Feed aggregator

Session Report Zero - High Tech Mysticism & High Caliber Adventure - Nightshift Veterans of the Supernatural Wars By Jason Vey & Ben Laurence's Through Ultan's Door

Swords & Stitchery - Sun, 05/02/2021 - 19:33
 So today we've  gotten the chance to put into practice some of the things we've been talking about here for sometime. And this goes back into a whole cloth other direction in today's game session or one shot. Or should I say the Connecticut one shot. In 1919's Connecticut in the little town of  Bingham tucked in the  Northwestern hills the residents  are stumped by the disappearance of twenty Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

DC, June 1980 (part 1)

Sorcerer's Skull - Sun, 05/02/2021 - 14:30
I'm reading DC Comics' output from January 1980 (cover date) to Crisis! This week, I'm looking at the comics at newsstands on the week of my 7th birthday in February 1980.

Batman #323: Cat-Man puts Batman and Catwoman in an almost 60s TV show death trap, which they escape. Cat-Man's potentially magical cloak seems to heal Catwoman's fatal-at-any-moment illness no one ever seemed to name. Weak sauce, Wein and Novick! Nice Aparo cover, though.
DC Comics Presents #21: In a story by Barr and Dillin, we get an appearance by Captain Comet, comics' first identified mutant superhero (as far as I know). Another mutant tries to steal Captain Comet's powers out of jealousy in an elaborate plot.
Flash #283: This issue is like a Silver Age throwback complete with a title page and a silly villain like the Rainbow Raider. The Flash triumphs by using his power creatively, though, which is kind of cool.
Ghosts #86: Three sort of novel ghostly stories of revenge. These stories drive home how much the ghost story (at least as DC does it) often involves the murderer dying in the same way as their victim. The Kashdan/Yeates story "The Phantom's Last Act" has the twist of the killer acknowledging the ghost's existence, but not being afraid of it due to its incorporeality, then panicking when it threatens to reveal his secret in a halogram display, and getting himself killed.

G.I. Combat #220: One thing I've noticed about these Haunted Tank stories: the ghost of J.E.B. Stuart shows up less than you might think from the name of the strip. In these 3 stories written by Kanigher and grittily rendered by Glanzman, the crew play host to a no-nonsense Soviet Major who happens to be a woman, they are forced to haul a big gun for the Germans to keep Belgian hostages safe, and they run into Rock and Easy Company on the way to Bastogne. There are a lot of cameos in these war books. In other tales, Kanigher puts a plug in for the indigenous people of a Pacific Island (if with a cringeworthy portrayal) as a warrior gets the better of both the Japanese and American invaders, and Haney and Caliva tell the life story of a G.I. canteen.
Jonah Hex #34: Fleisher gives us another story of Hex's Civil war past, this one revealing how he was the one that killed Stonewall Jackson in a friendly fire incident at Chancellorsville. The only problem is Fleisher told us a couple of issues ago that Hex left the Confederate Army right after the Emancipation Proclamation, and so shouldn't have even been there.
Justice League of America #179: Conway's creation, Firestorm, gets to join the JLA. He immediately gets into trouble crossing a disco super-model vampire, the Satin Satan!

Secrets of Haunted House #25: A criminal and a vampire (who apparently doesn't know how her powers work in some crucial ways) try to make it across some really hostile wilderness in a weird story by Catherine Barrett Andrews, Stuart Hopen, and artist June Lofamia. The second story was written by famous letterer Todd Klein and has art by von Eeden. It's one of those typical "trying to escape Destiny only leads you to do the exact thing you were supposed to do" yarns.
Superman #348: Conway and Swan deliver a pretty nonsensical tale of an old Native American who summons an extradimensional storm monsters with some sort of alien artifact. Neither the monster or the artifact are ever explained, but hey, Superman tosses them both into another dimension where they're somebody else's problem, I guess, and gives the old guy a regular rock as a replacement. Problem solved!
Weird War Tales #88: Fleisher and Ocampo deliver a problematic story about the Seminole Wars where the U.S. can't defeat the tribe because they have the fountain of youth to keep their people young and healthy. It all ends in tears though as a would-be white savior you turned on his unit gets killed by his commander who then destroys the sacred waters, dooming the Seminole. Alligators get him in the end, though.
Wonder Woman #268: Animal Man is still guest staring, but now they're in France fighting some ridiculous assassins. 

