Feed aggregator

Down to the Rails

The Splintered Realm - Sun, 06/06/2021 - 02:36


Here's Kindle, another elemental force that can be summoned by the little kid who can summon elementals. I am still working on his concept, but it's that he goes to activate his powers, and then one of the four elementals randomly shows up - there's a chance that he gets a partial Voltron (so two of the elemental forces merged into a meta-mental), and there's an even SMALLER chance he gets the Voltron mega-mental that merges all four. This is the flame elemental.

And speaking of burning things down... (my brother would call that a "Sean Mooney Segway")

In editing, I have realized that there are fragments and pieces and relics of older game editions that have persisted. There are sentences and phrases and entire paragraphs that were in the first superhero game I published in 2006, and which have survived to live again in each subsequent game. I've gone with the 'if it ain't broke don't fix it' approach. One good example is my section on adventure hooks; I wrote that for my first supers game, and while I've made edits and clean ups over time, the language and format is largely the same.

This edition is gutting it. I am not cutting and pasting a single phrase from any previous work. Even if I end up writing the same thing, I am literally sitting at the keyboard and re-typing it. I want to think about and make a conscious choice about every word that goes in. This means that some of the things in the most recent games I've published (for example, the half-page box I have distilled for character creation in Tales of the Splintered Realm) are not going to appear here - I'm making a decision about every design and layout choice, and I'm trying to rigorously avoid doing anything because I did it once before and liked how it turned out. This doesn't mean that I'm avoiding doing things that work; it just means that I'm going to make the best decision I can for THIS game right now, not borrow something from another game that works pretty well here too. 

Language Matters

The Splintered Realm - Sun, 06/06/2021 - 01:57
See what I did there? It's both a clever title (we are discussing matters of language) and suggesting that this discussion is of some import (since, you know, language actually MATTERS). Oh, the cleverness of me.
I digress.
I'm cleaning up language throughout... a while back, someone pointed out how often I used the word 'take'. At the time, I didn't think it was that big of a deal. I see it now. I cannot UNSEE it. Ouch. In addition to these sorts of editing clean-ups, there are some bigger issues around language - in fact, there's a pretty significant one I want to solve.
In the development of the game years ago, I shied away from the word 'powers' in describing your character's abilities, because I wanted to include normal skills in there too - sneak can be a skill you've learned or a superhuman power you've developed; it works the same either way. I don't want to label things as skills that are actually superhuman powers, but I don't want to suggest that the local cat burglar who has burglary and sneak somehow has superhuman powers that drive his petty thievery.
I settled on traits. Then, I settled on talents as the special things that you can do that are more narrow in scope, or which directly affect other things. Getting a +1 to ranged attacks from being a trained marksman is a talent; your basic ability to fire a weapon is a trait. The problem is that they are both words that start and end with t, so I'm always confusing the two as I write and think about it. They are both kind of general terms that could, theoretically, be interchanged. Your talents could be your traits, and your traits could be your talents, and nobody would be the wiser. I don't like that they are both such vague terms, and that they are so similar to each other. Thesaurus to the rescue! I can actually keep one - as long as the other one changes. Talent feels more narrow (I don't think of firing blasts of energy from my hands as a talent; talent implies something you learn to do, or a quirky thing you can do that nobody else can - both of those implied meanings align pretty nicely with the things that appear on the talents list). I also like talents because it is a FASERIP word, so I like keeping those whenever I can (which means I still need a place to bring PSYCHE into the game).
That leads us to the need to change talent. Here are some options:
Enhancement. This is a little clunky, but it works. You can have enhanced existing stuff (sneak, running) or enhanced new stuff (energy bolts and flight). The problem is that having an attribute like STR or DEX rated beyond 13 is also technically an enhancement. Other words like enhancement that have the same problem are things like upgrades, boons, endowments. Ugh. All of these are clunky. 
Advantage. I like this better. It implies something special you have that gives you an edge. It's got roots in other games. It still feels a little narrow, but it's better. I like that it has a positive connotation, while trait has a neutral connotation. These are things that help your character. Aptitude has a similar vibe to me - but it's also a little clunky. Edge also feels like it has the same issues. ("my character's edges are... sharp?")
Gifts. I like this even better. It has a positive connotation, it is pretty general, it's easy to remember, and it could be natural, imbued, learned... they are things you receive in some way. Gifted implies somehow special, but it could be in any number of ways.  I also like the sort of mythical/Biblical sensibility to it; the gifts of the spirit are pretty broad and expansive. I am leaning towards this one. Thoughts?

