Feed aggregator

Wednesday Comics: DC, March 1980 (part 2)

Sorcerer's Skull - Wed, 03/24/2021 - 11:00

Continuing my read through of DC Comics output from January 1980 (cover date) to Crisis! This week, I'm looking at the comics at newsstands around December 20,1979.


Action Comics #505:
Bates and Swan bring us a tale of a puppy-eyed, hairy hominid from space, who charms children and can wallop Superman. In a twist I did not expect, the creature turns out to be a synthetic being from Krypton. The story is continued to next issue. I kind of dug this one.

Adventure Comics #469: The Starman story here has a bit more of classic space opera vibe than the previous installments, which is a welcome change of pace. The Plastic Man story is the same old stuff. I can't say I'm really excited about either of these features.

Brave & the Bold #160: With Superman and Batgirl teaming up early this month, now it's Batman's and Supergirl's turn. Burkett and Aparo have Batman do some mentoring with Supergirl, which works well. The story suffers from a bland villain who doesn't seem like he'd be a challenge for Batman, much less Batman and Supergirl.

Green Lantern #126: O'Neil and Staton ended last issue with an impending Qwardian invasion of Earth, and now...well, we get the Shark. Sure, it turns out the Qwardians are employing the Shark, but it seems unclear why they would need to do so. It seems like it's just stalling before the main event.

House of Mystery #278: The cover story by Jay Zilber and Rubeny goes out of its way to make the parents of a kid with the power to pull things (weapons mostly) from out of the TV the bad guys, when anyone would be sensibly worried about the kid. The other two stories have sort of dumb morals: truth-telling isn't always good, and old people can be bad, too!


Legion of Super-Heroes #261:
Conway and Estrada complete this LSH undercover circus mystery. Doesn't seem like it really warranted a two-parter. The basic idea was good, but the story is lacking.

New Adventures of Superboy #3: A nerd jealous of Superboy and Clark Kent, uses a device to project back his mental energy to make himself cool in the past. What's interesting about this one to me is that it clearly sets the present of Metropolis in "winter 70-80," with this story in Clark's high school years prior.

Sgt. Rock #338: Rock and the boys from Easy try to take a few days R&R at a ski lodge, only to be menaced by ski Nazis. We get the almost obligatory, semi-honorable German commander, though that doesn't mean he makes it out alive. There's more continuity than I remembered: Kanigher has this issue pick up directly after the events of last issue.

Super Friends #30: Grodd and Giganta are employing a ray to change humans into gorillas as a bid for world conquest. Fradon's art is charming as always.

Unexpected #196: The first there stories in this are nonsense, but Mike Barr and Vic Catan Jr. present a somewhat clever twist on the sell your soul to the Devil plot in a story about a doctor willing to do anything to stop a deadly, global pandemic.


Unknown Soldier #237:
A rabbi, a black guy, and the Unknown Soldier cross German lines dressed as the Magi. It's not a joke; it's a Bob Haney Christmas story! Like many war stories of this period, it tackles racism, but also has a extra bit of "all men are brothers" holiday oomph to it. It's silly in ways, I guess, but one of my favorite war stories since I started this project. The second feature is pretty good too. I liked the art by Tenny Henson.

Warlord #31: I talked about this issue here.

Weird Western Tales #65: An anti-war story is unexpected in a Western book, but it works reasonably well. Conway's story also picks up right after Scalphunter bids farewell to Bat Lash following their team-up last issue.

This month, we also had two digest books: Best of DC #4 was a quartet of Rudolph the Red-Nosed Reindeer stories (who knew DC had so many?), and  DC Special Blue Ribbon Digest #1, which featured four reprints staring the Legion of Super-Heroes.

Review & Commentary On an English translation of the Free Hyboria Gazetteer By Omnibius Translated By Colin Wilson For Mystara

Swords & Stitchery - Wed, 03/24/2021 - 06:38
 "Hyboria, in Northern Brun is one of the least known areas of Mystara and there is very little information available in more-or-less official accessories or on the web.  The Hyboria Gazetteer By Omnibius covers the vast stretch of icy Sword & Sorcery wasteland & its environs. "Sometimes one finds Sword & Sorcery goodness in some most unexpected places. Case in point tonight we stumbled upon a Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Doctor Who: Stranded from Big Finish Wins the Best Drama Audie

Blogtor Who - Tue, 03/23/2021 - 23:00

The first volume of Doctor Who: Stranded has won the Best Audio Drama award at the Audie Awards 2021 Overnight in the United States there was some very good news for fans of Doctor Who and good audio drama. At a virtual ceremony, Big Finish’s Doctor Who: Stranded 1 was announced as 2020’s Best Audio Drama […]

The post Doctor Who: Stranded from Big Finish Wins the Best Drama Audie appeared first on Blogtor Who.

Categories: Doctor Who Feeds

When contractors attack: two years in jail for vengeful IT admin

Malwarebytes - Tue, 03/23/2021 - 20:26

An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in prison.

What happened?

Deepanshu Kher was helping a client to transition to a Microsoft Office 365 environment. But apparently the client company was so displeased with Kher’s performance that they complained about it to the consultancy company that despatched him. As a consequence, Kher got laid off and went back to India.

Some two months later, once he was outside of the US, Kher decided to infiltrate the California firm’s servers and deleted over 80% of employee Microsoft Office 365 accounts.

The aftermath

As employees were suddenly unable to access emails, contacts, calendars, stored documents, as well as Microsoft’s Virtual Teams remote management platform, they were unable to do their jobs. It took the company two days to get back in full swing. But all kinds of IT-related issues persisted for three more months after the cyberattack.

The arrest

The company informed the FBI about the incident and it wasn’t all that hard to figure out who the culprit was. Unaware of the outstanding warrant for his arrest, Kher was arrested while flying from India to the US. US District Court Judge Marilyn Huff charged Kher with intentional damage to a protected computer, a crime which can lead to up to 10 years in prison and a $250,000 fine.

Insider threat

The CERT Definition of an insider threat is:

 “Insider Threat – the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”

Kher did have credentialed access to the network and the Office 365 environment as part of his job, and he certainly acted in a way that negatively affected the company. So we see this as an insider threat, even though he was no longer working for the victim.

Controlling insider incidents

While cybersecurity education and awareness are initiatives that every organization must invest in, there are times when these are simply not enough. Such initiatives may decrease the likelihood of accidental insider incidents, but not for negligence-based incidents, professional insiders, or other sophisticated attack campaigns. Organizations must implement controls and use software to minimize insider threat incidents.

The controls

Controls keep an organization’s system, network, and assets safe. They also minimize the risk of insider threats. Below are some controls organizations may want to consider adopting:

  • Block harmful activity. This includes preventing access to particular websites, or stopping employees from downloading and installing certain programs.
  • “Allow list” applications so that everything is blocked until and unless it is specifically allowed. This includes the file types of email attachments employees can open.
  • Use the principle of least privilege and give employee accounts the access they need, and nothing more.
  • Apply the same principle to data access, so data is only available to people whose job requires it—organizations should focus on this, too, when it comes to their telework or remote workers.
  • Put flags on old credentials. Former employees may attempt to use the credentials they used when they were still employed.
  • Create an employee termination process.

The last two points in particular could have helped prevent this incident. Both the consultancy company, and the victim, could have looked at this, or taken steps when they realised that Kher was unhappy about being laid off. But often when two entities are supposed to do something, they expect the other to do it. With the end result that neither did.

Worst case scenario

This was not a worst-case scenario. The contractor had access to one specific, albeit vital, part of the organization. I’m sure you can imagine someone in your organization that can do a lot more harm than that if they wanted to. Remember that when your roads part in the future. If they no longer work for you, they should not have access to your network.

Stay safe, everyone!

The post When contractors attack: two years in jail for vengeful IT admin appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The human impact of a Royal Mail phishing scam

Malwarebytes - Tue, 03/23/2021 - 18:34

Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for phishers. It’s pretty much everywhere at this point. Even one of my relatives with a semi-mystical ability to never experience a scam ever, received a fake SMS at the weekend.

The problem with common attacks is we grow complacent, or assume it isn’t really a big deal. Sadly, they’re always going to be a problem for someone. It doesn’t matter how tech-savvy you are, nothing is bulletproof. Anybody, including myself, can be caught out by a momentary lapse in concentration.

People who lose out to internet fakery often feel guilty, or assume that they messed up somehow. Nobody wants to be laughed at via internet shenanigans. I’d like to think most folks are sympathetic when people are brave enough to speak out.

“Surely people don’t fall for these things” is a well worn refrain. Sadly they do, and one such person spelt out the awful cost last Sunday. They had indeed received a bogus Royal Mail text, and entered their payment details into the phishing page. How bad could things get?

