Feed aggregator

Of Family and Spirits (Part II)

Torchbearer RPG - Thu, 01/31/2019 - 14:00
A part of The Viking’s Bride frieze by Walter Crane, 1883

A few weeks back we explored using the Ættir in Torchbearer games set in the Middarmark. In particular, we took a look at Ran Deepmind, ættir of the Ageiring clan led by Jarl Stigand.

Ran, though much diminished by the near obliteration of the Ageirings in the Battle of Sølvfjord nine years ago, seeks to guide her descendents back to greatness. But the Ageirings have many enemies standing in the way of the young jarl’s path back to power. Perhaps the most immediately dangerous are the Tualings, a clan of Græling outlaws with a score to settle.

The Tualings

The fractious and temperamental Tualing clan have inhabited the uplands of Sudstrond for centuries, with a reputation as troublemakers. Tualing legend holds that long before the Bjornings blighted the shores of the Middarmark, when Græling kings and queens ruled across the land, Tua the Unruly was outlawed and cast out of her clan to prevent a blood feud after she slew her husband’s uncle. She and her closest kin made their way north to the lands west of the Gull Pass, where they established a steading, Tuasgard.

Over the centuries, Tua’s clan expanded to encompass four more steadings, making them one of the most influential local powers. The Ageirings say that many years ago, Stigand’s ancestor, Val the Bold, purchased the Tualing steading of Bikkasgard to establish the fort of Valborg at the mouth of the Gull Pass. The Tualings, on the other hand, maintain they were cheated, forced to give up the steading at spearpoint by Jarl Val’s huskarls. Whatever the truth, the Tualings have regarded the Ageirings with suspicion and hate for long years.

Following the Battle of Sølvfjord, a handful of hot-headed Tualing youths killed Valborg’s steward and occupied the fort, until Stigand’s huskarls returned with the jarl some years later, slaying some and driving out the rest. Furious, the jarl declared the clan outlaw. The Tualings’ neighbors, sensing an opportunity to seize valuable fields and pastures at the expense of their querulous Græling cousins, burned the Tualing steading of Larasstad, slaying most of the people and claiming their lands. It is now a haunted place.

The Tualings retreated to their remaining steadings and declared a blood feud against the Ageirings and their supporters, which they have waged ceaselessly and ruthlessly in the decade since.

It should be noted that as Grælings, the Tualings all have Feuding nature. Having formally declared a blood feud against the Ageirings, they have become terrible foes, as any actions taken in furtherance of the feud falls within their nature.

Tua is a canny spirit, but prone to eruptions of temper whenever she believes that she or her descendents have been slighted. She bestows her favor on descendents who are proud, devious and unstinting in support of their kin. She is determined to destroy the Ageirings.

Tua the Unruly, Ættir of the Tualings The Tualing Regalia

The Tualing clan regalia includes Tua’s beaten bronze brooches strung with glass beads, a set of pitted iron shears, Tua’s loom, a fine steel battle axe, and an ancient ard plough.

Most of the regalia is generally kept at Tua’s shrine at Tuasgard, but the ard is brought to the other Tualing steadings of Finnaby and Abbranvad for the plough rites.

Player characters can be born into the Tualings or join the clan through marriage. Any member of the Tualing clan may use a piece of regalia in a ritual (Ritualist, Ob 3) to connect with Tua. When so connected, Tua can speak through that character’s mouth in furtherance of her belief or instinct. Likewise, she can provide help to characters that have performed the ritual, so long as they remain in contact with the regalia. She can only help within the context of her nature descriptors and if her belief or instinct apply.

With her nature reduced to 4 due to the burning of Larasstad, Tua is somewhat weakened, but her clan retains three steadings and remains numerous. Like Tua, her descendents tend to be devious but tempestuous, prone to act impulsively and aggressively if angered. They are tight-knit and will stand against anyone and everyone in support of each other.

Like Ran, Tua has an agenda. She wants Stigand slain, Ran’s shrine burned and her regalia destroyed. She wants to reclaim Valborg for her clan. And then she wants to make the Græling clans that burned Larasstad pay. But vengeance upon the Ageirings comes first.

Categories: Tabletop Gaming Blogs

What is the best OSR system for RPG novices?

Bat in the Attic - Thu, 01/31/2019 - 13:22

One forum I frequent is the RPGPub. Recently a question was asked,

What is the best OSR system for RPG novices?

I gave some system recommendations and then I realize I been looking at the answer to this question wrong.

Given that nearly all of the various editions of  classic DnD and OSR retro clones are of comparable complexity. Especially in what you have to do get a campaign going. The answer is all of them and none of them.


Because system doesn't matter, it all depends on the referee being a good teacher and a good coach. So use whatever system that works with the way you think and operate and focus on learning to teach and coach.

I throw in coaching because in sports the athlete is expected to execute strategies and procedures that are mostly in real time. A good coach not only explains those strategies and procedures i.e. teach, but guide the athlete through them the first few time until the athlete is able to do them. Afterward the coach will help the athlete practice to improve their skills in regards to whose strategies and procedures. Much of this occurring in real time with the athlete doing whatever their particular sport requires them to do.

While not as physical, the interplay of the players describing what their characters and the referee making a ruling often by using a printed system of rules means there some overlap what you do to teach a beginning athlete and a novice to RPGs.

So hence, focus on being a good teacher and coach. As for the rules use whatever works for you as a teacher and coach.

The OSR logo is by Dyson Logos
Categories: Tabletop Gaming Blogs


Sorcerer's Skull - Thu, 01/31/2019 - 12:00

Last year I did a series of superhero-themed posts on Google+ inspired by Wold-Newton essays and with the conceits there was only one Earth (encompassing both the Marvel and DC and possibly other "universes") and the world tended to work like our own, despite its somewhat altered history. This served to both ground the characters in history, making them more "realistic" and making history stranger! The name for the series was taken from Mark Gruenwald's 1979 fanzine alternate comic book realities.