High Tech Mysticism & High Caliber Adventure - Nightshift Veterans of the Supernatural Wars By Jason Vey & Law vs Chaos with the Weird

Swords & Stitchery - Sun, 05/02/2021 - 05:44
" The one thing that we yearn for in our living days, that makes us sigh and groan and undergo sweet nauseas of all kinds, is the remembrance of some lost bliss that was probably experienced in the womb and can only be reproduced (though we hate to admit it) in death.Part Two, Ch. 4"On the Road (1957) Jack Kerouac Now we've talked frequently about the modular nature of the various OSR clones on Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

The Final Score – Blake’s 7: Avalon 2!

Blogtor Who - Sat, 05/01/2021 - 18:30

It’s a meeting of criminal minds in The Worlds of Blake’s 7: Avalon 2, due for release in June 2021 Surprise! It’s Bayban, back a little earlier than you might have been expecting. As a juicy appetiser to his own box set, due for release in December 2021, Colin Baker’s man at the top of […]

The post The Final Score – Blake’s 7: Avalon 2! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

The Legacy of Lum The Mad & Leuk-O In Greyhawk & The Wilderlands of High Fantasy

Swords & Stitchery - Sat, 05/01/2021 - 15:36
There are ton of thoughts roaring through my head today after speaking with DM Steve & DM Ricky. One of those was looking over notes from 2019 concerning our Godbound/Cha'alt game campaign. Some of this goes all of the way back to our 2019 Victorious rpg campaign. That morphed into Godzilla 1889 & then bled into Amazing Adventures. The real question was, in the Wilderlands of High Fantasy was Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

The Heart of the Misty Island

Ten Foot Pole - Sat, 05/01/2021 - 11:11
By Rodrigo Oliveira O Mochileiro Shard Swords & Sinister Spells "Try to survive"

A long time ago, an ancient civilization inhabited the world. Nothing is known about them, except for the ancient scriptures that they left. They used an ancestral dialect, which was forgotten, along with themselves. Some powerful wizards who researched ancient knowledge, know how to speak and read this language, because they believe that they possessed enormous magical knowledge.  Popular belief says that this civilization ceased to exist overnight, simply disappearing. No one knows how, no one knows why.  Many believe that this civilization was transported to another dimension by means of very powerful magic, and whoever manages to find out how to find it, will probably have access to all this knowledge, in addition to countless riches.

This 38 page adventure to a misty island has about ten pages of content that describes the trip and the natives, sacrificing people, on the island. It’s a simple oneshot that lacks much in the way of adventure due to its flowchart like plot.

This is using a flowchart like mechanism to run the adventure. If you stay on the ship then go to scene STAY or if you explore the island go to scene EXPLORE If you try to escape the prison cell go to scene BREAKOUT, or go to scene SACRIFICE if you stay in the cell. There’s maybe ten or so scenes, most of them take about a third of a page to describe, with the rest of the single-column page being devoted to giant art pieces from what looks like old word masters. 

You start on the ship, on the voyage which, I must say, has some interesting rumors Things like a map hidden in the library or the captain alone on the deck muttering to himself. These are great because they spark roleplaying on the ship. The party searches the library or watches/interacts with the captain. If only … the crew and passengers had anything to them. No names or personalities, just the number noted, so nothing here to help actually run the adventure.

The ship runs ashore in a mist on an island and this is where the flowchart like scenes start. Some of them can be quite railroady like “If the characters are in the AMBUSH scene, everything happens very fast, they will be strongly hit and passed out before they even understand what is going on.” So … ok. Why do this? There are plenty of other scenes that don’t do this but just have notes about the natives capturing the characters … so why force it in one particular scene? This sort of removal of player agency is never a good thing (outside of a hook, sometimes.)

