Feed aggregator

Qwik? What's Qwik?

Two Hour Wargames - Thu, 05/09/2019 - 23:20
Or should we say "What was Qwik?"
It was a game by THW based on the movie Blood of Heroes. "What?" Movie was okay, game was great.
The movie came out 30 years ago, the game came out 8 years ago. "What?!"
Yeah, I know, time flies. And gamers change and games have to change with them. 
What was detailed then, is streamlined now.
What took a while to play, can be played in half the time.
But some things don't change.
Still bloody...still easy to learn...still compatible with After the Horseman. 
But that's another story... :)

More to come.
Categories: Tabletop Gaming Blogs

What's Old Can Be Renewed

3d6 Traps & Thieves - Thu, 05/09/2019 - 20:16
One thing I really enjoy about the RPG thing is the creation of new settings or milieus. While Avremier is my primary lifelong work for gaming, I do have ideas and visions that just don't fit. Because of this, there are quite a few smaller setting projects in the works (Grayharrow and RedStaff are but two examples).

One of the fun things for me is populating these new settings. Once a distinct flavor has been established, I like to browse through classic bestiaries like the Monster Manual or Fiend Folio, with an eye toward how these old standards might differ or shine in this specific environment.

In Grayharrow, I looked at a lot of monsters with an "eldritch" feel and psionics in mind. For RedStaff, the focus is a variation of Southern Gothic Horror. Today, there is the Pseudo-Victorian tableau of decadent apocalypse called Violet Grimoire. Sorry - there's no titling for that yet. Giving myself a distinct and detailed setting concept allows for a new perspective when making decisions for development. By way of example, here are a few brief jottings from a scan of the Monster Manual.

Ankheg: Worker-type of a species that includes the Umber Hulk as a warrior-type. Banshee: Attached to established families of “true blood.” A sign of status and respectability. Ettin: Engineered to become elite guards or soldiers. More evolved and intelligent. Trained in weapon use. Fae Hound: A version of the Blink Dog, but far more menacing and large enough to ride. Possibly a version of the Enfield. Fungi, Ghost: Large, white morel-type mushrooms that can drift through the air for short distances. Similar to violet fungi, but their touch withers/ages. Fungi, Violet: Basis for an entire ecotype. Sometimes, the touch of violet fungus infects the victim, but not with rot. Violet patterns (like lichen) appear on the skin. Giant, Stonebear: At least one tribe of stone giants has embraced a form of lycanthropy to become werebear berserks.  Lycanthrope, Weretiger: Have formed a distinct race of tiger-featured humans. Controlled shifting. Society of castes. Retain golden-hued skin with striped markings in human form. Eyes do not change and are always catlike. They have a ruler called Lord or Lady Tiger (possibly similar to the Cat Lord). Merman: The only species in the setting has the traits of sharks, not fish. They are savage and deadly. 
And so-on.

I find that most of the details fall into place once a detailed environment has been created for them. And, not even a meticulously detailed environment. For the moment, the Violet Grimoire setting is defined thusly:

This will be an environment for black comedy and gallows humor. It is also a place for horror of all kinds, even a bit of Mythos horror. It is entirely possible that the entire project will be merged with RedStaff as an epic campaign arc or background plotline.
The setting centers upon the great city of Veriscine, which is the capital of the Imbraiac Regency. A city with a beautiful surface covering decay and darkness beneath. Power, intrigue, desire, betrayal, fear – there must be fear. Always an undercurrent of something terrible lurking just beneath the decadent surface. Of madness concealed behind a crumbling façade of urbane civility.
The Imbraiac Regency is a civilization in complacent decline. The arcane and alchemical arts have been at their peak for generations. Much of arcane science is pursued for the benefit of those that can afford it. Pleasure and longevity are the most worthy goals.
The gods were shown to be false and their idols cast down. Then, the horrors of the Unquiet Dark began to stir and turn their attentions upon the world. Mortalkind became prey for the ravening monsters from beyond. In desperation and ignorance, the people turned to nearly forgotten gods of ancient myth for deliverance and protection. Nine Gods of Order with comforting human forms. Nine Lords of Hell that play at being gods and prefer dominion in the mortal world over eternal war in the infernal regions. Diabolic overlords thriving upon worship while seeking true ascension to divinity. During their reign, humanity has suffered little from the predations of alien horrors, and the Nine have proven very effective governors. Better the devil you know.
Well, that's all from the Desk of Mothshade for today. More fun to come.

Categories: Tabletop Gaming Blogs

[REVIEW] The Hidden Tomb of Nephabti

Beyond Fomalhaut - Thu, 05/09/2019 - 16:30

The Hidden Tomb of Nephabti (2019)by Jeremy ReabanSelf-publishedLevels 5-7
Mummies. Why did it have to be mummies?Should you want to explain the concept of a dungeon crawl to a layman, looting pyramids and Egyptian royal tombs might be your best bet to get across the idea. D&D is often highly esoteric, but pyramids? Those are on TV. The first game session I ever played took place in a pyramid. If you have played AD&D reasonably long, you have probably been to one, too.
The Hidden Tomb of Nephabti is a short tomb robbing-adventure. Of its 17 pages, 8 are dedicated to a dungeon with 23 keyed areas, the rest describing new monsters, gods, and magic items. It is meat-and-potatoes in a good way. If you need an Egyptian tomb, here is one that can fill that spot. It is written and laid out in a straightforward way, and focuses on what matters around the table. It is not going to win any award, or draw hype, but it is the stuff that makes for a nice home game, packaged for reuse.
The rooms are good. Every one of the dungeon rooms has something worthwhile going on: interesting combat setups, magical tricks, interesting and well-hidden treasure, and even good NPC interaction. It does not concern itself too much with mundane elements like rotting linen or sand with bits of broken pottery – it is all about the fantastic side of dungeoneering. A lot of adventures have two or three good ideas hidden in them. This one has several, and much of it is even tied to the local mythology (may contain traces of Cthulhu; time plays another important role). Most importantly, it is all material which invites and rewards PC engagement and experimentation. Look and touch!
One aspect I am finding weaker is the way the rooms are connected. The tomb is laid out in a fairly boring way which looks like the rooms are mostly linked arbitrarily. Nothing of note takes place in the corridors (not even traps or random encounters), and it lacks the vertical elements of a good tomb-crawl. The real pyramids had stairs and air shafts and interior galleries! One or two rooms are positioned in a way that requires some thought to deal with or bypass, but you could mostly just march unimpeded to the final room, and leave the way you came. Not even a lousy pit trap in your path? This needs work!
But all in all, this is a solid, unpretentious scenario with a fake-TSR style cover I have a soft spot for. As I understand from the text, this is the first module of a trilogy, to be followed by The Fearful Fane of Bubastis, and Black Pyramid of the Faceless Pharaoh.
No playtesters are credited in this publication.
Rating: *** / *****
Categories: Tabletop Gaming Blogs

How 5G could impact cybersecurity strategy

Malwarebytes - Thu, 05/09/2019 - 16:00

With the recent news that South Korea has rolled out the world’s first 5G network, it’s clear that we’re on the precipice of the wireless technology’s widespread launch.

Offering speeds anywhere from 20 to 100 times faster than 4G long-term evolution (LTE), the next generation of wireless networks will also support higher capacities of wireless devices. That’s a huge deal considering the rise of IoT and similar technologies, all of which require a high-speed, active connection.

But along with the network upgrade—which will surely bring with it a boost in users relying on wireless frequencies—there are security concerns, some new.

Lucky for South Korea, this is something the local telecom companies are not so concerned with. Park Jin-Hyo, head of SK Telecom’s Information and Communication Tech Research Center says, “I don’t think we have a security issue in South Korea.”

However, the reality is that 5G introduces a variety of new cybersecurity concerns, particularly when it comes to intensified attacks.

As more and more devices are powered on and synced up, each one becomes a potential security vulnerability for the wider network. More specifically, many organizations will have to change or restructure their cybersecurity strategies to deal with the new platform.

Here are four ways that the rise of 5G can and will impact a company’s cybersecurity.

1. New risks will surface

In 2016, an incredibly dangerous denial-of-service (DDoS) attack took down most of the Internet on the US east coast. Initially, authorities believed that a certain hostile nation-state was responsible, targeting the country with nefarious ideations. As it turns out, the Mirai botnet was actually to blame, and it involved thousands of insecure IoT devices, including security cameras and similar tech.

More alarming is the fact that its creator originally only developed the system to take down rival Minecraft servers as a means to make some extra cash. The original intention was never to unload on the Internet as a whole, which shows that not all cybersecurity problems stem from mastermind criminals.

What does any of this have to do with 5G? Anything and everything. As soon as 5G networks are rolled out to the greater public, devices will be powered on and connected from a variety of mediums.

Everything from smart home security cameras to smart refrigerators to industrial-grade smart sensors can and will tap into the higher-performance networks. That presents a whole slew of new devices, tools, and systems that hackers can use to their advantage. From there, it’s not a stretch to predict another botnet will rise, one that targets vulnerable and insecure devices, which would mean we’ll see another series of attacks like the Mirai event.

2. More devices will necessitate smarter security solutions

As more devices are introduced, the security landscape becomes broader than ever before. Where once cybersecurity was concerned with internal computers and machines and a handful of authorized mobile devices, it is now expanded to include every possibility.

Install smart coffee makers in the company office? There needs to be a new set of security solutions administered to protect any incoming and outgoing connections related to that device. Install new machine sensors and remote-operation tools for industrial equipment? The same is true.

Security solutions will need to become just as broad to account for all the new network channels and devices, as a means to protect an entire operation. Not only will this facilitate new security requirements—like outsourcing to a more capable provider—but it will also have sweeping implications on the privacy and security of organizations as a whole.

