about the group, the VEC attack chain this scam group follows is made up of three key phases.

  • Intrusion. This is where scammers attempt to compromise business email accounts of vendors in a variety of ways, such as phishing. Once successful, scammers move to phase two.
  • Reconnaissance. This is where scammers sit tight and go on “active waiting” mode. While doing so, they gather intel by sifting through archived emails, which may number in the thousands, and create email forwarding and/or redirect rules on the compromised accounts to have copies sent to email accounts the scammers control. They take note of dates so they know the timing, billing practices, the look of recognized official documents, or other information they can use for the success of the attack.
  • Actions on objectives. This is where they launch the VEC attack. The scammer/impersonator makes sure that they are contacting the right person in the targeted supplier company; the email content they create has high fidelity, meaning that it closely resembles typical vendor wording and communication style; and the timing is as consistent as possible with previous correspondences. Doing these checks and balances make VEC exceedingly difficult to detect.

We’d like to add that reconnaissance also happens before the intrusion phase, in which VEC scammers gather intel on companies they want to target, particularly those whose accounts they can attempt to compromise.

How can business owners protect against VEC and BeC?

Business owners should address these types of online threats before they happen, while they are happening, and after they happen.

Before

Remember that scams—these included—target people. In particular, they take advantage of what your people don’t know. That said, awareness of the existence of VEC, BEC, and other account takeover campaigns should be the first order of business.

Organizations must ensure that all members of staff, from the newly-hired and contractual employee to the CEO, should at least have background knowledge on what these scams are, how they work, what the scam mails they use look like, who are the key persons in the company threat actors would target, and what these key persons can do if or when they ever receive is a suspicious email.

Furthermore, it pays to familiarize employees with proper business procedures on how funds and/or sensitive information should be requested.

Establishing policies and procedures for business conducted over email should be in place, if there aren’t already. Organizations can build these around the assumption that the requesting party is not who they are and that they must verify who they claim they are. Think of it as an internal two-step verification process. This can be as simple as calling the boss or supplier using their contact number in record or requiring another person to authorize the request.

Also consider including a “no last-minute urgent fund request” from higher ups. If this is unavoidable for some reason, a rigorous verification process must be in place and upheld in the event of such a request. The higher up making the request must know the process and expect to undergo it.

During

It’s possible for highly-sophisticated scams to tick all the verification boxes—until they don’t. Remember that in these particular scams, there will always be something different that will stand out. It could be the sender’s name, signature, or the email address itself, but usually it’s the sudden change in account details that raises the alarm. Heed this alarm and call the supplier or vendor making the financial request—a video call would be ideal if possible—to confirm once more if they have submitted the request.

After

In the event that fraud is discovered after the financial request is fulfilled, begin the recovery process right away. Call your bank and request that they talk to the bank where the transfer was sent. If your business is insured, call your insurers and company shareholders. Lastly, reach out to local law enforcement and the FBI.

While things may be chaotic at this point, organizations must remember to document everything that has happened while gathering evidence. This is information that is not only essential during investigations but can also be used as material for training employees. It may not seem like it, but successful cyber and scam attacks are invaluable experiences organizations can learn from.

Furthermore, assess if sensitive information has been stolen as well. If so, mitigate according to the type of information stolen so that it can never be used to harm the company, its assets, and its people.

Lastly, if your company is not using one (or some) already, consider investing in security tools with advanced configuration options that could detect and nip BEC and VEC scams in the bud. Such technologies include email authentication technologies, like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC).

Stay safe!

The post Not us, YOU: vendor email compromise explained appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Velvet and Fur Christmas Stocking Tutorial

Moogly - Thu, 11/07/2019 - 16:00

The Velvet and Fur Christmas Stocking Tutorial demonstrates how to crochet this simple but super luxurious free crochet stocking pattern – on Moogly, in both right and left-handed videos! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Clover USA and Furls. Velvet and Fur Christmas Stocking Tutorial: How to Crochet the Velvet and...

Read More

The post Velvet and Fur Christmas Stocking Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Tournament of Useless Things

Mark Hughes (Church of the Rock) - Thu, 11/07/2019 - 06:10

Show off your useless talents!

Tournament of Useless Things
Thursday, Nov. 7
Youth Room
7:30 PM

Come out and join us this Thursday at 7:30 PM for a fun night of random tournaments! Compete in totally useless events like:

Timbit Throw
Speed Painting
Lipsync Battle

We hope to see your talented self there!

Christmas Banquet 

You are invited to enjoy the annual church-wide Christmas Banquet on Thursday, Dec. 5 at 6:30 PM. This night features a sit-down dinner with entertainment by comedian Matt Falk. The young adults always attend this event in semi-formal to formal attire. Tickets are $30.

Tickets go on sale on Thursday, Nov. 7 at 12:00 noon, and can be purchased here

The post Tournament of Useless Things appeared first on Church of The Rock.

Categories: Churchie Feeds

1346

Looking For Group - Thu, 11/07/2019 - 05:00

The post 1346 appeared first on Looking For Group.