We’re about to find out.

Things have gotten: very bad

The victim was asked for a bogus £2.99 postage fee last Friday, having not seen the scam warnings circulating online. Below is an example of the scam that Malwarebytes Labs received:

The text of the Royal Mail scam

Royal Mail: Your package Has A £2.99 shipping Fee, to pay this now please visit www[dot]royalmail-shippingupdate[dot]com. Your package will be returned if fee is unpaid

In our last post about it, we pointed out that these scams work because with so much online ordering going on during this cardboard-laden pandemic, people aren’t 100% sure what’s due to arrive. And that means speculative messages about fake parcels have a good chance of success.

A similar thing happened here. If the target wasn’t due a birthday, the scam may not have worked on them. But the message will have gone to lots of people, and one of them, perhaps many, will have been expecting a delivery. As it was, they were expecting “a couple of packages” and so “thought nothing else of it”.

This is absolutely the key moment where the battle was already lost.

The scam asks recipients to pay a £2.99 GBP fee, but of course the scammers are after much more. To pay the fee, the victim has to enter their personal details, and credit card details.

Scammers get to work

The victim’s bank accounts were compromised very quickly, and the phishers wasting no time at all in going for gold. A day or so after they paid the bogus fee, the bank contacted the victim to let them know what had gone wrong. As it turns out, quite a lot:

  • Multiple direct debits (recurring billing) for mobile phone companies and technology stores
  • Transactions of £300 for the Argos store
  • Debit cards for banking cancelled, with new ones issued as replacements
  • Brand new sort code / account numbers for her bank account, as those had been given to the phishers too

This is really bad news for the victim, and a massive inconvenience. Don’t forget the pandemic impact here, either. At a time when the ideal option is cashless / card payments only, this person now has no cards and no easy way to withdraw money either.

If this had been where it ended, that would be bad enough. However, things were sadly about to get worse.

Phished by phone

The bank phoned the victim asking them to transfer their money into their “replacement” account. I’m sure you can already see where this is going wrong. No bank is going to cold call a scam victim, and also ask them to start transferring money. Why can’t the bank do it?

The answer, unfortunately, is that the bank can do it. This cold caller was a scammer armed with details gathered from the scam page a day or so prior. The follow up strike gave the individual, who was already reeling from rapidly losing lots of money, no time to regain some balance or get their game face on. If this call had come a week or so after the initial phish, the next few paragraphs would possibly look quite different.

From bad to worse

Good news: the victim asked the person on the call to verify their bank credentials. Bad news: they forgot the phisher already had access to everything in their account. As a result, they listed account balances and other information to keep everything nice and convincing.

Two smaller transactions were sent to the “new” account, at which point the victim realised they were being scammed all over again. Every penny they had to their name was gone.

Having wool pulled over your eyes once is bad enough. To then hand over cash to the scammers by telephone is the icing on a very bitter cake. So-called safe account scams are quite the pain, and this is what caught them out second time around.

A simple phish, a massive problem

There is no real happy ending to this tale currently, outside some reassurance the victim will probably get most or all of their money back. Consider that this person’s nightmare scenario began with a simple, believable, SMS message claiming a package was being held.

A few keystrokes, some brief personal information entered on a phishing site with Royal Mail branding, and they’ve been plunged into a situation which could take weeks or more to resolve. All that stress, in the middle of the never-ending pandemic. It’s an awful story, and a chilling insight into how much is at stake every single time a throwaway phish lands in your mailbox or SMS tray.

We wish Emmeline all the best in recovering her money and commend her for her courage in coming forward and showing the true cost of these scams.

The post The human impact of a Royal Mail phishing scam appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to Remove the Beginning Rows of Crochet – Moogly Live March 23, 2021

Moogly - Tue, 03/23/2021 - 15:15

Have you ever gotten well into a crochet project, and realize the first few rows have got to go? Don’t start over – I’ve got a hack for that! In today’s lives, get the latest Moogly news on Facebook, and then join me on YouTube for a live demo of how to remove the beginning...

Read More

The post How to Remove the Beginning Rows of Crochet – Moogly Live March 23, 2021 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Top Comments – Pages 1487 – 1488

Looking For Group - Tue, 03/23/2021 - 14:43

Tuesday, YOU are the star! We curate our favourite comments from the previous week’s comments on lfg.co and Facebook and remind you how clever you are. Here are your top comments for Looking For Group pages 1487 – 1488 Looking […]

The post Top Comments – Pages 1487 – 1488 appeared first on Looking For Group.

Categories: Web Comics

How to Improve Your D&D Game by Posing Difficult Dilemmas

DM David - Tue, 03/23/2021 - 11:14

As a game master, my favorite moments during session come when I sit idle as the players’ debate the tough choices open to their characters. Each option balances hope with a price. All the options lead to consequences that will spin the game in a different direction. Watching these discussions, I know the game world has come alive. No one tries to metagame what they’re supposed to do. Later, when those same players wonder what might have happened if they had chosen the other path, I bask in that moment.

If players just wanted to follow a story, they could have read a book. In role-playing games, much of the players’ fun comes from making choices and then experiencing the consequences as the game spins into a new direction. A hard choice lets players reveal their characters, reminds players that they control their characters’ fates, and turns the game world into a vibrant place that reacts and changes.

Occasionally tough choices spring naturally from the twists of your game, but you can plan your game to pose more dilemmas for players.

What makes a good dilemma?

Dilemmas have consequences

Much of the fun of making game choices comes from seeing the effects. If the adventurers get a call for help from a fishing town threatened by raiders, the hard choice comes when they learn of a far more lucrative job: The cunning Lady Redblade wants a magical curiosity retrieved before her rivals can snatch it. When the curiosity proves to be a dangerous artifact, the hard choice comes when the players must decide whether to hand it over. Every GM can tell such choices matter, but the consequences must ripple into the game. If the players spurn the town, it burns (even if you prepared for a rescue session). If the players betray Lady Redblade, she treats them as enemies (even if your plot assumed she would remain an ally). If players seldom see their actions lead to repercussions, they learn that their actions hardly matter.

Still, consequences don’t make a good game. If you put a dracolich behind door number 1 and a pile of +5 swords behind door 2, you just offered a choice with consequences. But your players will still drop out of your crummy game.

Dilemmas require information

If you play Dungeons & Dragons long enough, you hear of a Monty Haul dungeon master who loads treasure on players. The name comes from the Monty Hall, host of a game show called Let’s Make a Deal. He handed out so much treasure that every bumblebee and Raggedy Ann left his studio with a vorpal sword. Sometimes, Monty offered contestants a choice of whatever lay behind three doors that concealed prizes ranging from a toilet plunger to a Chrysler Cordoba. Guess a door makes a dull decision, but Monty’s game entertained by creating dilemmas.

After a contestant picked door 1, but before revealing its prize, Monty would pull out wad of cash and count off bills that he offered in exchange for the unseen prize. Now players faced a dilemma.

Interesting choices start with information.

If the players must decide whether to travel the low road or the high road, the choice only merits a coin flip. But suppose on the low road, the hag Auntie Boil always demands some small, wicked deed of those who travel her swamp. On the high road, frost giants guard an icy pass, but one may owe the thief a favor. Now the choice becomes interesting. Players can expect their choice to take the adventure on a different spin.

Menus of choices like these let players reveal their characters or steer the game toward their own preferences. I like offering such options near the end of each game session so I can prepare for the road ahead.

Dilemmas defy correct answers

Sorry Monty, but choices with one right answer don’t count as dilemmas.

Such choices might serve as puzzles. Suppose the PCs want to pursue the Dread Baron, but wonder whether to follow the low road or the high road. If they see he left his fur boots in his tower or if they find an invitation from Auntie Boil tied to a bird in the rookery, then they know which road to take.

Puzzles like this enhance your game, especially if you occasionally allow the players to miss the clues. Virtually every adventure spins clues and other leads into the threads that draw players along. But such clear answers only offer a choice between continuing the adventure or dropping out. If players know which road to take, they gain no sense of freedom.

In a dilemma, every option brings a price

In the choice between the high road and the low road, each option brings a price: The high road means calling a giant’s dept and hoping a he will honor it; the low road requires some wicked deed.

“To craft a good dilemma,” Wolfgang Baur advises, “Don’t give the players any good options.” (See “Dungeoncraft – Temptations and Dilemmas” in Dungeon issue 148.)

