Feed aggregator

Ring Rose Bag

Moogly - Thu, 04/22/2021 - 14:06

The Ring Rose Bag is a small drawstring wristlet with a unique closure – perfectly sized to hold just the essentials. It’s pretty, practical, and a free crochet pattern on Moogly! Disclaimer: This post includes affiliate links; materials provided by Yarnspirations. Sized Just Right Somedays you don’t want to take it *all* with you –...

Read More

The post Ring Rose Bag appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Fluffy from The Crate Segment of The Movie Creepshow 1982 Adapted For Sword of Cepheus, Cepheus Atom, & Barbaric!

Swords & Stitchery - Thu, 04/22/2021 - 05:29
 The Crypt Ape is one of those beasts that was created by the gene manipulation of the Elder Things. These gorilla like hunters were created to guard the crypts of the Elder Things & much later on served the wizards of Hyperborea. When the ices of the polar wastes over took the lost lands of Hyperborea the crypt apes devotion caused them the to cross the threshold into the state of undeath. TheseNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Nod By Nod - December 2010 (#6)

Deep Sheep - Wed, 04/21/2021 - 22:55

Over at https://landofnod.blog/ you can find posts by John Stater called Dragon by Dragon where he reads through an issue of Dragon Magazine and gives his thoughts about it. I recently bought a big pile of NOD Magazine and thought I would return the favor and go through each issue similarly.

It's Christmas in April! Back in December 2010, I first started roleplaying with my daughter who was 9 years old. She was a fan of the Warriors series of books about wild cats and there was a free diceless RPG you could download and play. Pretty cool game and the GM role rotated so she got to play and GM. We wouldn't discover OSR games for almost five years after that.

Anyway, back to Nod #6. It's a big one - 133 pages! It starts off with Holiday Magic, two pages of  magical items associated with December holidays and also a spell (Chimney Charm) and a writeup of Saint Nick as a demigod.

We then get Gods of the Motherlands, eight pages of a pantheon "based on a mash-up of Greek and Roman myth with the medieval church." It's the standard Nod format for god descriptions except that most gods now have a holy day listed too.

The featured hexcrawl is next: Western Venetia. It is a mix of forests, hills, mountains, swamps, and sea coast with a little bit of everything for adventuring. It's 103 pages long and could keep a campaign running just by itself for a very long time.

Level 3 of Pleasure Palace of Izrigul is next. This level of the adventure started in Nod #4 and continued in Nod #5 is seven pages of a theater putting on a play for Izrigul complete with wandering emotion encounters. It looks very interesting and I would love to give this a try.

The Traveler is a strange class. They are traveling through the world in a dream state and must focus on an object to impose their will on this world. It's just two pages and it opens up so much weirdness for a campaign.

Finally, Phantastes, Part 5 is presented. Unfortunately, there are no RPG notes given.

You can get Nod #6 for free at https://landofnod.blog/nod/ or you can get it in print from Lulu at https://www.lulu.com/en/us/shop/john-stater/nod-6/paperback/product-1qzgen5v.html.

Categories: Tabletop Gaming Blogs

[REVIEW] Crypt of the Lizard Wizard

Beyond Fomalhaut - Wed, 04/21/2021 - 18:49

Jeff Rients, Eat Your Heart Out!

Crypt of the Lizard Wizard (2021)

by Sawyer Young


Levels ?Low? 

The clash of different genres and the resulting gonzo aesthetic has been a basic pillar of D&D since its beginnings. The game’s early years are full of bizarre non-fantasy stuff cropping up in fantasy worlds, from fallen starships in Temple of the Frog and Wilderlands of High Fantasy to The Dungeoneer’sless fondly remembered tin foil monsters. Dave Hargrave, barely remembered in the modern OSR, was perhaps the king of this sort of thing, of balrogs versus battle tanks, mantis man and demonkin player characters, and star wizards battling kill kittens. RPG fantasy was yet undefined and without boundaries; and when the boundaries were fixed, something was definitely lost – even though that “something” was often just stupid, random, and ultimately dissatisfying. The tradition lived on here and there; in RIFTS, one of the great summits of traditional gaming; in Encounter Critical; and a few old-school modules here and there (perhaps best in Anomalous Subsurface Environment, which combines a wild imagination with craft).

Crypt of the Lizard Wizard is a module in this manner, and if you look at the ultra-cool cover, you will immediately see what kind of thing it aims to be. Hell yes! And it gets weirder: you are not buying just an adventure in the package, but a home-drawn illustration booklet and the module’s own soundtrack: not since Dragonstrike have such peaks been trod. However, the review is about the module: production values are appreciated, but they should not allow them to cloud our mind!

Crypt of the Lizard Wizard is a mini-dungeon amounting to approximately five loosely typed zine pages’ worth of text, a map (one page), and the illustration booklet. There are no stats, nor much in the way of treasure – but this is an odd module. There are eight keyed areas, which is not much, although all eight are actually descriptions of larger areas than your typical dungeon room, more like a small sublevel in scope. This is not a flaw by itself, but it does miss out on some development potential. In very broad strokes, the scenario outlines a swamp dungeon leading to the inscrutable relics of a fallen high-tech civilisation. It is a wild ride with decaying supercomputers, a step pyramid in a subterranean jungle with a radioactive altar (cool!), and man-eating plant life; mostly linear with the odd detour.