The height of evocative writing is in the sentence “On the island’s soil there are trails made by different creatures, some of them can be known by the characters, like giant spider, giant centipedes.” There’s clearly a second language issue here, but I don’t really care about the awkward phrasing, Mr. Jefferson. What’s more to the point is the straight forward fact based writing that carries little to spark the imagination and wonder of the DM, the thing that an adventure lives and dies on. You just wander from scene to scene, fight natives, fall in a pit, and eventually arrive at a sacrifice ceremony where, maybe, an alien magician shows up.

It’s all just more than a bit boring. I’m sure it doesn’t match the vision the designer had, but there were, as is usual, issues in communicating that vision to the purchaser. It’s a few steps above a Steve WIllet adventure.

This is $10 at DriveThru. There is no preview, which would have clued the buyer in to what they were thinking about purchasing.

https://www.drivethrurpg.com/product/354012/The-Heart-of-The-Misty-Island?1892600

Categories: Tabletop Gaming Blogs

The Lone Centurion Volume 2: Camelot – Arise, Sir Rory!

Blogtor Who - Sat, 05/01/2021 - 07:00

Sir Rory to the rescue! The Lone Centurion is back in Volume Two: Camelot, due for release in July 2022 The theme for the second volume of full-cast audio adventures for Rory Williams (Arthur Darvill) has been revealed. While Volume One took the Lone Centurion to ancient Rome, Volume 2 finds Rory in the court […]

The post The Lone Centurion Volume 2: Camelot – Arise, Sir Rory! appeared first on Blogtor Who.

Categories: Doctor Who Feeds

It! The Terror from Beyond Space 1958 film adapted for The Cepheus Engine's Hostile Rpg Setting

Swords & Stitchery - Sat, 05/01/2021 - 06:03
 The Martian Reptilian is a horror from some unknown star system that crash landed on Mars or perhas a mutated survivor of some lost Martian civilization. The xeno reptilian as it has become known is a strange abomination like exotic hybrid of the Reticulan Xenomorphic & some unknown alien life form. The creature shares many of the xenomorphic biological & ecological traits. This includes an Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Task Force delivers strategic plan to address global ransomware problem

Malwarebytes - Fri, 04/30/2021 - 19:52

The Ransomware Task Force (RTF), a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware.

The report, entitled “Combating Ransomware – A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force”, which you can read here [PDF]  advocates for “a unified, aggressive, comprehensive, public-private anti-ransomware campaign.”

The purpose of creating the document seems to be threefold: first, to educate the targeted reader—in this case, policy makers and industry leaders—about the dangers of ransomware; second, to call for unification amongst organizations to collectively beat the ransomware enterprise; and third, to guide organizations and governments on action items (48 in total) they can pursue to disrupt the ransomware-as-a-service (RaaS) model and extensively lessen the impact of current and future attacks.

“This is great news and sorely needed,” says Jerome Segura, Director of Threat Intelligence at Malwarebytes, in an email. “One key aspect is, of course, international cooperation (or the lack thereof) which has proven to be a key reason why many criminals from Eastern Europe can continue their business without real fear of prosecution.”

Ransomware: a threat to national security

Ransomware attacks had been popping up left and right, even before the COVID-19 pandemic threw a wrench into cybersecurity efforts of many already challenged companies and industries. Ransom demands inflated steeply through the pandemic, and the money raised appears to be being reflected in increasing innovation and sophistication.

The report quantifies the impact of a ransomware attacks with some startling statistics. According to the RTF the average ransom payment in 2020 was $312,493, an increase of 171% over the previous year. Perhaps even more costly and damaging, it puts the average time it takes to fully recover from a ransomware attack at just over nine months.