With Gplus in its death throes, I exported those posts and they are now blogposts here. Only a few of them are currently visibly, but if you want to check them out, follow the Omniverse label at the bottom of this post.

Book Review: My Favourite January Reads

Knitted Bliss - Thu, 01/31/2019 - 11:00


As I think everyone knows by now, I went to Havana earlier this month and fell in love with the city- it’s gorgeous, gritty, and full of hidden treasures and secret beauty. January’s favourites reflect this entirely. The novella that you’ll breeze through but is actually one of the best books ever: The Old Man

The post Book Review: My Favourite January Reads appeared first on %%www.knittedbliss.com%%.

Categories: Knitting Feeds


Looking For Group - Thu, 01/31/2019 - 05:00

The post 1266 appeared first on Looking For Group.

Categories: Web Comics

Adapting B5 Horror On The Hill As A Campaign Jump Off Point With a Cult Classic Twist

Swords & Stitchery - Thu, 01/31/2019 - 03:57
"Between the sun's departure and return, the Silver Death had fallen upon Yoros. Its advent, however, had been foretold in many prophecies, both immemorial and recent. Astrologers had said that this mysterious malady, heretofore unknown on earth, would descend from the great star, Achernar, which presided balefully over all the lands of the southern continent of Zothique; and having sealed the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

A Very Different & Dangerous Occult Ecology For The Will O The Wisps From Dungeons & Dragons

Swords & Stitchery - Wed, 01/30/2019 - 21:07
'Tis said these blossom-lanterns lightThe elves upon their midnight-way;That fairy toil and elfin playReceive their beams of magic white.I marvel not if it be true;I know this flower has lighted meNearer to Beauty's mystery,And past the veils of secrets new.Fairy Lanterns  (1912) by Clark Ashton Smith"Tru looked down at the swamp around her feet as she fled through the undergrowth. That was Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Analyzing a new stealer written in Golang

Malwarebytes - Wed, 01/30/2019 - 17:00

Golang (Go) is a relatively new programming language, and it is not common to find malware written in it. However, new variants written in Go are slowly emerging, presenting a challenge to malware analysts. Applications written in this language are bulky and look much different under a debugger from those that are compiled in other languages, such as C/C++.

Recently, a new variant of Zebocry malware was observed that was written in Go (detailed analysis available here).

We captured another type of malware written in Go in our lab. This time, it was a pretty simple stealer detected by Malwarebytes as Trojan.CryptoStealer.Go. This post will provide detail on its functionality, but also show methods and tools that can be applied to analyze other malware written in Go.

Analyzed sample

This stealer is detected by Malwarebytes as Trojan.CryptoStealer.Go:

Behavioral analysis

Under the hood, Golang calls WindowsAPI, and we can trace the calls using typical tools, for example, PIN tracers. We see that the malware searches files under following paths:

"C:\Users\tester\AppData\Local\Uran\User Data\" "C:\Users\tester\AppData\Local\Amigo\User\User Data\" "C:\Users\tester\AppData\Local\Torch\User Data\" "C:\Users\tester\AppData\Local\Chromium\User Data\" "C:\Users\tester\AppData\Local\Nichrome\User Data\" "C:\Users\tester\AppData\Local\Google\Chrome\User Data\" "C:\Users\tester\AppData\Local\360Browser\Browser\User Data\" "C:\Users\tester\AppData\Local\Maxthon3\User Data\" "C:\Users\tester\AppData\Local\Comodo\User Data\" "C:\Users\tester\AppData\Local\CocCoc\Browser\User Data\" "C:\Users\tester\AppData\Local\Vivaldi\User Data\" "C:\Users\tester\AppData\Roaming\Opera Software\" "C:\Users\tester\AppData\Local\Kometa\User Data\" "C:\Users\tester\AppData\Local\Comodo\Dragon\User Data\" "C:\Users\tester\AppData\Local\Sputnik\Sputnik\User Data\" "C:\Users\tester\AppData\Local\Google (x86)\Chrome\User Data\" "C:\Users\tester\AppData\Local\Orbitum\User Data\" "C:\Users\tester\AppData\Local\Yandex\YandexBrowser\User Data\" "C:\Users\tester\AppData\Local\K-Melon\User Data\"

Those paths point to data stored from browsers. One interesting fact is that one of the paths points to the Yandex browser, which is popular mainly in Russia.

The next searched path is for the desktop:


All files found there are copied to a folder created in %APPDATA%:

The folder “Desktop” contains all the TXT files copied from the Desktop and its sub-folders. Example from our test machine:

After the search is completed, the files are zipped:

We can see this packet being sent to the C&C (cu23880.tmweb.ru/landing.php):


Golang compiled binaries are usually big, so it’s no surprise that the sample has been packed with UPX to minimize its size. We can unpack it easily with the standard UPX. As a result, we get plain Go binary. The export table reveals the compilation path and some other interesting functions:

Looking at those exports, we can get an idea of the static libraries used inside.

Many of those functions (trampoline-related) can be found in the module sqlite-3: https://github.com/mattn/go-sqlite3/blob/master/callback.go.

Function crosscall2 comes from the Go runtime, and it is related to calling Go from C/C++ applications (https://golang.org/src/cmd/cgo/out.go).


For the analysis, I used IDA Pro along with the scripts IDAGolangHelper written by George Zaytsev. First, the Go executable has to be loaded into IDA. Then, we can run the script from the menu (File –> script file). We then see the following menu, giving access to particular features:

First, we need to determine the Golang version (the script offers some helpful heuristics). In this case, it will be Go 1.2. Then, we can rename functions and add standard Go types. After completing those operations, the code looks much more readable. Below, you can see the view of the functions before and after using the scripts.

