Feed aggregator

Series 12 Reveal for Doctor Who’s Anniversary

Blogtor Who - Sun, 11/10/2019 - 16:51

The BBC have indicated that news on Doctor Who Series 12 is coming on the 23rd of November A new teaser video posted to the BBC and BBC America’s social media accounts confirm a reveal of Series 12 is coming soon. Marked on YouTube with the title “Doctor Who: Series 12” and on Facebook will […]

The post Series 12 Reveal for Doctor Who’s Anniversary appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Doctor Who confirmed for Children in Need

Blogtor Who - Sun, 11/10/2019 - 12:58

Children in Need this Friday night will feature a special visit from the Doctor Children in Need have tweeted a trailer for the Children in Need telethon this Friday, confirming the presence of Doctor Who and Jodie Whittaker. Doctor Who has a long and established history of taking part on the night, from personal appearances […]

The post Doctor Who confirmed for Children in Need appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Video of the Day – GQ, 2019

Blogtor Who - Sun, 11/10/2019 - 04:00

The post Video of the Day – GQ, 2019 appeared first on Blogtor Who.

Categories: Doctor Who Feeds

On the Table: Combat Showcase

Jeffro's Space Gaming Blog - Sun, 11/10/2019 - 01:02

This little gem of a game supplement hails from the heyday of Car Wars, when the Deluxe Edition and Dueltrack were both out in all their upsized glory. This collection of designs marks the point where the game transitioned away from being a role-playing game about driving and shooting to being an arena combat game where the best vehicle designer one. Not everything in the book would hold up– the Variable Fire Rocket Pod which debuted here would later be nerfed into uselessness. But the concept of easily photocopied record sheets of dedicated fighting vehicles was still solid.

One of the neatest designs inside is the Challenger. It’s a metal armored vehicle with three linked rocket launchers, an explosive spike dropper, and loads of component armor. It’s fireproof– as long as you don’t penetrate the metal armor or target the tires. It can take a LOT of punishment– as long as you aren’t sporting big guns like the ATG or the blast canon. It can also dish out some serious firepower. The only downside is the heavy duty transmission. This thing has just plain horrible acceleration and top speed.

The main thing… it looked like something different from the other cars we’ve recently played. It also looked like the sort of vehicle that would be fun to put up against its doppelganger. So it got dropped into our Amateur Night campaign.

In the opening pass we got up to speeds in the 40 to 50 mph rang. We needed twelves to score a hit on the opening salvo and my opponent actually connected, even rolling a 6 on the damage dice. One point of metal armor gone and the first obstacle counter was laid down!

We cruised into point blank range and my opponent then failed a control roll while executing a D1 bend. Thanks to the opportune skid, I could position myself to tag him with a T-bone as he went by. Driving past, the hazard caused by the obstacle counters would put me into a fishtail that would result in a skid of my own. We both came to a stop simultaneously and then began the painstaking 2.5 mph acceleration to lurch back towards each other again.

Maneuver was no longer much a factor as we reached speeds between 5 and 10 mph. We burned through nearly all of our ammo. Obstacles littered the arena floor. Half my front armor was gone. I whittled away at my opponent’s right side and then his left. What little internal damage I scored mostly went to my opponents component armor surrounding his power plant. My opponent blew through the component armor on my rockets, damaged one with a single hit and took out another altogether.

I had maybe four or six rounds of ammo left at this point. My opponent was hoping to go past me and then maybe force me to waste those last couple shots on his back armor. Unfortunately, my pivot brought my two rocket launchers into position for a solid shot against his weakened side armor. I scored well on damage, penetrated both the metal armor and the power plant component armor and– incredibly– managed to set him on fire to boot.

This was a fairly lucky outcome for me as I could easily have missed, rolled a minuscule amount of damage that the armor could have ignored, hit the driver’s component armor instead, or even just rolled a 3-6 for the fire check. In a game where two’s and twelves had both been rolled, it was pretty exciting. And I have to say, we were both weirdly invested in the results of every single round of fire leading up to this.

My opponent bailed out of his car and began fleeing the scene. Continuing characters are rare enough in this game I opted to let him live for the rematch rather than run him down. He managed to escape before his car could explode, so autodueling fans were on the edge of their seats for the final finish. I think the networks got their money’s worth with these two cars!

Here are the stats for our two continuing duelists:

Borf: Three points in driver skill, eight points in gunner. Four prestige. One kill. Possesions: one S’most with two points of damage to each of the tires, one point of damage to each internal component, 7 points of damage front, 8 points of damage left, 7 points of damage right, one point of damage top, and 1 point of damage to the underbody. Five FT shots fired.