There is fine imagery throughout: “The ruins can be found several miles downriver, towards a morass where the river slowly sinks into the blood-sodden earth. Two heliotrope and crimson moons regularly drift above the primeval stone monument, but never set beyond the horizon.” Or: “Beyond the steel doors lies a temperature controlled walkway, leading to a great glass fixture, and a jungle biome beyond the arched panes.” That’s brief and essential; little more needs to be said to set a scene. The encounters effectively combine technological decay and bizarre bio-horrors. There are interesting interactive elements and environmental puzzles responding well to player curiosity and creativity throughout. Some are always present (e.g. the portable jungle biome always has amphibious leopards, man-eating tulips, and a water generator), and some are added with a room-by-room random content generator whose results can radically change the nature of a baseline location or encounter. For example, the first area where you approach the ruins may have something like “Souls of the swamp fields rise, looking for the enemy!” or something like “It is raining plagued frogs, again.” No two games in Crypt of the Lizard Wizard shall be identical!

It is, of course, too small and the scope is too narrow, like every itch.io release ever made. When we look at the random tables in the different areas, we see some good variety, but this setup actually describes six radically different situations, even though the players will probably only experience one. What if these tables were six actually different places scattered around a wider swamp map? What if it was all developed – not into essay-length entries, but a paragraph each, on a more expansive map? There are no stats, nor even a description of monster numbers. Too much is left ambiguous. Ambiguity is good in moderate doses, since it allows for customisation and a sort of co-creation process between the writer and the GM; here, it just hangs in the air. In many respects, Crypt of the Lizard Wizard feels more like an outline for an adventure yet to be developed than the final deal – the detailed concept document of something bigger. It is a cool grab-bag of ideas but not a good adventure. Much is forgiven if something is done well, but not everything can be.

There is the start of something in this module, and it could be quite good with some expansion and improvement (perhaps something like the Five Cataclysms modules). Imagine the same energy, given more structure and a larger framework. Dare we dream of a 20-40-area dungeon in the same vein? Still not megadungeon territory, but something we can actually bite into. This is the curse of itch.io, where genuine creativity is being wasted for lack of structures and ambition: and in this dark swamp, many talented writers shall be lost! This is one of the better releases on the platform. Even in its present form, Crypt of the Lizard Wizard has its homemade charm, and if I saw it on the Acaeum, it’d easily be classified as some dodgy OD&D-era relic which was still struggling with the ideas of presenting game materials to a brand new audience. It is, however, not the 1970s anymore.

No playtesters are credited in this publication. In fact, even the author is only credited in a small footnote on the last page. Weird flex but OK.

Rating: *** / *****

Categories: Tabletop Gaming Blogs

FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram

Malwarebytes - Wed, 04/21/2021 - 18:40

Facial recognition tech is in the news again after the FBI discovered the identify of one of the Capitol rioters by using facial recognition software on his girlfriend’s Instagram posts. It may sound scary and invasive, but in truth, what’s happening isn’t particularly new. In this case, we have what’s fast becoming a fairly standard tale of tracking people down via online imagery. Sometimes there’s cause for concern even without the latest tech providing some sort of flashpoint.

What’s happened?

After the Capitol riots following the US election, those responsible were slowly arrested over a period of weeks of searching and identifying. The Verge story mentions that in this effort, law enforcement made use of “facial recognition tools” to track down people associated with the event. The tool apparently brought researchers to the Instagram feed of a suspect’s girlfriend. It was a short step from there to matching his clothes with images from the Capitol riot.

Everything unravelled for the suspect quickly. Facebook accounts revealed his name. This brought investigators (via his state driving licence records) to his identity, workplace, and home.

Recognising recognition

We’ve covered facial recognition on the blog many times. Most concerns tend to focus on the potential for abuse from repressive Governments and law enforcement overreach. It’s such a concern that tech giants regularly dip in, and then quickly dip out when public opinion turns.

I don’t think many people will complain if facial recognition is used to help identify the people at the Capitol riots. Organisations find new ways to secure their sites with facial recognition and biometrics on a daily basis. You may or may not object to your bank combining facial recognition with AI software. These are potentially useful applications of this technology. Even so, we need to know what we’re dealing with for this story.

When pop culture and cold hard reality collide

Facial recognition is very much one of those technologies made a cliche for all time by film and television. The camera zooms in from orbit, it picks up the target in seconds, the operator is able to tell where the suspect bought his suit by enhancing the fibers on his jacket and so on.

The reality here is, “some people used a program to play mix and match with publicly available photographs”. The end result is still impressive, but CSI: Cyber this is not.

Impressive, but not CSI: Cyber

How does this work, then? Well, the article mentions “open source facial recognition tools”. The affidavit doesn’t say which tool, because law enforcement doesn’t want to give perpetrators clues for avoiding the long arm of the law. You can see some of the more popular tools available here, if you’re interested in learning more or giving them a go.