Categories: Web Comics

Pieces of Eight: Dedicate

Mark Hughes (Church of the Rock) - Wed, 11/06/2019 - 21:05

Our eight part series, “Pieces of Eight”, was concluded at the Church of the Rock North End Campus on October 27,2019 by Andrew Campbell. Andrew concluded the series focused on the word Dedicate.  By clicking the link below you will be able to access the audio recording of the sermon. For more information you can contact us through our office at 204.261.0070.

 

Pieces of Eight: Dedicate by Andrew Campbell 

The post Pieces of Eight: Dedicate appeared first on Church of The Rock.

Categories: Churchie Feeds

[NEWS] Castle Xyntillan: Announcement and Preview

Beyond Fomalhaut - Wed, 11/06/2019 - 20:24
Castle Xyntillan (cover by Peter Mullen)

“The immense, rambling complex of Castle Xyntillan has stood in its mountain valley for many years. Built over several generations, it has now been deserted by its former owners, and left to time and the elements. However, that is not the end of the story, for Xyntillan’s fabulous treasures and Machiavellian deathtraps continue to fascinate the fortune-seekers of a dozen lands – and never mind the ghost stories!”
I am happy to announce the (now truly) forthcoming publication of Castle Xyntillan, a funhouse megadungeon for the Swords&Wizardry game. Xyntillan will be a 132-page hardcover, describing the three massive levels of the eponymous haunted castle, from the soaring tower of the Donjon to the inky depths of the Oubliette (and beyond). The module will ship with four map sheets with both GM’s and player’s cartography by Rob Conley, cover art by Peter Mullen (whose work, above, should speak for itself), and interior illustrations by Denis McCarthy, Stefan Poag, Peter Mullen (again), and The Dead Victorians. The hardcover set should sell for $40 plus shipping, and should be available at the end of November or very early December – allowing ample time for delivery before Christmas. And now, the details!
With Castle Xyntillan, my goal was to create a classic-style megadungeon based on the following design principles:
  • Versatility: The dungeon should be suitable for different game groups and play styles. It can make for fun one-off expeditions and convention games, it can be played as its own campaign, or ­it can become the tentpole dungeon of a broader campaign setting. It can be played with permanent groups, or a “West Marches”-style player and character pool. It is designed for levels 1 to 6, but otherwise, anything goes – from smaller parties relying on stealth and infiltration to more hack-and-slash affairs involving a small army of disposable flunkies, Xyntillan should offer a fun experience – at all levels of experience.
  • Open-ended exploration: The dungeon should accommodate many different approaches to exploration. Multiple entrances and an open structure built around interconnected sub-levels provide several possible paths through the Castle, including two- and three-dimensional exploration puzzles, hidden sections, and fabulous rewards secreted in secret places. Of course, openness also involves a healthy level of risk management: dangerous areas are not usually cordoned off from nosy characters, and the dungeon is not broken down into neat “levels” of difficulty; rather, it is the players’ responsibility to decide when to push their luck, and when to retreat to safety.
  • Open-ended gameplay: Groups (and players) with quite different interests should all find something to their liking. Whether they relish combat or prefer furtive exploration; confront Xyntillan’s denizens with sword and holy water in hand or play them off against each other; go for the choice treasures or seek the castle’s deeper mysteries, it should be possible. Likewise, GMs with different ideas should be able to customise it to their liking with little effort. Nothing is prescribed, but many things are possible – and Castle Xyntillan is a framework that enables and invites experimentation.
  • Complexity and interactivity: Rooms should offer many things to discover and mess with. While some are straightforward puzzles or traps, there are many which involve (or benefit from) a bit of lateral thinking and experimentation. They also have a depth that should not be overwhelming in play, but offer opportunities to come up with daring plans and unexpected combinations – especially when the players start leveraging multiple things in different rooms to their advantage.
  • Variety of challenges: While it does not pull punches, Xyntillan is not a hardcore killer dungeon – it is deadly, but resourceful groups who think on their feet should do well, and, if things go bad, have opportunities to cut their losses and run to fight another day. Not everyone and everything in Xyntillan is out to get you – or, at least, not immediately. However, those looking for trouble will soon find it.
  • Ease of use: The material should be easy to understand and use at the table, and the GM should never be lost in a sea of information. Accordingly, the room key uses a nested bullet point structure, starting from an overview of each room and proceeding towards the finer details and interaction possibilities (a two-page example is provided below). Bolded keywords are used to help navigate the text, which is also carefully cross-referenced for easy navigation. Map slices are placed close to their point of use to reduce page flipping. The map is extensively labelled for ease of use. Finally, the physical book and the accompanying maps are planned to be sturdy and user-friendly. It is printed and bound locally where me and my printer can oversee the production process at every step.
  • Surrealism: Xyntillan is founded on dream logic and loose association instead of strict realism or full narrative consistency. It should be entertaining, fascinating, and always a bit mysterious. As a funhouse dungeon, it is full of the improbable – but there is a method to the madness. Likewise, it is not a serious affair, but it is not a “joke module” either – it is intended to be a storehouse of the macabre and whimsical, where the jokes write themselves – there is no background laugh track.