OSR Campaign Starter Commentary - The Dave Hargrave Arduin Angle With An OSR Twist Up

Swords & Stitchery - Sat, 06/05/2021 - 17:16
 So going over some OSRIC notes from 2006 there's  a whole section on Dave Hargrave's Arduin?! Hmm that might be a tad hard for some OSR folks. If only there was a far more easier way to combined these two?! By using OSRIC with Ruins of Arduin for Swords & Wizardry Light this might give us exactly the sorta of Gonzo that would work! But what's the advantage here?! Well besides getting all of the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Beneath the Giant’s Head

Ten Foot Pole - Sat, 06/05/2021 - 11:11
By Mark Tasaka Tasaka Games DCC Level 2

[Four paragraph leadin removed] Shortly after receiving the crown, King Edgarr fell ill; the smiths, who forged the crown, fell ill as well. The group of dwarves sent to explore the caverns never returned. An expedition of fighting-dwarves was sent to find the missing group. Only half of the expedition returned alive and gave accounts of metallic beings and strange monsters lurking in the caverns. The dwarves sealed the caverns off and buried the recovered metal deep within the earth. The King’s Advisors put a call out for adventurers and offered a reward of a thousand gold pieces to find and destroy the source of the evil that lurks in the caverns beneath the Giant’s Head.

This 52 page adventure details a small village with several sub-plots and a cavern with a spaceship in it, with around 43 rooms. It has the beginnings of some decent exploration elements but suffers from the density, and verbosity of information presented.

The adventure starts by presenting a home base village with several things going on. These are presented, initially, as mysteries. The farmers dog has been around forever, the baker woman makes unusually good honey buns, the innkeep wants to get married, a farmer has a reputation for interesting chickens, and so forth. These are sprinkled in to the location and NPC descriptions and correctly offers the party a loto f interesting gossip and mystery, or, perhaps, not quite mysteries, to sprinkle throughout their time in the village. Because of this, and the quirks of NPC’s, the place is more alive than most and offers a good home base for downtime things to happen. This is GREAT. A little mystery, some quirks to cement NPC’s, and nothing too outrageous, but enough to spice up both gear buying/sleeping and offering the party more if they go down that path. This is what a home base village should be. Not a generic “typical” village but something just below the surface to sprinkle in to the adventure as the party moves through the usual party of adventuring life in downtime. These mysteries are then followe dup on in little “events”, which are actually the mini-quests. Like the farmers chickens turn giant and attack, or rats in the bakers basement (ug!) or the innkeep marrying a party member and then moving away without a word. 

The separation between places/NPC’s (as a section) and then the subplot adventures is a good idea, allowing the DM to focus on the normal activities and making the subplots easy to find and run. But, as the page count to location ratio would indicate, it gets VERY long winded in its descriptions. Insertion casual conversational sentences and mundane trivia in with the more more specific, compounded by a lack of any real formatting to help call attention to the important bits. This is a variation of The Kitchen Problem. We all know what a kitchen looks like, you don’t need to describe it. You just need to tell us why this one is different, in an actual play sense.  I do want to emphasize that the constructed world here is both more interesting, with little specific details, and more well constructed than most. This we get a little village outside of the entrance to the dwarf kingdom, supporting it, in addition to the “home base” village. 

The actual dungeon is three areas/levels, two of caves and one of a spaceship. There are some better than the usual design elements going in to the exploration space. There are things to explore and mess with, and some terrain features and their ilk, like dropping through a hold in the ground in the next level, that just aren’t typically seen in adventures these days. These elements are KEY to bringing a full fledged exploration dungeon to life. They do tend to the more simplistic side of things, and there does seem to be more of an emphasis on combat, this being DCC, and its on the edge at times of being set pieces, but never really goes over the edge in to 4e territory. 

It is, however, long and mundane. The read-aloud for rooms is on the edge of being long and, more importantly, is not really interesting. It relies a lot of abstracted text and generic labels rather than the specificity seen in the village. The DM text is better in this regard, so we get little bits like splashes of water and bodies with insect and worm decay. 

It does suffer greatly from padding of the text with like like “the characters could open each stasis chamber with ease.” While alone this may not be a problem, this sort of writing, when added and added and added, sentence after sentence, if not direct to the DM. It’s not describing the situation, but rather the characters interactions with it. Writing is more effective for comprehension, and terseness, when these padded clauses are not included. The barracks, a room title tells us. And the description then goes on to tell us that this is where the kobolds sleep. Well, yes, that is the idea of the barracks. 

Rather than the great specificity of the village we get abstracted txt in the dungeon. The cleric, the tif, the warrior, describes the bodies found of the previous party, rather than names. The descriptions all come off as generic, the robots lacking anything interesting to bring them to life.

The adventure ends with some conclusions. I like it when an adventure does this. Little follow ups on what happens next to the area. The items presented, though, are mostly uninteresting and mundane. A married couple finally goes on vacation. What this needs is more things that he party will directly notice and potentially be impacted by, even in a trivial way, to show that their actions had impact.

So, some hints of good design in places but marred by not enough of it. And padding and generic text where there should be evocative text. Yes, that’s hard. 