Ransomware statistics collated by the task force (Source: The RTF Report 2020)

Note that these are average numbers, which means that there are cases when organizations have dealt with much longer downtimes and paid far higher ransoms (demands go into the tens of millions) to get their businesses back up and running as quickly as possible.

Gone are the days when threat actors behind ransomware campaigns targeted organizations they thought had the means to readily cough up money to meet their demands. These past few years, ransomware gangs have become more opportunistic, perhaps comforted by the wide availability of ransom insurance. They have deliberately targeted networks and breached systems of vital infrastructure, such as hospitals, schools, local governments, and nuclear plants, knowing full well that they may be putting lives at risk.

Organizations who refuse to pay the ransom have then to deal with the data leaking that will inevitably follow; the delays caused by identifying and fixing the problems that allowed the ransomware gang into its systems; and the cost to undergo crisis management efforts and generally getting back on track as quickly as possible, while also increasing their overall cybersecurity posture. On the other hand, organizations who do pay the ransom get to spend millions of dollars, too, on top of the ransom payment and still aren’t guaranteed to get their data back, or a speedy recovery.

Ransom payments may then used to fund criminal enterprises that, for example, engage in human trafficking, terrorism, and “the proliferation of mass destruction”. But perhaps the most damaging of all is that ransomware attacks can sow doubt in the minds of the public towards public institutions.

To add salt to the wound, ransomware threat actors do this from within countries that are turning a blind eye to, or even encouraging, these cybercrime campaigns. They are safe havens where gangs know they won’t be charged, prosecuted or extradited for their actions. It is not difficult then to see why the RTF urged its audience to “raise the priority of ransomware within the intelligence community, and designate it as a national security threat” while advocating the use of “criminal prosecution and other tactics”.

Core actions organizations and governments must take

Although there are multiple steps recommended in the report, the RTF prescribes that these steps should be viewed and considered part of a bigger whole as they were each designed to complement and build on each other.

According to the report:

“The strategic framework is organized around four primary goals: to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the business model and reduce criminal profits; to help organizations prepare for ransomware attacks; and to respond to ransomware attacks more effectively.”

To see the necessary impact against the ransomware enterprise, the task force stresses the importance of adopting these steps as soon as possible, with continuous coordination among the involved parties at a national and international level. (The RTF has proposed that the US government take charge in international coordination efforts with its partners.)

Among its priority recommendations, the RTF proposes that greater prioritization be given to an intelligence-driven anti-ransomware efforts; mandatory reporting of ransomware attacks and the creation of Cyber Response and Recovery funds; the development of a framework to help organizations prepare for, and respond to, ransomware attacks; and greater regulation of the cryptocurrency sector.

Among the action items to be done, these are the five most urgent, according to the Ransomware Task Force. The rest are supporting actions that strengthen or lead to the fulfillment of these five. (Source: The RTF Report 2020) About the RTF and other anti-ransomware efforts

The Institute of Security and Technology (IST) is the host organization that launched the Ransomware Task Force four months ago in December 2020. Before this, significant efforts have been made by organizations within or associated with the cybersecurity industry in combating ransomware.

In January this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched the Reduce the Risk of Ransomware Campaign where it focused on educating the public and private sectors on anti-ransomware best practices and what tools and resources to use to mitigate attacks. CISA’s one-stop page for everything one needs to know about ransomware can be found on this CISA ransomware page.

In July 2016, Europol’s European Cybercrime Centre joined forces with other law enforcement bodies and IT security companies to launch No More Ransom (NMR). Similar to the above mentioned efforts, NMR also aims to help victims recover their data without shelling out money. They do this by collating decryption tools for ransomware families, created by cybersecurity volunteers. You can learn more about No More Ransom by visiting its official website.

The post Task Force delivers strategic plan to address global ransomware problem appeared first on Malwarebytes Labs.