Careful... careful.....In summary, the goal was not to make the biggest dungeon (a goal I have, frankly, always considered stupid), but one that’s just the right size, comfortable to use, good to handle, and built to last. Castle Xyntillan also has a (perhaps unfair) advantage: in one way or another, I have been working on these materials since 2006, from my sections of a never-published Tegel Manor manuscript to the finalised module, and there has been abundant time to contemplate, revise, add to, remove from, and playtest the adventure. It has been tried in many different contexts, and with many different groups. It has taken a long time, probably more than it is rational to develop a dungeon. It is, in one word, polished. It is, also, that thing I have been rambling about all these years. And I hope you will also find it to your liking.
For now, here is a two-page example from one of the easier-to-find sublevels: Castle Xyntillan Sample (4 MB PDF).

Q&A (Additions)

"Sounds good but I see nothing about factions. I want factions!"
"Xyntillan has no formally spelled out "factions", but it does have the remnants of the eccentric and corrupt Malévol family, who have their own agenda (represented by a global escalation mechanic) and internal disagreements. There are also (very loosely described) outside parties with their own interests in Xyntillan.

It is up to the GM and the players to decide what to do with this, but the emergent potential is there, and some suggestions are offered in the Introduction. During our playtest, reaction rolls and morale played a significant role, and negotiation with the dungeon denizens became an important source of information, shady bargains, and allies of convenience."

"How large is the dungeon?"
"WRT the size of the dungeon, it is large enough to sustain its own campaign, and to feel like you are exploring something substantial. It is large enough to result in emergent complexity, which is a major appeal of megadungeons. But it is limited in the sense that it should not take over your gaming life (something that has frustrated me about other megadungeons), and it is basically built around three large, loosely "levels" (a sprawling ground floor, various upper floors, and a dungeon level - all with more or less hidden sub-sections and plenty of interconnections). I had a second dungeon level under development but scrapped it because it felt too much." 
Categories: Tabletop Gaming Blogs

Stretch Goals Corrected and Lowered! Article on Kickstarter

Two Hour Wargames - Wed, 11/06/2019 - 19:40

 When I dropped the funding goal on the Kickstarter to $3,000 at the last minute before launch I forgot to adjust the Stretch Goals. Much better, check them out!

Here's a nice article on  the Kickstarter. 

10 Game Kickstarter


Categories: Tabletop Gaming Blogs

Here are the most popular robocall scams and how to avoid them

Malwarebytes - Wed, 11/06/2019 - 18:52

We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful you are with your number, no matter which security measures you take, it can all be undone with one leaked database—then you’re on another list, forever.

Despite all precautions, it’s sadly inevitable that you’ll eventually wind up on a robocalling list or two. Then it’s a case of limiting damage and endless number blocking. Automated dialing ensures they’ll never, ever get tired of calling you unless you take some preventative action.

This week, we’re going to look at some specific examples of robocalls, the types of threats they present, and what’s at stake, including loss of privacy, finances, or even both simultaneously.

Can we listen to some robocall recordings?

You sure can.

A writer for Marketplace decided to take some of these robocalls instead of simply hanging up to see what kind of scam was on offer, and recorded portions of the calls. If you ever wanted to hear an authentic Chinese robocall scam in action, then today’s your lucky day.

Some of the call introductions are quite inventive. As always, there’s the faintest whiff that you may have done something wrong…maybe…and even if you didn’t, your details may be in the hands of criminals. You’d want to get that sorted out as soon as possible, especially if the nice person at the bank is telling you to do so. Right?

As far as specifics go, tactics involve:

  • Claiming your information was on debit cards sold illegally
  • Claiming your identity has been stolen
  • Claiming irregular activity has been flagged on your bank account

As with many similar scams, fraudsters are hoping potential victims are so rattled by these claims that they won’t notice they’re being primed for information. Why would a bank or similar institution ask you to confirm your name without volunteering it themselves? The answer, of course, is that they don’t have it and can’t address you unless you tell them first.

It’s a basic slice of cold reading, frequently deployed by con artists and tricksters who’d rather you just hand over what they need so they can turn it back on you.

Robocall scams targeting Chinese students

As demonstrated in the Marketplace article, there’s a solid wave of Chinese language robocalls right now, something which seems to have begun in earnest around two years ago. While the calls emulate the most common robocall tactics—fake caller ID, spoofing a trusted business entity, leaving a short automated message hoping you’ll press a specific number on your phone—they deploy some additional measures designed to bait, harass, and worry Chinese targets as much as possible. 

Last month, I looked at how mainland China–based scammers are targeting Chinese students in the UK with threats of deportation. Focusing on immigration status, alongside mentions of embassies and potential legal trouble all make an unwelcome reappearance in US robocalls. Students once again have become popular targets, whether resident in the United States or simply visiting. Fraudsters even make use of text and send potential victims sensitive information about themselves, such as passport scans—just like the international student attacks in the UK.

It’s not just happening in the US; the same tactics exploded into life in Australia in May 2018, with threatening calls supposedly coming from the Chinese embassy in Canberra.