This is free at DriveThru.

https://www.drivethrurpg.com/product/354193/Beneath-the-Giants-Head?1892600

This is episode two of Bryce Reviews Everything in order on his DriveThru Wishlist. Maybe this won’t be as terrible as I thought it would be.

Categories: Tabletop Gaming Blogs

OSR Review & Commentary On First Edition Fantasy: Dungeon Hazards By Philip Reed For OSRIC & Your Old School Campaign

Swords & Stitchery - Sat, 06/05/2021 - 06:06
 " Ronin Arts steps back in time to an age of excessive violence, deep dungeons, wandering monsters, and late-night gaming excitement! DUNGEON HAZARDS, the latest release in Ronin Art’s FIRST EDITION FANTASY series, features almost 100 slimes, molds, fogs, environmental, terrain and other hazards for use with OSRIC or any other first edition-style game system. Perfect for use with mid-level and Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Monster, Monster: Vampires By Ed Fedory, Andrew Pavlides, Steve Miller From NUELOW Games

Swords & Stitchery - Fri, 06/04/2021 - 21:13
" Few monsters are as popular or versatile as the vampire. It’s popularity and presence in the public mind has grown ever larger in every artistic genre from fiction and poetry, to movies and comics, and to roleplaying games.""They can be physically hideous, or they can be as beautiful as angels. They can be soulless monsters, or they can victims of a curse they wish to be liberated from. When itNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Friday Mail Call - Troll Lords & Frog God Games In The House!

Swords & Stitchery - Fri, 06/04/2021 - 16:29
 Jason Vey's Amazing Adventures fifth edition has been on my brain now for some days going into a Lovecraftian campaign coming up. Got to say that  its very different then let's say Fifth edition Dungeons & Dragons. Amazing Adventures handles the Pulp & Modern elements better then 5 edition. Horror has consequences in this game. AA can do D&D adventures without the bad issues of the fifth editionNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Security pros agree about threats—convincing everyone else is the problem

Malwarebytes - Fri, 06/04/2021 - 15:51

How about that Colonial Pipeline?

As troubling as this event may be, for those of us working in the world of cybersecurity it can be hard to convince others to take dangers like this seriously—regardless of how real and immediate they are.

“Sadly, the upper leadership team does not understand the stakes and why an investment is necessary to protect assets and tomorrow’s productivity,” said one beleaguered security professional we spoke to.

If this sounds like you, you’re not alone. There are plenty who share your pain.

Back in March, Malwarebytes released the SMB Cybersecurity Trust and Confidence Report 2021. For this report, we surveyed 704 cybersecurity professionals from all levels on the corporate ladder, from CISOs on the top rung down to the hardworking sysadmins. Participating small- and medium-sized businesses ranged from 50 to 999 employees. 

What did we find? Security professionals trust their endpoint protection to do its job—with some caveats.

Some 95 percent of respondents say they trust their cybersecurity vendor to provide effective endpoint protection. By that same token, more than 90 percent say their endpoint protection is effective and they’re confident it protects against dangerous threats.

So, what’s the catch?

Decision makers versus decision influencers

To get a better sense of who our survey-takers are and identify any potential difference of opinion, we asked them for their titles. You can see the full breakdown below, but just under half, 48 percent, of our respondents identify as IT directors.

Next, we grouped participants by those who “make the final decision” regarding endpoint protection purchases and those who have ”significant influence,” with 52 percent identifying as decision makers and 48 percent identifying as decision influencers.

Those who answered, “Yes, I’m a decision maker” generally have a somewhat rosier disposition when it comes to the dangers their organizations are facing and their ability to stop those dangers. 

We asked, “Has your endpoint protection product ever failed to detect a threat?” Those who make the final decision are more likely than those who influence decision making to say their endpoint protection provider hadn’t failed (64 percent versus 48 percent).

Coming at the issue from another angle, we also asked, “How frequently does your organization register a cybersecurity threat?” Those who make the final decision are far more likely than those who influence decision making to say their organization registers a threat “once a month” or “very often” (26 percent versus 13 percent).

We then asked “Agree or disagree? I believe it’s not a matter of if but when my organization suffers a successful attack or breach.” Just over half, 56 percent, said they agreed. Those who make the final decision agree to this statement significantly more than those who influence decision making (64 percent versus 49 percent).

So, what is the data telling us? Security professionals are confident in their endpoint protection, but they’re realistic about the threats they’re facing. Yes, there are some variations depending on an individual’s position within the org chart; otherwise, everyone is pretty much in agreement on the increasing sophistication and frequency of attacks.

The security ouroboros

Many of the survey respondents expressed frustration with leadership outside of the security org.

We asked, “What’s the biggest obstacle to security at your organization?”

“Buy-in from the leadership team that it is worth the investment versus other priorities,” said one respondent.

Another said, “Faced with a range of obstacles, from slowing budget growth to dissatisfied boards, business and security leaders are being challenged to change the way they approach cybersecurity and risk.”

No budget? No buy-in? Lack of investment? Sounds about right.