Categories: Techie Feeds

High Tech Mysticism & High Caliber Adventure - Nightshift Veterans of the Supernatural Wars By Jason Vey & Original Dungeons & Dragon's The Underground & Wilderness Adventures

Swords & Stitchery - Fri, 04/30/2021 - 15:53
 We should be wondering tonight, "Is there a world?" But I could go and talk on 5, 10, 20 minutes about is there a world, because there is really no world, cause sometimes I'm walkin' on the ground and I see right through the ground. And there is no world. And you'll find out."Is There A Beat Generation?" forum at Hunter College, New York, New York (8 November 1958)Jack KerouacSomeplace along theNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Patons Striped Hourglass Basket

Moogly - Fri, 04/30/2021 - 15:01

The Patons Striped Hourglass Basket is a smart and functional crochet container that is useful in every room of the home. Perk up your houseplants, organize your ornaments, and manage your mess with this free crochet pattern – video tutorials included! Disclaimer: This post is sponsored by Yarnspirations, all opinions are my own.  Haute Home...

Read More

The post Patons Striped Hourglass Basket appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0
Categories: Crochet Life

Friday Larchive – 100 Seconds Left Theme Play

Looking For Group - Fri, 04/30/2021 - 14:45

Fridays, we open the Larchives, Lar’s extensive archive of art work oddities, and share a few pieces. Thank you all! The DeSouza’s raised $17 861 so far of their $17 000 goal! This may sound strange to hear from me, Peach’s […]

The post Friday Larchive – 100 Seconds Left Theme Play appeared first on Looking For Group.

Categories: Web Comics

Link Love: My Favourite Things This Week

Knitted Bliss - Fri, 04/30/2021 - 14:29

www.knittedbliss.com

My Favourite Articles and Links This Week Misinformation is poised to become one of the biggest crises threatening our world, but there is actually a website that has already figured out exactly how to stop misinformation. It’s not easy, but it’s proven that it works. A fascinating read! Feeling a little stuck in a rut?

The post Link Love: My Favourite Things This Week appeared first on %%www.knittedbliss.com%%.

4
Categories: Knitting Feeds

IoT riddled with BadAlloc vulnerabilities

Malwarebytes - Fri, 04/30/2021 - 12:05

The Cybersecurity and Infrastructure Security Agency (CISA) has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected “things”. The number of affected devices could be enormous.

As is the fashion these days, the collection of vulnerabilities has been given a name: BadAlloc. CISA has assigned a vulnerability score of 9.8 out of a maximum of 10 for the BadAlloc vulnerabilities and has urged organizations to address these issues as soon as possible.

The vulnerabilities included in BadAlloc

BadAlloc is a large set of remote code execution (RCE) vulnerabilities found by Microsoft’s Section 52:

These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.

Section 52 is Microsoft’s Azure Defender for IoT security research group consisting of IoT/OT/ICS domain experts that reverse-engineer malware, and track ICS-specific zero-days, campaigns, and adversaries.

Where does the name BadAlloc come from?

The researchers found that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations. Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device.

Heap is the name for a region of a process’ memory which is used to store dynamic variables. If these get written to the wrong place, an attacker could input malicious data, which if it is not validated, could allow an attacker to perform remote code execution, or crash the affected system.

In the programming language C++, bad_alloc is the type of the object thrown as exceptions by the allocation functions to report failure to allocate storage. So, this may have been the inspiration for the name.

Which devices are affected?

This is a long list and some of these, in turn, represent a lot of different devices:

  • Amazon FreeRTOS, Version 10.4.1
  • Apache Nuttx OS, Version 9.1.0 
  • ARM CMSIS-RTOS2, versions prior to 2.1.3
  • ARM Mbed OS, Version 6.3.0
  • ARM mbed-uallaoc, Version 1.3.0
  • Cesanta Software Mongoose OS, v2.17.0
  • eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
  • Google Cloud IoT Device SDK, Version 1.0.2
  • Linux Zephyr RTOS, versions prior to 2.4.0
  • Media Tek LinkIt SDK, versions prior to 4.6.1
  • Micrium OS, Versions 5.10.1 and prior
  • Micrium uCOS II/uCOS III Versions 1.39.0 and prior
  • NXP MCUXpresso SDK, versions prior to 2.8.2
  • NXP MQX, Versions 5.1 and prior
  • Redhat newlib, versions prior to 4.0.0
  • RIOT OS, Version 2020.01.1 
  • Samsung Tizen RT RTOS, versions prior 3.0.GBB
  • TencentOS-tiny, Version 3.1.0
  • Texas Instruments CC32XX, versions prior to 4.40.00.07
  • Texas Instruments SimpleLink MSP432E4XX
  • Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
  • Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
  • Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
  • Uclibc-NG, versions prior to 1.0.36 
  • Windriver VxWorks, prior to 7.0