Clever players may still find good options—players relish the chance to crack an unsolvable problem, but you don’t need to hand them a solution. And definitely don’t hand them a fight. Usually, a good dilemma puts PCs between forces too strong for an assault. If you make Auntie Boil or those giants look like a problem that just needs a few smacks with a warhammer, you created skirmish rather than a dilemma.

Creating dilemmas

The limits of loyalty and time can easily create dilemmas for players.

As player characters gain in renown, powerful non-player characters will begin to request or demand their loyalty. If Lady Redblade and the Master of Eyes both want the players to retrieve the same magical curiosity, then the players choose more than an ally—they choose an enemy.

The limit of time can create many torturous dilemmas. The players must understand that accepting Lady Redblade’s job means risking that besieged town.

We DMs tend to offer quests with no particular urgency. This spares us from having to rework a mission because the game world moved on. The fishing town perpetually waits on the verge of doom until the players arrive to save it.

Sometimes though, time must force the players to choose which fires to fight. This does more than test the players. Such dilemmas make the game world seem like a dynamic place that moves and changes even when the PCs turn away.

Let’s Make a Deal

Suppose you know that the paladin in the party would never spurn the townsfolk for Lady Redblade’s bounty. Now you can play Let’s Make a Deal. The heart of Monty’s game came when he started counting off the hundred-dollar bills that he would exchange for whatever prize lay behind door number 3.

For the paladin’s help, the Lady can offer that magic sword he covets. “So armed, imagine the good you could do.” If she offers to send her own men to aid the town, will the party take her job? After closing a deal, what happens when the party learns that the man assigned to rescue the town is corrupt and possibly incompetent? Do you betray the Lady and your word, or do your leave the townsfolk to their uncertain fate?

Let players feel powerful sometimes

Don’t turn every decision into test of the characters’ limits. A few tough choices add to the game, but people also play to feel powerful enough to sweep away trouble with an stroke of the blade and a fireball. Read the mood of your players.

Still, even if you work to put players in dilemmas, hard choices can be hard to create. That’s what makes them so delicious.

Related: Strong Moral Dilemmas in D&D and the Unwanted Kind that Keeps Appearing
Dungeons Masters Can Make Fake Choices for Players, But Should You?

Categories: Tabletop Gaming Blogs

Some Stray OSR Sword & Sorcery Thoughts on - The Bundle of Holding Astonishing Swordsmen & Sorcerers of Hyperborea rpg

Swords & Stitchery - Tue, 03/23/2021 - 06:21
 So its Saint Jude's & its kids so its pretty much an automatic purchase  for me as a DM from New England right?! Yes I own all of the pdf's already & yes there's been quite a fewAstonishing Swordsmen & Sorcerers of Hyperborea  game sessions that have been run over the years at my table top its Saint Jude's so into the cart this goes.  So is AS&SH still worth getting after all this time?! Even Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Safe Connections Act could help domestic abuse survivors take control of their digital lives

Malwarebytes - Mon, 03/22/2021 - 23:30

A bill introduced in the US Senate could help domestic abuse and sex trafficking survivors—including those tracked by stalkerware-type applications—regain digital independence through swift, shared phone plan termination and the extension of mobile phone plan subsidies.

Titled the Safe Connections Act, the bill targets the significant problem of shared mobile phone contracts between abuse survivors and their abusers. For survivors in these situations, a shared mobile phone plan could reveal who the survivor has called and when. Shared mobile phone plans also complicate matters for survivors who hope to physically escape their abusers, as abusers could report phones owned in their name as stolen, weaponizing law enforcement to locate a survivor.

Democratic US Senator Brian Schatz, who is one of the sponsors of the bill, said that he hopes the Safe Connections Act will give control back to survivors.

“Giving domestic violence abusers control over their victims’ cell phones is a terrifying reality for many survivors,” Schatz said in a press release. “Right now there is no easy way out for these victims – they’re trapped in by contracts and hefty fees. Our bill helps survivors get out of these shared plans and tries to find more ways to help victims stay connected with their families and support networks.”

Importantly, the bill would also extend easier access to government-subsidized mobile phone programs, which means that survivors being tracked through stalkerware-type applications could more easily toss their compromised device and start anew.

What does the Safe Connections Act do?

The Safe Connections Act—which you can read in full here—was introduced earlier this year by a bipartisan slate of US Senators, including Sens. Schatz of Hawaii, Deb Fischer of Nebraska, Richard Blumenthal of Connecticut, Rick Scott of Florida, and Jacky Rosen of Nevada.

The bill has three core components to aid “survivors,” which the bill defines as anyone over the age of 18 who has suffered from domestic violence, dating violence, sexual assault, stalking, or sex trafficking.

First, if passed, the bill would place new requirements on mobile service providers—such as Verizon, AT&T, T-Mobile, and Mint Mobile—to more rapidly help survivors who request to remove either themselves or an abuser from a shared phone plan, whether the survivor is the primary account holder or not. Wireless phone companies will have to honor those requests within 48 hours, and in doing so, they cannot charge a penalty fee, increase plan rates, require a new phone contract under a separate line, require approval from the primary account holder if that account holder is not the survivor, or prevent the portability of the survivor’s phone number so long as that portability is technically feasible.

Also, in severing a shared phone contract, companies must also sever a contract for any children who are in the care of a survivor.

The bill specifies, though, that survivors who make these requests will have to show proof of an abuser’s behavior by submitting one of two categories of information. Survivors can submit “a copy of a signed affidavit” from licensed social workers, victim service providers, and medical and mental health care providers—including those in the military—or a survivor can submit a copy of a police report, statements provided by police to magistrates or judges, charging documents, and protective or restraining orders.

The second core component of the bill would require phone providers to hide any records of phone calls or text messages made to domestic violence hotlines. As the bill states, those providers must “omit from consumer-facing logs of calls or text messages any records of calls or text messages to covered hotlines, while maintaining internal records of those calls and messages.”

This provision would not come into effect until 18 months after the bill passes, and it would require the US Federal Communications Commission to create a database of those hotlines, providing updates every quarter. This section would also apply to providers of both wireless and wired phone services.

A possible stalkerware intersection

The third component of the Safe Connections Act could help survivors who are also facing the threat of stalkerware. The bill would enroll survivors who have severed their contract under the new powers of the bill into the government’s Lifeline phone assistance program “as quickly as feasible,” with a period of coverage in the program for a maximum of six months.

The Lifeline program, run by the FCC, attempts to provide subsidized phones and phone services to low-income communities. Extending program eligibility to survivors could help them physically escape their situations while offering them a quick opportunity to regain digital independence.

In fact, in Malwarebytes’ continued work to protect users from the threat of stalkerware, it has learned that many of those who suffer from stalkerware tracking often have to leave their cell phones behind and start with entirely new devices.

As Chris Cox, founder of Operation Safe Escape, told Malwarebytes Labs last year when discussing how to help survivors of domestic abuse who have encountered stalkerware on their devices:

“What we always advise, consistently, if an abuser ever had access to the device, leave it behind. Never touch it. Get a burner,” Cox said, using the term “burner” to refer to a prepaid phone, purchased with cash. “You have to assume the device and the accounts are compromised.”

With access to the Lifeline program, that purchase of a new device could become more feasible.

Unfortunately, the benefits of the Lifeline program must be looked at comprehensively. Last year, Malwarebytes Labs discovered that two Android devices offered through the Lifeline program actually came with pre-installed malware. The devices are no longer available through Assurance Wireless, which was the supplier contracted with the Lifeline program, but the broader point remains: No one should have to suffer lowered cybersecurity because of their income. With the Safe Connections Act, we hope that the Lifeline program’s unfortunate mishap does not repeat, harming even more communities.

The post Safe Connections Act could help domestic abuse survivors take control of their digital lives appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to enable Facebook’s hardware key authentication for iOS and Android

Malwarebytes - Mon, 03/22/2021 - 21:33

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push notifications (which are also vulnerable to phishing).

Two-factor authentication (2FA)

2FA is the least complex version of multi-factor authorization (MFA) and was invented to add an extra layer of security to the—now considered old-fashioned and insecure—simple login procedure of using a username and password. By definition, 2FA depends on two different methods of identifying a user.

Authentication factors are commonly divided into three groups:

  • Something you know, such as a password.
  • Something you have, such as a code sent by SMS, or a hardware key.
  • Something you are, such as your face or fingerprints.

Different 2FA schemes typically rely on users providing a password and one of the other factors. If you are an Android or iOS user, Facebook will now let you authenticate yourself with a password (something you know) and a hardware security key (something you have).

Hardware security keys

Hardware keys, also known as physical security keys, connect to your device via USB-A, USB-C, Lightning, NFC, or Bluetooth, and are portable enough to be carried on a keychain.