Poindexter: Two points in driver skill. six points in gunner. Five prestige. One kill. Possessions: one Challenger with 6 hits to front armor, 2 hits to left, five hits to front left tire, 2 hits to front right, 2 hits to back left, and 4 hits to back right. Front component armor destroyed, 2 hits to driver CA, and 3 hits to power plant CA. One RL destroyed. One RL at 1 DP. Four RL shots remaining.

Whoever wins the next match will go up to Gunner-1 and will also have enough salvage money to repair whatever vehicle we end up driving for the third round. Though I think the networks should give you a brand new version of one of your best winning car for free and then let you keep the salvage value of everything else– at least in a series of these one-on-one games.

For the final match, we wanted something to create a different feel from the ram car, flamethrower trike, and metal armor slugfest. We decided that linked APFSDS ATG’s, HDFOJ, FT, IFE, spoiler, airdam, and acceleration 10 would do the trick. See you next time for the finale!

 

Categories: Tabletop Gaming Blogs

Children in Need: Whittaker and Tennant’s #1 Album

Blogtor Who - Sat, 11/09/2019 - 16:31

The Children in Need album Got It Covered is the best selling album of the week Children in Need’s Got It Covered is the best selling album of the week. Featuring Doctors past and present Jodie Whittaker and David Tennant, the charity album collected a host of stars to give their own unique cover versions […]

The post Children in Need: Whittaker and Tennant’s #1 Album appeared first on Blogtor Who.

Categories: Doctor Who Feeds

BIG FINISH: Torchwood goes ‘off the rails’ in Dead Man’s Switch

Blogtor Who - Sat, 11/09/2019 - 16:00

Murray Melvin reprises his portrayal of Machiavellian, time-travelling Torchwood nemesis, Bilis Manger, in a creepy new full cast audio drama, Torchwood: Dead Man’s Switch, available now from Big Finish Productions. But this time the eerie manipulator isn’t facing off against Captain Jack and his team. Instead, Bilis features as the central figure in a chamber […]

The post BIG FINISH: Torchwood goes ‘off the rails’ in Dead Man’s Switch appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Only 2 Days left!

Rebel Minis - Sat, 11/09/2019 - 13:13


Only 2 Days Left with our Kickstarter for Cthulhu's Miskatonic University School Enamel Pins! We are working with Grape Robot to promote this! Take a look at pass the word please! 

https://www.kickstarter.com/projects/rebelminis/cthulhus-miskatonic-university-school-enamel-pins


Categories: Tabletop Gaming Blogs

(5e) Sinner’s Manor

Ten Foot Pole - Sat, 11/09/2019 - 12:05
By James Eck Mind Weave 5e Level 1

*sigh*

This nineteen page adventure details a four level manor with about twenty five rooms in about five pages. It’s just combat encounters in a non-keyed long paragraph descriptive format. Combined, of course, with counter-productive skill checks. A few interesting details show some potential, but this is just Yet Another Garbage Product.

And I’m the asshole. I’m the jerk faced jerk because I protest the torrent of shit and vomit that erupts like a firehose in to my face. How bad is this adventure? It’s got three stars on DriveThru, THAT’S how bad. 

So, old manor house in a town. Abandoned for multiple centuries. Rumored to be haunted. Over the years people have gone in to never come out. Still standing intact. Some dude in the town is obsessed with it and wants you to investigate it out so he can move in. Inside are the seven deadly sins. You go from room to room, finding one and then fighting it. That’s the entirety of the adventure. A straight up hack right out of the worst that 4e ever produced. Maybe worse; those had terrain.

I’m pretty sure that 5e still pays lip service to the three pillars concepts. Combat, roleplaying, and exploration. This is just combat. Nothing more. Any joy or wonder that D&D has is entirely non existent in this adventure. There’s nothing to explore, nothing to interact with. It’s just rooms with combat.

Oh, I’m sure it THINKS its exploration. But there’s nothing truly to discover or interact with except the monsters. 

And the format, oh my. The section headings in the text are by floor, and then by room. So, First Floor and then a subheading Kitchen. Of course, the map is numbered and doesn’t have the room names. This means the room numbers are put in to the text of the paragraph and you have to look there. Further, those subheadings? There’s not one per room. The Serving Room, not described, is mentioned in the Kitchen subheading but not elsewhere. This is not an isolated event, most rooms don’t have any description at all and are just mentioned in passing.

Why are they mentioned in passing? Why, to pad out the text by describing the doors on the map. The north door is open and leads to the Kitchen, for example. You know, THE THINGS A FUCKING MAP TELLS YOU. 