Press 1 to perform a fake kidnapping

Possibly the most extreme version of robocall scams involves staged kidnappings. After the standard “You’re in trouble” robocall messages, things take a sharp turn into the surreal as scammers convince people to take photos of themselves as if they’ve been kidnapped, before sending said imagery to other relatives who’ll be told they need to pay a ransom. People don’t want their relatives falling foul to terrible kidnappers, so of course it’s pretty much game over in the “will they, won’t they” pay up stakes.

Is that really Apple robocalling you?

Another popular robocall tactic involves spoofing the geniuses at Apple. On October 31, Missouri Attorney General Eric Schmitt put out an alert regarding robocalls where the scammers pretend to be Apple support. You know all those endless, awful fake Apple emails clogging up your inbox on a daily basis? They’re down the other end of your telephone now, hunting for personal information and money.

https://www.youtube.com/watch?v=h2Uev0VDBrM

The recorded message plays out like this:

This is Molly from Apple Support. We have found some suspicious activity in your iCloud account, that your iCloud account has been breached. Before using any Apple device please contact an apple support advisor

They even leave a phone number you can dial later if you don’t have time to process the robocall when they ring you.

Robocall SSN scams

It seems there’s something in the air at the moment, because the IRS warned of Social Security Number robocall scams making the rounds on October 24. These aren’t people pretending to be embassies; they’re more akin to those Facebook viral chain hoaxes where talented hackers will delete your profile by a certain date unless you repost their message.

Here, they’re threatening to wipe your SSN unless you address a fictitious unpaid tax bill. As per their own advice, neither the IRS nor their collection agencies will ever:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, iTunes gift card or wire transfer. The IRS does not use these methods for tax payments.

  • Ask a taxpayer to make a payment to a person or organization other than the U.S. Treasury.

  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.

  • Demand taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.

Internet and offline scams have a long history of flagging themselves as fake by throwing decidedly unofficial payment methods (iTunes vouchers, Steam gift cards) into supposedly official routines. These would appear to be no different.

The other social security scam

The Social Security Administration (SSA) scam became prominent in September 2019, but hasn’t really gone away. The pattern is familiar: There are claims of benefits being suspended, with the only way out being money wires, or cash being placed onto gift cards.

Attacks along these lines can take terrifying amounts of money away from their victims. And they don’t just focus on the elderly: Anyone and everyone, including millennials, can be a target as far as robocallers are concerned.

A problem for everybody

While the majority of robocall articles focus on calls coming from China, the problem isn’t confined to that region. Indeed, the US has more than its fair share of robocall-related issues, with five US states contributing to the top locations for robocall origination. Mexico, the Philippines, Costa Rica, Guatemala, and India complete the list, according to the Federal Trade Commission (FTC).

Alex Quilici, CEO of robocall-blocking app YouMail, told USA Today that he estimates “hundreds of millions” of calls originated from inside the US. In June 2019, the FTC cracked down on US-based robocalls, and reported that the majority of scams they shut down were based in California and Florida.

What can we do about it?

As robocalling has been such a common problem over the years, we already have a full rundown on what you can do to avoid these attacks as best as possible. The people behind them will continue to slather us with their nonsense pressure, fictitious time limits, and bizarre fake kidnapping requests. But there’s one simple way to ensure they never win: Just don’t pick up the phone.

Avoid all that chaos by resisting the temptation to press buttons or pick up and yell. Robocall scammers have been known to ensnare even the most savvy users. Simply let unknown numbers ring into the void forevermore. When your identity and bank account are safe and sound, you’ll be glad you did.

The post Here are the most popular robocall scams and how to avoid them appeared first on Malwarebytes Labs.

Categories: Techie Feeds

CZX Super Heroes & Super-Villains: Sketch Card Preview, Part 3

Cryptozoic - Wed, 11/06/2019 - 17:00

Please enjoy the third preview of Sketch Cards from CZX Super Heroes & Super-Villains

Categories: Tabletop Gaming Blogs

ACCESS Act might improve data privacy through interoperability

Malwarebytes - Wed, 11/06/2019 - 16:00

Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects their data privacy.

The new bill would also require certain tech companies, including Facebook, Google, and Twitter, to introduce “interoperability” into their products, allowing users to interact across different platforms of direct competitors.

These rules, referred to in the bill as data portability and interoperability, would presumably allow Americans to, for example, download all their data from Facebook and move it to privacy-focused social network Ello. Or talk directly to Twitter users while using the San Francisco-based company’s smaller, decentralized competitor, Mastodon. Or even, perhaps, log into their Vimeo account to comment on YouTube videos.

Data portability and interoperability are nothing new: Mobile phone users can keep their phone number when switching wireless providers; enterprise software can today read the files made on competitor programs, like the various documents made by Apple Pages, Microsoft Word, and Google Docs.

But few, if any, notable examples of data portability and interoperability came at the behest of federal legislation. Whether this new bill will succeed—in passage, in improving data portability and interoperability, and in its stated purpose of improving data security—remains to be seen.

Avery Gardiner, senior fellow of competition, data, and power for the Center for Democracy and Technology, said that the bill has a few good ideas, but in trying to improve data privacy, it strangely does not focus on the issue itself.