Take that smart coffee maker, for instance. One might not think it’s transmitting or sharing sensitive data—it’s a simple coffee maker. But that doesn’t matter. Hackers could reverse engineer the device to serve more nefarious purposes. For example, they could tap into a microphone which should be used for voice commands and use it to spy on sensitive communications or events.

3. Increased bandwidth will raise capability concerns

Many security solutions involve monitoring traffic in real time to identify potential threats based on activity and sniffed data. Someone in-house visiting a flagged URL, for example, might reveal an inside man, so to speak. They might also discover that a device or machine has been infected, which warrants further investigation.

In any case, these systems are largely able to keep up because of bandwidth limitations. The Internet bandwidth or capacity of a network can only handle so much traffic at once. This is bad in terms of user performance but good in terms of managing security and traffic. With 5G, which offers incredibly higher speeds and capacity, all of that goes out the window.

Security solutions must be upgraded to deal with these new capabilities, particularly when it comes to monitoring, encryption, and prevention—the latter being handled by firewalls. A majority of legacy solutions may no longer work because of the increased capacity, speeds, and overall latency boost that 5G offers.

The frightening element is that because we have no 5G networks around today to test, no one truly knows what the network upgrade is going to require of security professionals. To achieve the higher capabilities, hardware will need to be upgraded to become more powerful, and the solutions themselves may need to be redeveloped to deal with the state of networks. What that looks like exactly, we won’t know until 5G is here.

4. Integration and automation will be a must

We’ve been on the verge of widespread security automation for some time. The current landscape has helped push the need for it, as organizations must be ready to deal with security threats at all hours of the day and night.

But integration has been optional, at least until recently. Integration simply means that the security architecture and system in use is connected across the entire operation. Data must correlate and sync even between security layers, and that’s true whether those divides are physical or digital in nature.

For example, someone trying to force their way inside a physical security facility should be flagged, and any further data that is related to their actions should be monitored digitally. That same person might try to find another way inside company infrastructure, including using various digital or physical systems and vulnerabilities. But integration extends beyond this quick example. Security data and the overall architecture must be evolved to handle the same kinds of threats that are developing in the real world.

A digital-centric hacker might move to physical means and vice versa, at any time. They might use a combination of strategies and attacks to gain unauthorized access—as they’re already showing with Emotet’s polymorphic, multiple module attacks or CrySIS ransomware’s versatile attack vectors. They will constantly be looking for ways in, which requires using automation to keep things running during the off-hours, too.

5G is coming

Advanced 5G and wireless networks are coming, and they will bring a huge selection of benefits, including higher traffic capacities, lower latency, and increased reliability. Naturally, that means more people and more organizations will rely on the new system for their devices.

Unfortunately, it also introduces a slew of cybersecurity concerns and problems, particularly as it relates to current security solutions.

Organizations will need to be prepared and should already have plans in place to upgrade and augment their existing security solutions. Failing to do so could have serious implications, not just for the organization itself but for the world at large. Sensitive data pertaining to the company and its customers could be stolen, and vulnerable devices could be used for nefarious deeds—just like we saw with Mirai botnet.

As we inch ever closer to the launch of next-gen wireless, we must continue to ask ourselves if we are truly prepared.

The post How 5G could impact cybersecurity strategy appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Looking For Group - Thu, 05/09/2019 - 04:00

The post 1294 appeared first on Looking For Group.

Categories: Web Comics

HackMoor 2019/05/03 Cadfael Captured

Furiously Eclectic People - Thu, 05/09/2019 - 01:52

Games are normally on Friday nights sometime after 5:30PM at World's Best Comics, 9714 Warwick Blvd Newport News, Virginia 23601.

We had an extra large half-pepperoni half-sausage pizza.

What has gone before:

The Party is with a small underground civilization named Cynicism (demonym: Cynics) who are constantly stoned out of their gourd due to the poor diet of mushrooms, underground fish, and lack of sunlight. (I think it's mostly the mushrooms.) The Cynics are controlled by a priestly class of Ba'al worshippers and a tribe of Hobgoblins. The Party has aligned themselves with three rebel Catholic factions whose numbers are still too small (450) to defeat Ba'al. (550 plus a tribe of 200 Hobgoblins, and a large family of Ogres.)


This session I had prepped the Player for Sham to run the bad guy encounters because his character is on an overland march back the Party's location with a small battalion composed mostly of Tenians accompanied by a BlackMoor company.

The rest of the party accompanied Cadfael to the underground city. Thune the Berserker stayed near the topside entrance to watch the horses and keep watch for Sam'a army. Glaxx the Druid also went topside temporarily to check on Thune (and to make sure he didn't go Berserk). She hadn't come back before the end of this session.

While the leadership of the three factions had agreed to align, it still remained for Cadfael to convince the rank and file of each faction to join the cause. The three Catholic factions had centuries of animosity between them, and mostly had forgot what the source of the original splits were.

Ergo, the underground city of Cynicism's history:

After the city retreated underground to hide from conquering hordes, the discovery of of Ba'al during the dig and his worship overtook the populace. Ba'al worship reigned supreme in the early years underground with the gawd's promises of safety from conquering forces above and a drug induced haze. It was easy while the population was initially large and periodic sacrifices would take the weak, infirm, and the occasional faithful Catholic who got discovered. As the city's population dwindled, friends and neighbors disappeared, and the average citizen came to realize they were just Eloi and the next sacrifice could be himself. This was not helped by the relatively newly arrived Hobgoblin enforcers. Above ground, the once fertile region the Cynicism was once the capital of, became a desert.

Meanwhile the remaining Catholic faithful went into hiding and started quarreling amongst themselves, hence the heretical treatment of each other for the next few centuries. Lately, the Catholic membership has increased in the hope for relief from the perpetual lottery of doom. At least their faith had a promise of a better afterlife, even if taken by Ba'al.

So the onus fell on Cadfael to reunite the Catholic hoi polloi. Rather than go out evangelizing out in public and putting himself at risk, he decided to perform what a Catholic priest should be doing,* holding proper liturgical services. The first day, he began services with the Magi of Jesus faction, then scooted to the Maidens of Mary faction next door. He rolled successful non-Player Character (NPC) reactions check at each.

Next stop was to conduct services with the Brothers of Joseph who were on the other side of town. So Cadfael HAD to go out in public, at least he wasn't advertising himself.

What followed were a series of random encounters on the streets.

The first were a men wearing bird masks and flapping their arms while circling the Party. Taunting them because the Party could not "fly". (These guys were the usual Cynical citizens, stoned out of their gourds.) They eventually wandered off, "flying" away.

The next one was with a Giant Rat. ("Giant" meaning two feet long, not including tail.) It was an escaped penned animal one of several species the Cynics use for meat. Namo our thief nailed it with a critical hit.

Next the party encountered Cynical fishermen from the city's underground lake taking their haul to market. Strangely enough, these guys weren't "high" like the normal citizen. The party bought some fish.

Lastly Cadfael made it to the Joe Bros. redoubt. His NPC reaction check was not so good and the liturgy was a failure. (Cadfael needs a better Charisma score, or he should have done a "miracle" like last time.) Even though the preaching was bad, he was still a guest of the Joe Bros. leadership so he spent the "night" (underground sleeping period).

Additionally regarding Sham the Samurai who was on his first day going towards civilization to recruit his battalion, the 24 hours of Sham's "Undetectable Lie" had worn out and the factions were starting to ask about Sham, "Who was that guy?"

Next "day" Cadfael attempted to leave the Joe Bros. redoubt and headed for the Magi's place. Outside however there was roadblock and a detour blocking pedestrian traffic due to road work supervised by Goblin traffic cops. Cadfael retreated back to the Brothers of Joseph and since it was time for Vespers, his services again failed miserably and he was kicked out. He promised a better sermon next time (and maybe use a "Befriend" spell).

At least it was an hour later and the Goblin traffic cops were on break.

Cadfael had one more important encounter on the way. A group of three Ba'alist clerics on a mission to "cast out demons" from any unsuspecting passerby, of whom the party were the victims. Whether a prospective victim was "possessed" by a demon mattered little, as the Ba'alist Clerics used the old Monty Python logic of "Can you prove your not a witch?"

One of them cast a Hold Person spell on Cadfael and they proceeded to drag him to the ever so convenient Temple of Ba'al next door while Pavel and Namo tried to prevent his capture by fighting back. It was to no avail however and the Clerics took Cadfael into the Temple and the gates shut behind him.

He was now surrounded by upset Goblin traffic cops holding their coffee cups and half eaten donuts.

Cadfael's capture had interrupted their break.






Paveltepec, first level Painted Mage
Sham, first level Samurai
Cadfael, first level Cleric
Glaxx, first level Druid
Namo, first level Thief
Thune, first level Berserker
10 Sprites, in a musical band called the Pharies
500 Light Infantry, enroute.
1000 Cynics





This is also posted on two forums, and a blog.


Tracy Johnson
Old fashioned text games hosted below:



Categories: Miscellaneous Blogs

The Magician’s House

Ten Foot Pole - Wed, 05/08/2019 - 23:14
By Ray Weidner
Self Published
Levels 1-3

The city of Blackrock is in peril! An army of shrieking demons marches inexorably closer, less than a week away from putting its people to the knife. The Duke puts out a call: brave and resourceful heroes are needed to recover the sacred words that will unleash the power of the Sealing Stone. Words that have passed beyond the world – and so these adventurers must pass beyond the world, into…The Magician’s House!

This 132 page adventure uses about seventy pages to describe a 25-ish “room” wizards house. There is little of the heightened reality that most DCC adventures have, making this a pretty straight forward conversion to your favorite gaming system. There is a depth to many of the  rooms that makes them seem more like mini-vignettes or set-pieces, without even really overreaching in to being jaded or expectating Yet Another Set Piece. Lots of minor polishing issues plague the adventure but it never really falls in to any major traps. I think it’s a delightful little romp through a gentleman magicians home.