Before (only the exported functions are named):

After (most of the functions have their names automatically resolved and added):

Many of those functions comes from statically-linked libraries. So, we need to focus primarily on functions annotated as main_* – that are specific to the particular executable.

Code overview

In the function “main_init”, we can see the modules that will be used in the application:

It is statically linked with the following modules:

Analyzing this function can help us predict the functionality; i.e. looking the above libraries, we can see that they will be communicating over the network, reading SQLite3 databases, and throwing exceptions. Other initializers suggests using regular expressions, zip format, and reading environmental variables.

This function is also responsible for initializing and mapping strings. We can see that some of them are first base64 decoded:

In string initializes, we see references to cryptocurrency wallets.



The main function of Golang binary is annotated “main_main”.

Here, we can see that the application is creating a new directory (using a function os.Mkdir). This is the directory where the found files will be copied.

After that, there are several Goroutines that have started using runtime.newproc. (Goroutines can be used similarly as threads, but they are managed differently. More details can be found here). Those routines are responsible for searching for the files. Meanwhile, the Sqlite module is used to parse the databases in order to steal data.

Then, the malware zips it all into one package, and finally, the package is uploaded to the C&C.

What was stolen?

To see what exactly which data the attacker is interested in, we can see look more closely at the functions that are performing SQL queries, and see the related strings.

Strings in Golang are stored in bulk, in concatenated form:

Later, a single chunk from such bulk is retrieved on demand. Therefore, seeing from which place in the code each string was referenced is not-so-easy.

Below is a fragment in the code where an “sqlite3” database is opened (a string of the length 7 was retrieved):

Another example: This query was retrieved from the full chunk of strings, by given offset and length:

Let’s take a look at which data those queries were trying to fetch. Fetching the strings referenced by the calls, we can retrieve and list all of them:

select name_on_card, expiration_month, expiration_year, card_number_encrypted, billing_address_id FROM credit_cards select * FROM autofill_profiles select email FROM autofill_profile_emails select number FROM autofill_profile_phone select first_name, middle_name, last_name, full_name FROM autofill_profile_names

We can see that the browser’s cookie database is queried in search data related to online transactions: credit card numbers, expiration dates, as well as personal data such as names and email addresses.

The paths to all the files being searched are stored as base64 strings. Many of them are related to cryptocurrency wallets, but we can also find references to the Telegram messenger.

Software\\Classes\\tdesktop.tg\\shell\\open\\command \\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\ \\AppData\\Roaming\\Electrum\\wallets\\default_wallet \\AppData\\Local\\Torch\\User Data\\ \\AppData\\Local\\Uran\\User Data\\ \\AppData\\Roaming\\Opera Software\\ \\AppData\\Local\\Comodo\\User Data\\ \\AppData\\Local\\Chromium\\User Data\\ \\AppData\\Local\\Chromodo\\User Data\\ \\AppData\\Local\\Kometa\\User Data\\ \\AppData\\Local\\K-Melon\\User Data\\ \\AppData\\Local\\Orbitum\\User Data\\ \\AppData\\Local\\Maxthon3\\User Data\\ \\AppData\\Local\\Nichrome\\User Data\\ \\AppData\\Local\\Vivaldi\\User Data\\ \\AppData\\Roaming\\BBQCoin\\wallet.dat \\AppData\\Roaming\\Bitcoin\\wallet.dat \\AppData\\Roaming\\Ethereum\\keystore \\AppData\\Roaming\\Exodus\\seed.seco \\AppData\\Roaming\\Franko\\wallet.dat \\AppData\\Roaming\\IOCoin\\wallet.dat \\AppData\\Roaming\\Ixcoin\\wallet.dat \\AppData\\Roaming\\Mincoin\\wallet.dat \\AppData\\Roaming\\YACoin\\wallet.dat \\AppData\\Roaming\\Zcash\\wallet.dat \\AppData\\Roaming\\devcoin\\wallet.dat Big but unsophisticated malware

Some of the concepts used in this malware remind us of other stealers, such as Evrial, PredatorTheThief, and Vidar. It has similar targets and also sends the stolen data as a ZIP file to the C&C. However, there is no proof that the author of this stealer is somehow linked with those cases.

When we take a look at the implementation as well as the functionality of this malware, it’s rather simple. Its big size comes from many statically-compiled modules. Possibly, this malware is in the early stages of development— its author may have just started learning Go and is experimenting. We will be keeping eye on its development.

At first, analyzing a Golang-compiled application might feel overwhelming, because of its huge codebase and unfamiliar structure. But with the help of proper tools, security researchers can easily navigate this labyrinth, as all the functions are labeled. Since Golang is a relatively new programming language, we can expect that the tools to analyze it will mature with time.

Is malware written in Go an emerging trend in threat development? It’s a little too soon to tell. But we do know that awareness of malware written in new languages is important for our community.

The post Analyzing a new stealer written in Golang appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Facebook Live and YouTube Live: January 2019

Moogly - Wed, 01/30/2019 - 16:03

Let’s kick off another year of Moogly fun! This month’s Facebook Live shares all the latest Moogly projects, giveaways, and sneak peeks. And later on YouTube, I’ve been challenged to share 10 Things You Didn’t Know About Me – not related to crochet! Disclaimer: This post is sponsored by Red Heart Yarn, and may contain affiliate [...]