“If we have a privacy problem, which we do have in America, let’s fix that with privacy legislation,” Gardiner said.

Cory Doctorow, a writer, activist, and research affiliate with MIT Media Lab, appreciated the bill’s focus on interoperability—a topic that could use smart rule-making and which is getting little attention in Congress, as opposed to the constant, possibly futile attempts to strictly regulate Big Tech offenders, like Facebook.

“This aims to fix the Internet,” Doctorow said, “so that Facebook’s behavior is no longer so standard.”

The ACCESS Act

On October 22, US Senators Mark Warner (D-VA), Josh Hawley (R-MO), and Richard Blumenthal (D-CT) introduced the Augmenting Compatibility and Competition by Enabling Service Switching Act, or, ACCESS Act.

The bill would regulate what it calls “large communications platforms,” which are online products and services that make money from the collection, processing, sale, or sharing of user data, and that have more than 100 million monthly active users in the United States. The bill calls the owners of these products “communications providers.”

Plainly, the bill applies to both Big Tech companies and the platforms they own and operate, including Facebook and its Messenger, WhatsApp, and Instagram platforms, Google and its YouTube platform, and the primary products of LinkedIn and Pinterest.

But rather than placing new rules on these tech giants in an effort to break them up—a rallying cry for some Democratic presidential candidates—the bill instead aims to open up competition against them, potentially creating a level playing field where users can easily leave a platform that betrays their trust, runs afoul of federal agreements, or simply stops providing an enjoyable experience.

“The exclusive dominance of Facebook and Google have crowded out the meaningful competition that is needed to protect online privacy and promote technological innovation,” said Sen. Blumenthal, who helped introduce the bill, in a prepared statement. “The bipartisan ACCESS Act would empower consumers to finally stand up to Big Tech and move their data to services that respect their rights.”

The ACCESS Act has three prongs—data portability, interoperability, and “delegability,” which we’ll discuss below.

First, on data portability, any company that operates a large communications platform would need to develop a way for users to grab their user data and move it over to a competitor in a secure, “structured, commonly used, and machine-readable format.”

While some companies already provide a way for users to download their data—one Verge reporter downloaded 138 GB of their own data following the passage of the European Union’s General Data Protection Regulation—the potential to seamlessly port it over to a competitor could lower barriers to leaving behind Big Tech companies that dominate today’s social media ecosystem.

CDT’s Gardiner said that the bill’s attempt to introduce data portability is good, but whether it will be effective depends on a robust, competitive landscape where upstarts can actually accept a user’s data in a meaningful way. Right now, she said, that landscape does not exist.

“The way that your data would be useful is pretty specific to the way it is already in someone’s platform,” Gardiner said. “You’re not going to port your Facebook data into Twitter because it wouldn’t help you do anything, as a user.”

Gardiner said she understood what the bill is trying to accomplish, but she questioned whether it was the most effective route.

“When I read the press statements, I think part of what they’re saying is that privacy failures by some of the Big Tech companies are, in part, due to the lack of competition, so we should facilitate competition for communications platforms,” Gardiner said. “I have a simpler approach to solve that problem, and that’s to pass privacy legislation.”

On the bill’s demands of interoperability, companies must develop an “interoperability interface” for every large communications platform they own. For a company like Facebook, that would mean allowing interoperability with its Messenger, WhatsApp, and Instagram platforms, as CEO Mark Zuckerberg promised earlier this year, as well as with outside competitors that want to enter the field.

Finally, on “delegability,” the bill asks that Americans be given the opportunity to select a third party to manage their privacy and account setting across the various platforms they use. Those third parties, which the bill calls “custodial third-party agents,” must register with the US Federal Trade Commission and abide by rules that the Commission would need to issue after the bill’s passage.

Custodial third-party agents could charge a fee for their services, the bill says, and must protect the privacy and security of their users’ data.  

Interoperability’s importance

The ACCESS Act seeks a type of interoperability in which competitors can attract new users to their platforms by making their services compatible with a dominant player in the market. If users don’t need to use Facebook’s Messenger to stay in touch with their friends, for instance, they may find it easier to leave Messenger behind altogether, loosening Facebook’s hold on users today.

This type of interoperability has already helped dislodge the near-monopolies of Microsoft and IBM out of their respective markets—the enterprise software applications Word, Excel, and Powerpoint; and the PC itself.

But interoperability could do more than put large tech companies on watch. It could actually lead to a safer Internet for users, Doctorow said.

Doctorow told an anecdote about his friend, a comic book writer who receives targeted harassment from a group of predominantly male Twitter users. The users, angered by the writer’s feminist views, send threatening direct messages to her. But, after she reads the direct messages, they delete them.

This is for two reasons, Doctorow said. One, users cannot report a direct message to Twitter unless that direct message is still available and not deleted. Twitter does not accept screenshots in harassment reports because of the potential for faked claims.

Two, once the direct message has been deleted, the same harassers will comment publicly on the comic writer’s Twitter feed, and to several other women in her online community. These public comments, Doctorow said, reference the same content of the threatening direct messages, re-traumatizing the writer.