At risk of reading too deeply in to the data, the implication here is that while businesses get bigger, security orgs stay the same in terms of personnel and infrastructure. 

The numbers bear this out, 65 percent of respondents from SMBs with 500 to 999 employees identified as CIO, CISO, or IT director. 

Where one would expect to see a pyramid shape from the CISO or CIO on down, with more frontline level employees at the bottom than leaders at the top, the reality has gone all pear-shaped. As mentioned earlier, almost half of total survey respondents identified as IT directors.

Compounding the problem, a significant portion of our respondents believe that bigger organizations make for more frequent targets.

We asked “Agree or disagree? Hackers do not target small- and medium-sized organizations and attack only bigger organizations.” 

Some 39 percent of respondents agreed bigger organizations made for more frequent targets. Among survey respondents at organizations with more than 500 employees, a slightly larger 43 percent agree.

However, those who make the final purchasing decision on endpoint protection agree even more—bigger business, bigger target—than those who just influence decision making (48 percent versus 30 percent).

What does it all mean? For starters, security professionals across the board have faith in their endpoint protection, but they’re frustrated at the lack of support from senior leadership outside of the security org. 

When businesses find success and the dollars start rolling in it’s a given that many of those dollars are going to be earmarked for talent acquisition and IT infrastructure. Unfortunately, from a security perspective, growth at one end doesn’t translate to growth at the other end. Security pros just don’t get the additional resources that they’re expecting—that they need—to accommodate growth within the organization as a whole.

Like a snaking eating its own tail, growing businesses have more employees and more endpoints to protect, but security budgets and head count seem to remain stagnant. And the consequences for this security conundrum are dire. Look no further than the latest headlines.

The post Security pros agree about threats—convincing everyone else is the problem appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Craft and Tea Box: Review and Giveaway

Moogly - Fri, 06/04/2021 - 15:00

The Craft and Tea Box is a brand new subscription box that features a craft kit sourced from a small business owner and a different tea each month! Get a peek inside and enter to win your own box in this Moogly giveaway! Disclaimer: This post was sponsored by The Craft and Tea Box; all...

Read More

The post The Craft and Tea Box: Review and Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Ransomware to be investigated like terrorism

Malwarebytes - Fri, 06/04/2021 - 14:01

The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington.

According to Reuters, the internal communication states:

“To ensure we can make necessary connections across national and global cases and investigations, and to allow us to develop a comprehensive picture of the national and economic security threats we face, we must enhance and centralize our internal tracking.”

Terrorism model

This model of investigation and cooperation is used only in a few fields that touch upon national security, e.g. terrorism. According to US officials this shows how the issue of ransomware is being prioritized. According to Reuters, this means investigators will have to share updated case details and active technical information with leaders in Washington. It also means they will receive guidance from Washington on how to proceed. If implemented optimally this will surely result in a better understanding of the ransomware landscape.

In his recent executive order on improving the nation’s cybersecurity President Biden already pointed out that the US faces persistent and increasingly sophisticated malicious cyber-campaigns. Section two of the order it titled Removing Barriers to Sharing Threat Information, and this new cooperation seems to fall under that banner.

Ransomware Task Force

In April we reported about international cooperation in this field in the form of the Ransomware Task Force (RTF), a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments. In its report (PDF) the RTF recommended that ransomware be treated as a threat to national security.

“Ransomware attacks have shut down the operations of critical national resources, including military facilities. In 2019, a ransomware attack shut down the operations of a U.S. Coast Guard facility for 30 hours,  and in February 2020, a ransomware attack on a natural-gas pipeline operator halted operations for two days. Attacks on the energy grid, on a nuclear plant, waste treatment facilities, or on any number of critical assets could have devastating consequences, including human casualties.”

This was before the attack on Colonial Pipeline which prompted  President Biden to sign an executive order that broadly directs the Commerce Department to create cybersecurity standards for companies that sell software to the federal government.

Whether the RTF and the proposed task force in Washington will work closely together is unknown but perhaps unlikely given the international character of the RTF. Sharing information might be benificial for both though.

REvil is not impressed

In an interview published by cybersecurity blogger Sergey R3dhunt, a spokesperson for the REvil appears to indicate they are not worried by the new “terrorism approach.“

Translated, the transcript says:

Q: What happened as a result of the cyber attack?

A: As a result, the United States has put us on the agenda of the discussion with Putin. The question is, why there is such confidence that at the moment everyone is in the CIS, and even more so in the Russian Federation. In connection with the recent events with fuel [Colonial Pipeline], the United States are in every possible way avoided, as well as work inside CI.

Further inquiries seemed to indicate that it will only make matters worse, because if they are going to be prosecuted anyway, they may as well open the floodgates. When asked why they attacked JBS, this was the answer:

“Revenue. The parent company is located in Brazil, where the attack was directed. Why the US intervened is not clear. She was avoided by all means.”