Most of them use an open authentication standard, called FIDO U2F. U2F enables internet users to securely access any number of online services with one single security key, with no drivers or client software needed. 

FIDO2 is the latest generation of the U2F protocol and it allows devices other than hardware keys, such as fingerprint sensors or laptops and phones with face recognition, to act as hardware keys.

How do security keys work?

You can use a hardware security key for as many accounts as you like. Once the key has been set up to work with a service, logging in is as simple as inserting the security key into your device (or wirelessly connecting it) and pressing a button on the key itself.

Behind the scenes, the security key is presented with a challenge by your web browser or app. It then cryptographically signs the challenge, verifying your identity.

Setting up Facebook for physical security keys

To add a physical security key as a 2FA factor for Facebook, open Facebook on your device and open the menu.

In the Menu click on Settings under Settings and Privacy.

You will see the Account Settings menu. Click on Security and Login under Security.

You will see the Security and Login menu. Click on Use two-factor authentication under Two-Factor Authentication.

In the Two-Factor Authentication menu select the Security Key option and click on Continue.

From there, follow the instructions that are device and key-specific to add your security key as an extra factor of authentication.

Privacy and security

Imagine all the information an attacker might find out about you if they should get hold of your Facebook credentials. It’s not just all your public, and private posts, but your Messenger conversations as well. The first thing a successful attacker will do is enable 2FA to lock you out. So get ahead in the game and enable it yourself. Any 2FA is better than none, but a security key is the most secure form of 2FA.

Stay safe, everyone!

The post How to enable Facebook’s hardware key authentication for iOS and Android appeared first on Malwarebytes Labs.

Categories: Techie Feeds

'The Harvest Begins' - Elves, Stormbringer, & The OSR God Cycles

Swords & Stitchery - Mon, 03/22/2021 - 18:52
 Sometimes one has to wait for a Kickstarter to end then wait a month for the supplement to get published to really access the full weight of its impact on the market place. Not so with the classics & in this case Frank Mentzer's Immortals box set has been playing with my mind. And here's the line that's been doing it;"The Player's Guide to Immortals lays out the basic information needed to Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

KnitCrate Unboxing and Giveaway

Moogly - Mon, 03/22/2021 - 15:00

The KnitCrate Quick-to-Stitch Knit and Crochet Club is a fun way to get a yarny surprise in your mailbox every month! Watch my live unboxing, learn more, and enter to win one on Moogly! Disclaimer: This post was sponsored by KnitCrate and includes affiliate links; all opinions are my own. What is the KnitCrate Quick-To-Stitch...

Read More

The post KnitCrate Unboxing and Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

2
Categories: Crochet Life

[BLOG] Great Tables of D&D History

Beyond Fomalhaut - Mon, 03/22/2021 - 14:10

...very pleased to meet youThe random element in D&D gameplay is one of the great, underappreciated design features of role-playing games. We rarely question its presence, and only notice it when it is absent from a particularly contrarian ruleset. Things could have gone differently: if RPGs had emerged from experimental theatre, randomness would presumably play a much lesser, even marginal role. But random chance in game, character generation, and game prep, is at the heart of the role-playing experience, responsible for a lot of its variety and unpredictability. “Roll a saving throw against poison” is one of the tense moments in any adventure – for a moment, the whole world stops as the fate of adventurers hangs in the balance, and great things are decided by the roll of a 20-sider.
Random and semi-random methods have added a curious layer of chance to running the game as well. The GM runs the game, but even with a pre-written adventure, he does not know exactly what game he will be running. What if the players blow a few crucial rolls and they cannot get through a particular locked door? What if the bad guys roll terribly, and a dangerous foe goes down in a few rounds of desperate melee? What if a random encounter is taken as a major clue, derailing the course of the campaign? These factors, even beyond player decisions, make sure we are kept guessing – and hopefully at the edge of the seat.
And of course, random generation is useful in preparing adventures, from the general framework to the room- or encounter-level descriptions. Random tables – used intelligently – take our mind where it would not go without prodding. What the computer people call “procedural generation” can determine a lot of incidental detail in a lot of CRPGs beyond the basic RNG – going all the way to the construction of random landscapes and political systems. But computers have not been given an imagination yet: they work fast, but they can only regurgitate and combine; they cannot truly create and interpret. And so, tabletop gaming’s random tables remain wedded to a combination of random rolls and the human personality. Your take on “ruined tower, giant snails, archives” will be different from mine, and from one random “seed”, we would build radically different worlds.
Of course, not all tables are created equal. We may try a lot, but we will gravitate to a few which are particularly useful.Some are plain better, more useful than others. This is why I present here my personal list of favourites, all of which I have used extensively due to their usefulness and longevity. No distinction is made here on the basis of age, nor official or unofficial status: tables are a meritocracy. However, there is no order to the choices in this final selection: all are great in their own way, and to rank them further would not be useful. So!
* * *
The Concept Generator: The Locations (Overview) Table (Tome of Adventure Design)

It would take long to sing the praises of the great ToAD, this modern classic of utility products, so let it suffice that its over 300 pages of tables is an inexhaustible mine of what the author, Matt Finch calls “deep creativity” – half-formed idea fragments which emerge into full-blown game material. Like Charles Foster Kane’s Xanadu, its treasures are endless. Someone in the middle, there is a four-page 1d100 table for the generation of random thrones. There is enough in that table alone to create and stock The Dungeon of Thrones, if you wanted to. That’s the kind of book the ToAD is. But there, among the tables for “complex architectural tricks”, “corpse malformations”, “religious processions and ceremonies”, and “mist creatures” – which I am sometimes using – there are some that come up all the time (such as a table collection for generating individual-, item-, location-, and event-based missions), and one that is beyond useful. And this is actually the first table in the book: the “Locations (Overview)” table.

The Locations Overview Table

This is a four-column 1d100 table to create basic concepts for major locations (there is one for dungeon complexes, dungeon rooms, and strange features, of course – the book scales down nicely). It could work as a module title generator, of the “Adjective Noun of the Adjective Noun” variety. I have been using this particular table since its original appearance in Mythmere's Adventure Design Deskbook, vol. 1., and found it a great companion for coming up with the initial building block of future adventures, or just interesting places to scatter in a campaign world. Consider these examples:
  • Moaning Chapterhouse of the Bat-Sorcerer
  • Collapsing Edifice of the Many-Legged Burrower
  • Dilapidated Castle of the Bitter Apparition
  • Aerial Cliffs of the Hyena-Keeper
I am not saying every one of these results does something for me right now, but three or four rolls almost always provide a basic framework to build on. I can imagine the Moaning Chapterhouse of the Bat-Sorcerer as a place in a campaign inspired by Clark Ashton Smith’s Hyperborea stories, and the Dilapidated Castle as a locale in a chivalric high fantasy/fairy tale setting. The other two, as the average result tends to be, is weird fantasy; the Aerial Cliffs are great, while the Collapsing Edifice just gives me “centipede monster lair”, and that’s not much added value. The other three, I could use. Sometimes, I take a folded paper sheet, and fill one page with random idea seeds that seem to fit my current mood, then build an adventure around them (The Singing Cavernsfrom Echoes #01 was partially built with this method).
Of course, there is something about this table I have not noted yet: it is not just one table. It is followed by another identical d100 table with different keywords (Sinister Grotto of the Howling Wolves… OK, this is not much – but how about Fossilised Pagoda of the Mist-Pirates, the greatest wuxia OSR adventure never written?), and a two-column table that uses the “purpose approach” for truly weird but sometimes quite cool results (Skin Altar, Time-Well, Spider Separator [?], Perfume Pools [that’s a winner]). That’s a lot of stuff to work with. You could fill a mini-setting with adventures based solely on these tables, because why not.
* * *
Muddle's Generator

The Wilderness Workhorse: Muddle’s Wilderness Location Generator

Yes, this is an internet tool, and you can try it for free, so go ahead. The ToAD, exhausting as it is, is not much focused on wilderness play, and its tables in this section are cool but just not as varied as the dungeon chapter. Muddle’s wilderness table is a good alternative. It combines nouns and adjectives into a list of 50 locations for your wilderness adventure. A lot of these results will be irrelevant to your current project, but you can check these and delete them, then replace them with a new batch of entries, repeat until you have the precise 50-entry roster you need. Here are the first few from the selection I got this time:

  • Deep Hills of the Elder Piller (sic)
  • Mausoleum of Adamantite Drows
  • Dreary Treasury
  • Inner Tomb
  • Skeletonelder Hole
  • Slimefist Tower

A lot need to be weeded out (I have developed a soft spot for Awful Peak, it is staying), and the vocabulary is much more limited than Mythmere’s thesaury(Sorry! Sorry!), but it is quick, cheap, and often does its job. You can use it to build. Deep Hills of the Elder Pillar sounds like the place where people possess a lot of good ol’ folksy wisdom, much of it involving goat sacrifice and non-euclidean things, Dreary Treasury is a place offering an interesting internal contradiction, and Inner Tomb either lies deeper in the wilderness, or it is a tomb with a hidden sub-section. And we have a cultist hideout at the end, I believe.