Otherwise, there are many other ways to match images with the raft of materials floating around online. TinEye is a dedicated online tool for matching images, and Google / Bing / Yandex search all offer their own versions of this functionality. A little bit of sleuthing and familiarity with OSINT practices can go a long way.

A sliding scale of “that’s impressive”

One of the best examples of this happened just recently, with a lost hiker pinpointed via a photograph. To me, this is significantly more impressive than digging a fairly distinctive individual out from a never-ending pile of selfies and readily available data on popular image sharing websites. As a result, I’d say this one is interesting, but definitely nothing new. Crowdsourcing also has a history of going horribly wrong, and the infamous Reddit Boston Bombing debacle is as good a place to drop this warning as any.

We’ll definitely see more of these stories in the near future, but I wouldn’t necessarily start panicking about this branch of open sourcing just yet.

The post FBI face recognition trawl finds Capitol rioter via his girlfriend’s Instagram appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild

Malwarebytes - Wed, 04/21/2021 - 18:12

Pulse Secure has alerted customers to the existence of an exploitable chain of attack against its Pulse Connect Secure (PCS) appliances. PCS provides Virtual Private Network (VPN) facilities to businesses, which use them to prevent unauthorized access to their networks and services.

Cybersecurity sleuths Mandiant report that they are tracking “12 malware families associated with the exploitation of Pulse Secure VPN devices” operated by groups using a set of related techniques to bypass both single and multi-factor authentication. Most of the problems discovered by Pulse Secure and Mandiant involve three vulnerabilities that were patched in 2019 and 2020. But there is also a very serious new issue that it says impacts a very limited number of customers.

The old vulnerabilities

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The patched vulnerabilities are listed as:

  • CVE-2019-11510 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. We wrote about the apparent reluctance to patch for this vulnerability in 2019.
  • CVE-2020-8243 a vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload a custom template to perform an arbitrary code execution.
  • CVE-2020-8260 a vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.

The obvious advice here is to review the Pulse advisories for these vulnerabilities and follow the recommended guidance, which includes changing all passwords in the environments that are impacted.

The new vulnerability

The new vulnerability (CVE-2021-22893) is a Remote Code Execution (RCE) vulnerability with a CVSS score of 10—the maximum—and a Critical rating. According to the Pulse advisory:

[The vulnerability] includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. This vulnerability has a critical CVSS score and poses a significant risk to your deployment.

There is no patch for it yet (it is expected to be patched in early May), so system administrators will need to mitigate for the problem for now, rather than simply fixing it. Please don’t wait for the patch.

Mitigation requires a workaround

According to Pulse Secure, until the patch is available CVE-2021-22893 can be mitigated by importing a workaround file. More details can be found in the company’s Security Advisory 44784. Reportedly, the workaround disables Pulse Collaboration, a feature that allows users to schedule and hold online meetings between both Connect Secure users and non-Connect Secure users. The workaround also disables the Windows File Share Browser that allows users to browse network file shares.


The Pulse Connect Secure vulnerabilities including CVE-2021-22893 have been used to target government, defense and financial organizations around the world, but mainly in the US. According to some articles the threat-actors are linked to China. The identified threat actors were found to be harvesting account credentials. Very likely in order to perform lateral movement within compromised organizations’ environments. They have also observed threat actors deploying modified Pulse Connect Secure files and scripts in order to maintain persistence. These modified scripts on the Pulse Secure system are reported to have allowed the malware to survive software updates and factory resets.

Threat analysis

FireEye’s Mandiant was involved in the research into these vulnerabilities. It has posted an elaborate analysis of the related malware, which they have dubbed SlowPulse. According to Mandiant, the malware and its variants are “applied as modifications to legitimate Pulse Secure files to bypass or log credentials in the authentication flows that exist within the legitimate Pulse Secure shared object libdsplibs.so”. In their blogpost they discuss 4 variants. Interested parties can also find technical details and detections there.

Networking devices

State sponsored cyber-attacks are often more about espionage than about monetary gain with the exception of sabotage against an enemy state. A big part of the espionage is getting hold of login credentials of those that have access to interesting secret information. Breaking into network devices in a way that can be used to extract login credential is an important strategy in this secret conflict. Keep in mind that attribution is always hard and tricky. You may end up reaching the conclusion they wanted you to reach. Given the targets and the methodology however, it makes sense in this case to look first at state sponsored threat actors.

The post Take action! Multiple Pulse Secure VPN vulnerabilities exploited in the wild appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Heroes of Wargaming Games Workshop & Empire of the Petal Throne rpg - A Fast & Dirty Observation

Swords & Stitchery - Wed, 04/21/2021 - 16:01
 Going all of the way back to Eighty Six, I busted out 'Heroes For Wargaming' a criminally underrated Games Workshop book. Back when the hobby was in its mid TSR classic period my uncle spotted this book on a local book shop. The DakDakDak site describes Heroes For Wargaming thus" An early publication, featuring instructions on how to paint miniatures for role-playing games, and the background ofNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

GFL – Page 0054

Looking For Group - Wed, 04/21/2021 - 14:20

Grouping For Looks is a page-by-page retelling of the Looking For Group saga through the lens of a mirror universe where Cale is a goateed tyrant and Richard is a holy soul trying to set him on a good path. […]

The post GFL – Page 0054 appeared first on Looking For Group.