This is a cycle of harassment in which direct threats skirt consequences, only to reappear in similar content, increasing the feeling of powerlessness for the victim.

Interestingly, Doctorow said, there might be an opportunity for interoperability to help.

The comic writer and her small community of friends could use an outside competitor (or develop one themselves) to continue their discussions—which typically take place on Twitter—while setting up rules that would prevent the harassers’ direct messages and Tweets from showing up in their feeds and inboxes.

It’s more than a blocklist, Doctorow said. It’s giving power to users to engage with meaningful, online communities that already exist in a way that supports and protects them.

Interoperability, then, might offer a potential solution for users to avoid online harassment—until aggressors find them on a new platform. But will interoperability actually serve the ACCESS Act’s stated goal of improving data privacy?

How to regulate data privacy

The ACCESS Act is at least the sixth federal bill proposed in the past year that aims to improve Americans’ data privacy.

As Malwarebytes Labs has reported, each federal bill seeks to improve data privacy through various means. One Senator’s bill would enforce a “Do Not Track” list, another would create a “duty to care” for user data, and another would require clear and concise terms of service agreements.

The ACCESS Act, on the other hand, is the first data privacy bill to focus on data portability and interoperability. Both concepts have provided proven, better experiences for technology users across multiple sectors. College students can take their transcripts to a new university when they wish to transfer schools. Healthcare patients can take their records to a new provider.

But with Congress taking a winter recess in just six weeks, there is essentially zero chance that any of these data privacy bills will pass in 2019.

Maybe 2020 will be better for users and their data privacy.

The post ACCESS Act might improve data privacy through interoperability appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Bernat Baby Velvet: Yarn Love Video Yarn Review

Moogly - Wed, 11/06/2019 - 15:37

Bernat Baby Velvet is a super soft, squishy, irresistible chenille yarn! Get a closer look at this lovely stuff in the Yarn Love Video Review on Moogly – including 20+ free knit and crochet patterns! Disclaimer: This post was sponsored by Yarnspirations, but all opinions are my own. This post includes affiliate links. Just The...

Read More

The post Bernat Baby Velvet: Yarn Love Video Yarn Review appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

1
Categories: Crochet Life

The Temple of the Bear

Ten Foot Pole - Wed, 11/06/2019 - 12:16
John Fredericks Sharp Mountain Games Labyrinth Lord Levels 5-8

Explore the TEMPLE OF THE BEAR in hopes of rescuing a hostage. There they will confront an evil wizard and his minions who hope to bring back a forgotten, evil cult.

This thirty page adventure contains a dungeon with fifteen rooms and a couple of outside encounters in about nine pages. It’s just long-form paragraph descriptions of each encounter location. Low interactivity, poor usability, uninspiring descriptions. The usual trifecta.

The DriveThru description does not have a level range. The cover does not have a level range. What does have a level range? The back cover. Which is only available once you purchase the adventure. It’s not even clear to me why these things have back covers. Isn’t that used for marketing purposes in game stores/bookstores … and don’t these products exists only as PDF’s? So the designer is slavishly following some template without regard to the actual purpose? And it results in a blind buy without knowing the level the adventure is for? 

Villagers are missings. The party, I guess, is somehow motivated to look in to it; the pretext doesn’t really exist in this one. Except … someone missing is the mayors daughters boyfriend. She’s 18. The mayor lets the party take her with them on the adventure. WTF? Seriously? I’m NOT giving my 18YO daughter over a group of murder hobos! Didn’t he see The Last Valley? Jesu Christo! 

From there we switch to the road in to the forest … which only leads to the dungeon, so if you kep following it then you’ll arrive there. Big mystery, I guess? Anyway, you get attacked by owlbears because forced combats are evidently a thing in Old School D&D. Oh, wait, they are not? There’s a thread on a forum RIGHT NOW about character death in D&D and the impact of forced combat mindsets? Oh. Well, bad design then I guess.

Oh, wait, fuck, no, I forgot. The town? It notes how it’s a good starting location for the party/campaign. Note again the level range if 5-8. I guess you’re either starting at 5-8 or you bought this adventure for the two paragraph town or the designer has, once again, not given thought to the context the information is being presented in. 

Information in the encounters is relayed in long form paragraphs. Multiple paragraphs per room. With lots of padding. Ensuring that you need to scan everything to run the room. And that the adventure text will be padded out. To nine pages. In a thirty page adventure. “First bob will do this and then he will do this and then he will do this and then he will do this.” Yes. Perfect. Exactly the sort of writing I expect.

A certain trap takes three paragraphs to describe. It’s giant jaws that snap down, kind of like a giant half-open bear trap. Three paragraphs. 

An evocative description in this is “After encountering the monkeybears, the party will come upon the Old Shrine. This area has a stone altar, a broken pillar, and broken stone benches.”

Interactivity is confined to traps, monster fighting and a ghost you can talk to. 

Monetary treasure in this adventure consists of 77gp and a 20gp gem. That’s a joke, right? This is a Gold=XP game, right? LabLord? Yes?

This time I promise I promise I promise I’m going to remember the name Sharp Mountain. Next time I promise I promise I promise I won’t tell myself “its been awhile, maybe they are better now? I should check in …” No. No I should not.