A house, with windows, yes? That you can look in? The text makes a point of telling us repeatedly that kids throw rocks at the glass. Well, no windows on the map, or even a hint of them in the descriptions. There’s absolutely no thought at all that has gone in to thie as a real environment. Mostly.

There IS a decent idea or two. A fireplace has ashed out on to the floor and there are ashy bootprints across a rug, as if someone was pacing. Oh course, you see the someone probably before you see the bootprints, and they attack you immediately, so the impact is lost, but the idea for a creepy descriptive thing is a good one. Broken glass from windows on the stairs. Again, a pretty good detail. 

These little bits show some promise, but they are VERY few and VERY far between and do very little to redeem the lack of interactivity and terrible format.

And you don’t even get real treasure. You’re told to put in a CR2 hoard. THAT’S THE FUCKING JOB OF THE DESIGNER! That’s is LITERALLY why we’re paying you. (Or, well, turning to a pre-written adventure in the case of a $0 or PWYW adventure …)

Oh! Oh! I almost forgot! Skill checks! It’s full of useless skill checks! In fact, the skill checks run COUNTER to the adventure. In general you make a skill check in this to determine how some rando body you find died. And the details are creepy. But if you don’t make the skill check then you don’t get the creepy. Is that the point? To NOT creep out the players?  No, of course not, you want them shitting themselves with fear. But you hide that behind a skill check. 

This is Pay What You Want at DriveThru with a suggested price of $1.You get all nineteen pages in the preview, so it’s a good preview. Page four of the preview (page two of the text) shows you the long-form descriptive stye that is indicative of the writing in this adventure.


https://www.drivethrurpg.com/product/292525/Sinners-Manor?1892600

Categories: Tabletop Gaming Blogs

Talomir Tales - Caravanserai Coming Later this Month

Two Hour Wargames - Sat, 11/09/2019 - 02:23

Haldor seemed to have worn out his welcome in Demeskeen. Or at least in his mind he had and that was good enough. He surveyed the tavern. Kurinthian Warriors, Barylistani Caravan Guards, Demeskeen Army and he swore that little lady in the corner was a Wererat. Well, not right now of course. Not in public, but get her alone and who could say.  “Yes, it’s time to go. I wonder what Brigana is like this time of year?”
************Talomir Tales - Caravanserai lets you travel the fantasy world of Talomir as a Caravan Guard. Or maybe you want to lead a Caravan getting paid well for your services. Or maybe you just want to join a Caravan for protection, opportunity or adventure. 
Caravanserai contains the Talomir Tales Core Rules as well as 16 linked Encounters.Look for it later this month.
Categories: Tabletop Gaming Blogs

Hygge Diamond Pillow

Moogly - Fri, 11/08/2019 - 15:40

The Hygge Diamond Pillow features 2 gorgeous yarns, a ton of texture, and is just what you need to finish off that handmade vibe in your space! And it’s a free crochet pillow pattern on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Furls, and Clover USA. Two Great Yarns are Better...

Read More

The post Hygge Diamond Pillow appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Weird Revisited: Five Kooky Cults

Sorcerer's Skull - Fri, 11/08/2019 - 12:00
I came upon this post when searching for another one. I had forgotten some of these (this post was original presented in 2011), so it seemed worth a revisit... 

Here are a few minority religious groups seen at least as bit odd (if not outright dangerous) by the majority of the City's citizens:


The Abattoir Cult: Secret followers of the sinister and bloody-handed Lord of the Cleaver. A liturgical text (anthropodermically bound) honoring this obscure eikone is known to exist in a private collection in New Lludd. His cult tends to crop up in districts devoted to meatpacking or slaughter pens and is associated with the emergence of serial killers.

The Temple of Father Eliah Exalted: This Old Time Religion sect preaches racial and gender equality, chastity--and the godhood of its prophet, Father Eliah Exalted. The Temple owns a number of groceries, gas stations, hotels, and other business. These are ostensibly held by acolytes but seem mainly to enrich the Father. The Temple is politically active and the Father’s support can sway elections. Many are suspicious that Exalted’s powers of oratory and occasional miracles suggest that he is one of the Gifted or perhaps a secret thaumaturgist, but proof has been hard to come by.

Serpent-spotters: An informal collection of people forgotten by society--mostly poor and elderly spinsters and widowers--who are convinced that the monster that appeared in the Eldritch River 30 years ago, and supposedly delivered secret prophecies to City fathers, will return, heralding the apocalypse. On days individually chosen they hold vigil in Eldside Park. They hope to be present at the time of the serpent’s return so it will reward their faith with a ride on his back to a watery Paradise.