The post Facebook Live and YouTube Live: January 2019 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

The Keep of the Broken Saint

Ten Foot Pole - Wed, 01/30/2019 - 12:15
By WR Beatty
Rosethrone Publishing
Swords & Wizardry Levels

Only vague rumors speak of the ancient Keep of the Broken Saint. Divination fails to reveal anything useful, prayers and powerful magics continue to falter. Yet the rumors insist the place is real and that the Broken Saint has the keys to immortality. Even if the shadows of rumors that make their rounds are not true, surely a ruin that has been lost for generations holds secrets and treasures.

This forty page adventure has about sixty rooms in a keep and dungeon. It has a certain feel, like that of a pseudo-historical saint magical resting place? A non-simulationist version of that, anyway, which is a good thing. Room after room delivers the interactivity. It still needs help in the comprehension category, using some passive voice and layout/writing decisions that do not always lead to good results.

The vibe here is interesting. You know how harn has this kind of realistic vibe thing going on? Let’s start with that. Then add in to it a Saint. Let’s also add the Saints ruined keep. Now, turn the keep in to a mythic place that goes beyond Harn, turning each room in to more of a traditional “fantasy things actually happen”  place that Harn doesn’t usually have … but still root it in this kind of pseudo-historical draping, without it fetishizing simulationast or history. That’s this. A ruined multi-level keep of a saint with a couple of tower outbuildings and dungeon levels. With “realistic” historical keep maps that still remember they are used for D&D. Harn and/or Ars Magica, but with actual stuff going on in each room, and thus firmly interactive D&D.

Level 8-10 in S&W is pretty kick ass, and about as close to high level play as I’ve seen. The adventure doesn’t gimp the characters and allows them to use their powers. The various things in the keep (a lot of undead, it’s a broken saint after all) have a decent “talk to the guy in the underworld” kind of thing going on where they interact with you. Bow to you. Ask you questions to pass. Defer to characters in certain conditions. Can get laid to rest and/or not. To this we add some bird people, roosting in historical nesting ground and some enemies of theirs that have taken over.

I’ve mentioned some of the interactivity, undead to question and the bird people and other things you can talk to. There’s also lamps to light, chains to break, fountains to drink from, and so on. Interactivity, I think, is the third leg to a D&D adventure being “good”, once you get past scannable and evocative environments. IE: Can I find the information I need, is the place described well, and is there something to do?

Wanderers are doing things. There’s a monster summary sheet. There are some cross-references. Some of the magical items are new. The hooks are not throwaways. It’s all got some decent bones behind it.

I can take exception to a few things. First, the monsters are not really described. One area has “4 Host of the Broken Saint Archers.” There are stats, in the summary sheet, but no real description. I have no idea what it is, or any of the other stuff, for that matter. There are 46 different monsters on that summary sheet. I suspect that some simplification would have helped a bit and allowed for some extra space to describe a few of them in an appendix.

The formatting does good things in places. Large black banned herald the arrival of a new room, with a place name, so the section breaks are easy to find. There’s lots of white space in rooms. Maybe too much. They come off a bit … large? The information tends to be spread out. The first paragraph deals with things in the first thing, the second with the second thing and so on. This causes you to have to paragraph jump, taking the first line from each, when looking at a new encounter the party has. The writing, proper, isn’t exactly prescriptive, but it tends in that direction, which causes things to be a bit more lengthy than they could be. Together this all causes the rooms to be a little more confusing/wall of text/spread out/harder to grok then I think they could be. It’s not terrible, but it’s not exactly “easy.”

Maybe a little bit more of an overview is needed as well. At level 8-10 the party can command some pretty decent spells for finding things. “Where’s the broken saint” and “where that immortality staff”, and things like that, could use a bit of help in the text to help facilitate.

But, all in all, GREAT mythic vibe to the place. I’m not sure the treasure is all there for some levels 8-10 peeps, but fuck it, it’s a nice adventure.

This is $5 at DriveThru. Page four and five of the preview has a look in to the hooks, while page six goes over a few higher-level ideas/effects of the Broken Saint proper. Both are nice. The last two pages show the first six encounters. Note the disconnected paragraphs in room five and the more “movie watching” encounter in room six. Room two and three show a good example of both interactivity and the more … expansive layout/writing style that I think could be tightened up.


Categories: Tabletop Gaming Blogs

Wednesday Comics: Storm: Vandaahl the Destroyer

Sorcerer's Skull - Wed, 01/30/2019 - 12:00
My exploration of the long-running euro-comic Storm, continues with his adventures in the world of Pandarve. Earlier installments can be found here.

Storm: Vandaahl the Destroyer (1987) (part 1)
(Dutch: Vandaahl de Verderver)
Art by Don Lawrence; script by Martin Lodewijk

In a small, strange universe, somewhere in the multiverse, a war which has lasted for millions of years comes to an end. Vandaahl the Destroyer, Lord of Chaos, Agent of Death, is brought before his triumphant enemies. He gloats that he won the moment they chose to take up arms against him, and he relishes the irony that they will now kill him in the name of peace.

But his enemies don't plan to kill him. Instead, he will be locked in the Armor of Eternity. He will be held in stasis until the end of time. They also plan to throw the armor into a black hole. They are unsure of what will happen. The All-Creator will decide his fate.

Apparently, the All-Creator isn't done with Vandaahl. Drawn into the black hole, he isn't destroyed, but instead shunted through a white hole into another universe...

He comes down like a meteorite into the water world where Storm, Ember, and Nomad have been living with a community of fishermen. Nearly drowned in the resulting wave, our heroes decide to dive down and investigate when they see a glow beneath the water. Storm and one of the fishermen don special jellyfish and diving helmets and go down.

The next day, they come back to haul up the armored figure. Storm weirdly has a hard time touching it, like his hand and the figure are two magnets, repelling each other. They take the mysterious figures back to the fisherfolks' nest to take counsel with the elders.

While the adults are talking, children are playing around the figure. They inadvertently activate some controls...