History tells us the words of ransomware criminals should be taken with a heavy dose of salt.

Treated as or investigated like

Even though some gut reactions were indicating that ransomware attacks would be treated in the same way as terrorist attacks, this is not entirely true. Even though some ransomware attacks have had worse outcomes than terrorist attacks. It is the way in which the US Attorney’s office wants to organize the ransomware investigations that is similar to other national security issues. Not the severity of the punishments or the way convicted persons will be apprehended.

Ransomware infrastructure

Ransomware, especially Ransomware-as-a-Service (RaaS), has a similar organizational structure to some terrorist organizations. You have the enablers, that provide the software and the infrastructure for the ransomware itself and for receiving payments. And you have the executioners that go out and attack victims. These groups do not have to know each other’s true identities and usually communicate through encrypted channels.

A thorough knowledge of the ransomware landscape and successful infiltration of the communication platforms could provide methods to hinder operations. Maybe the inherent distrust between criminals can be used to launch successful misinformation campaigns to disrupt the cooperation between enablers and executioners. And maybe the fear of being tracked down by a strong dedicated task force will keep some potential participants away from the scene.

Tracking payments or making it illegal to pay ransom could make another dent in the severity of the threat. According to the report by the RTF, about 27 percent of victims choose to pay a ransom. With this, these victims are fuelling the ransomware industry. Not that they want to, but sometimes they feel it’s the only viable choice. This feeling is often strengthened by the additional threat to publicly disclose exfiltrated data.

All in all, a US centralized task force to investigate ransomware could contribute to the goals that the international RTF has set:

  • Deter ransomware attacks
  • Disrupt the ransomware business model
  • Help organizations prepare
  • Respond to ransomware attacks more effectively

Let’s hope so.

The post Ransomware to be investigated like terrorism appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Link Love: My Favourite Things This Week

Knitted Bliss - Fri, 06/04/2021 - 13:47

www.knittedbliss.com

My Favourite Articles and Links This Week I loved this article about scent and perfumes. Reminded me how much I love fragrance. This is fascinating- follow one rain drop to the ocean. It’s American-focused, but still incredible! 5 important questions to ask yourself. Also, if you like embroidery hoops but aren’t really into hanging them

The post Link Love: My Favourite Things This Week appeared first on %%www.knittedbliss.com%%.

3
Categories: Knitting Feeds

DC, August 1980 (part 2)

Sorcerer's Skull - Fri, 06/04/2021 - 11:00
My mission: read DC Comics' output from January 1980 (cover date) to Crisis! This week, I'm looking at the comics at newsstands around May 22, 1980.

Action Comics #510: Again Bates and Swan deliver a story where at least it's hard to predict where they might be going. Luthor gives up on an opportunity to assassinate his foe for the sake of the mysterious woman Superman just rescued. He appears to have gone straight due to his new found infatuation with this woman--well, except for kidnapping her then performing supposedly life-saving surgery without her consent. That stuff she doesn't appear to mind. Where is Bates going with all this? We must wait until next issue.
Adventure Comics #474: House ads promise Aquaman is coming next issue. Maybe that will shake things up. Starman takes on some robots with a roller ball in place of feet which have a goofy charm. Ditko also gives us some good retro sci-fi aliens and costumes. Plastic Man has the criminal mastermind Archie Type putting a hit out on our hero. A bunch of pun-named assassins come after him. It's sort of fun. I might like this better if it was in a collection of its own, so I could get into its comedic vibe.

Brave & the Bold #165: Man-Bat and his wife are desperate parents trying to get ahold of an experimental South American drug that may treat their daughter's potentially fatal insomnia. Batman intervenes because the drug is being smuggled in by an unscrupulous doctor and may be tainted with botulism. Pasko has Batman initially unwilling to share information and come on heavy-handed to contrive a fight between him and Man-Bat. The issue ends with Man-Bat swearing vengeance against Batman should his daughter die, which is a pretty unusual ending for a team-up book, I feel like.
Detective Comics #493: Burkett and Newton bring us a Batman/Riddler story that seems to have been sponsored by the Houston Bureau of Tourism. Batman lands at Hobby to team up with the Vigilante's nephew, the Swashbuckler (who I'm guessing didn't have many appearances), then he gets to visit Astroworld. In the normally nonsuper-powered-lead-character Tales of Gotham feature, Red Tornado follows an elderly black lady around and gets a taste of life in a poor and stereotypical part of Gotham. Harris and Nicholas bring us their least interesting Robin story yet, but at least we find out who the guy is who has been following Dick Grayson. Wein and Giordano give us a really 70s tale of the Human Target and criminal truckers. Burkett and Delbo continue with Batgirl dealing with the fallout of a couple of issues back. Continuity!
Green Lantern #131: Barr and Staton have Evil Star out to destroy the sun after first making it's light more yellow to thwart GL. Not a bad story, but the second part of the trial of Arkkis Chummuck in the back up is still the most interesting part of the issue to me.
House of Mystery #283: The cover has nothing to do with this issue's contents. The first story by Mayer and Tanghal is really predictable, but satisfying as a life-long swindler and double-crosser believes he's made it into heaven, only to find he's been deceived this time. The second story by Kashdan and Nino might be a parable about not being prejudiced against other cultures, or it could be read as the admonition: if wives would only tell husbands they were trying to save their lives with unorthodox, folk medicine, needless deaths of legitimately suspicious friends could be avoided.