Categories: Web Comics

Monster That Challenged The World 1957 Converted To Sword of Cepheus & Cepheus Atom

Swords & Stitchery - Wed, 04/21/2021 - 14:10
 There are a wide variety of kaiju off of the California coast of North America. And one of the smaller but prolifically spreading horrors is the prehistoric giant mollusk species  dubbed by the media as 'The Monster That Challenged The World' The first incursion of this invasive species was in Nineteen Fifty Seven. Monster That Challenged The World adult 20000kg Beast (Reducer), subterranean Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Wednesday Comics: DC, May 1980 (part 2)

Sorcerer's Skull - Wed, 04/21/2021 - 11:00
My mission: read DC Comics' output from January 1980 (cover date) to Crisis! This week, I'm looking at the comics at newsstands around January 24, 1980.
Action Comics #507: Jonathan Kent appears to have returned from the grave. Meanwhile, a hippy with the power to make anyone follow his suggestions (including Superman!). It's an odd story, but I feel like Bates and Swan are going somewhere with it.

Adventure Comics #471: Plastic Man takes on the (Chester) Gouldian villain, Brickface, in a tale by Pasko, Staton, and Smith. We also meet I.Q. Small, alias Lowbrow. The Levitz/Ditko Starman has him taking on the alien Captain Krydd and featuring high quality dialog like: "That's right--Starman--and right now, that's spelled: F-U-R-I-O-U-S!"
Brave & the Bold #162: Kelley and Aparo present a tale of "the original" Batman (the Golden Age version. You could say the Earth-2 Batman, but Sgt. Rock is typically considered an Earth-1 character, so that doesn't fight exactly, either) and Sgt. Rock in World War II. It's a fun, if lightweight, story with the Iron Major as the villain.
Detective Comics #490: Only two of these stories are in any way interesting to me. The O'Neil/Newton lead feature sees Batman finally catching up with the Sensei for the death of Kathy Kane, but it's not really all that exciting in the end. The Robin story by Harris and Saviuk is amusing. Robin takes down a cheating ring that caused his girlfriend to have to retake a test. The masked ringleader is called the Answer Man!
Green Lantern #128: Wein and Cockrum take over from the usual team for a encounter with Hector Hammond, who (somehow) appears to be working for the Qwardian general who--in a shocking twist appears now as a teenage kid from some reason. Interestingly, this story asserts that GL's ring doesn't actually talk, but it's just Jordan projecting his subconscious thoughts. This runs counter to the portrayal in Morrison's recent run, at least.

House of Mystery #280: Both of these stories are weird. Wessler and Bulanadi present a tale of a wicked ruler who keeps the people in line with fear of monsters that come out of a magic painting he has. Except, that they are only illusions of monsters coming out of the magic painting. Until they aren't, and the ruler gets his comeuppance. The second story by Kashdan and Ayers is like something out of an Atlas/Marvel monster title from the '50s: A scientist tangles with Kharnu, the God of Lightning.
Legion of Super-Heroes #263: The parents of a handful of Legionnaires are lured to the clubhouse to be kidnapped by the Dagon the Avenger, who looks like a green, longhorned, Baron Karza. Jimmy Janes art on this Conway tale is pretty good, but the Legionnaires' parents aren't only in really good shape and fans of similar, revealing, clothing to their kids, they don't really look any older than them, either.
New Adventures of Superboy #5: This silly story about alien seeds in Ma Kent's tomatoes is interesting because it's ending has aliens offering to do something "impossible" for Jonathan Kent, and the caption at the end specifically ties it in to the storyline in Action Comics with Jonathan's return from the grave. I wasn't expecting that!
Sgt. Rock #340: If I told you that a Westpoint Lieutenant, author of a book called How to Win A War showed up to lead Easy Company, thinking he knows better than Rock, well, I'm sure you can predict what happens. The only surprise is that the Lieutenant is man enough to admit his errors. Back up stories in this issue are by Kelley and Yeates.

Super Friends #32: Scarecrow makes a forgettable appearance and Schaffenberger fills in for Fradon. He seems to be trying to follow the cartoon character designs a bit more than Fradon and gives the panels rounded borders, presumably for a TV feel. 
Unexpected #198: Two stories in this are okay. In a very EC-esque tale by Wessler and Ayers, a brilliant scientist who becomes a brain in a jar to escape the death of his body due to a medical condition, gets revenge on the assistant who tries to exploit his genius for financial gain. In "Eye on Evil" by Kashdan and Tanghal, a mix-up in a glasses prescription seals a man's doom when he is able to see the invisible lord of an evil cult.

Unknown Soldier #239: Haney and Ayers reveal a secret plot by the Germans to build a tunnel beneath the English Channel. Luckily the Unknown Soldier is there to thwart it. This story feels like it drags on to me.
Warlord #33: Warlord and Shakira meet munchkins and the hawkmen that eat them. Read more about it here
Weird Western Tales #67: A a snoozer of a morality play about greed with stiff art by Ayers and Tanghal. Maybe part two will get better, but I'm not counting on it.
This month also had two digests. Best of DC #5 is the year's best stories of 1979. I haven't read any of these. DC Special Blue Ribbon Digest #2 features a number of Flash and Kid Flash stories.