What Ray has created here is a point crawl wizards house, thanks the extra-dimensional flavour afforded by being a wizard. You’re searching for either the wizard or some magic words, giving you drive to explore. The extra-dimensional aspects are leveraged in more than just “the dungeon layout is weird.” Mirrors transport you to mirror world. Or you can go to Faerie. Or the moon.  Speaking of faerie and mirrors, you might recognize some Norvel/Strange references. In fact, the baddies here are fey right out of that book, with the adventure leaning to that sort of fey.

The wizard in question is Mordank the Irregular. Tales are told of his feats … like when he saved the town from poisoned grain by summoning a huge army of rats to eat the grain. And who then died in the streets and stank forever. Mordank is my kind of wizard, both in holistic thinking and in being a weirdo.

There’s absolutely a Wizard House vibe this. There are some ruined houses in town with no real walls or doors. Except for one, which is the wizards doors. The backside looks like a normal door. That’s wizard shit. Weirdo servants? Wizard shit. Keeping fey captive? Wizards shit. Weird stuff to fuck with? Wizard shit. Mirrors you can walk through? Wizard shit. Thing place feels like a wizards house.

It helps that you can talk to just about anything. Slime creatures on the moon? They are actually guests of the wizard, nice people, and happy to talk if you don’t try to gak them at first sight. The servants? They talk … and try to get you to go back to the visitors lounge. The guards? Same thing. But their captain also needs some sneaky types to help him get back at the servants …  The fey king, and other fey? Sure, the kings hobbies are Games and Hating Mordank. There’s a great deal of interactivity. If I had a complaint in this area it might be that it could use a little more challenge. There’s that Ed Greenwood thing where you just walk around looking at weird shit. And in LOTFP fucking with anything is usually a bad idea. In a Gold=XP game the allure is usually loot, motivating you to fuck with stuff. In a one-shot (which is what this is oriented toward. More on that later.) or a story game then you motivation to fuck with shit has to be in service of the story. I’m not sure that comes through as well as it could. In some places it seems more like Greenwood interactivity. Not an obstacle, but an experience, and you can be left with the “just dont touch anything” mindset.

In THIS adventure the pregens provide some motivation in that area. They all have objectives ad “side quests” from their backstory. Discover the source of the wizards power and report back. Get cash. Spread the faith. Find a book in the library about a certain thing. Things to get you moving around the map, if this were a hexcrawl, beyond the simple main quest.

A high page count with low room count usually means word bloat. While this isn’t a masterpiece of editing, it doesn’t really have the problems associated with word bloat. Each room is contained on two or three pages. You get a little mini-map, an initial impression, and then a separate header and paragraph, etc, for each interesting thing in the First Impression description … or a feature inside of another feature, for example. This is then followed by an explicit stat block, a section on treasure, and then a note on exits. Whitespace and section headings a bullets are generous. Taken together this explains how the depth of the rooms are handled and how it gets past the word bloat issue. Ray thought about the issue and found a solution.

Well … most of a solution. At two pages per room I am ON. BOARD. with this format. Facing pages, open behind the screen, the entire room available at a glance with whitespace, headings, bullets providing me help to find things. At three I suddenly need to page flip. A third page containing just the stats and/or treasure/exits could be ok. A third page referenced during exceptions, like a fight breaking out or leaving the room. Then a page flip seems ok. But a third page, or more, to look up simple room stuff? At that point I begin to drag out my Everything is a Guideline mantra, and Too Much Devotion to a Things is Bad mantra. Messing with the margins, the whitespace, the font size, rethinking Major Headings vs Minor Headings, all all in game as things that could be sacrificed, temporarily at a minimum, on the altar of “all the main shit on two pages.”

That might be my major complaint and I think falls in to the realm of Polishing. In that same realm are a large number of other issues. Some more work on mirror world to handle the transition rooms better, those being necessarily more complex. A major NPC, the wizards drinking buddy, is lacking almost any detail at all. Like, what he knows about the house, the situation, etc. Some of the words from the First Impression features do not appear as section headings. Looking Glass in the impressions with Mirrors as a heading for more information. That’s a crude example, but gets the point across. Other places need someone to point out some flaws in the writing. A little model of the solar system is in one room. A party member can shrink and fly toward the planets … at 20’ per round. They are unrecoverable at 100’. I don’t really get this. The solar system toy, the shrinking, the distances, they don’t make sens to me together.

But, these are polish issues. There’s some very find magic rings with non-standard effects. A gem you can swallow (Hey hey hey! Dungeon of the Bear!) and great rumors. The wizard is built up exactly the way you’d want one to be … powerful and little bizarre without going full out gonzo or silly. The Gentlemen Fey thing goin on is just icing.

Good adventure. Lots of room for polishing. As a one-shot it supports the DM with pre-gens with motivations to help drive action beyond the main plot. I can handle something that needs more polishing; The Best doesn’t necessarily mean Perfect. This is a great first effort.

This is $6 at DriveThru. The preview is 21 pages! You get to see several of the complete rooms, in their two to three page layout glory.

EDIT: I review above is the one I originally wrote. Ray had asked for feedback so I sent him the review and, between writing it Saturday and publishing it Wednesday, he released a second edition. It helps mitigate the gaps around the drinking buddy knowing the house, clarifies the solar system toy, and, notably, messed around with the layout of each room to try and get it to two facing pages OR move the reference material to end to get the core room on to the two facing pages. Now, if everyone else in the world listened to me this much then my entitlement issues would be resolved, although in the wrong manner.


Categories: Tabletop Gaming Blogs

Vulnerabilities in financial mobile apps put consumers and businesses at risk

Malwarebytes - Wed, 05/08/2019 - 16:30

Security hubris. It’s the phrase we use to refer to our feeling of confidence grounded on assumptions we all have (but may not be aware of or care to admit) about cybersecurity—and, at times, privacy.

It rears its ugly head when (1) we share the common notion that programmers know how to code securely; (2) we cherry-pick perceived-as-easier security and privacy practices over difficult and cumbersome ones, thinking that will be enough to keep our data secure; and (3) we find ourselves signing up to services owned by big-named institutions, believing that—given their strong branding, influence, and seemingly infinite resources—they are securing the privacy of their users’ data by default.

Point three, in particular, applies to how we perceive official mobile apps of financial institutions: We believe they are inherently secure. In a study called “In Plain Sight: The Vulnerability Epidemic in Financial Mobile Apps” [PDF], application security company Arxan Technologies looked to see if this perception is founded. Alas, what they found proved that it is not.

Understanding mobile app vulnerabilities

The overall lack of security in financial mobile apps stems from poor or weak app developing practices. According to the study, Arxan found 11 types of vulnerabilities because of this. They are:

  • Lack of binary protections. Binary protection is the same as binary hardening or application hardening. It’s the process of making a finished app difficult to tamper with or reverse engineer. Source code obfuscation is a way to harden an app’s security, for example. Unfortunately, the study found that all the financial institution apps they tested had no application security, making it easy for threat actors to decompile the app, find its weaknesses, and create an attack.
  • Insecure data storage. Financial mobile apps aren’t particularly good at storing users’ data. They usually store sensitive data in the mobile device’s local or external storage, outside of the sandbox environment, allowing other users to access and exploit it.
  • Unintended data leakage. The majority of financial apps share services with other apps on the mobile device, therefore leaving user data accessible to other apps on the device.
  • Client-side injection. This high-risk vulnerability, when exploited, allows malicious code to execute on the mobile device via the app itself. This could also allow threat actors to access various functions of the mobile device, adjust trust settings for apps, or, if the owner has put a sandbox in place for added protection, break out of it.
  • Weak encryption. An overwhelming number of financial institutions are either using the MD5 encryption algorithm or have implemented a strong cipher incorrectly. This allows for the easy decryption of sensitive data, which threat actors can steal or manipulate.
  • Implicit trust of all certificates. Financial apps do not implement checks when presented with web certificates. This makes the app susceptible to man-in-the-middle (MiTM) attacks, especially when fake certificates are involved. Attackers can intercept an exchange between the app and the financial institution, for example, by changing the bank account number from the original owner’s to the criminal’s in the middle of a money transfer transaction without anyone noticing.
  • Execution of activities using root. A considerable number of the mobile apps tested could conduct tasks on devices with elevated privileges. Much like an admin to a computer, who has free rein over what he can perform on the machine, criminals are also given similar privileges for the app if compromised. Elevated privileges can grant anyone access to normally-restricted data and the ability to manipulate settings, which are otherwise restricted to normal users.
  • World readable/writable files and directories. A fractional number of financial apps allowed for the reading and writing of their files, even when stored in a private data directory. Not only would this cause a level of data leakage, but compromised apps could allow criminals to manipulate said files to change the way the app behaves.
  • Private key exposure. Some apps have hard-coded API keys and private certificates either in their code or in one or more of their component files. Since these can be retrieved easily due to the app’s lack of binary protection, attackers could steal and use them to crack encrypted sessions and sensitive data, such as login credentials.
  • Exposure of database parameters and SQL queries. As financial apps show readable code when decompiled, attackers with a trained eye could readily know important code bits like sensitive database parameters, SQL queries, and configurations. This allows the attacker to perform SQL injection and database manipulation.
  • Insecure random number generator. Apps use a random number generation system for encryption or as part of their function. The better the system, the higher its unpredictability, the stronger the encryption. Most financial apps, however, reply on sub-par generators that makes guessing an easy challenge for attackers.
Small organizations are big on security

When it comes to creating secure financial mobile apps, medium- to large-sized companies could learn a thing or two from smaller organizations. According to the report, “Surprisingly, the smaller companies had the most secure development hygiene, while the larger companies produced the most vulnerable apps.”

Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes and principal contributor to our Mobile Menace Monday series, felt positive about this finding. “I love that smaller companies that care about their customers did better,” Collier said. “I checked my own credit union’s app, and they seem to be up-to-snuff with most of the things in the report.”

There’s room for improvement

In a recent report from Forbes, researchers found that 25 percent of all malware are targeting financial institutions. Other attacks related to financial services, such as fraud, are also on the uptick.

Given this trend, financial institutions must not only act to protect themselves from direct attacks, but also investigate how they develop the products they offer to clients. Whether apps are made in-house or via third-party, leaving security out of software development and letting programmers continue to write insecure code will cause more harm than good in the end.

Developers do care about security, and vulnerable software is the bane of every business organization. So why not make this an opportunity to innovate and adapt new practices based on the current threat landscape? After all, there’s always room for improvement.

The post Vulnerabilities in financial mobile apps put consumers and businesses at risk appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Citrus Twist Tote Tutorial

Moogly - Wed, 05/08/2019 - 15:09

The Citrus Twist Tote Tutorial demonstrates some of my favorite tote bag techniques, as well as this gorgeous stitch pattern – in right and left-handed video tutorials! Disclaimer: This post includes affiliate links; materials provided by Red Heart and Clover. Essential Baby Sweater Tutorial: How to Crochet the Citrus Twist Tote – Right Handed How [...]

The post Citrus Twist Tote Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

The top six takeaways for user privacy

Malwarebytes - Wed, 05/08/2019 - 15:00

Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending US data protection laws, and one hypothetical startup’s efforts to just make sense of it all.

We published six high-level takeaways from that series, focusing on what companies can and should do for data privacy compliance in the US and around the world.

Today, we bring the focus back to users. Amidst never-ending data breaches and constantly-surprising company fiascos, here are six takeaways for anyone in the US who cares about protecting their online privacy, whether in a court of law or in a web browser.

1. You are not alone

From January 14 through February 15, 2019, Malwarebytes surveyed nearly 4,000 individuals across 66 countries, asking them about their approaches to online privacy and cybersecurity. Do they care about online privacy? Do they do anything to protect their information online? Where do they admittedly fail?

The results were clear: Almost everyone, no matter their age or postal code, cares about online privacy.

A full 96 percent of respondents said they care about protecting their personal information, while 97 percent said they take steps in protecting their online data. Those steps include refraining from posting any sensitive personal data online, using cybersecurity software on their machines, running software updates regularly, and verifying the security of websites before making any purchases.

2. In the US, you have few legal options to assert your data privacy rights in court

Historically, the United States has approached data privacy legislation on a case-by-base basis, writing and passing laws that protect specific types of data collected by industry-specific companies.

There’s a law that protects health care data handled by health care providers (HIPPA). There’s a law protecting children’s data that applies to companies that knowingly market their products toward children (COPPA). There’s a law for video rental history, another for credit information, and another for banks, insurance companies, and certain financial institutions that collect personal information.

However, the sheer volume of these sector-specific data privacy laws never coalesces into comprehensive, legal data protection for Americans. Instead, the laws interlink to form more of a net—holes included.

As we wrote before:

“If a company gives intimate menstrual tracking info to Facebook? Tough luck. If a flashlight app gathers users’ phone contacts? Too bad. If a vast network of online advertising companies and data brokers build a corporate surveillance regime that profiles, monitors, and follows users across websites, devices, and apps, delivering ads that never disappear? Welcome to the real world.”

When a certain type of data isn’t regulated by a certain law, consumers are left with little legal recourse, said Lee Tien, senior staff attorney for Electronic Frontier Foundation.

“In general, unless there is specific, sectoral legislation, you don’t have much of a right to do anything with respect to [data privacy],” Tien said.


There is one caveat though…

3. Companies cannot legally lie about how they handle your data

In the US, companies are bound by laws that prohibit “unlawful, unfair, or fraudulent” business practices, along with “unfair, deceptive, untrue, or misleading” advertising. Those laws also cover data protection practices.

So, if a company says it will not sell your data, but it does, that company has broken the law, and it can be hit with a lawsuit. This same principle applies when a German automaker lies to the public about its “clean diesel” engines, or when the world’s largest social media company allegedly violates a privacy decree it made many years prior.

While these types of lawsuits can be filed by individuals, their success is limited. If, say, an individual wants to sue a company because of a data breach, that individual must first show that they personally suffered harm. Because of the myriad variables involved in any data breach—the actual criminals who stole the data, the direct relation from a data breach to potential economic injury—such harm is exceedingly difficult to prove.

In 2017, an Uber driver failed to meet just this requirement when he sued the company for a data breach that affected up to 50,000 drivers.

The judge at his hearing told him:

“It’s not there. It’s just not what you think it is…It really isn’t enough to allege a case.”

Fortunately, there is yet another caveat. State Attorneys General, county District Attorneys, and city attorneys can sue a company for its deceitful business practices without having to show personal harm. 

Those lawsuits have worked.

4. Take data privacy into your own hands with online tech tools

Filing a successful lawsuit—or waiting around for a government attorney to file one for you—is not the only way to protect your online privacy. Today, there are multiple online privacy tools that protect users from invasive online tracking, helping to put a wall between users and persistent online ads.

Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse, said that users can protect their online activity by using a number of both privacy-focused web browsers and tracker-blocking browser extensions. Though Privacy Rights Clearinghouse does not endorse any products, Stephens mentioned the web browsers Brave and Firefox Focus—which both automatically block online tracking—and the browser extension Disconnect, which the New York Times chose as its favored anti-tracking tool.  

5. Beware of “data leakage”

Stephens had more advice for users that want to protect their online information: Do not trust any app to leave your private data alone.

“We have this naïve conception that the information we’re giving an app, that what we’re doing with that app, is staying with that app,” Stephen said. “That’s really not true in most situations.”

Stephens pointed to several examples of mobile apps that have, for no discernible reason, vacuumed up user data, like the flashlight app that collected mobile contacts. To avoid this problem, Stephens suggested users navigate the Internet on their mobile devices with a privacy-focused browser and not through any company-developed app.

“Quite frankly,” Stephens said, “I would not trust any app to not leak my data.”

6. You might gain more legal data protections in the next two years

Data privacy is, finally, a hot topic for US Congress members.

Last year, after the Guardian revealed how a political consultancy harvested the Facebook profiles of millions of unwitting users in a covert operation to sway the 2016 US presidential election, Congress responded. They called in Facebook CEO Mark Zuckerberg to testify. They peppered him with questions. They told him to his face that they would regulate his lurching social media behemoth.

Since then, they’ve held pursuit.

They invited Google, Alphabet, Twitter, and Facebook executives to explain what their companies were doing to curb Russian disinformation campaigns, and they balked at Google’s self-branded “error” in failing to disclose the microphones installed in its Nest home security products.

This new Congressional temperament has resulted in multiple legislative efforts to protect Americans’ data. Four US Senators and one digital rights nonprofit have all proposed individual federal bills that would regulate how companies collect, store, share, or sell user data. Even the private search engine DuckDuckGo threw its idea into the ring early this month.

Though the bills lack a clear frontrunner, data privacy itself could remain an important topic in the 2020 presidential election. Three Democratic candidates—Senators Amy Klobuchar of Minnesota, Cory Booker of New Jersey, and Michael Bennet of Colorado—have authored or co-sponsored data privacy legislation in the past year.

The post The top six takeaways for user privacy appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Hookin On Hump Day #190: A Yarny Link Party!

Moogly - Wed, 05/08/2019 - 01:00

The weather might be changing but one thing that stays steady is the stream of amazing crochet and knitting created by talented bloggers and designers! Check out all these fabulous designs and projects – all FREE this round! – and then add your own to the HOHD link party on Moogly and Petals to Picots! [...]

The post Hookin On Hump Day #190: A Yarny Link Party! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Delta's D&D Hotspot: Tomb of Ra-Hotep

Zenopus Archives - Tue, 05/07/2019 - 19:21
The map of The Tomb of Ra-Hotep. Source: Paul's Gameblog
Delta has a report on running the Tomb of Ra-Hotep, the OD&D dungeon by Alan Lucien that inspired Gygax's Tomb of Horrors (and Necropolis, it seems). It was included as an extra in the reprint of the original tournament version of Tomb of Horrors, which was itself an extra with the Special Edition of last year's Art & Arcana.

HelgaCon: Tomb of Ra-HotepContinuing the Helgacon wrap-up this year. For the first time I also ran: The Lost Tomb of Ra-Hotep Originally written by Mr. Alan Luc...

See also: 
Mystical Trash Heap: Art & Arcana First Impressions

Paul's Gameblog: Credit Where Credit's Due

Locations for the Tomb of Horrors on the Great Kingdom Map 
Categories: Tabletop Gaming Blogs

5150: All Bugs Titles 50% off!

Two Hour Wargames - Tue, 05/07/2019 - 17:46

5150: Bugs - HALF OFF!?

Order any 5150: Bugs title at half the normal price before time runs out! Fight the Bugs! Time is short! 
Now's the time to get started or complete your Bugs collection.5150:Bugs!
Categories: Tabletop Gaming Blogs

What to do when you discover a data breach?

Malwarebytes - Tue, 05/07/2019 - 15:00

Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well.

“What could be wrong? Why would they page me in the middle of the night?”

More asleep than awake, you stumble down the stairs and call the number on the screen, which you already recognize as the one in use by the chief of the night shift. When you ask why you were called, he tells you it’s because you are part of the data breach incident response team.

Couldn’t it wait until morning?

The chief doesn’t know, that’s above his pay grade. You are the one who gets to decide whether it’s urgent enough to wake up the entire response team, so you’d better hurry over there.