The Electrovangelic Church of the Machine Messiah: A worldwide movement dedicated to building the perfect construct to manifest the Messiah and usher in a new age of mechanical spiritual perfection.

The Followers of the Rabbit: Not an organized religion, but instead a collection of superstitions and cautionary urban legends forming a secret liturgy for some folk working along the boardwalk of Lapin Isle. They hope to placate the godling of the island, the dark personification of the rabbit in the moon--the man in the rabbit suit that is not a man.

Link Love: My Favourite Things This Week

Knitted Bliss - Fri, 11/08/2019 - 11:00

www.knittedbliss.com

My Favourite Articles and Links This Week This was such an interesting article- why you never see your friends anymore. The top ten worst plastic polluters in the world. These fantastic quotes have been tumbling in my brain all week. If you have been stumbling through this past week like I have (I hate daylight

The post Link Love: My Favourite Things This Week appeared first on %%www.knittedbliss.com%%.

3
Categories: Knitting Feeds

Not us, YOU: vendor email compromise explained

Malwarebytes - Thu, 11/07/2019 - 21:49

Silent Starling, an online organized criminal group hailing from West Africa, seem to have reminded SMBs and enterprises alike the perils of business email compromise (BEC) scams once more. This time, they’ve advanced BEC into a more potent modality by widening the scope of its potential targets and methodically preparing for the attack from timing to execution. Thus, vendor email compromise (VEC) is born.

If you may recall, BEC is a form of targeted social engineering attack against institutions by baiting certain staff members—usually a CFO or those in the finance, payroll, and human resource departments—who either have access to company monetary accounts or the power to make financial decisions.

A BEC campaign always starts off with an email, either phishing or a spoofed email. Some BEC scams wants money from the get-go while others are more interested in sensitive information, such as W-2 forms.

BEC is remarkably effective at ensnaring victims. Although it may seem like mere trickery, an impressive level of sophistication is actually put into these campaigns to succeed. In fact, a typical BEC campaign so closely follows the kill chain framework used by advanced persistent threats (APTs) that it is deemed APT-like. As such, BEC deserves attention worthy of an APT attack.

So if BEC is already sophisticated enough to warrant APT-level protection, where does that leave businesses hit vendor email compromise?

BEC changed targets and gets a new name?

Before we launch into logistics of how to protect against VEC, let’s rewind and unpack naming conventions.

It’s true that scam campaigns change targets all the time and on occasion, in a heartbeat. But this particular scam evolution is quite unconventional because the amount of resources required to pull off a highly-successful VEC attack are easily quadruple that of a traditional BEC scam. To look at it another way, threat actors have introduced more friction into their operation instead of removing or minimizing it. However, they’ve also opened up the capacity to inflict far more damage to the target organization and to businesses worldwide.

While a typical BEC campaign baits one staff member at-a-time to extract money from a targeted organization, a VEC scam doesn’t go after a company for their money. Instead, VEC scammers look to leverage organizations against their own suppliers.

It’s typical for global brands to have hundreds of thousands of suppliers around the world. Proctor & Gamble, for example, has at least 50,000 company partners. This translates to at least 50,000 potential victims if VEC scammers can get a foothold in Proctor & Gamble’s systems. And these aren’t 50,000 individuals—it’s 50,000 organizations open to compromise.

This seems like a surefire money-making scheme, but it costs VEC scam operatives much more time and effort to sift through and study communication patterns based on thousands of current and archived email correspondences between the target business and their supply chain.

Okay, now I’m listening. How does VEC work?

According to the Agari Cyber Intelligence Division (ACID), the cybersecurity bod that has been engaging with Silent Starling for a time and recently put out a dossier about the group, the VEC attack chain this scam group follows is made up of three key phases.

  • Intrusion. This is where scammers attempt to compromise business email accounts of vendors in a variety of ways, such as phishing. Once successful, scammers move to phase two.
  • Reconnaissance. This is where scammers sit tight and go on “active waiting” mode. While doing so, they gather intel by sifting through archived emails, which may number in the thousands, and create email forwarding and/or redirect rules on the compromised accounts to have copies sent to email accounts the scammers control. They take note of dates so they know the timing, billing practices, the look of recognized official documents, or other information they can use for the success of the attack.
  • Actions on objectives. This is where they launch the VEC attack. The scammer/impersonator makes sure that they are contacting the right person in the targeted supplier company; the email content they create has high fidelity, meaning that it closely resembles typical vendor wording and communication style; and the timing is as consistent as possible with previous correspondences. Doing these checks and balances make VEC exceedingly difficult to detect.