FIN7 sysadmin behind “billions in damage” gets 10 years

Malwarebytes - Tue, 04/20/2021 - 20:55

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known as FIN7.

Hladyr is the systems administrator for the FIN7 hacking group, and is considered the mastermind behind the Carbanak campaign, a series of cyberattacks said to stolen as much as $900 million from banks in early part of the last decade. Last week Hladyr was sentenced in the Western District of Washington to 10 years in prison for his high-level role in FIN7.

The Carbanak campaign first made international headlines in 2015 as one of the first malware campaigns that specialized in remote ATM robberies. But FIN7 had already been active for a few years at that point and was involved in a lot more banking and financial malware than just the ATM machines manipulation.

The malware

Since 2013 FIN7 have attempted to attack banks, e-payment systems, and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt. Carbanak is considered a further development of the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world.

The campaigns all started with spear-phishing targeted at bank employees. When targets executed a malicious attachment the criminals were able to remotely control the victims’ infected machine. With access to a bank’s internal network, they were able to work their way internally until they gained control of the servers controlling ATMs.

A very detailed analysis of Anunak by Fox-IT and Group-IB can be found here (pdf).

By the following year, the same coders had improved the Anunak malware into a more sophisticated version, known as Carbanak. From then onwards, FIN7 focused its efforts on developing an even more sophisticated wave of attacks by using tailor-made malware based on the Cobalt Strike penetration testing software, but Carbanak remained part of their toolset.

In the US alone, FIN7 successfully breached the computer networks of companies in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.


Many believe that the Carbanak malware was used by at least two separate entities. FIN7 and the Carbanak Group. This can be very confusing when trying to establish a timeline. Or when trying to solve any “whodunnit” mysteries. Once malware has been released and has proven to be successful you can count on other criminals trying to steal, copy, or rip off the code and techniques. So, if the Carbanak malware was used in a specific attack, it is not always clear which group was behind that attack, although it is clear that FIN7 was one of its users.

The arrest

The leader of the crime gang behind the Carbanak and Cobalt malware attacks was arrested in Alicante, Spain. The arrest was announced by Europol on 26 March 2018. According to Europol, the activities of the gang were believed to have resulted in losses of over EUR 1 billion for the financial industry.

Arresting the leader of that group did not stop the activities of the group though. The FIN7 campaigns appear to have continued, with the Hudson’s Bay Company breach using point-of-sale malware in April of 2018 being attributed to the group.

The arrest of Hladyr in August of 2018 at the request of the US Department of Justice, along with two other high-ranking members of the group did not have that effect either. In 2020 a cooperation between FIN7 and the Ryuk operators was suspected when the tools and techniques of FIN7, including the Carbanak Remote Administration Tool (RAT), were used to take over the network of an enterprise.

The conviction

After being extradited to the US in 2019, Hladyr pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking, in his role as the systems administrator of the FIN7 group.

According to acting US Attorney Tessa M. Gorman of the Western District of Washington:

This criminal organization had more than 70 people organized into business units and teams.  Some were hackers, others developed the malware installed on computers, and still others crafted the malicious emails that duped victims into infecting their company systems. This defendant worked at the intersection of all these activities and thus bears heavy responsibility for billions in damage caused to companies and individual consumers.

The Department of Justice says that Hladyr joined FIN7 via a front company called Combi Security but soon learned that it was a fake cybersecurity company with a phony website and no legitimate customers. It asserts that Hladyr served as FIN7’s systems administrator and played a central role in aggregating stolen payment card information, supervising FIN7’s hackers, and maintaining the servers used to attack and control victims’ computers. Hladyr also controlled the organization’s encrypted channels of communication.

The post FIN7 sysadmin behind “billions in damage” gets 10 years appeared first on Malwarebytes Labs.

Categories: Techie Feeds

An American Werewolf in London (1981) Converted To Sword of Cepheus & Cepheus Modern

Swords & Stitchery - Tue, 04/20/2021 - 19:50
 Hailing from the north of Yorkshire's moors, the curse of the werewolf was a horrific curse that was passed down from one victim of the werewolf's to another. The victim of such an attack will recover at an exceptional rate about a third of the time from seemingly mortal wounds. The victim has until the next full moon until they turn into one of the more animalistic proto werewolves to walk the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Top Comments – Pages 1495 – 1496

Looking For Group - Tue, 04/20/2021 - 15:50

Tuesday, YOU are the star! We curate our favourite comments from the previous week’s comments on lfg.co and Facebook and remind you how clever you are. Here are your top comments for Looking For Group pages 1495 – 1496. Looking […]

The post Top Comments – Pages 1495 – 1496 appeared first on Looking For Group.