Microsoft worked with all the affected vendors in collaboration with the US Department of Homeland Security (DHS) to coordinate the investigation and release of updates.

Mitigation

For now, we have not seen any indications of these vulnerabilities being exploited, but given the amount of available targets, you can be sure exploits are being sought. Unlike computers, Internet-connected devices can be difficult, or even impossible to update. Because of that, mitigating against these issues could be extremely important for years to come.

In the CISA advisory you can find a list (under 4. Mitigations) which shows the updates that are available. The agency advises users to take the following defensive measures, to minimize the risk of exploitation:

  • Apply available vendor updates.
  • Ensure that affected devices are not accessible from the Internet.
  • Minimize network exposure for all control system devices and/or systems.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • Use secure methods, such as Virtual Private Networks (VPNs), when remote access is required.

Microsoft provides the following mitigation advice:

…we recognize that patching IoT/OT devices can be complex. For devices that cannot be patched immediately, we recommend mitigating controls such as: reducing the attack surface by minimizing or eliminating exposure of vulnerable devices to the internet; implementing network security monitoring to detect behavioral indicators of compromise; and strengthening network segmentation to protect critical assets, as described in the mitigations section at the end of this blog post.

Stay safe, everyone!

The post IoT riddled with BadAlloc vulnerabilities appeared first on Malwarebytes Labs.

Categories: Techie Feeds

What is an IP address? Do I need one?

Malwarebytes - Fri, 04/30/2021 - 10:52

An IP address tells computers how to find a certain device within a computer network. An IP address is like an address label for information packets. For each network your computer is connected to, it has a unique IP address on that network. So, one device can have several IP addresses at the same time. In most home computers you may see traffic on these IP addresses:

  • 127.0.0.1 is the loopback address which is used if something on your device needs to talk to another service on the same device.
  • A home network address which is usually in a range reserved for private networks. Well known ranges for this purpose start with 10. and 192.168. which are often pre-programmed in routers whose job it is, among others, to assign IP addresses to connected devices.
  • Your IP address on the Internet, which is in most cases is assigned to you by your Internet Service Provider (ISP), and changes from time to time. You can learn your current Internet IP address by looking at this site.
What does IP stand for?

IP is short for Internet Protocol and is part of TCP/IP which is the networking software that makes it possible for your device to interact with other devices on a computer network, including the Internet. TCP/IP is actually a stack of protocols that make it possible for computers around the world to communicate without differences between languages and hardware. For a device to be able to use the Internet protocol it needs to have IP software and an IP address.

How are IP addresses written?

Most IP addresses that you see will be Internet Protocol version 4 (IPv4) addresses. These have 32 bits of information and are written in four octets of eight bits. Since we are used to working with decimal numbers, you will usually see the four octets written as four decimal numbers between 0 and 255, separated by dots. For example, at the time of writing, the computer running this website had an IP address of 130.211.198.3.

Decimal vs octal

In some cases, it might be beneficial to know the difference between the different notations.

Decimal means a number expressed in the base-ten system which is the system that we use every day that uses the ten digits 0-9, whereas octal means the number system that uses the eight digits 0-7.