And Vandaahl lives!


SPILLING INK: A New Potentially Controversial Book By The Enigmatic EL James?

First Comics News - Wed, 01/30/2019 - 03:48

EL James has become a household name since she published her smash hit series, Fifty Shades of Grey. She’s arguably the most successful self-published author despite the fact that her self-published book was quickly snagged up by a division of Random House in 2012. Given the backing of a major publisher it’s no wonder the book turned an almost immediate commercial success. Success doesn’t come without some negatives. Dubbed “Mommy Porn,” the series was both loved and hated in equal measure, but ultimately sales are what counts and the series turned movie and spawned additional side stories told from the male lead’s perspective.

But this is all old news, right? Been there, done that. We’re all over the whole Mommy Porn drama, aren’t we?

Not even close!

Just a few days ago, EL James announced to the world she’s back at it again with a new book due out this Spring titled, The Mister, calling it “a Cinderella story for the twenty-first century.”

While she hasn’t come out and said it will be as erotically charged as her previous series, she’s created an expectation in her readers for a certain type of book and I think it’s safe to say we’re in for a naughty treat.

In a statement released by Penguin Random House, James says: “I’m so excited to finally get this passionate new romance out into the world… Maxim and Alessia have led me on a fascinating journey and I hope that my readers will be swept away by their thrilling and sensual tale, just as I was while writing, and that, like me, they fall in love with them.”

The passionate new romance from E L James, author of the phenomenal #1 bestselling Fifty Shades Trilogy

 London, 2019. Life has been easy for Maxim Trevelyan. With his good looks, aristocratic connections, and money, he’s never had to work and he’s rarely slept alone. But all that changes when tragedy strikes and Maxim inherits his family’s noble title, wealth, and estates, and all the responsibility that entails. It’s a role he’s not prepared for and one that he struggles to face.

 But his biggest challenge is fighting his desire for an unexpected, enigmatic young woman who’s recently arrived in England, possessing little more than a dangerous and troublesome past.  Reticent, beautiful, and musically gifted, she’s an alluring mystery, and Maxim’s longing for her deepens into a passion that he’s never experienced and dares not name. Just who is Alessia Demachi? Can Maxim protect her from the malevolence that threatens her? And what will she do when she learns that he’s been hiding secrets of his own?

 From the heart of London through wild, rural Cornwall to the bleak, forbidding beauty of the Balkans, The Mister is a roller-coaster ride of danger and desire that leaves the reader breathless to the very last page.

Will this book be as successful as her previous offerings? Only time will tell, but as it stands now, it’s already ranking at the top of the pre order charts on Amazon.com


Amazon Best Sellers Rank: #97 in Books

#2 in Books > Literature & Fiction > Erotica > Romantic

#59 in Books > Literature & Fiction > Literary

#60 in Books > Literature & Fiction > Women’s Fiction > Contemporary

Categories: Comic Book Blogs

Ch. 5, Page 28

Castle Greyhawk - Wed, 01/30/2019 - 03:26

...Thank you for reading!  Long live Greyhawk!

Call of Cthulhu Actual Play: Against the Cthulhu Cult of Boston

19th Level - Wed, 01/30/2019 - 03:09

I'll be making a small adjustment for this actual play. I'll be focusing less on what happened during play - though I will cover that - and more discussing the makeup of the adventure. I think that is probably more of interest to my readers.

One of my players commented how she didn't recall any adventures actually involving Cthulhu. With our previous adventure featuring some Thralls of Cthulhu that seemed a great opportunity to make use of the worldwide Cthulhu Cult.

Adventure NotesI started with the ending - I had a vision of cultists trying to rise R'lyeh in Boston Harbor. Yes, it's supposed to be in the Pacific Ocean but I decided to adjust that and say R'lyeh is an extradimensional place. It is perhaps easiest to rise from the Pacific, but if the stars are right, it can be risen out of any water. I knew they'd need a tome so I broke the adventure into two parts - the first concerning them acquiring the tome they needed and the second them making use of it.

With that I needed a bunch of NPCs. I decided to make all the members of the Cthulhu Cult - very often I find it easy to make cultists into "orcs" - and I'm sure I'll do so again. One of the things I took note of from Lovecraft's classic "The Call of Cthulhu" was, horror of horrors, multi-ethnic and multiracial, things that horrified Lovecraft. So I had an idea for such a cult in Boston. In my markdown notebook I recorded the following people:

  • Jean-Claude Ristil - Haitian born, budding sorcerer, leader of the group
  • Agewe Baptiste - Haitian born as well, childhood friend of Ristil. Skilled with knife, very scarred
  • Finn Leary - 1st generation Irish-American, second-story man, good with gun
  • Pablo Torres - Puerto Rican immigrant, skilled rifleman
  • Ricardo López - Cuban revolutionary against Spain, older man - born 1860, making him in his mid-50s. Often field leader of this crew. 
  • Thomas Greenshields - Scottish immigrant, intellectual, fond of pistols, engineering student. Given them access to more cultured places. Arsonist. 
  • Fang Li - 2nd generation Chinese-American. Grandfathers both worked on transcontinental railroad, later settled in Boston. Fang family has laundromat. Li not a huge fan of that. Rails against the treatment of Chinese by American government. 