Categories: Web Comics

Clark Asthon Smith's Zothique & The Second Chess Board - Appendix 'N' & Castles & Crusades - The D'Amberville Legacy

Swords & Stitchery - Tue, 04/20/2021 - 15:11
 There are times when my mouth should be shut. This morning was one of those. So last year we ran through a Castles & Crusades mixed with Amazing Adventures rpg campaign. And that campaign had the PC's end up on Zothique. And the PC's ended up working with & for the wizard-noble Stephen Amber (Etienne d'Amberville) from X2 Castle Amber By Tom Moldvay. Today was one of those days when DM Ricky hasNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

If a Mind Flayer Fed on D&D Characters’ Brains, It Would Go Hungry. Should PC Intelligence Matter?

DM David - Tue, 04/20/2021 - 11:00

In modern Dungeons & Dragons games, intelligence vies with strength as the most common stat where players dump their characters’ lowest ability score. Of classes in the Player’s Handbook , only wizard requires intelligence, a prime requisite that rarely figures in saving throws. And unlike in earlier editions, high intelligence no longer brings more skills or even languages. Am I the only dungeon master who spots a mind flayer in an adventure, realizes that only a wizard can make an intelligence save against a psionic blast, and feels a shameful excitement? We DMs rarely get a chance to stir panic by exploiting a weakness the players chose for themselves.

In original D&D, intelligence brought even fewer benefits than in the modern game. The rules lacked intelligence saves and checks.  Magic users needed the stat, but otherwise smart characters only gained languages. Still, at some tables, low-intelligence characters came with a steep penalty.

The Elusive Shift by Jon Peterson chronicles how after the release of D&D in 1974, discussion brought roleplaying from a single, revolutionary game to a mature hobby. The discourse started in fanzines like Alarums & Excursions and spread to magazines like Different Worlds, which treated roleplaying as a new art. The book shows how many seemingly modern controversies about styles of play actually date back to 1975 or so. For instance, gamers have argued about whether game masters should favor storytelling over impartiality almost since the first mention of D&D in a mimeographed zine.

One debate described in The Elusive Shift  seldom reappears now. It stems from the original D&D rules and this line: “Intelligence will also affect referees’ decisions as to whether or not certain actions would be taken.” In other words, dungeon masters could bar low-intelligence characters from taking clever actions dreamed up by a smart player.

The implications of intelligence go two ways. In 1975, Lee Gold wrote that when a player proposed an action too rash for a wise character or too dumb for a smart character, “a dungeon master should legitimately overrule a person’s call for his character.”

Especially in the days of roleplaying, when everyone generated characters randomly, many gamers saw playing low intelligence or low wisdom as both a penalty and as a demonstration of roleplaying skill.

In Alarums & Excursions issue 13 (1976), Nicolai Shapero wrote, “If I have a character with an intelligence of 6, and a wisdom of 8, I refuse to run him the same as an 18 intelligence 18 wisdom character. This has cost me characters…it hurts, every now and then.” However, he insisted that “it is a far more honest way of playing.”

Some gamers wondered if the players who ignored their character’s intelligence even counted as roleplayers. Did such gamers just play a game of puzzle-solving and battle tactics? Meanwhile, the gamers who favored tests of skill preferred games where players needed all their own wits to survive.

Nowadays, some players enjoy playing a low-wisdom character as someone who ignores signs of trouble and takes risks. Such recklessness leads to a more exciting game. But few players enjoy stifling their own ingenuity to play a lower intelligence. To be fair, the intelligence of a modern D&D character typically bottoms out at 8, just below average, but I suspect most D&D players are far more clever.

How do you roleplay intelligence and wisdom?

Categories: Tabletop Gaming Blogs

Gorgo & his mother "Ogra, the sea spirit" - A Charlton Comics Monster Menace For Cepheus Atom & the Barbaric! rpg

Swords & Stitchery - Mon, 04/19/2021 - 22:13
 Gorgo & his mother "Ogra, the sea spirit" are Kuiju from an inner Earth  volcanic rift  off the coast of Ireland near Nara island.  They are incredibly powerful giant monsters capable of vast amounts of destruction. Despite this flamethrowers and electric shocks are able to corral Gorgo. However the monster is capable of surviving atomic blasts & even alien weaponry. The waters around the Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Scrum Con 2021: online April 24-25

Zenopus Archives - Mon, 04/19/2021 - 13:12

This coming weekend, Scrum Con returns for the third time! This year's con will be solely virtual due to the ongoing pandemic; we hope to in-person gaming next year.
Going virtual allows us to expand to two days of games & more on Saturday, April 24th and Sunday, April 25th. Register for the con at our new website, scrum-con.com; the cost is $5, and there is currently no limit on the number of games you can register for. 
The following games and seminars currently have open seats:
Sat 10 AM-2 PM:
"Battle on the Borderland", a CHAINMAIL fantasy miniatures game run on a real sandtable.

Sat 2:30-6:30 PM:
"The Counterattack: Elves against the Dark Emperor", a Ral Partha Chaos Wars (2016 revived) miniatures scenario.
Sat 7-11 PM:
"The Garnet Town Gambit", a RIFTS Savage Worlds Adventure Game.
"Star Schlock - Battle for Verdo Prime": a tabletop miniatures skirmish game, based on 1980s Sci-fi Movies. See more here at the website for the game: Star Schlock.