Since an IP address is a 32-bit number, sometimes it makes sense to use the octal number system instead of decimal. The decimal IP address 127.0.0.1 looks like 0177.0000.0000.0001 in octal. A computer will recognize both of them as different, equally valid ways of writing the same address. Here’s why:

In decimal, numbers are written according to how many ones they have, how many tens, how many hundreds, and so on. So, the number 127 is 1 * 100, 2 * 10 and 7 * 1.

In octal, numbers are written according to how many ones they have, how many eights, how many 64s, and so on. So, the number 127 is represented as 0177, which is 0 * 128, 1 * 64, 7 * 8 and 7 * 1.

Running out of IP addresses

There are only 4,294,967,296 different combinations of four numbers between 0-255, so that is the theoretical maximum number of IPv4 addresses you could have on any one network (in reality it’s less than this because some IP address ranges are reserved).

In November 2019, the RIPE NCC (the regional Internet registry for Europe, West Asia, and the former USSR) announced that it had exhausted its pool of IPv4 addresses. This did not come as a surprise, and it didn’t mean that suddenly nobody could have an IP address—sometimes addresses can be recovered, and networks can be extended using Network Address Translation—but it demonstrated the need to implement the successor of IPv4. RIPE warned that “Without wide-scale IPv6 deployment, we risk heading into a future where the growth of our Internet is unnecessarily limited. “

IPv4 and IPv6

What is Internet protocol version 6 (IPv6) and what makes it different from IPv4? Obviously, since one of the reasons to deign IPv6 was the shortage of IPv4 addresses, there are more IPv6 addresses available. As we pointed out earlier an IPv4 address is a 32 bit number, whereas IPv6 address is a 128 bit number. IPv4 is a numeric addressing method whereas IPv6 is an alphanumeric addressing method. And where IPv4 binary bits are separated by a dot(.), the IPv6 binary bits are separated by a colon(:).

The difference in bits allows for IPv6 to multiply the number of possible IP addresses by 1028, which may not sound like much, but it gives us 340 trillion trillion trillion possible addresses!

There are technical differences between the protocols as well. We will not handle them in detail as that is outside the scope of this post, but it’s good to be aware of them:

  • IPv6 has built-in quality of service (QoS).
  • IPv6 has a built-in security layer (IPsec).
  • IPv6 eliminates the need for Network Address Translation (NAT).
  • IPv6 enables multicasting by default which means the same packet can be sent to several addresses.
IP addresses and geolocation

IP addresses are allocated on a geographic basis, so they can be used for a crude form of geolocation. An important thing to remember though, especially for all the Internet detectives out there, is that finding out an IP address does not provide you with a physical location. The result you get from looking up an IP address’s location can be wrong by hundreds of miles. The location of an IP address on a map can be very misleading as it will often point to the location of the ISP that assigned the address, or to the center of an area where similar IP addresses reside. Innocent people have been harassed, even by the police, based on misunderstanding these “maps”.

IP-based geolocation is useful for website geotargeting (showing users content based on their country or region) but it is not suitable if you want to pay someone a visit.

Aside from geolocation, there is another way to connect an IP address into a physical address: Your Internet IP address is typically allocated by your ISP, and your ISP typically knows your physical address. Anyone who can convince your ISP to give up that information, either by buying it, issuing a subpoena or by social engineering, can learn your address.

How to hide your IP address

Many people don’t like their IP address to be known or visible to the websites or services they are interacting with. There are various possible reasons for wanting to hide your IP address. As awareness of corporate surveillance and criminal hacking has grown, so have concerns about personal privacy. Many people believe that it should be their choice when and how they give up some of their privacy, and don’t want prying eyes on their normal, legitimate behavior.

A Virtual Private Network (VPN) gives you more control over the IP address and other information that is visible on the Internet. Of course, you still need an IP address when using an online service or website, or the packets will not know where to go, but the outside world can only see your VPN provider’s IP address, not the one given to you by your ISP.

By using a VPN, your packets are taking a detour. Compare it to a PO box where you can have your mail sent without providing your physical address to the sender. With the difference that you don’t have to go out and fetch it, it still gets delivered to your home by the one thing that knows your real IP address: The VPN provider that you have decided to trust.