We’d like to add that reconnaissance also happens before the intrusion phase, in which VEC scammers gather intel on companies they want to target, particularly those whose accounts they can attempt to compromise.

How can business owners protect against VEC and BeC?

Business owners should address these types of online threats before they happen, while they are happening, and after they happen.

Before

Remember that scams—these included—target people. In particular, they take advantage of what your people don’t know. That said, awareness of the existence of VEC, BEC, and other account takeover campaigns should be the first order of business.

Organizations must ensure that all members of staff, from the newly-hired and contractual employee to the CEO, should at least have background knowledge on what these scams are, how they work, what the scam mails they use look like, who are the key persons in the company threat actors would target, and what these key persons can do if or when they ever receive is a suspicious email.

Furthermore, it pays to familiarize employees with proper business procedures on how funds and/or sensitive information should be requested.

Establishing policies and procedures for business conducted over email should be in place, if there aren’t already. Organizations can build these around the assumption that the requesting party is not who they are and that they must verify who they claim they are. Think of it as an internal two-step verification process. This can be as simple as calling the boss or supplier using their contact number in record or requiring another person to authorize the request.

Also consider including a “no last-minute urgent fund request” from higher ups. If this is unavoidable for some reason, a rigorous verification process must be in place and upheld in the event of such a request. The higher up making the request must know the process and expect to undergo it.

During

It’s possible for highly-sophisticated scams to tick all the verification boxes—until they don’t. Remember that in these particular scams, there will always be something different that will stand out. It could be the sender’s name, signature, or the email address itself, but usually it’s the sudden change in account details that raises the alarm. Heed this alarm and call the supplier or vendor making the financial request—a video call would be ideal if possible—to confirm once more if they have submitted the request.

After

In the event that fraud is discovered after the financial request is fulfilled, begin the recovery process right away. Call your bank and request that they talk to the bank where the transfer was sent. If your business is insured, call your insurers and company shareholders. Lastly, reach out to local law enforcement and the FBI.

While things may be chaotic at this point, organizations must remember to document everything that has happened while gathering evidence. This is information that is not only essential during investigations but can also be used as material for training employees. It may not seem like it, but successful cyber and scam attacks are invaluable experiences organizations can learn from.

Furthermore, assess if sensitive information has been stolen as well. If so, mitigate according to the type of information stolen so that it can never be used to harm the company, its assets, and its people.

Lastly, if your company is not using one (or some) already, consider investing in security tools with advanced configuration options that could detect and nip BEC and VEC scams in the bud. Such technologies include email authentication technologies, like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC).

Stay safe!

The post Not us, YOU: vendor email compromise explained appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Velvet and Fur Christmas Stocking Tutorial

Moogly - Thu, 11/07/2019 - 16:00

The Velvet and Fur Christmas Stocking Tutorial demonstrates how to crochet this simple but super luxurious free crochet stocking pattern – on Moogly, in both right and left-handed videos! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations, Clover USA and Furls. Velvet and Fur Christmas Stocking Tutorial: How to Crochet the Velvet and...

Read More

The post Velvet and Fur Christmas Stocking Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Tournament of Useless Things

Mark Hughes (Church of the Rock) - Thu, 11/07/2019 - 06:10

Show off your useless talents!

Tournament of Useless Things
Thursday, Nov. 7
Youth Room
7:30 PM

Come out and join us this Thursday at 7:30 PM for a fun night of random tournaments! Compete in totally useless events like:

Timbit Throw
Speed Painting
Lipsync Battle

We hope to see your talented self there!

Christmas Banquet 

You are invited to enjoy the annual church-wide Christmas Banquet on Thursday, Dec. 5 at 6:30 PM. This night features a sit-down dinner with entertainment by comedian Matt Falk. The young adults always attend this event in semi-formal to formal attire. Tickets are $30.

Tickets go on sale on Thursday, Nov. 7 at 12:00 noon, and can be purchased here

The post Tournament of Useless Things appeared first on Church of The Rock.

Categories: Churchie Feeds

1346

Looking For Group - Thu, 11/07/2019 - 05:00

The post 1346 appeared first on Looking For Group.

Categories: Web Comics

Pieces of Eight: Dedicate

Mark Hughes (Church of the Rock) - Wed, 11/06/2019 - 21:05

Our eight part series, “Pieces of Eight”, was concluded at the Church of the Rock North End Campus on October 27,2019 by Andrew Campbell. Andrew concluded the series focused on the word Dedicate.  By clicking the link below you will be able to access the audio recording of the sermon. For more information you can contact us through our office at 204.261.0070.