But that’s not all! Muddle’s set also has a dungeon room generator that’s almost as decent,  and you can force it to select by theme. The other tools are less useful, although the deity generator might make Petty Gods a run for its money (Grundermir Ratvoid, Dread Fiend of Bad Breath; Malumdrim Biscuitfinger, Queen of Ants; Asheeltrym Grumblespoons, Lord of Bannanas (sic); Mulelroun, Godess of Apples; and Grelderthul the Beautiful, Queen of Aggression is certainly a pantheon).

* * *

The Implied Setting: Outdoor Random Monster Encounter Tables (AD&D Dungeon Masters Guide)

In the book that has everything, everyone will find something. Gary’s magnum opus is less methodical guidebook than an occult tome that teaches you, the fledgling DUNGEON MASTER, that horizons are infinite, and the true scope of the reaches far beyond a few narrow possibilities. Last evening, we looked up its advice on underwater combat after two characters fell into a deep pool inhabited by a water spider, and I am sure the “how much damage will I take in my armour type if I transform into a specific lycanthrope type” table has been useful to someone, somewhere – at least once in history.

When the DMG’s readers are asked which is the most important section in there, the teenage munchkin will say “Of course it is the magic items table! Here, have a vorpal mace and two Wands of Orcus!”. The journeyman will point to the dungeon dressing appendix – it is useful indeed – and the old-schooler will at once point to Appendix N for its listing of AD&D’s thematic roots, which we all know is better than the stupid dreck everyone else is reading. The connoisseur of obscure gems will note the “Abbreviated Monster Manual” from Appendix E. Bad people who need to be put on a watchlist will cite “the Zowie Slot Variant”. These are not bad answers, but for my pick, I would go with Appendix C, AD&D’s outdoor encounter system.

You encounter 2d6 Catoblepas

Random dungeon dressing and treasure tables help you fill your rooms, and Appendix N will help you develop a refined taste in genre literature; Appendix C gives you the most practical tool for AD&D’s implied frontier setting. We can appreciate the points of light concept because it gives us our points of light in the practical sense – not as aesthetic, but also as practical procedure. Random encounters, particularly when also used to populate wilderness areas, as in a hex-crawl, give you the gameplay texture to make expeditions in the outdoors varied, fun, and very hazardous. That is, they give you the everyday reality of travelling between two points on the landscape. Here is an expedition of six encounters moving between two cities separated by plains, then hills, a stretch of forest, more hills, marsh, then plains again, assuming one encounter occurring on each stretch:

  • Plains: Men, nomads (150), with 13 levelled Fighters between 3rd and 6th level, a 8th level Fighter leader with a 6thlevel subcommander, 12 guards of 2nd level, plus two lesser Clerics and a lesser Magic-User. Assuming the nomads do not force you back in town, or just take you as captives, we can move on to…
  • Hills: Elves (140), with 10 levelled Fighters of 2nd or 3rdlevel, 3 Magic-Users of 1st or 2nd level, and 4 multi-classed elves (4/5 level, plus a 4/8 leader). Let us not consider the giant eagles in their lair – the elves are bros, anyway. We share lembas and move on.
  • Forest: 2 Giant weasels, which are 3 HD creatures. Luck was with us, unless the encounter occurs by surprise, since giant weasels suck blood at a rate of 2d6 Hp/round. They have no treasure, but their pelts are worth 1d6*1000 gp, each enough to hire 100 porters for 10 to 60 months of work, or an army of 50 heavy footmen for the same time span!
  • Hills again: 16 Wolves, the basic unit of fantasy wildlife. They are 75% to be hungry when you meet them. Of course, they are hungry this time, too.
  • Marsh: this is a great place to meet a beholder, catoblepas, or other high-level monsters, but instead, we get Men, pilgrims (60), 9 Clerics of 2ndto 6th level, and a 8th level Cleric with a 3rdto 5th level assistant. There is 60% of 1d10 Fighters (random level, 1st to 8th), and 30% for a Magic-User of 6thto 9th level, but they are not here right now. Still, these badasses are travelling in the world’s most dangerous terrain type except mountains. Don’t screw with.
  • Plains again: 1 Huge spider, which is a good roll on 1d12, and fortunately, it is not the calf-sized 4+4 HD type, but the dog-sized 2+2 HD type. The only downside is that they surprise 5:6, which is a bad value, considering their poison is deadly.

Just a random encounter, bro!

After this trip, you start to appreciate those sexy harlot encounters in the city (and hope if it comes to worse, it is 8th to 11th level Thieves out for your purse, and not a Weretiger or a Goodwife out for your blood), and you start understanding why those points of light remain points, not larger blots, or why those pilgrims travel in groups of 10-100. It also puts your mind into a different frame than level-balanced games with random monsters numbering in the 1d4 or 1d8 range. You can’t fight all those roving death armies, and besides, it does not pay (weasel pelts excepting). You learn to scout, you learn to run, you learn to leave behind food to distract your pursuers (this scales up from rations to pack animals and fellow adventurers – as the great Grey Fox once shouted back to a companion stuck in a bad situation, “What ‘party’? The party is already over here!”), bribes of gold or good, old-fashioned bullshitting to tip over that reaction roll. You learn to grovel before that dragon, planning future revenge. You learn to plan an ambush to plunder that lair you just discovered, and carry away the best valuables. Welcome to the AD&D World Milieu!

* * * 

The Chad Sword & Sorcery Milieu: Ravaged Ruins (Wilderlands of High Fantasy / Ready Ref Sheets)

Wilderlands of Highly AwesomeSo you got to know Appendix C, and suddenly gained a new understanding of AD&D. You are on a different level. Here is where it gets stranger. From the OD&D era, Judges Guild’s Wilderlands setting presents a truly bottom-up sandbox setting of minimal detail and high weirdness – recognisably D&D fantasy, but more “Appendix N” and Frazetta than the comparative classicism of Greyhawkor Steading of the Hill Giant Chief. The “High” in Wilderlands of High Fantasy might stand for something else than “Tolkienesque” here, even though the setting also has a generous helping of Tolkien pastiche – right next to old-school Star Trek, classical mythology, pulp fantasy, and Dark Ages Europe/Near East mini-kingdoms. It is just general fantasy enough to kick you out of your comfort zone when it turns out the Invincible Overlord has captured a stray MIG fighter, or that the dungeons under Thunderhold, castle of the Dwarf King have half-buried railway tracks and a gateway to Venus on their fourth level. The described Wilderlands is filled with odd, short idea fragments and juxtapositions, a few throwaway lines like

  • “Villagers charged with a centuries old oath to the ‘King of the Lost-Lands’, maintain an eternal bonfire atop a crag to warn ships off the hidden reef.”
  • “In a well hidden crypt is a ring of Brathecol, one of the kings of old Altantis. (sic –  ‘Altanis’ vs. ‘Atlantis’ is one of the strange ambiguities of the setting)) A stone golem is  guardian of the crypt which appears as a monolithic block of limestone.”
  • “The crystallized skeleton of a dragon turtle is buried on the sandy beach. The skull houses a giant leech.”

However, there is also a procedural Wilderlands that lives in its weirdo random tables and guidelines, which were collected in the supremely fun Ready Ref Sheets, Volume I (no second volume was released, but the first one is a great look into OD&D, and remarkably easy to obtain). Here you can find rudimentary rules for taxation, trade and mining – but the most useful table is the self-explanatory Ravaged Ruins. This table generates wilderness locations to scatter across your hex maps, and let your players wonder about the fallen glories of past ages – something that already establishes one of the major themes of the Wilderlands. The table is relatively small, a simple two-pager with results drawn from archaeology... at least at first glance. It generates a basic ruin type, with nested sub-tables to determine the specific subtype – there are not that many results, but the number of combinations is at least decent. Supplemental columns also establish the condition of the ruins, their covering (definitely archaeological in sensibilities), state, and the monsters guarding the ruin. And it gets weird, as seen in these six rolls:

  • Statued fountain, found in a large crater, covered with vines, crumbled and decayed, protected by lycanthropes.
  • Bones, above ground and covered with slime, partially operational, no guardians. (What does partially operational mean in the case of a bone pile? Mediocre Judges will frown and reroll. Superior Judges will find an explanation. Perhaps this is a bone mine of extinct creatures, still excavated by locals as trade goods or building material? What of the slimes?)
  • Sea-horse carriage, partially sunken and buried in a thicket, dangerous operational, protected by insects.
  • Periscope inside cavern, covered in rocks, collapsed and tumbled, mechanical guardians. (Wait a minute! We are not in Middle Earth anymore, Bilbo!)
  • Man o’ War inside cavern, dangerous operational, protected by trap. (It has to be a fairly big cavern for that… and what if we roll it for a place far, far from a sea coast?)
  • Asphault (sic) road, partially covered in thickets, corroded & eroded, protected by giant types. (So this setting has old, overgrown, eroded asphalt roads.)