Sun 11 AM-3 PM:
"Into the Dragon's Lair", a 5E D&D game for kids ages 9-14, run by a kid of like age (this one is free)
"Stringbags Out of Darkness", a "heavily modified Torpedo Raiders" WWII wargame scenario.
"Wampus Country: Into the Lumberlands", a Moldvay Basic D&D (aka B/X) game run by Erik Jensen of the Wampus Country blog (I'm signed up for this game).

Sun 1 PM:
Interview and Q&A with Jon Peterson, author of Playing at the World and The Elusive Shift.

Sun 3:30-7:30 PM:
"Ambush in Provence", a WWII tank-combat miniatures game run using the What a Tanker rules.
"In Deep Trouble", a fantasy miniatures skirmish game run using Crawlcraft, a custom system that blends D&D, Warcraft and MTG.

Categories: Tabletop Gaming Blogs

A Blaze in the Northern Sky, adventure review

Ten Foot Pole - Mon, 04/19/2021 - 11:11
By D.S. Myers Self Published Old Sword Reign Levels 1-2

An introductory, mini-dungeon crawl

This 21 page adventure has a nine room dungeon that takes two pages to describe. It reminds me of the early OSR adventures, where generic text was in generic adventures. 

The clue, gentle readers, is in the marketing blurb. “An introductory mini-dungeon crawl.” That certainly gets your juices flowing, doesn’t it! I can’t wait to run this! If you can’t be bothered to even market your adventure, just a little bit, then why would we think that the inside of the adventure would be any better? I hate marketing also but I do recognize you have to play the game.

The map is symmetrical. Just one hallway with two central rooms and six rooms having off of the hallway, three on each side, mirror images. *sigh* No complexity. No tactics. Just go from door to door and stab the goblins. Stab stab stab. 

There’s a 4hd ogre, a 5hd winter wolf and a wraith in the dungeon. For a party of levels 1 & 2. I get it, you can run away in the OSR. But in a symmetrical dungeon without tactical options? What exactly are you supposed to do? 

You meet an 8th level cleric on the (very short) trip to the dungeon. I guess he doesn’t give a shit about all the dead farmers in the burnt down copse of trees you encounter? 

“The local ranger fought and killed 3 goblins before succumbing to his wounds.” and “the dead rangers wife will gift them his elven chain mail and magic +1 sword named Fortune.” 

THIS IS NOT HOW YOU WRITE A FCKING ADVENTURE! Give the fucking dude a name. Give the fucking wife a name. DDon’t call him a ranger. Call him the local hermit, or weird loner, or whatever. He’s te scruffy dude people in the village avoid who smells like piss and then kills a bunch of gobbo’s when they show up. Jesus H … add some fucking specificty. 

I fucking hate my life. I FUCKING HATE IT. 

Two pages for nine rooms. “A large pile of anima bones near the entry door” That’s what passes for part of a description. “Large”, the most generic term there is. Generic words. Generic descriptions. No specificity. “Sh’Nakt’s pet winter wolf guards his treasures here. Sh’nakt raised the beast from a young age and it is loyal to him.” This is the height of evocative text for this adventure. The goblin, who you never have a chance of learning his name, has a name and the fucking dead loner dude whose wife give you his stuff doesn’t. 

This killed me. This is what broke me. This shit is what turned me from your average normal everyday happy go lucky D&D consumer in to the fucking idiot I am today. Thisi s the stuff I encountered when I discovered the OSR. Everyone said these adventures were great. Specific recommendations fot specific products … which were all written like this. Expansive generic text.

Yeah? Well Fuck You too. Why should your lives be any better than mine? If I have to sit through this fucking shit why should you get a pass just because I’m engaged in some curation. Yeah, no fucking shit my reviews suck lately. 

Ok, look, I’m going to try and turn this around. I’m gonna have breakfast.

This is a classic example of misplaced effort. When you write an adventure you need to focus your energy. If your adventure text is two pages long and your supporting pages are nineteen then it might be the case that you should spend some more time on your adventure text. A map of the countryside (present here) is a great addition! Except it should actually offer something to the adventure, unlike in this adventure. As it stands, it adds nothing and is just another art piece. The actual text of the encounters  should be something you SLAVE over. I mean, really agonize over. Are you sick and tired and looking at the words? If not, you’ve not spent enough time polishing them. You want to include specificity, not detail. You want evocative settings tht spring to life. You want encounters full of potential energy and possibilities. You want interactivity beyond stabbing. (And beyond talking, which is also relatively easy to achieve) Why is the ogre being controlled with a collar of control? Why isn’t he in charge? Or an ally? Or anything other than “magic item controls him?” “Smells of burnt hair and flesh” is a good description. You need more like that. You need to build on that. Agitated is not an evocative word for wounded goblins. 

Agonize over your creation. Pretend that this isthe only thing for which you will ever be known for or remembered by, by even your family.

IMAGINE, don’t design. 

This is $3 at DriveThru. There is no preview.


Categories: Tabletop Gaming Blogs

A Missionary’s Unexpected Petition

Just Call Me Pastor - Mon, 04/19/2021 - 11:00

I have known many admirable missionaries across my 95 years, but one stands out especially. 