On scene, one of the IT staff shows you two files on a server that shouldn’t be there. They are called sql.zip and mimikatz. The hairs on the back of your neck stand up in reflex. Without further investigation, you have to assume that a database was zipped and transferred to an unauthorized machine and that someone got their hands on some passwords, or at least tried to retrieve them.

Your company has been breached.

You’ve been breached: now what?

The first point of attention is to figure out which type of information was stolen. So, you try to open the zip in an attempt to get a better idea about the content. Alas, the file is password protected, so you give up none the wiser.

The next item on your to-do list is to find out how the threat actors got in and how to keep them out. Since that is not your field of expertise, you ping the next person on your list.

You decide that it is of no use to assemble the rest of the team until you know more. Even though you have customers in every imaginable time zone, the rest of the research will have to wait until you can get ahold of the firm you contracted for forensic investigations.

While waiting for the night to pass, you prepare a press statement and, together with the system administrator, you prepare a preliminary report for the proper law enforcement authorities.

Be prepared

Data breaches do happen, as has been demonstrated over and over. We wish we could give you a fool-proof method to prevent them, but since such a thing doesn’t exist, the next best steps to take are:

  • To limit the possibilities of breaches happening again
  • To protect any sensitive data that could be stolen
  • To limit the usefulness of the stored data for a thief (e.g. by encrypting the data)
  • To be prepared for another eventual data breach

Our main character was fairly prepared, better than most organizations are in reality, I’m afraid. Having a detailed response plan enables security teams to reduce stress and makes sure that they don’t skip any steps. Without a script to follow, important steps could be forgotten or urgent tasks could be delayed while less compelling work is completed.

The steps outlined in our story are not necessarily right for every use case or organization, but they demonstrate that it helps if everyone knows who to contact, how to get in touch, and how to proceed in the face of an obstacle. A big part of setting up such a plan is to make sure that you follow obligations dictated by law and customer agreements.

Dealing with data breaches

How an organization manages a data breach is of the utmost importance. Going about it in the wrong way can break a company, while being open, transparent, and honest about it with the public can ultimately even improve customer trust.

It is imperative to figure out how the breach happened—not only to prevent it from happening again, but also to inform the public. Not knowing what happened means that it can happen again at any given time, since you will not have discovered which precautions were rendered useless, and which actually stopped the attack from doing further damage.


Our main character did some preliminary investigation but ultimately had to give up and wait for other professionals. It is advisable to hire an outside consultancy to help you with investigations if your internal team does not have the skills. They offer a professional viewpoint that is not too close to the target.

Inside eyes are sometimes troubled by near-vision or may be reluctant to point out the true cause. Hiring an outside consultancy also improves the public’s view of your organization, as they see you have gone through the trouble and cost of trying to keep their data safe.

Informing the public

Before you inform the public, it makes sense to get the full picture about what, exactly, was stolen. You don’t want to cause a panic over a couple emails discussing Friday night plans.

But don’t wait too long, or that could backfire. Sometimes it’s better to give out a quick statement and let the public know that you are investigating the matter further. If they somehow find out before you have issued a statement, that will make your organization look like it has something to hide.

What customers want to know:

  • Which data were stolen? And was I affected?
  • Can the stolen data easy lead back to a person? Is it personal information?
  • What do I need to do if I was affected? Is it a matter of simply changing a password or do I need to worry about identity theft?

What the press wants to know:

The press will have some extra questions, which usually boil down to:

  • How did it happen?
  • What are you going to do to prevent it from happening again?

Be open about all of the above, unless you haven’t been able to close the hole in your defenses. It may help other organizations and it will highlight your transparency. It might also help law enforcement with their investigation. Even when the damage is already done, you will still want the threat actors to be brought to justice, if possible.

General advice on data breaches

Of course, we hope you’ll never need these tips but many have wished they would have thought of them beforehand:

  • Be prepared. Make sure everyone knows who to inform and those involved know how to act. An emergency plan will never be a perfect fit, but it should at least outline the order and importance of actions.
  • Don’t run the risk of legal implications to add to your burden. Know what your obligations are and fulfill them.
  • Be open and transparent about what happened and what was stolen.
  • Hire outside specialists to assist in your investigations.
  • Learn from the incident to prevent a retake.

Stay safe, everyone!

The post What to do when you discover a data breach? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

My Two Most Controversial Posts Prompt a Trip Into the Comment Section

DM David - Tue, 05/07/2019 - 11:53

The last two months included the two most discussed posts in the 7-year history of DM David, which calls for another trip into the comment section.

In Should a Dungeon Master Invite Players to Help Create the D&D World Beyond Their Characters? I considered the pros and cons of asking players to share a role that usually falls to the dungeon master.

Ilbranteloth suggested turning potentially dead characters into an invitation to let players imagine a different twist. “On potentially deadly hits against the PCs, they decide if they are killed, or something more dramatic (and often worse) happens.” Perhaps the character loses a leg and a bit of speed. Or perhaps the player trades death for some dramatic complication. Players focused on story understand that character arcs benefit from setbacks and might be eager to revive a dead character in exchange for a complication that makes a richer story.

After I created a Dungeons & Dragons Summoning Spell Reference, Teos “alphasream” Abadia shared some concerns raised by summoning.

I’m not generally a fan of the summoning spells. They can be too strong (they can be like a fireball of damage every round, round after round, for the casting of one spell), they tie up the terrain impeding movement (especially by locking down melee fighters, preventing a dynamic combat), and they make combat a slog (in almost any combat, the monsters lack the damage to kill more than a couple of the summoned monsters).

That last bit is what kills it for me. At the meta level, the monsters should ignore the summoned creatures, because killing them is basically impossible unless they’re a horde of low CR creatures and the monsters have area attacks. So, the easy move is to target the summoner and break their concentration, but that takes away from what the player who did the summoning wants. I haven’t found a happy medium.

Summoning spells typically offer a choice between lots of weaker monsters and fewer, stronger monsters. When the designers set choices that made summoning crowds far more efficient, they made the spells more likely to turn fights into slogs.

When I play foes with an 8 or higher intelligence who see ongoing spell effects, I start making spellcasters preferred targets. After all, characters with an 8 Intelligence practice even more savvy tactics. When players think their DM unreasonably targets them with attacks, players can get salty, but when concentrating spellcasters become targets, their players know it’s coming.

Two readers added to The True Story of the Cthulhu and Elric Sections Removed from Deities & Demigods.

Alphastream wrote, “Some readers may not appreciate how, back then, books hung around for a long time. We had decades with the same books on the shelves. Not as old stock in a corner, but as an active part of what gamers would buy and use. As an example, check out this Shannon Appelcline article where he shares White Wolf Magazine’s list of top-selling RPGs for 1992. At number 9 is the 1981 Fiend Folio!

Books like Deities & Demigods were a presence for decades, which helped keep this bit of controversy prominent across many years.

The long sales life of books from this era also led to a 2nd edition that remained broadly compatible with AD&D. The designers wanted to make big improvements, but TSR management wanted books like that old Fiend Folio to continue generating sales.

Zenopus Archives wrote, “There’s a whole earlier chapter to this story. The Mythos write-up in Deities & Demigods is derivative of the original write-up ‘The Lovecraftian Mythos in Dungeons & Dragons’ by J. Eric Holmes and Rob Kuntz that was published in Dragon magazine 12 in 1978. The bulk of this article was written by Holmes, and the Deities & Demigods write-up has the same entries, except for one. To me, Deities & Demigods clearly used the original article as a starting point. Read more at Dr. Holmes and the Cthulhu Mythos.

In Bring the Thrill of Finding Treasure Back to the Adventurers League, I wrote about how D&D traditionally motivates both characters and players to seek gold. This tempts players to take the risks that help make D&D fun.

Eric Bohm wrote, “Taking the treasure out of the game seriously undermines an important component of the D&D formula. The heroic component remains mostly intact. If your character is motivated to help people for the sake of helping them, with only an abstract unquantifiable reward, everything works. Other kinds of characters are less well supported, while truly mercenary character concepts become basically unplayable.

What about the lovable scamp who is in it for the gold? Or the many redemptive arcs of those get roped in for the base rewards and are swept up in higher motivations? How can a malefactor tempt a hero away from the path of virtue?

The only character who grabbed any money from the hoard in Waterdeep: Dragon Heist when I ran it was an NPC. The players weren’t tempted; therefore they did not feel like it was worth roleplaying their characters being at all tempted. It just wasn’t interesting for them to play into it. Let me state that again. Players with characters standing in a vault full of gold felt that it was pointless for them to even pick up a single bag of gold. Where is the fun in that?

Obviously, players can still create characters motivated by greed, but without the incentive of gold, taking risks for treasure seems like a sucker’s bet.

At the start of season 8, I wondered with James Introcaso why the Adventurers League would introduce rules that blocked characters from keeping gold in the season that featured Waterdeep: Dragon Heist. The adventure hooks characters with a chance to win a fortune in gold. James speculated that perhaps the potential windfall triggered the need for the rules change.

In How Years of Trying to Fix Obnoxious People Shrank D&D’s Appeal, I talked about how relying on a DM’s judgement rather than on extensive rules may have helped fifth edition’s popularity.

Alphastream agreed but saw areas where fourth edition succeeded in making D&D easier to run. For instance, fourth edition’s in-store play program D&D Encounters drew tons of players. “DMs loved being able to run an hour of play with 1-2 pages of very simple (and yet engaging) adventure text. Spells turned into far simpler powers meant DMs could jump in with less experience. True story: Despite playing and DMing D&D for 17 years, when 3E came out, I waited 9 months before DMing my first organized play game because I felt I didn’t know 3E spells well enough to run a game. We’ve taken a step backwards here, in that many DMs again feel they can’t DM (especially at high levels) because of the complexity of spells.