Ravaged Ruins


Something, even a random detail, becomes a theme through repetition and exploration: and this is the Wilderlands’: picking through the remnants of older ages, part Dark Ages, part Classical Antiquity, part fallen star-faring civilisation. Antigrav sleds, nuclear submarines and re-entry capsules lie wrecked in ancient ruins guarded by dragons and mechanical guardians next to crystallised skeletons and eroded old idols; the grand works of past cultures lie abandoned in dusty deserts and frozen tundra. There are rat chariots pyramidal palaces. What is this place? In a compact, two-page table, Wilderlands of High Fantasy speaks louder, and in a more game-relevant way, than a full supplement. Yes, this table can be exhausted through use, but by that time, you get the Wilderlands.
* * *
The Panic Button: The Table of Despair (Original D&D Discussion / Fight On!)

Not every great table is enormous, and this one is just a throwaway forum post by korgoth. However, The Table of Despair is a great gameplay innovation, and a high achievement of old-school design. It becomes useful when the characters don’t get the hell out of Dodge before the curtain falls; when someone is separated from the main party for longer than healthy, or when someone flees in blind panic. You roll on the table and weep, mortal. Those are not great odds – in fact, they are downright crummy odds – but this is Jakkalá, and they may in fact be the best odds you can get. All that for a fistful of káitars!

The Table of Dessssspair!

Aside from its chuckling evil glee, the table communicates the danger of the Underworld very clearly. The results are appropriate, and should be pronounced in a booming, hollow voice. It is not applicable to every campaign, and it is a bit repetitive, but it is a work of simple genius. I have included a milder variant in Castle Xyntillan (“The Table of Terror”), which is derived from Helvéczia’s “Through Branch and Bush”, but all of these trace their lineage back to korgoth’s now classic post.

* * * 

The Carousing Table

The Equation Changer: Party Like it’s 999 (Jeff’s Gameblog)

Curiously, very little of the definitive old-school gaming blog has seen print; Jeff Rients just wrote tons of material he gave away for free. And 2008 was a great year, even by the Gameblog’s standards. These carousing guidelinesare not radically new, since they build on older principles which go right back to Orgies, Inc. (The Dragon, 1977) and even Dave Arneson’s First Fantasy Campaign (Judges Guild, 1977), already in vogue by 2006-2007. But Jeff’s take is the iconic, recognised version; he was not there the earliest, but he was there the mostest. It is simple: at the start of every session, you can just throw away a bunch of gold pieces in wild parties, and earn the same amount in experience points. There is, also, a random table to add risk and complication to the downtime activity. The party may have just been looking for some good fun and easy XP, but a few bad rolls later...

  • Brother Otto wakes up with the hangover from hell, cramping his spellcasting.
  • Nick the Knife accidentally burned down the inn, and everyone in town knows.
  • Sir Wullam wakes up and finds himself with the symbol of the Brotherhood of the Purple Tentacle tattooed on his... oh no! Oh nooooooo!
  • Sorceric has a minor misunderstanding with the guards, and is hauled in for six days in the lockup.
The adventure has not even started yet... or has it just started?

At least this inn is not on fire, RIGHT, Nick?

The carousing rule inverts D&D’s core equation, the 1 gp = 1 XP rule. Here, you do not gain XP for treasure you find, you gain XP for treasure you spend. AD&D’s model – which, mind you, works great, although for different reasons – hoovers up excess gold from the campaign through training costs (most of my current Hoard of Delusion party is stuck at their current level, having the XP but not the gp for training), and introduces the strategic dilemma – do we spend it on advancement or other useful stuff? It is also quintessentially 80s action movie – our hero, experiencing hardship, goes to the gym or the old karate master to bulk up for the tougher challenges coming his way. The inverted model removes money through living it up through excessive partying. OD&D’s upkeep rule is a predecessor (1% of your current XP total per arbitrary time period), but Jeff’s carousing table turns it into a mini-game and a source of new mini-adventures. You can also see Ffahrd, the Grey Mouser or Conan doing this, more than them learning new moves under the watch of a wise old instructor. Of course, it is just a table of 20 entries, with a comical aesthetic. But it is a hell of a beginning. I have my own 64-result downtime complications table from the Helvéczia RPG: here are four results for late 17th century picaresque adventures:

  • One of Father Gérome Gantin’s noted enemies has vanished from town, and everyone is eyeing him suspiciously.
  • Bettina von Vilingen, the noted scoundrel, finds herself the elected mayor of a tiny podunk village.
  • Sebastiano Gianini, Bettina’s partner in crime, has indulged in sins better left unmentioned, and loses 3 Virtue.
  • Domenico Pessi, retired mercenary, survives a close encounter with Death, but to correct the mistake, the Grim Reaper is once more on Domenico’s trail...

* * *

The Dipper: The Monster Determination and Level of Monster Matrix (OD&D vol. 3)

For our final table, let us return to the roots: OD&D’s random monster chart. OD&D has often been called badly designed (and until its mid-2000s revival, it was mostly considered a historical footnote), but what it is is badly written, and barely if at all explained. The design itself, taken at face value instead of handwaved or second-guessed, is surprisingly tight – blow the dust off of the covers, and you find yourself something that hangs together quite well as a game. We have already mentioned AD&D’s wilderness encounter charts – here is a simple, elegant and universal matrix for running expeditions into the Mythic Underworld.

The Dipper

The matrix cross-references level depth – the basic measure of zone difficulty – with a 1d6 roll to select a random chart, followed by a roll on the chart itself. It is trivial, but it is quite different from modern random charts, which usually go for weighted results for every level. The matrix mixes up the results by occasionally introducing lower-level (more powerful) monster types to the first dungeon levels, or hordes of low-level types for the depths below. Dangerous monsters travel up from the depths, and weaker creatures band together to establish strongholds and outposts in the deeper reaches. Consider the following expedition, going down to Level 3 and back, with two encounters on the average each level (it is not stated, but usually implied that the number of creatures appearing will be worth one dice per baseline, adjusted upwards and downwards):

  • LVL 1: 6 Kobolds (LVL 1)
  • LVL 1: 3 Lizards (LVL 2)
  • LVL 2: 1 Hero (LVL 3, a 4th level Fighting Man)
  • LVL 2: 1 Manticore (LVL 5 – ooops!)
  • LVL 3: 2 Superheroes (LVL 5, 8th level Fighting Men)
  • LVL 3: 9 Gnolls (LVL 2)
  • LVL 2: 2 Ogres (LVL 4)
  • LVL 2: 3 Thaumaturgists (LVL 3, 5th level Magic-Users)
  • LVL 1: 2 Goblins (LVL 1)
  • LVL 1: 1 Swashbuckler (LVL 3, 5th level Fighting Man)

Although basically meant for on-the-run wandering monsters, this little chart comes into its own during stocking dungeons. Follow the general stocking procedure for rooms along with the room treasure charts on p. 7, and you will soon have something fairly serviceable for a starting effort. It is quick and a lot of fun. Of course, for established monster lairs, I would use a higher “No. Appearing” – perhaps not the 40-400 goblins of the outdoor charts, but at least 1d8*5 for a start – if it’s got treasure, it can defend it. You can also expand the monster listings, or “slot in” alternate subtables while preserving the master matrix. You could have one for mediaeval fantasy, desert tomb-raiding, undercities, or what have you.

The AD&D Matrix

Now, I am not 100% happy with this table – chalk it up to personal preference, or the benefit of hindsight. I do believe it goes too deep. Six levels of difficulty should be enough, for a neat 6×6 matrix. Second, it is weighted towards the more powerful encounters, dredging up deep horrors as soon as you enter Level 3. On Level 2, you are more likely to encounter Level 3 monsters (Wights, 4th and 5th level NPCs and Giant Snakes) than Level 2-ones; on Level 3, you will regularly meet Mummies, Wyverns, Hydrae and Balrogs. On the other hand, fun low-strength critters are phased out too soon – Orc, Skeletons, Bandits and the like disappear after Level 2. That is too steep for a good difficulty curve. In our LBB-only, reasonable by-the-book Morthimion campaign, I have adjusted things by using the Level 1 charts for the first two levels, Level 2 for the second two, and so on: that was more than enough for a modern OD&D game (i.e. one played casually, not obsessively every day, every week, as people would do in the 1970s). I also tended to bump treasure values up by one row for largely the same reasons.