Legion of Super-Heroes #266: Conway and Janes have Bouncing Boy and Duo Damsel accidentally unleashing an evil genie. For some reason, Conway thought this plot deserved a two-parter.
New Adventures of Superboy #8: The cover shows Ma Kent at Clark's funeral slapping Superboy--and to my surprise the scene actually occurs in the issue. Bates delivers another mildly intriguing "puzzle" plot as Ma and Pa Kent mysteriously forget Clark is Superboy, leading Superboy to fake Clark's death. To be continued, naturally.
Sgt. Rock #343: The main story could almost be a comedy, though Kanigher and Redondo play it straight. Rock gets a concussion and is out of his head, just as Easy is supposed to be getting a visit from a Colonel who is all about spit and polish. The backup story "Crabs," seems like it scuttled in from a horror comic. Steve Bissette writes and draws this ambiguous tale about an island overrun by the titular creatures and the madness of a G.I. that seems catalyzed by their presence.
Super Friends #35: Romeo Tanghal fills in for Fradon on story involving a circus and imposter heroes. Very kid friendly.
Unexpected #201: The first story here by Skyrenes/Lillian and Heck is a bit Hammer Horror-ish and deals with curse on a haughty noblewoman and dated Romani stereotypes. The second story by Wessler with interesting art by Jim Craig, involves a funhouse where a Hall of Mirrors unleashes evil doppelgangers of people. It's a lot of set-up for little payoff, and I don't understand what happens in the ending.

Unknown Soldier #242: Haney and Ayers have the Soldier sent to stop a secret German plan to cripple Russia. The problem is, the Soviet spy only has half of the plans. The rest are in the hands of the mysterious Russian partisan, the Anvil. It turns out the Anvil is a woman, and the Soviet spy is a double agent. Awesome Kubert cover, but mediocre story.
Untold Legend of Batman #2: The definitive Bronze Age origin of Batman continues courtesy of Wein and Aparo. This time, the focus gets broadened to the supporting cast, giving short origins of Robin, Alfred, the Joker and Two-Face.
Warlord #36: Read more about it here
Weird Western Tales #70: This is the final issue of the title's 59 issue run. It continues the story from last issue with Scalphunter escaping the sadistic sargeant (and taking the woman disguised as a Union soldier with him). Pursued by some of the troops, they make a stand in an ice house, where their cunning gives them the upper hand. Scalphunter rides off into the sunset.

Hewn and Some Numbers

The Splintered Realm - Fri, 06/04/2021 - 01:01


 First of all a picture, because the kids like pictures. He is Hewn, carved from the Living Rock at the Base of the World. He's a sentient elemental inhabited by a little kid who has four elemental spirits he can embody. It's a whole mood.

Now that that's out of the way, let's talk about numbers. I put together a table that lays out all of the various values in the game: the attribute ratings (with modifiers), what the comparable Challenge Rating would be for a check at that level; what weight that equates to; speed and distance per action; and heat at that rating as an example of what intensities might look like.

The only problem/concern is how speed scales in terms of distance per action. The problem is that as characters get more powerful, they get more actions each round; so, a level 4 speedster with hyperspeed and PWR 20 (+5) is getting 9 actions each round. If he uses one of his actions to run, then this aligns well to traveling at 600 mph (moves 1 mile with each action). However, since he can theoretically use all 9 actions to run, he can actually run 5400 mph if he's using every action every round to run... so I've got to find some way to scale the action distances wayyyy back. I cannot assume that every character is going to take hyperspeed, but I have to account for it somehow. I think if we slow the progression of distance per action (maybe just go with a default of 100' per rating after 13) this would allow for an incremental bump, and allow you to really move, but also would keep things reasonable. This also accounts for the fact that you would be in combat most of the time, so you are doing more than just straight out running (or flying). You are dodging attacks, communicating with allies, and doing other combaty stuff that is not just straight up sprinting. 

Super Chart of Awesomeness

Rating (mod)

CR

Weight

Speed

Distance 

per action

Heat

2 (-1)

12

30 lbs.

Immobile

1’

50 F

3 (-1)

13

50 lbs.

>1 mph

5’

55 F

4 (-1)

14

70 lbs.

1 mph

10’

60 F

5 (--)

15

100 lbs.

2 mph

20’

65 F

6 (--)

16

150 lbs.

3 mph

30’

Standard room (70 F)

7 (--)

17

200 lbs.