The post What is an IP address? Do I need one? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Signal app insists it’s so private it can’t provide subpoenaed call data

Malwarebytes - Fri, 04/30/2021 - 09:29

Signal—the private, end-to-end encrypted messaging app that surged in popularity in recent months—once again reminded criminal investigators that it could not fully comply with a legal request for user records and communications because of what it asserts as a simple, unchanging fact: The records do not exist on Signal’s servers.

This is at least the second request of this kind that Signal has received in the last five years, and in the same time period, similar government demands to pry apart end-to-end encrypted communications have become commonplace. Every single time the government has tried this—from the FBI’s insistence in 2016 that Apple create new software to grant access to a device, to the introduction of the EARN IT Act in Congress last year—cybersecurity experts have pushed back.

The legal request to Signal came from the US Attorney’s Office in the Central District in California in the form of a federal grand jury subpoena. According to the subpoena, investigators sought “all subscriber information” belonging to what appeared to be six Signal users. The requested information included “user’s name, address, and date and time of account creation,” the date and time that the users downloaded Signal and when they last accessed Signal, along with the content of the messages sent and received by the accounts, described in the request as “all correspondence with users associated with the above phone numbers.”

Signal responded to the subpoena with help from lawyers from American Civil Liberties Union. According to the company’s response, Signal could only comply with two categories of information requested by the US Attorney’s Office.

“The only information Signal maintains that is responsive to the subpoena’s inquiries about particular user accounts is the time of account creation and the time of the account’s last connection to Signal servers,” wrote ACLU attorneys Brett Kauffman and Jennifer Granick. Kauffman and Granick also addressed some of the US Attorney’s Office’s questions about the physical locations of Signal’s servers and whether the technical processes of account creation and communication for Signal users in California ever leave the state of California itself.  

In a blog published this week, Signal said why it again could not comply with a subpoena for user information, explaining that, because of the app’s design, such user information never reaches their hands.

“It’s impossible to turn over data that we never had access to in the first place,” the company wrote. “Signal doesn’t have access to your messages; your chat list; your groups; your contacts; your stickers; your profile name or avatar; or even the GIFs you search for.”

This lacking access, while excellent for user privacy, has frustrated law enforcement for years. It is a problem that is often referred to as “going dark,” in that the communications of criminals using end-to-end encrypted messaging apps are inaccessible to any third parties, including government investigators. Former Deputy Attorney General Rod Rosenstein has referenced the “going dark” problem, as has current FBI Director Christopher Wray. Many other representatives have, as well, and each time their refrain has stayed the same: End-to-end encrypted messaging apps provide a level of security that is too extreme to allow without a way for law enforcement to break through it.

But it’s magical thinking on the government’s part.

As many cybersecurity experts have explained over literal decades, allowing third parties to access secure, end-to-end encrypted communications will, by definition, make them less secure, functioning in effect as a backdoor. And a backdoor, in and of itself, is a security vulnerability.

Signal’s efforts to publicize its grand jury subpoena are notable—these requests often come with an instruction that the recipient not disclose any details of the request, else they risk jeopardizing an ongoing criminal investigation. These are valid concerns, but so are the concerns raised by Signal, which are that, even after all this time, government agents still believe that evidence can be conjured out of thin air.

The post Signal app insists it’s so private it can’t provide subpoenaed call data appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Doctor Who Magazine SE #57: Writing Doctor Who

Blogtor Who - Fri, 04/30/2021 - 07:00

The latest Doctor Who Magazine Special Edition goes behind the keyboard to discover the secrets of Writing Doctor Who   How does an episode of Doctor Who evolve from an initial idea? Since 1963 many producers and editors have applied their own philosophies and working methods to the pre-production of this complex series. This Special […]

The post Doctor Who Magazine SE #57: Writing Doctor Who appeared first on Blogtor Who.

Categories: Doctor Who Feeds

Pages

Subscribe to Furiously Eclectic People aggregator