E..excuse me, is this Level Two? I thought this was Level Two

All that said, the OD&D monster table is an excellent example of compact, elegant design. With a few alterations – cut it down to 6 levels, rebalance a little, increase encounter numbers for some monsters – it would be powerful even in our day and time. I would adjust it just slightly, but keep the “dipper” aspect. AD&D’s equivalent dungeon encounter chart (Appendix C) is certainly more balanced, but missing some of the cool chaos introduced by its predecessor. It is weighted a bit too much towards “slog” instead of “swing”. Somewhere between the two, I believe we could find the perfect monster encounter chart.

Categories: Tabletop Gaming Blogs

Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group

Malwarebytes - Mon, 03/22/2021 - 11:42

The PRODAFT Threat Intelligence Team has published a report (pdf) that gives an unusually clear look at the size and structure of organized cybercrime.

It uncovered a global cybercrime campaign that uses modern management methods, sophisticated tools—including its own malware testing sandbox—and has strong ties with the SolarWinds attack, the EvilCorp group, and some other well-known malware campaigns.

SilverFish uncovered

The research team managed to do a full investigation of one of the SilverFish group’s Command and Control (C2) servers, after detecting an online domain (databasegalore[.]com) from previously published Identifiers of Compromise (IOCs).

It was possible for researchers to create a unique fingerprint of one of the online servers by using multiple metrics, such as installed software. After 12 hours of global scans of the IP4 range, they identified more than 200 other hosts with a very similar setup.

According to the report this “enabled the PTI Team to access the management infrastructure” of the group and learn significant information about how the group worked, who it had attacked, and how.

Sophisticated organization

What the researchers found was a highly sophisticated group of cybercriminals targeting large corporations and public institutions worldwide, with a focus on the EU and the US. They named this organization the SilverFish group.

By linking together the C2 servers they found, and comparing them to known IOCs, the researchers were able to connect the SilverFish group to the infamous SolarWinds attacks.

A large subset of the servers the researchers identified were also used by the infamous EvilCorp group, which modified the TrickBot infrastructure for the purpose of a large-scale cyber espionage campaign.

Links to SolarWinds

The report describes a “significant overlap” between the 4,700 victims identified during the investigation and organizations affected by the SolarWinds attacks. A significant part of the large infrastructure was found to have strong connections with the SolarWinds IOCs shared by three different security companies. The conclusion being that these servers most likely took part in the SolarWinds campaign.

Links to Trickbot

By looking at the group’s tactics, techniques, and procedures (TTP), combined with the technical complexity of the SilverFish group’s attacks, PRODAFT was able to detect similar findings in the c2 server, command statistics, infection dates, targeted sectors and countries, tools used during the attacks, executed commands, and other information that was very similar to those used by TrickBot.

So, is this group related with TrickBot? Not likely, but the research shows that the SilverFish group is using a similar version of the TrickBot infrastructure and codebase. It also found evidence of WastedLocker malware and other TTPs that matched with both EvilCorp and SolarWinds.

Links to EvilCorp

EvilCorp is the name of a vast, international cybercrime network. The alleged leaders of this network are very high on the FBI’s wanted list. In 2019, US authorities filed charges against EvilCorp’s alleged leaders, Maksim Yakubets and Igor Turashev, accusing them of using malware to steal millions of dollars from groups, including schools and religious organizations, in over 40 countries. EvilCorp is held responsible for the development and distribution of the Dridex and WastedLocker malware.

Malwarebytes’ Threat Intel Team commented:

Prodaft also mentions ties with the WastedLocker ransomware thought to be operated by EvilCorp, likely from the Traffic Distribution System analysis. One of the hostnames in particular is related to the SocGholish social engineering toolkit and is used to fingerprint victims before distribution of the final payload.

Management

According to PRODAFT, the main dashboard of the SilverFish C2 control panel features a section named “Active Teams”. SilverFish uses a team-based workflow model and a triage system similar to modern project management applications. Each user can write comments about each victim. Based on these (mainly Russian) comments, the researchers gained a better understanding of the motivation of the group and the prioritization of the victims—operations were prioritized based on these comments.

A hierarchy was also found to be present in the comments on the C2 server, enabling management of different targets, assignment of these targets to different groups and triage of incoming victims.

Targets

The main areas of focus for the SilverFish group appear to be the US and Europe, with each region serviced by different teams. They also seem to primarily target critical infrastructure. Successfully compromised victims were found in nearly all critical infrastructures (as defined in the NIST Cyber Security Framework).

The SilverFish group predominantly targets critical entities like energy, defense, and government or Fortune 500 enterprises. Second, the researchers found comments in the C2 servers that indicate ignoring victims like universities, small companies, and other systems which they consider worthless.

Approximately half of the victims were found to be corporations which have a market value of more than $100 million USD, as per their public financial statements.

WordPress

In contrast to traditional attacks that use a domain name purchased via means of anonymous payments, SilverFish is using hacked domains for redirecting traffic to their C2 control panel.

To avoid disrupting the legitimate traffic of the hacked website, the SilverFish group creates new subdomains, which makes it almost impossible for a website owner to understand that their domain is being exploited in an attack. The frequency in which they change domains would imply that the SilverFish group has more than 1,000 already compromised websites, which are rotated almost every other day.

A significant number of these compromised websites were using WordPress. The report notes that while it is possible to buy login credentials from underground markets, “the amount of compromised websites with the same software shows us that the SilverFish group might also be leveraging 0-day or N-day exploits.” WordPress is, by far, the world’s most commonly used web Content Management System, and out-of-date installations and vulnerable plugins provide no shortage of targets.

Post-exploitation

Perhaps unsurprisingly, the SilverFish group was found to make extensive use of publicly available “red teaming” tools such as Empire, Cobalt Strike and Mimikatz, as well as Powershell, BAT, CSPROJ, JavaScript and HTA files used for enumeration and data exfiltration.

Executed Cobalt Strike beacons use domain fronting for communicating to the C2 server. Domain fronting obscures the eventual destination of HTTP traffic by relaying it from the server listed in the publicly-readable SNI portion of a request, to a different server listed in the private (encrypted) Host header.

The main goals of the SilverFish group are likely to be covert reconnaissance and data exfiltration. According to PRODAFT, the commands and scripts the SilverFish group use “strongly indicates sophistication and an advanced post-exploitation skillset”.

Remote sandboxing

The most astounding find the researchers uncovered was that the SilverFish group has designed an unprecedented malware detection sandbox, formed by actual enterprise victims, which enables the adversaries to test their malicious payloads on live systems with different enterprise AV and EDR solutions (enterprise systems can be hard for criminals to acquire).

Malwarebytes Threat Intel Team commented:

Machines are profiled and used as a testing ground, a sort of live antivirus testing platform featuring many different EDR products.

The SilverFish attackers were using this system to periodically test their malicious payloads on more than 6,000 victim devices, scripts, and implants. According to the report, the SilverFish group members appear to be tracking the detection rate of their payloads in real time.

Level of sophistication

PRODAFT says “we believe this case to be an important cornerstone in terms of understanding capabilities of organized threat actors”, and it is hard to disagree.

Although ransomware groups can be well organised, they are mostly engaged in noisy smash-and-grab raids. The SilverFish group is something different. According to PRODAFT it is an “organization that operates in an organized and disciplined manner in a hierarchical environment, one that is even highly compartmentalized,” that takes a “structured approach to covert cyber-espionage.”

Attribution

The Prodaft researchers refrain from attribution, but there are some strong pointers which can be found in their extensive report.

  • Russian comments and use of Russian slang words on the C2 servers.
  • Indications that the group is sparing countries that were part of the former USSR and still have strong ties with Russia.
  • The group is active during European work hours, with most of its activity recorded between 08:00 and 20:00 (UTC).
  • The attention to critical infrastructure, and major companies in the US and Europe.

Attribution is hard and sometimes the conclusion you come to is the one the threat-actors want you to reach. But if it walks like a duck and quacks like a duck….