We're not talking super-deep, multi layered characterizations. However, with these rough notes they all looked different and brought different things to the table. They were all men - though in the previous adventure the adversaries were both women (and they will likely appear again).
The first part of this adventure, a single session, then would need to deal with the cult getting noticed stealing the book. Enter roommates and lovers Dmitri Zadornoz and James Higgins. They recently came across and stole the 1850s tome Adam Jones' R'lyeh, annotated by Rev. Thomas Miller. Obsessed with the work, they wanted to share it with the world. The two worked at a jobber printer - a press for smaller jobs. On Thanksgiving, when the printer was closed, they printed a pamphlet with excerpts from the book - and their own ramblings. And they planned to do so on Christmas as well. But the cult has gotten wind of the book and wants it.
What is the book? It's a book of my own creation. I created a companion for explorer Henry Hudson, Adam Jones. I posited that he had come across references to R'lyeh while on the Pacific Ocean. He wrote his own mad ravings about it and published a book about it in 1605. He became obsessed with finding a Deep One city - his calculations showing it to be beyond what is now known as Hudson Bay. His calculations were off - it was actually near modern Innsmouth. Along with Hudson, Jones was lost in the final 1610-1611 voyage of Hudson (as was Hudson, due to crew mutiny). In the mid-19th century the Reverend Thomas Miller came across Jones' work and modernized it - though the Presbytery of Boston had a fit when they saw what he'd been working on and the book was suppressed, with only a few copies surviving. I decided to give it a short study time, making it a rather valuable Mythos tome and one much desired. 
Adam Jones' R'lyeh, annotated by Rev. Thomas Miller 
  • Sanity Loss - 1d8
  • Cthulhu Mythos - +3/+7
  • Mythos Rating - 20
  • Study - 2 weeks
  • Spells: Mist of R'lyeh, Enchant Club, Call/Dismiss Cthulhu, Align the Stars, Summon Deep Ones
On the night of Christmas Higgins and Zadornoz were working on printing a new pamphlets. However, Ristil's cult struck. They killed Higgins and lit the press on fire. Zadornoz had stepped out and fled when he saw what happened. However, other cult members were waiting for him at his apartment - which they'd already hit, obtaining the book. Zadornoz escaped there as well, though he was shot and wounded. Disowned by his father, a rabbi, for being in a homosexual relationship, he was still on good terms with his sister - and his sister was engaged to a medical student who helped run an underground clinic to help defray the costs of medical school.
The adventure opened with police Captain McShane asking the investigators to look into the fire - remnants of the pamphlets made it clear what sort of strangeness was going on. I'd set things up so that I didn't need to worry about the investigators stopping the cult from getting the book - they already had it. But the characters had to learn about the cult - and have a chance of saving Zadornoz. 
Whether they succeeded or not, the second part of the adventure was about getting their own copy of Adam Jones' R'lyeh. I added details for them to follow Zadornoz's backtrail, including the book shop he stole it from - Dale's Rare Books, owned by Curtis Dale. Dale would be able to point them to other places the book could be obtained, included the libraries at the Miskatonic University and Harvard University. I did also note that the cult would likely be monitoring the investigators and try to interfere.

I also dictated the book would specify the raising of R'lyeh would need to be done in parts. The initial spell had to be cast on a very foggy night so as to obscure the realigning of the stars. As it turns out, mid-January 1915 was extremely foggy in Boston. That would allow for the raising of a small island. If a proper sacrifice could be made to one of Cthulhu's starspawn, true R'lyeh could indeed be brought to our world. All hail Cthulhu. Iä  Iä !
Actual Play NotesSetting: Boston. Friday, December 25th, 1914 - Monday, January 18, 1915

  • Colin O'Connor: Civil engineer from Dunmore, Ireland. Employed as a civil engineer by the city of Boston.
  • Lola Diaz Azar: Archaeologist hailing from Puerto Rico, born of a Puerto Rican mother and Middle Eastern father. Agent of the New England Watch and Ward Society, specializing in occult tomes.
  • Nathaniel Quincy, MD, Captain, US Army (Ret.) Former army doctor, served in Nicaragua and the Philippines. Now working as a medical examiner for Essex County.

The characters quickly gathered information at the burnt jobber press and found their way to Zadornoz and Higgins' apartment, driven by a Boston police officer. There they saw the place already ransacked but did find notes about Zadornoz's estranged family and they traveled to the family's modest home. While his father, Rabbi Yuri Zadornoz, was not helpful, his sister Susanna was - and was able to point out where her fiance David Kablukov ran a secret clinic. Unfortunately, the cult converged on the house. Baptiste, Torres, and Li attacked. It was not a fair fight and rapidly broke down into chaos in and around the house. Baptiste nearly killed Azar with his machete. O'Connor and Quincy struggled in battle with Li but eventually defeated him. Torres killed Yuri and their police driver. Baptiste and Torres left, gaining information and nearly running down Susana in their car. This proved an object lesson on the deadliness of combat in Call of Cthulhu. Quincy stabilized Azar and got her to the hospital. They tipped the police off to the location of the clinic but did not go there themselves - but they did hear tales of a horrifying police battle that killed two more officers with Zadornoz and Kablukov killed as well - with strange reports of zombies.
With three police officers killed in one night, the city was enraged. McShane made sure they had the resources they needed to stop the cult. After Azar recovered they went to Dale's Rare Books and from there the Miskatonic University at Arkham. It was there that cultist Leary tried to run them down, badly hurting O'Connor. Azar and Quincy persuaded Henry Armitage to give them access to Adam Jones' R'lyeh which they read while O'Connor recovered - and learned some forbidden magic from the tome - especially of interest being a way to banish Cthulhu.
When the fog came on January 18 they scoured the waterfront and found a fishermen who described the strange people who paid a fortune to rent his boat - even if they never returned it he'd have enough to buy a new boat. Cults ready for the end of the world don't see much a need for money. The fishermen had a general idea where they were going and with some money, they rented another boat and he took them out.
Sure enough, there was indeed a new island, one that glowed green in the fog. And on it was a horrid, giant, winged octopus-like creature. Not Cthulhu but one of his servants. The ritual had begun. It was too much for O'Connor, whose mind snapped. He had no memory of how they had arrived. Meanwhile, Quincy and Azar chanted the banishing spell. Quincy had to stop as O'Connor started advancing towards the cult, confused. Quincy tackled him as Azar completed the spell. As Cthulhu's servant vanished the island sank. They all found themselves in the cold waters of the harbor. The investigators quickly made for their boat, hoping the cult (especially machete man) would not survive the experience.
Categories: Tabletop Gaming Blogs