So, I think there is a balance to be struck between these design goals of keeping the game engaging and keeping it easy to learn and simple.

I would also say that while 3E really built up the game and added a lot, 4E in many ways was working to fix problems—the length of an adventuring day, the need for someone to ‘have’ to play the cleric, how many magic items a character had, and even how much experience a DM needed to feel confident. It really took the laundry list of issues, including ‘bad DMs’ and tried to fix them. The legacy of those fixes is excellent. We can see many of those improvements carried on into 5E.

In How D&D Shed the Troubling Implications of Half -Orcs, I wrote about how D&D struggled to erase the implication that half orcs came from rape. The entry became this blog’s most read and discussed post until another post topped it.

Wil cifer argued that the original implications of half orcs fit history. “Rape was a commonplace occurrence during war in medieval times. Why would a barbaric race even in a fantasy setting be kinder and gentler? Rewriting the tone of a historical time the game is based on is stupid.

But D&D is a game that gleefully tosses aside historical accuracy and realism in favor of fun. The game features magic and dragons. To unravel any D&D world, just pull any of countless threads and check it for historical accuracy or check how it stands in the face of magic.

Other readers argued that making half orcs the product of sexual violence turns orcs into stronger villains. Andrew wrote, “I have been playing D&D since 1981, and I have no problem with half-orcs being the result of an orc raping a human female. Orcs are monsters, created by an evil deity, Gruumsh. Taking the monster out of the monster has very little appeal to me. Can and should there be points of moral ambiguity in a D&D game? Without doubt. There should be. But monsters do monstrous things, including rape.

To players like Andrew, crushing evil and righting wrongs feels more satisfying when the campaign shows evil and the suffering it creates. Purely evil creatures make uncomplicated foes that justify killing.

David Streever wrote, “D&D is a fantasy game that is sold to everyone from small children to adults; you can feature as much rape as you like in your version, but I’m glad it’s not in the core books, and I’ll stay away from your table.

In your D&D game, if all the players welcome a darker tone, you can explore any origin you like for half orcs. But for a broader audience, the game benefits when it avoids saddling every half orc with a vile background.

In response to Running Group Roleplaying Scenes—How Permission From an RPG Legend Made Me Stop Talking to Myself, simontnm gave a suggestion. “If I have multiple NPCs talking I tend to use minis, and put my finger on the mini of the NPC actually talking.

“‘Don’t have NPCs talk to each other’ is good advice, but it’s occasionally necessary to deliver an NPC to NPC one liner. Keep it short and sweet.

The History of Traps In Dungeons & Dragons prompted Ty to point out the difference between good, real traps and quality traps in D&D. “From a game play standpoint, traps are just a terrible idea all around. Conceptually, in order for a trap to be a ‘good’ trap, it needs to be massively unfair. It needs to kill outright or seriously maim. One minute you’re alive, and then boom, you’re dead. No saving throws, no noticing something off at the last minute, no jumping out of the way.

Ken W replied, “You need to take the edge off your realism. A trap shouldn’t be ‘instantly lethal’ in game terms any more than a strike with a sword or great axe. In real terms, if you get hit by a swinging claymore, you are likely suffering a severe wound. But the abstraction of D&D combat and hit points means that each hit represents a depletion of stamina, not a mortal wound. Only when you reach 0 hit points does it really represent that fountaining arterial spray we would otherwise expect.

Traps operate in the same space as combat weapons in this regard. The only difference between a trap and an enemy combatant that gets a turn while the PC is surprised is…well—nothing. Except the trap essentially ‘dies’ after its turn is over.”

Good traps in the real world make lousy traps in D&D. The best traps in D&D are in places where everyone expects a trap or that show obvious signs of their presence.

Alphastream wrote, “A trap can be a lot of fun when found, if it requires engagement to disarm. As a DM or author, I try to think through the point of the trap—not just for whatever creatures put it there—but for the game experience. The trap can be hard to find and that’s fun, or it can be easy to find and be fun as well. Think of ‘only the penitent man shall pass’ in Indiana Jones and the Last Crusade. That’s fun because you know it is there and need to figure out a way past it. Similarly, traps can be found and that can be the beginning of the engagement.

Beoric wrote, “Perfectly good traps can be suspected because the nature of the trap is not entirely concealable. Raiders of the Lost Ark-style traps can be suspected because the tiles on the floor have no grout because they are pressure plates, or there are holes in the wall from which darts shoot.

The trap may also be old, and detectable by signs of wear, like a layer of powdered stone on the floor or vertical gouges on the wall for a falling block trap, or soot on the walls or floor with a fire trap, or spent missiles on the floor with a dart or arrow trap.

Also consider that some traps can be very well concealed if they are not being looked for, but still be detectable if actively searched for. A standard old-school pit trap was pretty much undetectable visually and could only be detected by tapping it.

None of those are actually bad traps. They just have limitations because of their nature.

There is a great discussion of this at the Hack and Slash Trick and Trap Index.”

Alphastream expanded on how traps worked in play across editions.

In fifth edition, it’s still not entirely clear nor standard whether Investigation or Perception is most commonly used for finding a trap. I have my thoughts, which I think are right, but I see it run many different ways. In general, I think that if a trap is one that could be seen with the naked eye, then Perception would work. For example, a pressure plate that has slightly discolored stone, or which is slightly sunken. Otherwise, and in my game this is most of the time, the trap is not obvious and needs Investigation to be found. A well-crafted pressure plate is like any other stone. The only way to find it is to tap at it or otherwise determine what it is, which uses Investigation.

Fourth edition’s concept of ‘trap as monster’ failed due to the underlying math, which assumed a check per round and 4 checks to disable the trap, which was supposed to equate how monsters were envisioned as taking 4 rounds to defeat. The problem is that this cold math doesn’t understand how that 4 round concept wasn’t very accurate—players focused fire on important targets and might take them down in 1 round, while ignoring others.

Players tended to focus fire on traps and break them more quickly than a rogue could disable them. Or players ignored traps in favor of the monsters, and then stepped around the traps.

I like to think 4E’s trap concept is still really cool, but it takes clever authoring to communicate to the players how to engage with it. It is awesome if the cleric immediately realizes that this trap is empowered by a rival deity and they can shut it down and greatly help the party by doing so. That feels really heroic. It’s awesome if the rogue can tell the party that interacting with the trap for two rounds will move the rays of lightning to the area where the enemy archers are standing. These are great cinematic concepts if you set them up right.

I tried my own hand at it with Dungeon of Doom. Nate and I designed a large variety of 5E traps in that adventure, and they provide a diversity of experiences. (You can get the adventure free and also see people play through them, all at https://dwarvenforge.com/descent/.) Thank you for putting up with the shameless plug, but it’s hopefully useful for people given this article.

For Ability Checks—From the Worst Mechanic in Role-Playing Game History to a Foundation Of D&D, Daniel Boggs contributed fascinating D&D history that I didn’t know.

It is a quirky history, given that a primary reason ability scores were created in the first place was as a means to make ability checks—to put it in contemporary parlance. The D&D ability scores and saving throws arise as a distillation of the concept of personality traits and character skills created by Dave Arneson for Blackmoor. In pre-D&D Blackmoor, players would roll against a trait, Strength for example, or Looks, or Throwing, to see if they were successful at the attempt. When D&D came along, Arneson & co. continued to use ability checks in their games. You can see an example of a Dexterity check in Arneson’s First Fantasy Campaign (1977) where a character must save versus Dexterity to remove their armor in time to avoid drowning in Blackmoor Bay. And of course ability checks are also very prominent in Arneson and Richard Sniders’ Adventures in Fantasy game (1978). In writing D&D, Gary Gygax failed to mention this purpose of the ability scores as he apparently preferred to create an arbitrary percent chance and have the players roll percentiles instead. So, you did have some early players who figured it out on their own or who learned it in some way from Arneson, most D&D players didn’t grok the intention behind the scores and thus you got that rather odd system proposed by Ives in Dragon #1. You can see some original Blackmoor characters here.

My post 6 Popular Things in D&D That I Fail to Appreciate sparked such a furor that I posted a follow up. Many commenters took the challenge of changing my mind.

I’ve already recanted my dislike for game worlds that unnecessarily make adventuring a common profession.

Alphastream argues that monsters that bounce from table to table at multi-table events can work, but he sees room for innovation. “I’ve written these, though they aren’t my favorite device for the reasons you mentioned. I think they work best when they are in small pods. The blue dragon in Confrontation at Candlekeep works well because it makes sense (you have 4-6 towers and parties at each tower, the dragon flying in between), it is announced dramatically (so everyone gets the concept from the start), it is central to the action (no one is forgetting about the dragon), and it lets players interact with it once it leaves their table (they can jump on it or fire at it, at the risk of failing at their table). With the second Open I tried to create a different experience, one that still made sense and which provided a combination of combat, skill, and risk-reward. I would tweak it further if given the chance. All of that is to say that I think these can be done well. I think DM David is exactly the kind of person who could come up with a cool version and submit it to an Epic author.

I’ve grown to accept that adventures with carnival games work well as an introduction to the game. Alphastream touts another benefit. “I think carnival games can offer a lot of activity in a short time and offer something to every player. Very few things can do that.”

As for the way that using miniatures for the wrong monster sometimes confuses me, Creeper Jr wrote, “I don’t need minis to match exactly, but I find it incredibly helpful if there is some sort of rhyme and reason to it. My portable mini kit includes: 4 goblins, 4 guards, 4 archers, 2 mages, 2 knights/fighters, 2 rogues, 2 large green slaad, 2 giant spiders. Each mini has a color-coded base accent. This doesn’t take up too much room, is relatively cheap to put together, and allows us to quickly identify enemies with sort-of-thematic minis.