 

Pieces of Eight: Dedicate by Andrew Campbell 

The post Pieces of Eight: Dedicate appeared first on Church of The Rock.

Categories: Churchie Feeds

[NEWS] Castle Xyntillan: Announcement and Preview

Beyond Fomalhaut - Wed, 11/06/2019 - 20:24
Castle Xyntillan (cover by Peter Mullen)

“The immense, rambling complex of Castle Xyntillan has stood in its mountain valley for many years. Built over several generations, it has now been deserted by its former owners, and left to time and the elements. However, that is not the end of the story, for Xyntillan’s fabulous treasures and Machiavellian deathtraps continue to fascinate the fortune-seekers of a dozen lands – and never mind the ghost stories!”
I am happy to announce the (now truly) forthcoming publication of Castle Xyntillan, a funhouse megadungeon for the Swords&Wizardry game. Xyntillan will be a 132-page hardcover, describing the three massive levels of the eponymous haunted castle, from the soaring tower of the Donjon to the inky depths of the Oubliette (and beyond). The module will ship with four map sheets with both GM’s and player’s cartography by Rob Conley, cover art by Peter Mullen (whose work, above, should speak for itself), and interior illustrations by Denis McCarthy, Stefan Poag, Peter Mullen (again), and The Dead Victorians. The hardcover set should sell for $40 plus shipping, and should be available at the end of November or very early December – allowing ample time for delivery before Christmas. And now, the details!
With Castle Xyntillan, my goal was to create a classic-style megadungeon based on the following design principles:
  • Versatility: The dungeon should be suitable for different game groups and play styles. It can make for fun one-off expeditions and convention games, it can be played as its own campaign, or ­it can become the tentpole dungeon of a broader campaign setting. It can be played with permanent groups, or a “West Marches”-style player and character pool. It is designed for levels 1 to 6, but otherwise, anything goes – from smaller parties relying on stealth and infiltration to more hack-and-slash affairs involving a small army of disposable flunkies, Xyntillan should offer a fun experience – at all levels of experience.
  • Open-ended exploration: The dungeon should accommodate many different approaches to exploration. Multiple entrances and an open structure built around interconnected sub-levels provide several possible paths through the Castle, including two- and three-dimensional exploration puzzles, hidden sections, and fabulous rewards secreted in secret places. Of course, openness also involves a healthy level of risk management: dangerous areas are not usually cordoned off from nosy characters, and the dungeon is not broken down into neat “levels” of difficulty; rather, it is the players’ responsibility to decide when to push their luck, and when to retreat to safety.
  • Open-ended gameplay: Groups (and players) with quite different interests should all find something to their liking. Whether they relish combat or prefer furtive exploration; confront Xyntillan’s denizens with sword and holy water in hand or play them off against each other; go for the choice treasures or seek the castle’s deeper mysteries, it should be possible. Likewise, GMs with different ideas should be able to customise it to their liking with little effort. Nothing is prescribed, but many things are possible – and Castle Xyntillan is a framework that enables and invites experimentation.
  • Complexity and interactivity: Rooms should offer many things to discover and mess with. While some are straightforward puzzles or traps, there are many which involve (or benefit from) a bit of lateral thinking and experimentation. They also have a depth that should not be overwhelming in play, but offer opportunities to come up with daring plans and unexpected combinations – especially when the players start leveraging multiple things in different rooms to their advantage.
  • Variety of challenges: While it does not pull punches, Xyntillan is not a hardcore killer dungeon – it is deadly, but resourceful groups who think on their feet should do well, and, if things go bad, have opportunities to cut their losses and run to fight another day. Not everyone and everything in Xyntillan is out to get you – or, at least, not immediately. However, those looking for trouble will soon find it.
  • Ease of use: The material should be easy to understand and use at the table, and the GM should never be lost in a sea of information. Accordingly, the room key uses a nested bullet point structure, starting from an overview of each room and proceeding towards the finer details and interaction possibilities (a two-page example is provided below). Bolded keywords are used to help navigate the text, which is also carefully cross-referenced for easy navigation. Map slices are placed close to their point of use to reduce page flipping. The map is extensively labelled for ease of use. Finally, the physical book and the accompanying maps are planned to be sturdy and user-friendly. It is printed and bound locally where me and my printer can oversee the production process at every step.
  • Surrealism: Xyntillan is founded on dream logic and loose association instead of strict realism or full narrative consistency. It should be entertaining, fascinating, and always a bit mysterious. As a funhouse dungeon, it is full of the improbable – but there is a method to the madness. Likewise, it is not a serious affair, but it is not a “joke module” either – it is intended to be a storehouse of the macabre and whimsical, where the jokes write themselves – there is no background laugh track.