Shazam! #2 Review

First Comics News - Tue, 01/29/2019 - 23:28

The new Shazam! series, brilliantly timed to release around the time the movie launches, has taken the early 2019 crown for most disappointing new title by being too dense for new readers and too bland for long suffering fans of the original Captain Marvel. This issues story, written by Geoff Johns, goes through the motions of bringing the hallmarks of the characters (family interactions, weird characters, a sense of wonder) but nothing seems to really connect with the reader. The first issue set the series up well as the family explores a newly discovered area of the Rock of Eternity, an abandoned train station that allows travel to different areas of the Magiclands. This time they travel to the first of these realms, The Gamelands which is a twisted sort of amusement park run by the King Kid who has a secret of his own.

The entire issue seems to be a little bit off and it is hard to say what the problem is but it may be the change of artists. The first issue featured top notch artwork from Dale Eaglesham who excelled at showing the kids with a wide range of expressions and was a great compliment to the story while this issue sees Marco Santucci take over. This may be why the second issue was delayed a month and features a Christmas cover at the end of January. Marco does a solid if unspectacular job; the characters are stiffer, the panels often feel cramped and there is not sparkle of mischief coming off the page.

Captain Marvel, or Shazam as he has been retconned to be named, has always been one of my favorite characters but he has been hard to get right. I fondly remember the original stories of course but also loved the Shazam: The New Beginning mini-series from the 80’s, the The Power Of Shazam! by Jerry Ordway and the Jeff Smith min-series among others. The character is wonderful when used correctly but he is hard to nail down correctly. This newest series tries but after the solid first issue it is back into the skip pile for the time being.

Shazam! #2

DC Comics – $3.99

Categories: Comic Book Blogs

Apple’s FaceTime privacy bug allowed possible spying

Malwarebytes - Tue, 01/29/2019 - 19:00

Social media caught fire yesterday as the news of a new Apple bug spread. It seemed that there was a flaw in FaceTime that allowed you to place a call to someone, but listen in on their microphone if they didn’t pick up. Worse, as the news spread, it turned out that there was also a way to capture video from the camera on the target device, and that this issue was affecting not just iPhones and iPads, but Macs as well.

The result was a chorus of voices all saying the same thing: turn off FaceTime. The good news, though, if you’re just tuning in now, is that this is completely unnecessary, as Apple has disabled the service that allowed this bug to work.

How did the bug work?

The bug relied entirely on a feature of iOS 12.1 and macOS 10.14.1 called Group FaceTime. If you are using an older version of iOS or macOS, you have nothing to fear.

The bug involved doing something a bit unusual with Group FaceTime. First, you would have to place a FaceTime call to your intended victim. Next, while the call is still ringing, you would need to bring up the Add Person screen and add yourself to the call. Doing this would invoke Group FaceTime, and the microphone of the intended target would be activated, even if they didn’t answer.

Capturing video from the target phone’s camera required one of two known techniques. One would be to hope that the recipient pressed the power button on the phone to “decline” the call, in which case the camera would turn on as well. (Of course, if they pressed it twice, as some have become accustomed to doing on iPhones in these days of scam calls, that would cut the video off again. But you’d still see a flash of video.)

Alternately, you could apparently join the call from another device, which would also turn on the recipient’s camera. (Although I was able to test and verify everything else, I didn’t know about this trick until after Apple disabled Group FaceTime, so I can’t verify this one from personal experience.)

What were the dangers?

To make this work, you would need to rely on the target not answering, which could potentially be orchestrated if the target’s activities were known and it was likely that he or she would both be disinclined to answer at the time of the call, and be doing or saying something of interest. (I think we can all think of at least one such activity!)

Fortunately, this did pretty much rule out generalized surveillance, though nonetheless, there were some valiant efforts (most likely pranks) in the brief time the bug was known.

This also didn’t open up an open-ended wiretap. FaceTime rings for a while, but not forever. At most, you might get about a minute or so of spying. It’s also not the stealthiest of attacks, since you’d literally be announcing yourself in the process.

All this means that the risks were fairly low for anything beyond a prank. I personally did not feel it necessary to turn off FaceTime on my devices. Once I was aware, I could have simply covered the camera and ended the call—or had a little fun with the caller by playing Rick Astley into the phone’s mic!

How was this resolved?

Apple temporarily solved the problem by disabling Group FaceTime on their servers. This means that you can no longer add people to a FaceTime call, so the bug currently cannot be triggered. Apple will undoubtedly release iOS and macOS updates with a fix for this bug.

It’s unknown how soon Apple will re-enable Group FaceTime after that update is released, so if you’re on iOS 12.1 or macOS 10.14.1, it will be of great importance to install the next update in a timely fashion! You don’t want to be caught with your pants down (possibly literally) on a vulnerable system after the Group FaceTime switch is turned back on.

How did this happen?

Apple has had an unusually large number of high-profile and embarrassing bugs of late, which has led many people to ask what has happened to Apple’s quality assurance process. This bug is no exception.

Worse, it appears that at least one person knew about the bug almost two weeks before the news broke, and had been trying to alert Apple.

It’s unknown at this point exactly which points of contact for Apple this person was using, so it’s entirely possible that the right people at Apple didn’t learn about it until they saw it on the news. Since Apple didn’t disable Group FaceTime until after the news broke, I would hope that this is the case. It would be far more concerning if the right people at Apple knew about the bug, but didn’t make the call to disable Group FaceTime.