I was in my early twenties when I first met the Reverend J. W. Haley, a man known for his fervent prayer and bold faith. 

In 1902, he was appointed to serve in a developing missionary field in South Africa, leaving behind his pastorate in Westview, Saskatchewan. In 1933, by then an experienced missionary, he traveled from South Africa to the Congo in Central Africa to investigate a new opportunity for the Gospel. This trip opened a strong field in Free Methodism’s missionary efforts. 

Soon after the missionary’s work in the Congo began, God sent an unusual visitation of his Holy Spirit to that region. The Congolese people experienced a deep awareness of sin and a strong impulse to confess sins openly. This work of the Spirit went on for some time and many came to faith. 

Sometime in the middle of the 1940s Rev. Haley, now back in his homeland, visited Lorne Park College, a Free Methodist junior college near Toronto, where he addressed the students in a chapel service. I was a student and part-time staff, and afterwards I had a conversation with this unpretentious man whom I greatly admired. 

I mentioned my fundraising efforts for the college. I explained that took a singing group out to a congregation, had the group present special music and then I spoke of the ministry of the college and received an offering. Rev. Haley offered to make the school’s ministry part of his prayers.

Our paths crossed during the following summer when he was at the Maple Grove campground near London, Ontario, to represent overseas missions, and I was there to represent the college. I mentioned his promise of prayer, and he sent me to the missionary cottage where he said he would join me.

After a bit of conversation, he turned a chair around and knelt. I followed his lead. After a short period of silence, he began: “Lord, there is so much in us that needs forgiving.”

I was startled. I did not expect a prayer like that from a man of such spiritual strength. The opening sentence of his prayer remains word-for-word in my memory to this day. And I have come to see how acknowledgment of the need for forgiveness is appropriate in even the most mature Christian’s prayers.

With the passing of the years I believe ever more deeply that prayer is deficient if it does not have a note of penitence in it. After all, we are speaking to God, the Almighty, who is utterly holy, and lives in realms of light without a trace of sin. We may be his redeemed creatures, but even if we are filled with the energy of his Spirit, we need the benefits of the atonement continuously.

The Apostle John puts it this way: “My dear children, I write to you so that you will not sin. But if anybody does sin, we have an advocate with the Father — Jesus Christ the Righteous One. He is the atoning sacrifice for our sins, and not only for our sins, but for the sins of the whole world” (1 John 2:1-2). 

In living out the life of faith, we can be certain of our redemption through faith in Christ Jesus. And at the same time, we grieve over human deficiencies and foibles that limit our influence for Him. 

Being certain of our Father’s help, we can pray each day: There is much in us that needs forgiving.

Image credit: Alexander Baxevanis (via flickr.com)

Categories: Churchie Feeds

Sentinel Comics RPG Session 2: "Mayhem at the Midnight Museum!"

Sorcerer's Skull - Mon, 04/19/2021 - 11:00

Roll Call:

Action Jack: Man of Action--Man Out of Time!
Infranaut: IR-Powered Celebrity Hero!
Il Masso: The Rock-Solid Hero of Little Italy!

Supporting Characters: Zauber the Magnificent; Fibbit

Villains: Spiderbots

Synopsis: Only moments after the revelations at the end of the last adventure, the group experiences a wave of what can only be described as jamais vu, and Space Racer is gone! Only Fibbit notices for certain he is gone, but when she points it out to the others, they agree that they vaguely remember him. Fibbit walks off into high order dimensions to investigate, promising to catch up with the guys "somewhere in the timeline."

A frantic police officer tells the heroes that a giant spiderbot has risen from the Eald River and is attacking a building in vicinity of the Gasworks. Infranaut flies himself and Action Jack to the scene. He doesn't quite stick the landing and they both come up a little off-balance. Il Masso takes a prodigious leap, but winds up crashing through a building on the way there.

They find the strange building they saw before surrounds by a shimmering field, which is in turn cover with spiderbots. The spiderbots are being steadily released by a sixteen foot tall "mothership" like a bigger version of them. There are a number of bystanders webbed up and strung around the area. Within the shield, Zauber the Magnificent seems taxed to his limit.

In a pitch battle, the heroes defeat the spiderbot, and Infranaut manages to rescue some of the bystanders. Even with the mothership disabled, the attack continues. Each hero trashes a number of spiderbots, and Infranaut throws Action Jack in the midst of them to play hell, but one manages to make it into the building.

Il Masso busts through the wall. It registers with him that the place must be a museum of some sort from the looks of it, but he doesn't have much time to look around, as he is scrambling to grab the spiderbot. It seems to be going for antique book within a plexiglas case. In their struggle they knock the display over.

Jack and Infranaut launch attacks that destroy the bot. While Infranaut and il Masso puzzle over the book, Jack helps Zauber to a waiting ambulance. They notice that Zauber has aged significantly during the fight; he now looks more like a man of his actual years.

Before Zauber is carried away he warns Jack: "We won't stop coming. If he can't get the book now, he will try in some other time."

"Who?" Jack asks.

"Anachronus, the Destroyer of Timelines," Zauber replies before falling unconscious.


Subscribe to Furiously Eclectic People aggregator