Careful... careful.....In summary, the goal was not to make the biggest dungeon (a goal I have, frankly, always considered stupid), but one that’s just the right size, comfortable to use, good to handle, and built to last. Castle Xyntillan also has a (perhaps unfair) advantage: in one way or another, I have been working on these materials since 2006, from my sections of a never-published Tegel Manor manuscript to the finalised module, and there has been abundant time to contemplate, revise, add to, remove from, and playtest the adventure. It has been tried in many different contexts, and with many different groups. It has taken a long time, probably more than it is rational to develop a dungeon. It is, in one word, polished. It is, also, that thing I have been rambling about all these years. And I hope you will also find it to your liking.
For now, here is a two-page example from one of the easier-to-find sublevels: Castle Xyntillan Sample (4 MB PDF).

Q&A (Additions)

"Sounds good but I see nothing about factions. I want factions!"
"Xyntillan has no formally spelled out "factions", but it does have the remnants of the eccentric and corrupt Malévol family, who have their own agenda (represented by a global escalation mechanic) and internal disagreements. There are also (very loosely described) outside parties with their own interests in Xyntillan.

It is up to the GM and the players to decide what to do with this, but the emergent potential is there, and some suggestions are offered in the Introduction. During our playtest, reaction rolls and morale played a significant role, and negotiation with the dungeon denizens became an important source of information, shady bargains, and allies of convenience."

"How large is the dungeon?"
"WRT the size of the dungeon, it is large enough to sustain its own campaign, and to feel like you are exploring something substantial. It is large enough to result in emergent complexity, which is a major appeal of megadungeons. But it is limited in the sense that it should not take over your gaming life (something that has frustrated me about other megadungeons), and it is basically built around three large, loosely "levels" (a sprawling ground floor, various upper floors, and a dungeon level - all with more or less hidden sub-sections and plenty of interconnections). I had a second dungeon level under development but scrapped it because it felt too much." 
Categories: Tabletop Gaming Blogs

Stretch Goals Corrected and Lowered! Article on Kickstarter

Two Hour Wargames - Wed, 11/06/2019 - 19:40

 When I dropped the funding goal on the Kickstarter to $3,000 at the last minute before launch I forgot to adjust the Stretch Goals. Much better, check them out!

Here's a nice article on  the Kickstarter. 

10 Game Kickstarter


Categories: Tabletop Gaming Blogs

Here are the most popular robocall scams and how to avoid them

Malwarebytes - Wed, 11/06/2019 - 18:52

We recently examined how robocall scams are a serious threat to privacy, alongside the astonishing rate at which their volume continues to increase. Forty-three billion calls in 2019 with an average of 131 calls per person in the US alone is not something to be sniffed at. No matter how careful you are with your number, no matter which security measures you take, it can all be undone with one leaked database—then you’re on another list, forever.

Despite all precautions, it’s sadly inevitable that you’ll eventually wind up on a robocalling list or two. Then it’s a case of limiting damage and endless number blocking. Automated dialing ensures they’ll never, ever get tired of calling you unless you take some preventative action.

This week, we’re going to look at some specific examples of robocalls, the types of threats they present, and what’s at stake, including loss of privacy, finances, or even both simultaneously.

Can we listen to some robocall recordings?

You sure can.

A writer for Marketplace decided to take some of these robocalls instead of simply hanging up to see what kind of scam was on offer, and recorded portions of the calls. If you ever wanted to hear an authentic Chinese robocall scam in action, then today’s your lucky day.

Some of the call introductions are quite inventive. As always, there’s the faintest whiff that you may have done something wrong…maybe…and even if you didn’t, your details may be in the hands of criminals. You’d want to get that sorted out as soon as possible, especially if the nice person at the bank is telling you to do so. Right?

As far as specifics go, tactics involve:

  • Claiming your information was on debit cards sold illegally
  • Claiming your identity has been stolen
  • Claiming irregular activity has been flagged on your bank account

As with many similar scams, fraudsters are hoping potential victims are so rattled by these claims that they won’t notice they’re being primed for information. Why would a bank or similar institution ask you to confirm your name without volunteering it themselves? The answer, of course, is that they don’t have it and can’t address you unless you tell them first.

It’s a basic slice of cold reading, frequently deployed by con artists and tricksters who’d rather you just hand over what they need so they can turn it back on you.

Robocall scams targeting Chinese students

As demonstrated in the Marketplace article, there’s a solid wave of Chinese language robocalls right now, something which seems to have begun in earnest around two years ago. While the calls emulate the most common robocall tactics—fake caller ID, spoofing a trusted business entity, leaving a short automated message hoping you’ll press a specific number on your phone—they deploy some additional measures designed to bait, harass, and worry Chinese targets as much as possible. 