This is $2 at DriveThru. The preview is five pages and shows you nothing of the adventure, so you have no way of understanding the encounter quality before purchasing. Which, while bad for the consumer, is great for the producer


https://www.drivethrurpg.com/product/292194/The-Temple-of-the-Bear?1892600

Categories: Tabletop Gaming Blogs

Wednesday Comics: Two Collections from Roger Langridge

Sorcerer's Skull - Wed, 11/06/2019 - 12:00
Roger Langridge is Harvey and Eisner award winning comics writer and artist from New Zealand who tends to work in a quirky cartoon sort of vein (though he has written Thor and did a sort of surreal strip in Judge Dredd Magazine called Straightjacket Fits). Here are a couple of his works I've read that I would recommend:

Criminy
Written by Ryan Ferrier with art by Langridge tells the story of the Criminy family who looks sort of like Bosko (and sort of like the Animaniacs) who get into a series of fantastic adventures after their are forced to flee their island home by invading pirates. Criminy is aimed at younger readers (though might be more intense in places that strictly kiddie comics), but enjoyable by older ones, too.

Popeye vol. 1
IDW's 2012 Popeye series was written by Langridge with art by several different artists who do pitch perfect renditions of the Thimble Theatre characters to match the stories recalling the classic Dell Comics of Sagendorf. There were 3 volumes, all now available in hardcopy or on Kindle/Comixoloyu.

Same old, same old

Yarn Harlot - Tue, 11/05/2019 - 21:45

Voila, finished Jaywalkers.  My October Self-Imposed-Sock-of-the-Month-Club, which brings me smartly up to date.

Yarn: Must Stash Yarn in a one-off colorway called “Bete” that’s almost like her Beauty and Beast skeins, but with one missing set of stripes, which I quite like.

Pattern is the much loved and oft-knit Jaywalkers, by the inestimable Grumperina, who is still around, thank you very much, despite this being a pattern from 2005.  I knit them as written, and they fit just fine – not me, mind you – they’re way too big for my petit pieds, but they’re for the (not so) long-range-planning-box, so all is well, even if they do look a little sloppy on me. They won’t when they’re on the feet they were knit for.

I don’t have much else to say about them, except that it remains, as ever, almost damn impossible to take pictures of your own feet –

even with a timer.

 

Categories: Knitting Feeds

Box Breaking 262: Misfits Market Madness Vegetable box 1

Gamer Goggles - Tue, 11/05/2019 - 20:50

This is our very first Misfits Markets Vegetable Box. This is the Madness size (the big box). Inside you can find everything from the staples of cooking to the things you may never have eaten before. They are all #organic

Here is what I have done with this box so far. We have used the lettuce in salads. The onions and celery were used in a variety dishes. I roasted the beets (used the greens in a salad), potatoes and the squash. The apples were just eaten and the parsley was used in about five dishes the best one being a herb crusted pork tenderloin.

If you want me to get more detailed just post a comment on the YouTube video.

Copyright secured by Digiprove © 2019
Categories: Tabletop Gaming Blogs

Cryptozoic and Cartoon Network Enterprises Announce Release of Rick and Morty: The Morty Zone Dice Game

Cryptozoic - Tue, 11/05/2019 - 14:00

Cryptozoic Entertainment, along with Cartoon Network Enterprises, announced the release of Rick and Morty: The Morty Zone Dice Game. Based on the Season Four premiere episode of Adult Swim’s hit series Rick and Morty, which airs November 10, the previously unannounced roll-and-write game is in stores now. 

Categories: Tabletop Gaming Blogs

8 Fast Facts About D&D’s Magic Missile Spell

DM David - Tue, 11/05/2019 - 11:18

1. Dungeons & Dragons co-creator Gary Gygax introduced the Magic Missile spell in the original game’s first supplement, Greyhawk (1975). “This is a conjured missile equivalent to a magic arrow, and it does full damage (2-7 points) to any creature it strikes.” After that sentence, the description tells how higher-level magic users shoot extra missiles.

2. Gary took the idea for Magic Missile from the 1963 movie The Raven. The movie ends with a wizard duel between Vincent Price and Boris Karloff. Karloff flings bolts of energy at Price, who brushes them aside with a flick of his hand.

3. The exchange that inspired Magic Missile also led to the Shield spell, so the original Player’s Handbook (1978) explains, “This shield will totally negate magic missile attacks.” This property remains in fifth-edition D&D.

4. The original description of Magic Missile led players to dispute whether casters needed to make a to-hit roll. J. Eric Holmes, the editor of the 1977 Basic Set, opted for yes. His rules explain that casters must roll the same missile attack as a longbow. Gary settled on no. The Players Handbook states that the missiles “unerringly strike their target.”

Magic missiles always hit without allowing a saving throw, even though in the Dungeon Master’s Guide (1979) Gary stresses the importance of saves. Player characters “must always have a chance, no matter how small, a chance of somehow escaping what otherwise would be inevitable destruction.”