Alphastream supports budding mini collectors eager to put minis on the table. “Sometimes a DM wants to buy a box of minis or two and try to use that purchase for their efforts. I get that. I still think it beats Starburst, but maybe that’s because I don’t super love Starburst. If the monsters are Belgian truffles, or Ferrero Rocher, sign me up! Here again, we can imagine we are witnessing the beautiful creation of a nascent miniature collector. They will go from this table to assemble an army of awesome minis on a bed of Dwarven Forge. It’s like seeing the future unfold before us!

Josh rose to defend the dragon-slayer pose on page 7 of the second-edition Player’s Handbook. “I’m one of the ones who love the picture. The adventurers seem like real people, each different and interesting in his own way. The mage isn’t old. Nobody’s half dressed. The dragon’s of a size that would pose a threat to normal people and level 1’s. It’s a good level 1 accomplishment. And as for the pose, I assume there are a lot of unlisted utility spells, including one that takes the image in a caster’s mind and transfers it to paper. It’s a level 2 spell. Colored prints are level 4.

Commenters replying to How Well Do You Understand Invisibility in Dungeons & Dragons? considered a couple of odd corners of the rules for invisibility.

Dave Barton summarized one aspect. “In essence, two foes who can’t see each other have an equal chance of hitting as if they could see each other. Think about that for a minute.

This rule especially defies common sense because it grants ranged attackers just as good a chance of hitting when they can’t see their target. Sometimes D&D trades plausibility for simplicity.

Aside from the ability to hide anywhere, invisible creatures don’t get advantage to hide or any other increase to their chance of success.

Pewels asks “How would you handle light sources on a PC going invisible?

Saphhire Crook answered, “The issue of invisible light sources crosses into that dangerous territory of ‘invisible eyeballs’, which is where invisible people cannot see because their eyes cannot receive light since it passes through them.

In 3.5, light sources continue to exist, but their origin becomes invisible, implying that the target simply reflects no visible light (or all light hitting or reflecting off them is magically duplicated and filtered).”

Every so often, someone leaves a comment that delights me. My post on Dave Hargrave, Once subversive, the Arduin Grimoire’s influence reaches today’s games, inspired such a comment from Old School, New.

As a former associate of Hargrave, I’ve been around awhile and have seen innumerable articles written on the worlds of Arduin and its foothills. Many are bad, many are way too ‘fannish,’ and a lot of them are simply misinformed and/or myopically aligned with other gaming systems, to the point of zero objectivity.

This article, however, rates as the finest piece on the subject of Arduin/DH, ever. Nothing else comes close. Incredibly well written, fair, meticulous, and factual.

And you actually dug-up a pic from Different Worlds. Haha! Among other things.

Yes, Arduin wasn’t perfect. Not hardly. But it was grand, visionary, insane, stupid, ham-handed, and utterly magnificent. Kinda like its creator, right?

Anyway, massive cheers for a spectacular blog entry. I should think it’s the all-time definitive description of Arduin and its master—warts and all.

Seriously, Mr. Hartlage, you’ve created something beautiful here.

Thanks! I feed proud to garner such kind words.

Categories: Tabletop Gaming Blogs

There’s one in every crowd

Yarn Harlot - Tue, 05/07/2019 - 00:49

This year’s winter was long. Long and cold and snowy, and spring feels like it hasn’t bothered to arrive. Sure, the flowers are starting to bloom, there’s crocus up in my garden (though it’s snowed on the poor little things a few times) and my neighbours have scilla and in a few glorious and sheltered spots there is evan a daffodil or two, but they are blooming in chilly temperatures and grey weather, barely above freezing. Spring isn’t a warm and lovely thing this year, at least not yet. (I hear from Torontonians that the weather changed the minute I left. That feels a bit personal.)

As I was waiting for the bus last week, freezing my arse off because I’d done that spring thing where you put on a spring jacket because you can’t stand to wear a winter coat for one more day even though it’s only three degrees out… I snapped. It suddenly seemed to me that if it was still going to be cold and maybe snowing and definitely not spring or warm, that we (Joe and I, he was the willing victim of this last plan) should give up and dive in. If it is going to be winter still, then dammit, winter it shall be, so we got on a plane and headed to Banff.

It is definitely still winter here – complete with a snowstorm and perfect skiing conditions and Joe and I are working in the evenings and early mornings, but spending our days on the slopes, and maybe when we get back home, it will be *(%$^&&ing spring, but that’s not what I came to tell you. I thought you’d care more about the knitting I packed, so here’s a quick tour. I brought four (4) projects for a six (6) day trip. (Two of them are travel days though, so you know. Reasonable.)

  1. My May socks. They’re Saxe Point, knit in French River from Gauge Dye Works – the yarn’s dyed just for the pattern. I knit the first one on the way here, casting off as we left the house, and grafting the toe shut as we sat down to dinner here in Banff. I’ll knit the other on the way home, I think. (I documented that knitter trip on Instagram, if anybody wants to see the blow by blow.) We leave in the morning, and I’ll cast on then and see if I can repeat the trick.

2. We’re taking the bus to the hill everyday, and I needed some plain knitting for kicking around the ski hill, so here’s another one: Just a plain vanilla pair of socks the basic pattern I keep in my head, yarn is Gauge DyeWorks again (huh, just realized I grabbed two of those) in Azurite B.

I don’t think I’ll finish these on this trip, they’ll probably kick around my bag for a few more weeks, being the socks I knit when I’ve only got a minute, or it’s dark out.

3. When I was at the Knitter’s Frolic last week, I had the strangest experience. You know, I really like to knit and wear pretty plain clothes. I like classics, my taste runs in the direction of Amish, and I like tame colours like brown so much I need to occasionally check that I’m not dressing like I work for UPS. You could have knocked me over with a feather then, when I was at the Fair at the Feisty Fibres booth, and she had some yarn that she’d worked up in collaboration with The Yarn Therapist.

Neat, right? The self-striping yokes come from The Yarn Therapist, and then Feisty Fibres makes the co-ordinating solids, and voila. They’re a lot like the self-striping sweater yarn from Gauge Dyeworks, except separate, so I really am rocking a theme this week.) I picked up those skeins there, and then was absolutely stunned when someone next to me asked who I was making a sweater for, and I said “Me.” The colours are a bit bright for me (if by “a bit” you understand that that these are a bit bright the way that Pepe Le Pew is a little bit of a poster child for sexual harassment) and I’m not sure I can wear the resulting sweater, but I’m going to try. I really love it. Since the yarn is bold, the pattern is very plain. Knitting Pure and Simple’s Neckdown Cardigan for Women. Nothing to it.

I’m at the bottom of the body, just about to do the ribbing (or maybe garter stitch, I’m a wild animal, it could be anything) and I think I’ll likely finish this sweater pretty fast. It’s all coming together. (It remains to be seen if I can wear something this bright, but it turns out I can knit it, so that’s step one.)

4. This one’s a bit of sad story. I had every intention of knitting Sea Tangles (that’s Habu’s stainless steel/wool thread) but it’s not working out. I still love it, the pattern is great and I’m still going to knit it, but I have to admit (after knitting the whole front and part of the back – knitter optimism is a terrible thing) that I am definitely not knitting the right size, and I need to start over. I brought this one along just to rip it out, but there’s one project on every trip that I never touch, and this one is it. All the attention it has had is this photo, poor thing.

Maybe next week Habu. Maybe next week.

Categories: Knitting Feeds

False Positives

The Rational Man - Mon, 05/06/2019 - 22:47

A consistent criticism I’ve received over the years is that the Red Pill is so negative. Why cant the Manosphere just sweeten up? Its truth is definable and self-evident, but why can’t Rollo adjust the ‘tone’? I’ve lived and written through several waves of newcomers to the ‘sphere and in each generation the same want for a ‘kinder, gentler’ Red Pill is always there. The idea is that if you just changed the delivery of the truth it would somehow make it more palatable to a wider audience.

Who’s It For?

I want reiterate here that it’s never been my goal to write for an audience. Whether it’s writing on this blog, my books or when I’m discussing things on various podcasts my only imperative is to convey the information I think is relevant to the topic of intersexual dynamics. My obligation is to picking apart and considering as close as I can get to an objective truth. And I don’t do this by way of some sense of duty to objectivism – it’s just the way that’s always seemed most efficient to me to come to a usable truth. It’s pragmatism on my part, not dedication.

Yes, I know, true objectivism is impossible for human beings. Yes, I also know that even biases we’re unaware of will subconsciously influence our rationality. Spare me the classicist intellectualism, I’ve been at this long enough to have considered all that. But the fact that objectivism is never perfect doesn’t mean we should strive for our best attempt at it – nor replace it with moralism.

I don’t write for an audience. I write about what I see going on around me and I connect dots. Writers today, of all medias, will tell you to “give your readers what they want” if you want to be successful. Writing about uncomfortable truths that rattle people’s cages is counterintuitive to the write-for-success mindset. If you want to sell books, if you want to monetize blogs, if you want to get more channel subscribers you gotta give the folks what they want, right? That’s how most churches work today; cater the message to the congregation if you want the tithe checks to stay consistent.

And always write to appeal to emotions too. People don’t enjoy thinking, but boy do they ever love feeling something – particularly in an age when female emotiveness is the order of the day.

When I began writing regularly it was in a forum environment. We hashed out many ideas and weren’t afraid to get ugly. It was a necessary part of the process. There was no pretense of appealing to an audience for money, traffic or readership. The sole focus was debating the truth about a dynamic. That debate was always a hot kitchen, but the results were something greater than the process.