4 mph

40’

80 F

8 (+1)

18

300 lbs.

6 mph

60’

90 F

9 (+1)

19

500 lbs.

9 mph

90’

100 F

10 (+1)

20

700 lbs.

12 mph

120’

Highest Temp on Earth (120 F)

11 (+2)

21

1,000 lbs.

20 mph

200’

140 F

12 (+2)

22

1,500 lbs.

30 mph

300’

160 F

13 (+2)

23

1 ton

40 mph

400’

180 F

14 (+3)

24

3 tons

60 mph

600’

Boiling Point of Water (200 F)

15 (+3)

25

5 tons

90 mph

900’

300 F

16 (+3)

26

7 tons

120 mph

1,200’

400 F

17 (+4)

27

10 tons

200 mph

2,000’

500 F

18 (+4)

28

15 tons

300 mph

3,000’

Inside an oven (600 F)

19 (+4)

29

20 tons

400 mph

4,000’

900 F

20 (+5)

30

30 tons

600 mph

1 mile

1200 F

21 (+5)

31

50 tons

900 mph

1.5 miles

1500 F

22 (+5)

32

70 tons

1,200 mph

2 miles

Lava (2000 F)

23 (+6)

33

100 tons

2,000 mph

3 miles

4000 F

24 (+6)

34

150 tons

3,000 mph

5 miles

6000 F

25 (+6)

35

200 tons

4,000 mph

7 miles

8000 F

26 (+7)

36

300 tons

6,000 mph

10 miles

10,000 F (surface of the sun)

Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says

Malwarebytes - Thu, 06/03/2021 - 17:41

Since the initial lockdown, we have seen the rise of certain types of cybercrime, including scams and fraud campaigns that either bank on the global COVID-19 pandemic or take advantage of potential victims that adhere to work-from-home measures.

In the UK, the National Crime Agency (NCA) has determined that many types of cybercrime, such as ransomware attacks, digital fraud, and insider threats—with a specific mention of child sexual abuse—have increased because of more users in the UK logging online to do work, attend online classes, and (at the first few months of lockdown) alleviate boredom.

The agency also noted the resilience and adaptability of serious and organized crimes (oddly labeled as “SOCs,” despite the same acronym meaning “security operation center” in the cybersecurity field) in their use of technology and well-established tools to avoid detection. For example, budding and professional criminals are using commercially available encryption, Secure Messaging Applications (SMAs), and decentralized messaging apps, which usually comes with a crypto wallet, to manage their own data and mask their identities and communications. They also use cryptoassets to buy and sell illegal commodities in the underground or to launder money. Because of this, the NCA has assessed that by disrupting the technology, including the capabilities that enable them, they can end criminal schemes in an efficient manner.

SOCs are categorized as “significant and established national security threat that endangers the integrity, legitimacy, and sovereignty of the UK and its institutions, both at home and overseas.” It is no surprise to see SOCs being conducted over the internet by crime groups. And the NCA has been monitoring them year on year.

Organized crime: Ransomware-as-a-service (RaaS)

The growing threat of ransomware continues to loom over organizations across industries worldwide. In the UK, the estimated direct and indirect cost of ransomware is, at most, billions of pounds per year. However, determining the exact figure has always been a challenge seeing that underreporting and inaccurate cost estimates were and have been pretty much a problem in 2020. Underreporting is primarily caused by lack of awareness of who to report an attack to and, in some cases, the general reluctance to report for fear of reputational damage and/or uncertainty.

The NCA has observed a dramatic increase in demand for Remote Desktop Protocol (RDP) credentials. This is because of the increased use of such software following remote working. Criminals gaining these credentials could no doubt also access corporate networks.

Lastly, cybercriminals use current events in their spam and phishing emails—another way to get into corporate networks. They have themed their campaigns around COVID-19 and the end of the financial year for the business.

Organized crime: Online fraud

COVID-19 themes are also common in fraud campaigns. According to Action Fraud, the UK’s go-to reporting center for fraud and cybercrime, between January to December 2020, victims lost an estimated total of 3 billion GBP to fraudsters. 

The increased reliance on online services has encouraged fraudsters to target and take advantage of the more vulnerable and less security-savvy UK citizens, giving rise to shopping fraud, auction fraud, and, of course, sophisticated phishing campaigns. If criminals couldn’t find a way to their potential victims, online advertising has served as the perfect means for their victims to come to them. Fraudsters have been observed to use social media and online service platforms to post up fraudulent ads.

The NCA cited other fraud campaigns, such as romance scams and misinformation campaigns surrounding Brexit, the UK’s departure from the European Union. 

What’s the difference between ‘catfishing’ and ‘catfishing’? Find out here.

Organized crime: Insider threats 

In the financial sector, working from home shined a light on the problem of reduced ability to monitor staff, thus missing signs of unusual behaviour and other signs that give away employee struggles. This opens the possibility of an insider threat, a threat that businesses hardly mention, let alone prepare for.