The post Report goes “behind enemy lines” to reveal SilverFish cyber-espionage group appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Incandescent Grottos, Dungeons and Dragons adventure review

Ten Foot Pole - Mon, 03/22/2021 - 11:33
By Gavin Norman Necrotic Gnome OSE/BX Levels 1-2

A bubbling stream cascades into a hole in the earth, leading to a series of underground watercourses and scintillating grottoes. Adventurers who delve within may discover odd mosses and fungi, a ruined temple complex, and the lair of a crystal-eating dream dragon.

This 56 page adventure features a two level dungeon with about sixty rooms. Multiple factions and lair areas combine with some weirdo dungeon stuff (in the more traditional definition of weirdo dungeon stuff) to crate an excellent example of The Dungeon As A Weird Place To Go Down In To. A more sensible Operation Unfathomable, or something similar to the The Upper Caves in Fight On. The classic OD&D dungeon.

There’s an airy forest glade, wide and clear. A dream like atmosphere, where time seems to dawdle and a cheery stream running through the glade, bubbling over rocks. There’s a hole in the ground. The stream flows in to it, all misty waterfall style. There’s a pool at the bottom. There’s a rough cut set of stone steps going from the surface down to the pool. 

That, gentle readers, is a classic dungeon entrance. You get this idyllic little scene, with hints of otherworldliness, like the waterfall mist and the dawdling time. And then, the hole, with rough steps leading down. THE MYTHIC UNDERWORLD AWAITS. You know, as a player, that shit is about to get weird. Your heart beats a little faster. This is the waiting line to the ride at a Disney park. It sets you up for the experience to come. It’s done GREAT in this.

The map is a series of zones, on two levels. Different factions live in each zone. There’s some VTT maps, for this day and age. [As an aside, while I don’t VTT, I do appreciate it. It’s a recognition that a substantial number of people DO vtt, and they need/want a map suitable for the fog of war feature.] The map is clear, easy to read, has great details on it to help fire the DMs imagination. It’s keyed easily, has an underground river (!!! Always a staple of beginning dungeon!) Monsters are noted on the map. I like it. Glynn Seal is doing great work. I don’t know how the fuck they are pulling of the writing matching the cartography so well, but its working for me.

There’s a fine summary up front, a loot summary, a summary of the factions and what they think of each other. Wanderers doing something without them falling in to the gonzo end of the pool. The rooms use a boiled keyword format, with section heading following up on it. I think it works well, as I’ve said in the past. I might quibble with the monsters not being in the initial description but rather in large sections later on, but, maybe I just need to get used to it. There are extensive cross-references, so if the key says the monsters are heading toward the BLACK TOMB then it also tells you (#44) so you know where the fuck to have them going without having to dig for it. The rooms also have notes like what you can hear down a corridor to the next room, and so on. Nice. These sorts of details are present throughout, giving the DM exactly what they need to run it. 

A quick shout out to some of the art. The trogs herein are depicted as tall thin pot-bellied Gollum-types in hot pink. Reminiscent, in a good way, of the Kuo-toa. Other art has style that is reminiscent of … Adventure Time? I don’t know. I don’t know art. I probably just insulted someone. Anyway, it all fits in well with the MYTHIC WEIRDO (but not so weirdo as Operation Unfathomable) UNDERWORLD vibe. And, for the record, I fucking love OU.

There’s a degree of detail present in the rooms which is quite interesting. They are loaded with things to poke, prod, look at, touch, and interact with. Some of it is the classic interactivity that I’m looking for in an adventure (statues to twist, buttons to push, as the platonic examples) but others is just things to look under, in, read, and so on. The rooms are fucking loaded. A crystal grotto (lets fuck with/mine crystals!). Some of which are 2’ long, grey andkeening gently (weee special crystals to fuck with!) A sandy floor (eeek, whats under it!) with glowing purple moss BLANKETING the walls (note the word choice, blanketing, to evoke the imagery in the DM), a carved archway to the east of imposing stone (carvings? Of what?!) and a heavy stone fallen door to the west (with writing underneath it!) A spy fucking hole in the wall, with a metal grate. That is also crawling with bugs, spiders and centipedes. Oh, and then also the room has kobolds doing some shit. Like, what the fuck man, it’s like a magical fucking wonderland for the party! Even shitty book treasure like +! Arrows get a little detail, like “iridescent feather fletching”. Sweet! See, not hard at all to spice things up!

The rooms might be getting a bit long, but, whatever. THIS is what I want the baseline of our hobby to be. The fucking formatting and ease of use issues are essentially taken care of. The writing is evocative enough to be good. This then allows for concentration on the interactivity, the plot and that most elusive of all things, THE DESIGN. This should be the minimum acceptable baseline for our hobby.  Yeah, it’s pretty transparently the shit I continually harp about that they solved. And?

GnWell, Gnthe Gnomes Gnhave Gntheir Gnshit Gndown Gnpat Gnby Gnnow Gnit Gnseems. GnThree Gnreleases Gnand Gnall Gnthree Gnfiring Gnon Gnall Gncylinders. GnDare Gnit Gnbe Gnsaid Gnthat Gnthe GnUG Gnis Gna Gnpublisher Gnto Gnbe Gnrelied Gnupon? 

It’s $7.50 at DriveThru. The preview is nine pages long. You get to see several rooms, so you know what kind of encounters and writing and formatting to expect. Great preview.


https://www.drivethrurpg.com/product/348878/The-Incandescent-Grottoes?1892600

Categories: Tabletop Gaming Blogs

Re-post: The God Who Raises the Dead

Just Call Me Pastor - Mon, 03/22/2021 - 11:00

There’s an often-overlooked story in the Bible that moves me deeply. It’s in Luke 7:11-17. 

Jesus walks (according to what seems like a predetermined plan) from Capernaum toward a walled village called Nain, a distance of approximately 12 miles.

He is followed not only by his disciples but also by a large crowd of people. As he and the crowd approach Nain, coming out of a gate in the wall they meet a funeral procession.

A funeral at that time would comprise several sad elements: first a narrator who would speak of the good deeds of the deceased; then women assigned to chant and wail, attended by a flutist or two; then the funeral bier carried by friends and loved ones bearing the body of the deceased. All of these would be followed by family and a large number of grieving townspeople.  

As our Lord and his followers approach he sizes up the situation quickly. On the bier, he sees the body of a young man, an only son; following the bier, one lone woman, the mother who is obviously widowed. 

Luke tells us that “his heart went out to her.” Jesus then says to her: “Don’t cry.” I would love to have heard those caring words spoken by our Lord. Then stepping forward he touches the bier and the procession stops. To the lifeless body he says, “Young man, I say to you, get up.”

The people in both throngs are amazed as the young man sits up on the bier and begins to talk to those around him. Jesus tenderly restores him to his speechless mother.

The funeral procession breaks up. The professional mourners cease their wailing. The crowd is filled with awe, but when they gain their wits they begin to shout, “A great prophet has appeared among us!” And they add, “God has come to help his people!”

There is no indication that this miracle is performed to add to our Lord’s reputation or to enhance his popularity. This miracle is prompted by one thing — his instant compassion. Because of the remoteness of the town, the people may not have heard of Jesus, but they read the situation correctly. 

Here is a powerful picture of God Incarnate: tender-hearted toward the hurting, and at the same time with the power to raise the dead. We see in this episode of Jesus’ life that God wishes to enter our lives during every circumstance. Does he not deserve our fervent worship in return?

Image info: The Resurrection of the Widow’s Son at Nain (La résurrection du fils de la veuve de Naïm) – James Tissot, Public Domain.

Categories: Churchie Feeds

Sentinel Comics RPG Session 1: "Itsy Bitsy Spiderbots"

Sorcerer's Skull - Mon, 03/22/2021 - 11:00

Roll Call:

Action Jack: Man of Action--Man Out of Time!
Fibbit: Manic Pixie Extradimensional Dream Girl!
Infranaut: IR-Powered Celebrity Hero!
Il Masso: The Rock-Solid Hero of Little Italy!
Space Racer: Cosmic Speedster!

Supporting Characters: Zauber the Magnificent (flashback only)

Villains: Spiderbots (first appearance)

Synopsis: Individually, enjoying a day in Empire Park, our heroes are startled by an attacked of spider-shaped robots emerging from the sewers, which seem to be particularly targeting them. Our heroes destroy the robots, and join forces. During the melee, Fibbit catches gets images of a peculiar industrial building and a man dressed as a magician, who ages before her eyes. Space Racer had a flashback to a vague memory of a dead world, somehow displaced in time.

Action Jack recognizes Fibbit magician as Zauber the Magnificent, a magician and crime fighter from the war years.

Fibbit also warns the others that she also sensed a malevolent force in the direction of the spiderbots' origin--and it seemed to sense her back!

Pages

Subscribe to Furiously Eclectic People aggregator