5. D&D’s fourth-edition designers seemed uncomfortable with a spell that always hit without a save, so the edition’s original version required an attack roll. When D&D fans griped that fourth veered too far from the game’s roots, the designers appealed to nostalgia by again making the missiles always hit. The 2010 rules update announces the change.

6. In fifth edition, wizards can add missiles by casting Magic Missile with a higher-level spell slot. In earlier editions, higher-level casters gain extra missiles for free. Back then, magic users started as weak characters who only launched one missile when they cast their day’s only 1st-level spell. But wizards steadily gained more spells, and higher-level spells, and even their first-level spells like Magic Missile gained strength. At higher levels, wizards boasted much more power than any other class. Gary Gygax felt comfortable with dominant, high-level wizards so long as they suffered through lower levels as feeble magic users. Today’s designers strive to match the power of every class at every level. Part of that balance comes from attaching a price to extra missiles.

7. In fifth edition, the missiles strike simultaneously. This means the strikes count as a single source of damage for things like resistance and that 3 magic missiles striking a character at 0 HP does not count as 3 failed death saves. A concentrating spellcaster hit by multiple missiles makes one Constitution save against a difficulty class set by the volley’s total damage. See 9 More Fifth-Edition D&D Rules Questions Answered by the Designers.

8. Strictly by the fifth-edition rules, when you cast Magic Missile, you roll 1d4 and use the result to set the same damage for every missile. This stems from a rule on page 196 of the Player’s Handbook. “If a spell or other effect deals damage to more than one target at the same time, roll the damage once for all of them.” The interpretation comes from lead-designer Jeremy Crawford. In practice, Jeremy allows players to roll separate damage for every missile, just like Gary did in 1975.

Categories: Tabletop Gaming Blogs

Announcing Malwarebytes 4.0: smarter, faster, and lighter

Malwarebytes - Tue, 11/05/2019 - 08:01

Malwarebytes was founded on the belief that everyone has a fundamental right to a malware-free existence. Every product we make is built on that premise. That’s why we’ve been hard at work on the latest version of Malwarebytes for Windows that not only sports a whole new look, but packs cutting-edge detection methods into a lightweight, lightning-fast program.

We proudly present: Malwarebytes 4.0.

Malwarebytes 4.0 signifies a big step forward in the fight against online crime. It uses smarter technologies to quickly identify stealthy malware and scan faster than ever—all with 50 percent less impact on CPU during scans.

Malwarebytes 4.0: What’s improved

Our first step in taking malware defense to the next level was making important improvements to our existing Malwarebytes for Windows technologies. They include:

  • Improved zero-hour detection that pinpoints new threats as they arise
  • Upgraded behavioral detection capabilities that catch more diverse threats—even those that use signature evasion
  • Improved overall performance and scan speed
  • Redesigned User Interface (UI) for easier, more intuitive functionality
  • Simplified Windows Security Center integration settings
  • Enhanced web protection technology
Malwarebytes 4.0: What’s new

Malwarebytes 4.0 introduces Katana, our brand-new detection engine that uses patented, dynamic methods to recognize zero-hour, often polymorphic malware even before it’s released in the wild. These same methods have been optimized with a faster threat definition process, so they’re not only smarter and more accurate, but using them results in faster scans while taking up less CPU.

“Polymorphic threats have changed the game in cybersecurity. By the time traditional antivirus creates a signature for these threats, it can be too late. Cybersecurity providers need to stay ahead of the game by recognizing potential threats before they can cause damage,” said Akshay Bhargava, Chief Product Officer at Malwarebytes.

“Malwarebytes 4.0 is designed to block these evolving threats in record time using innovative detection technology. Our new intuitive user interface helps customers more easily engage with their cybersecurity. Furthermore, the new engine is optimized and requires 50 percent less of the CPU while scanning.”

A new look and more integrations

The redesigned UI of Malwarebytes 4.0 is more informative, intuitive, and simple to navigate. Increased automation means users receive the latest updates to the product with less effort on their part. A threat statistics dashboard allows users to see which threats are blocked by Malwarebytes in real time—both on their own device and on machines throughout the world. The new UI also features dynamic integration with the Malwarebytes Labs blog, keeping customers informed on the latest cyberthreats, trends, and protection advice.

Each time Malwarebytes Labs posts a new blog, it will appear in the “Security news” section.

In addition, threats blocked or quarantined by Malwarebytes 4.0 are now linked directly to our Threat Center, so you can read up on each threat’s profile, including symptoms of infection, attack methods, and ways to remediate or protect against it.

Threat profile of Trojan.Emotet, one of the most prevalent threats detected today. Where to find support

For instructions on how to install Malwarebytes 4.0, including the latest version of Malwarebytes for Mac, check out the following knowledge-base articles:

Malwarebytes for Windows

Malwarebytes for Mac

Should you run into any problems or have any questions that remain unanswered, please reach out to our Customer Success team. You can find information, FAQs, and several support options through our support portal.

Let us know how you like the new version in the comments or through our social media channels.

Stay safe, everyone!

The post Announcing Malwarebytes 4.0: smarter, faster, and lighter appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Pages

Subscribe to Furiously Eclectic People aggregator