Disgruntled employees and those struggling financially could more likely be tempted to engage in bribery and corruption when opportunity presents itself. Incidents involving these would be difficult to trace or pinpoint as they are usually presented as genuine payments for goods with increased market rates. There is also a realistic possibility that such engagements will only increase as businesses in the UK begin recovery measures from the impact of the pandemic and Brexit.

Future cybercrimes in the UK and beyond

Whether or not these online organized crimes will continue to be noteworthy in the next year is yet to be seen. However, notice that these online crimes have already been present, pre-pandemic and pre-Brexit. More often than not, when everyone starts living in “the new normal,” it’s highly likely that the possible turnout will all just be differences in numbers: Ransomware, for example, may or may not have higher victim rates after a year. Or, perhaps, romance scams will dramatically scale down to nonexistence. Perhaps.

However cybercrime will look like in the future, what remains constant is the continued vigilance of groups like the NCA and businesses in the public and private sectors on effectively educating and training UK employees on cybercrimes that affect them and how they should respond. As a business, they should know what steps to take to further improve their security posture and who to contact in the event of a cybercrime incident they may encounter. Lastly, much stress should also be placed in reporting to spread awareness, help other organizations avoid being victimized, and for law enforcement to keep track of cybercriminals.

The post Cybercrime, fraud, and insider threats increased in 2020 in the UK, report says appeared first on Malwarebytes Labs.

Categories: Techie Feeds

OSR Lovecraftian Commentary - Flying Buffalo's Citybook Series & And The Sea Shall Give Up Her Dead By Joseph Mohr From Old School Role Playing

Swords & Stitchery - Thu, 06/03/2021 - 16:02
" As the adventurers arrive at a sleepy little sea side town not all is as it seems. The town is under attack by pirates. But these are no ordinary pirates. These pirates are undead and their nightmare ship is just off shore waiting for the plunder to be brought aboard. This adventure allows the players to explore the mystery of these undead buccaneers and find out why they still sail the seas."Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Steamship Authority answers question: Who’s the next ransomware victim?

Malwarebytes - Thu, 06/03/2021 - 15:50

After the attacks on Colonial Pipeline and JBS, many may have been wondering, as we did, what the next ransomware headline was going to be.

Well, here it is—another victim in the vital infrastructure of transport and logistics, although this time the impact may be less brutal.

Steamship Authority, the largest ferry service in Massachusetts, has fallen victim to a ransomware attack. The Steamship Authority informed the public on social media that it was the target of a ransomware attack early Wednesday, June 2, 2021.

Steamship Authority, the company

Steamship Authority is the largest ferry service to the islands of Martha’s Vineyard and Nantucket. They operate ferry transports between the mainland of the US and Martha’s Vineyard and Nantucket islands, including passengers, autos, and trucks. The ferry services and their safety have not been compromised, but it looks like the Steamship Authority offices have been disrupted in a severe way. The Steamship Authority’s website is currently unavailable. This also means that it is not possible to make new reservations, not even by phone.

 The impact

In a tweet, the company informed customers that while they were working through the consequences of the cyberattack, all ferries are operating at this time. They are keeping customers informed by posting the ferry schedules on their social media channels.

Which does not mean that it’s all business as usual. There is limited access to credit card systems at some terminal and parking locations but, to avoid delays, cash is likely the best option for ticketing and parking. Customers are currently unable to book or change vehicle reservations online or by phone. Existing vehicle reservations will be honored at Authority terminals, and rescheduling and cancellation fees will be waived.

The timing for the attack is painfully accurate as this marks the start of season where tourists start to visit this region and where a peak in traffic is to be expected.

Investigation

The Steamship Authority tweeted that it is working internally, as well as with federal, state and local authorities, to determine the extent and origin of the attack. Since this is an ongoing investigation it is unlikely that the authorities will share any information about the type or possible origin of the attack. But we will keep you informed if we should learn more.

A spokesperson for the U.S. Coast Guard stated that the U.S. Coast Guard 1st District is working in conjunction with the Massachusetts Cybersecurity Unit, and that the FBI is currently leading the investigation.

Recovery

Recovery from a ransomware attack can be a long and expensive process, even if the victim decides to pay the ransom. It can take weeks to months to get the server infrastructure back up and running. If the possibility to make new bookings stays offline it will only take so long before the number of existing bookings starts to dwindle. We can only hope that the Steamship Authority manages to get back into an operational state as soon as possible. Getting stuck on one of the islands is not the worst thing one could imagine, but it’s different if you didn’t necessarily plan it.

Stay safe, everyone!

The post Steamship Authority answers question: Who’s the next ransomware victim? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

1510

Looking For Group - Thu, 06/03/2021 - 15:29

The post 1510 appeared first on Looking For Group.

Categories: Web Comics

Pages

Subscribe to Furiously Eclectic People aggregator