What’s the takeaway?

Bottom line, at this point, there’s absolutely no reason to panic or to turn off FaceTime. If you turned off FaceTime, and you want to turn it back on, it’s safe to do so, as long as you don’t delay installing the next update. There’s no indication that FaceTime can be abused without having Group FaceTime available.

There will be some who cite this as a reason to delay installing system updates. They will say that you should wait and let others work out the bugs. However, this is questionable advice. If you stay on an old version of iOS or macOS, you are using a system that has known security issues. That’s a far riskier proposition than updating to a newer version of the system where there aren’t (yet) any known security issues. From a security perspective, you should always install updates in a timely fashion.

The post Apple’s FaceTime privacy bug allowed possible spying appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Learn the Secret Technique...

Aikido Blogs - Tue, 01/29/2019 - 17:43
While I was training under Kato Sensei, he taught that each Kyo has a significant meaning: Ikyo - Physical Strength, Nikyo - Technique, Sankyo - Flow, Yonkyo - Focus, Gokyo - Disarm.

In light of that teaching, I've been creating my vlogs to highlight that teaching. I just finished my vlog on Nikyo, which is about technique. And yes, the title is click bait, and if you are wondering, there really is no secret technique, but the obvious, deliberate practice, and hours, weeks, months, years, decades...of deliberate practice.

Watch my vlog, comment, share, like and subscribe to my channel!

Categories: Aikido

The Deep Evil & Abiding Corruption Of WG4 The Forgotten Temple of Tharizdun By Gary Gygax For Your Old School Campaigns

Swords & Stitchery - Tue, 01/29/2019 - 16:17
"A combined wilderness and dungeon adventure scenario. Background information, referee's notes, encounter keys, outdoor and dungeon level maps, and new monsters and treasures. While designed to interface with THE LOST CAVERNS OF TSOJCANTH, this module is capable of standing alone." Where do I begin with my storied & varied history with WG4 The Forgotten Temple of Tharizdun By Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Rows of Love Blanket Tutorial

Moogly - Tue, 01/29/2019 - 16:06

The Rows of Love Blanket Tutorial is full of color and post stitches and puff stitches – oh my! Learn how to make it in any size, in right and left-handed video tutorials on Moogly! Disclaimer: This post includes affiliate links; materials provided by Red Heart Yarn. Rows of Love Blanket Tutorial: How to the [...]

The post Rows of Love Blanket Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Interview with a malware hunter: Jérôme Segura

Malwarebytes - Tue, 01/29/2019 - 16:00

In our series “Interview with a malware hunter,” our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A sessions. So, let’s get started.

Where are you from, and where do you live now?

I was born and raised in France. After graduating from university, I moved over to North America, where I currently reside.

You are most famous for your exploit kit research. How did you get involved in that field?

I think I first got into exploit kits around 2007. I was working for a small company, and my job was to find new malware samples. I recall learning about drive-by downloads and reading an important book: Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz.

After reading this book, I wrote a very basic prototype for a honeypot that would capture payloads from drive-by attacks.

This is also around the same time that I discovered the Fiddler web debugger tool that I have used on almost a daily basis ever since.

Are there any other fields that have your special interest?

Over the years, I’ve been curious about different fields that have come up, mostly by chance. For example, when I first started working remotely, I once received a phone call from tech support scammers. While I could have forgotten about it, it made an impression on me, so much so that it led to writing more than 30 blog posts on the topic and working with the FTC to shut down a multi million-dollar operation in the US.

Did you major in computer sciences? Or did you switch to cybersecurity later?

I graduated with a Masters in Information Systems, which at the time was not specific to computer science (by the way, I got my first computer at 18 years of age), but also included law, economics, and even things like accounting. Cybersecurity came up much later.

How long have you been a security researcher?

I’ve done malware research for about 12 years.

How did you end up working for Malwarebytes?

After working for the same company for a number of years, I found myself needing a new opportunity. Even though social media sites were not as big then, it was via Twitter message from long time malwarenaut Mieke [Malwarebytes Director of Research] that I got here.

What’s the most interesting/impactful discovery you’ve made as a researcher?

That’s tough to say. There is work that I’ve done that was really interesting and that I devoted a lot of time to, but perhaps didn’t have as much of an impact or didn’t get published.

What’s the biggest cybersecurity “fail” you’ve witnessed?

There are a lot of fails happening every day, but I think what struck me most was to see poor security practices in person. For example, seeing computers at the hospital left unlocked, running outdated software. The same ones where doctors store your personal and health records.

At the same time, I understand that lack of awareness or small budgets are some of the reasons why this is happening, and individual people aren’t always to blame.

Can you give us an impression of what a typical workday looks like for you?

The interesting thing about our job is that there is an unexpected element to it which reflects heavily on the day’s schedule. You could be reviewing logs or responding to emails when something comes up and needs your immediate attention.

Otherwise, a lot of the job consists of checking on various indicators to get a sense of what’s going on and then digging deeper when something seems new.

What kind of skills does a person need to be a malware intelligence researcher?

There are many different skill sets that can apply to be a malware intelligence researcher. Our field is vast, and few people can claim to possess all the diverse skills there are. Personally, I would say that attention to detail and persistence are really valuable qualities to have. Many other skills can be taught later on.

What advice do you have for people who want to break into the field?

There are a few young people that have come to me in the past asking for advice on how to get into this field. I always tell them to stay curious, keep learning, and publish your work and discoveries. One the best things you can do is get exposure by showing your craft to outside folks. If you keep at it, eventually it will pay off.

The post Interview with a malware hunter: Jérôme Segura appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Subscribe to Furiously Eclectic People aggregator