As a result my essays carried over a lot of the heat from the SoSuave days kitchen. I wasn’t writing to impress readers or increase traffic to the blog it was just to document and codify the objective truths I came to. There is no monetization and the comment threads have never been moderated (besides spam and trolls). Almost 8 years later my charter is still about the same objective debate.

The drawback to this commitment to objective truth is that it rarely appeals to emotionalism. No, it’s not the ‘tone‘ or the feel of the information being related that’s so off-putting – it’s the information itself, and how it makes one feel, that determines whether it’s perceived as positive or negative.

Feels Before Reals

Most people who are still plugged into the proverbial Matrix are living in a world that prioritizes feels before reals. The purpose of consuming really anything is to judge it by how it makes us feel; and especially so in an era defined by the female experience. Emotion always comes before reason in women’s natural, unlearned, interpretive processes. This is also extended to men who’ve been conditioned to prioritize emotions before reason. And this is exacerbated by their need to be better feelers, better emoters, than those other ‘typical’ guys if they want an emotional woman to ever bear their children at some point.

Anything that prioritizes reason before emotion will always run the risk of being perceived as negative. Even if the sum of the information is positive, the fact that you had to come to the truth by way of reason rather than emotion will make it negative.

If you used your head instead of your heart to figure something out, in Girl-World, at best it’s bad form. At worst, you’re a negative pessimists or a cynic.

Usually those designations are reserved for the men who make a habit of using reason to the exception of emotion to relate an objective truth that’s unflattering to the feminine. Again, it’s the information, not the tone, that’s offensive to the emotions-first prioritization. To the Blue Pill mind, any strong idea that conflicts with this prioritization is an affront to the personal investments they’ve made in ideas that it challenges.

So, understand, I’m not a negative person by nature. I’m an artist. Few people know that my 2nd degree is a BFA. I draw, I paint, I play four instruments, I used to do Shakespearean stage acting – I’ve even done children’s theater.

I fully embrace the emotional as a necessary part of the human experience – Hell, half of Red Pill awareness is acknowledging and confronting emotions. I’m certainly not a cynic or a pessimist. Anyone thinking so usually hasn’t read my work. I’m very much an optimist when it comes to creating a New Hope for men in a Red Pill paradigm. I don’t just stop at clinical realism and leave men hanging. I don’t subscribe to the ennui of the “Black Pill” – I’m certainly not absolutist or a determinist.

However, I also have a commitment and an obligation to objective truth in everything I write. Trust me, there are times I wish I could use my wife and my marriage as a ‘proof of concept’ example of how a Red Pill aware guy can make a relationship work today. But the objective truth would make me look like a charlatan if I tried to convince a man that marriage was at all a good idea in its present state.

That’s tough for me. I have had to hold back from posting pictures of my beautiful wife and daughter to prove something to truly negative naysayers. Ladies, you want me to write something positive about women? I love my wife dearly. She’s been a net benefit to my life for all of 23 years now. My daughter is a model. She’s feminine to a fault and she’s smart and ambitious. I would die for her, gladly.

But I never use my personal life as an example in my work for their protection, but also because I don’t want to lead men astray by in anyway implying that what I have is possible for them. And I’ve had men tell me that, “I want what you have.”

But I don’t make value calls. I consider information, I try to interpret it, and I present it in such a way that it’s useful to men where they’re at. I want to give you tools to use to build your own life, not mine.

Truth & Hustle

Admire the Hustle. We read this a lot in the Manosphere among the guys who fancy themselves entrepreneurs. I think one reason critics think the Red Pill is negative is because all they see is the Hustle. The Hustle has a way of becoming the whole point of anything.

I’m an abortion doctor, but I make six figures and I’m the best at what I do. No one will out-work me. Admire the Hustle baby.

When the selling is more important the the product itself, then you have problems. When the truth is less important than the Hustle inevitably our truth becomes the Hustle. There needs to be a balance and that’s getting harder and harder to find now.

We’re at a moment in the Manosphere where the truth is starting to get lost in the Hustle. I’m accused of it, or I’m accused of associating with ‘too much Hustle’. Well-meaning colleagues with too much perception and not enough information are feeling that salesmen care more about the sale than the product.

I hear you.

Let me finish here by reiterating that my obligation to objective truth will always be my motivation for doing anything I put my name on. It always has been. However, I have worked for amazing companies who sold things that people loved and enjoyed only to watch them crumble and die because the sales team assumed control of the ‘product’. The selling became more important than what was being sold.

My books, my blog, my appearances, every aspect of The Rational Male is my art. I craft each essay. It’s what I care about most. I will never allow the truth to be compromised by the Hustle. The Hustle is important, particularly when it’s about disseminating the truth, but it is secondary to the truth – even to the exception of the Hustle. Sometimes the truth doesn’t sell.

This Is Important

We are rapidly entering a time when our ideas will be vilified. Very soon the objective, life-saving, praxeology that is the Red Pill will be used as a label, as a synonym, for negative ideologies that never had anything to do with the Red Pill. And people who are all about the Hustle will gladly abandon the truth they’re selling now if it means the public opinion of it would compromise their Hustle. It’ll be less about what we’re discussing than how influential and how many followers the person we’re discussing it with has.

Others, those who were appropriating the ‘brand’, will throw the Red Pill under the bus to save their own necks. The coming storm is going to test the resolve of people who are all about the Hustle and all about the Red Pill. I know where my obligations lie, they’ve never changed.

Categories: Miscellaneous Blogs

Binge Swatching

Knitting | Work in Progress - Mon, 05/06/2019 - 18:59
For better or worse, my binge swatching streak has continued. It's not that swatching isn't productive, it is. But couple that with a fondness for color play and what-if scenarios, and a full-blown obsession can't be far behind.

In other words, I'm still preoccupied with the syncopated slipped rib stitch in all its forms. It handled the highly variegated Happy Feet so well, I found myself scouring the stash for similar short-print yarns. Eventually, I discovered a single skein of Panda Cotton (Crystal Palace), which rapdily cycles through several shades of blue punctuated with a stretch of black. 

Since one key to taming busy variegateds is to add a closely related solid, I first tried pairing Panda with black Tajmahal (Filatura Cervinia). This combo created interrupted stripes, a look I initially didn't care for, but it's grown on me. I can see how over the course of a larger piece, the irregular stripes could make a simple shawl or cowl dynamic and visually interesting. Working the variegated Panda with a solid blue (Zaffiro by Madril Yarns), minimized pooling but caused the vertical stripes to virtually disappear.

I could've cheerfully continued working through every variegated yarn in the stash, but decided instead to experiment with some color blocking. I've always loved purple and red together, so I combined black (Tajmahal) with violet Aspen (Baah) and burgundy Charlemont (Valley Yarns). The slipped stitches produce an interesting notched or serrated transition from one color to the next, an effect I rather like.

And therein lies the problem. From jewel tones to neutrals, my stash is filled with many lovely skeins that might lend themselves to this technique, which means my fingers are itching to start (yet another) series of swatches.

Perhaps it's time for an intervention.
Categories: Knitting Feeds

A week in security (April 29 – May 5)

Malwarebytes - Mon, 05/06/2019 - 15:21

Last week on Labs we discussed the possible exit scam of dark net market Wall Street Market, how the Electrum DDoS botnet reaches 152,000 infected hosts, we looked at the sophisticated threats plague ailing healthcare industry, a mysterious database that exposed personal information of 80 million US households, how Mozilla urges Apple to make privacy a team sport, the state of cryptojacking in the post-Coinhive era, and we digested the top six takeaways for corporate data privacy compliance.

Other cybersecurity news
  • The news that Europol shut down two prolific dark web marketplaces in simultaneous global operations, one of which was Wall Street Market, shed a new light on the possible exit scam. The other marketplace was Silkkitie aka the Valhalla Marketplace. (Source: Europol)
  • Scammers are now sending sextortion emails stating that they have a tape of you and them having intercourse and are threatening to release it if you do not send them a $1,500 in bitcoins. (Source: Bleeping Computer)
  • Mozilla has released an update today for Firefox that fixes the issue with an expired signing certificate that disabled add-ons for the vast majority of its userbase over the weekend. (Source: ZDNet)
  • A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that security vulnerabilities in the company’s software are wreaking havoc on its customers. (Source: Krebs on Security)
  • A researcher has discovered vulnerabilities in more than 100 plugins designed for the Jenkins open source software development automation server and many of them have yet to be patched. (Source: SecurityWeek)
  • Facebook has been hit with three new separate investigations from various governmental authorities—both in the United States and abroad—over the company’s mishandling of its users’ data. (Source: The Hacker News)
  • NIST tool uses updated combinatorial testing to enable more comprehensive tests on high-risk software to reduce potential errors. (Source: NIST)
  • A hacker exploited the fact that some botnet operators had used weak or default credentials to secure the backend panels of their command and control (C&C) servers and was able to take over the IoT DDoS botnets of 29 other hackers. (Source: ZDNet)
  • Programmers say they’ve been hit by ransomware that seemingly wipes their Git repositories’ commits and replaces them with a ransom note demanding Bitcoin. (Source: The Register)
  • Mirrorthief group uses Magecart skimming attack to hit hundreds of campus online stores in US and Canada. (Source: Trendlabs)

Stay safe everyone!

The post A week in security (April 29 – May 5) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Red Heart It’s A Wrap Sprinkles Giveaway

Moogly - Mon, 05/06/2019 - 15:00

Red Heart It’s A Wrap Sprinkles is one of my favorite new warm-weather yarns – and I get to give away 3 cakes of it here on Moogly! Disclaimer: This post was sponsored by Red Heart Yarn, but all opinions are my own. Red Heart It’s A Wrap Sprinkles is a beautiful 50/50 blend of [...]

The post Red Heart It’s A Wrap Sprinkles Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life


Subscribe to Furiously Eclectic People aggregator