Last month, I looked at how mainland China–based scammers are targeting Chinese students in the UK with threats of deportation. Focusing on immigration status, alongside mentions of embassies and potential legal trouble all make an unwelcome reappearance in US robocalls. Students once again have become popular targets, whether resident in the United States or simply visiting. Fraudsters even make use of text and send potential victims sensitive information about themselves, such as passport scans—just like the international student attacks in the UK.

It’s not just happening in the US; the same tactics exploded into life in Australia in May 2018, with threatening calls supposedly coming from the Chinese embassy in Canberra.

Press 1 to perform a fake kidnapping

Possibly the most extreme version of robocall scams involves staged kidnappings. After the standard “You’re in trouble” robocall messages, things take a sharp turn into the surreal as scammers convince people to take photos of themselves as if they’ve been kidnapped, before sending said imagery to other relatives who’ll be told they need to pay a ransom. People don’t want their relatives falling foul to terrible kidnappers, so of course it’s pretty much game over in the “will they, won’t they” pay up stakes.

Is that really Apple robocalling you?

Another popular robocall tactic involves spoofing the geniuses at Apple. On October 31, Missouri Attorney General Eric Schmitt put out an alert regarding robocalls where the scammers pretend to be Apple support. You know all those endless, awful fake Apple emails clogging up your inbox on a daily basis? They’re down the other end of your telephone now, hunting for personal information and money.

https://www.youtube.com/watch?v=h2Uev0VDBrM

The recorded message plays out like this:

This is Molly from Apple Support. We have found some suspicious activity in your iCloud account, that your iCloud account has been breached. Before using any Apple device please contact an apple support advisor

They even leave a phone number you can dial later if you don’t have time to process the robocall when they ring you.

Robocall SSN scams

It seems there’s something in the air at the moment, because the IRS warned of Social Security Number robocall scams making the rounds on October 24. These aren’t people pretending to be embassies; they’re more akin to those Facebook viral chain hoaxes where talented hackers will delete your profile by a certain date unless you repost their message.

Here, they’re threatening to wipe your SSN unless you address a fictitious unpaid tax bill. As per their own advice, neither the IRS nor their collection agencies will ever:

  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, iTunes gift card or wire transfer. The IRS does not use these methods for tax payments.

  • Ask a taxpayer to make a payment to a person or organization other than the U.S. Treasury.

  • Threaten to immediately bring in local police or other law-enforcement groups to have the taxpayer arrested for not paying.

  • Demand taxes be paid without giving the taxpayer the opportunity to question or appeal the amount owed.

Internet and offline scams have a long history of flagging themselves as fake by throwing decidedly unofficial payment methods (iTunes vouchers, Steam gift cards) into supposedly official routines. These would appear to be no different.

The other social security scam

The Social Security Administration (SSA) scam became prominent in September 2019, but hasn’t really gone away. The pattern is familiar: There are claims of benefits being suspended, with the only way out being money wires, or cash being placed onto gift cards.

Attacks along these lines can take terrifying amounts of money away from their victims. And they don’t just focus on the elderly: Anyone and everyone, including millennials, can be a target as far as robocallers are concerned.

A problem for everybody

While the majority of robocall articles focus on calls coming from China, the problem isn’t confined to that region. Indeed, the US has more than its fair share of robocall-related issues, with five US states contributing to the top locations for robocall origination. Mexico, the Philippines, Costa Rica, Guatemala, and India complete the list, according to the Federal Trade Commission (FTC).

Alex Quilici, CEO of robocall-blocking app YouMail, told USA Today that he estimates “hundreds of millions” of calls originated from inside the US. In June 2019, the FTC cracked down on US-based robocalls, and reported that the majority of scams they shut down were based in California and Florida.

What can we do about it?

As robocalling has been such a common problem over the years, we already have a full rundown on what you can do to avoid these attacks as best as possible. The people behind them will continue to slather us with their nonsense pressure, fictitious time limits, and bizarre fake kidnapping requests. But there’s one simple way to ensure they never win: Just don’t pick up the phone.

Avoid all that chaos by resisting the temptation to press buttons or pick up and yell. Robocall scammers have been known to ensnare even the most savvy users. Simply let unknown numbers ring into the void forevermore. When your identity and bank account are safe and sound, you’ll be glad you did.

The post Here are the most popular robocall scams and how to avoid them appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Pages

Subscribe to Furiously Eclectic People aggregator