Tuesday, December 30, 2014

Justification for Your Paranoia

December is prime getting-hacked infection time for people around the world. Whether from increased shopping activity, more online browsing looking for the right gift, decreased vigilance due to holiday cheer, end-of-year quotas for professional cyber-criminals, or whatever other crazy theory you may have, the simple fact is that December is a sucky month to be "The Security Guy"...

Thanks to the obsessions of my son, my family celebrates the lunar new year, so don't expect any kind of year-in-review posts on this blog. That said, here are a few of the things lighting up the security world this past couple of weeks.

1) Merry Christmas from the NSA!
On Dec 24th, the NSA responded to a FOIA lawsuit from the ACLU by (very quietly) releasing 12 years worth of internal reports from the President's Intelligence Oversight Board. Though heavy portions of the documents are redacted, this particular set of revelations leans more towards human mistakes than intentional law sidestepping. The oversight reports include such gems as U.S. data being e-mailed to unauthorized recipients, data being kept on unsecured computers, and sensitive information being sent to the wrong printer.
Around the same time, the German news magazine Ser Spiegel published this great article (based on the Snowden leaks) on the various efforts the NSA break through all manner of cryptography used in internet-based communications. Including, just in case you somehow didn't already know this, full real-time access to voice, video, text messaging, and file sharing from targeted individuals over Microsoft’s Skype service. 
The full capture of voice traffic began in Feb 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone—captured through taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft.
Also out of this latest batch, we get a good view of just how useless VPNs are when dealing with groups like the NSA (thanks to some slides from their dedicated VPN Exploitation Team). Not just PPTP, which everyone knew to be insecure, but also SSH, SSL, and IPSec VPNs.
As an aside, I really wish I worked for whatever team in the NSA gets to name their various tools and databases. For example "according to the presentation, a “full take” of its traffic is stored in VULCANDEATHGRIP, a VPN data repository" and "successfully cracked VPNs are then processed by a system called TURTLEPOWER". 
On the plus side, the new release indicates that the NSA has trouble decrypting certain kinds of traffic—TOR, PGP, and ZRTP for example. Perhaps most heartening from all of this, is the NSA's relative ineptitude at deanonymizing TOR users. The evidence from the documents is circumstantial, but it looks like liberal use of these open-source technologies might help keep your communications private (and substantially better than any of the commercial options).
2) The Great Firewall of China just got a little taller...
Since June 2014, Google services have been significantly disrupted in China. As of the day after Christmas, Gmail users in China now have no way to access their accounts (including blocking of gmail use through IMAP, SMTP, and POP3). You can see the results on Google's own traffic report.
For further reading...If you are interested in China's ongoing censorship campaign, Greatfire.org is a great resource.
3) Your fingerprints can be stolen...with a camera.
For any of you out there thinking that Biometrics are a thing that will keep you safe from would-be identity thieves, think again. Sure, sci-fi movies and shows (from Spaceballs to Firefly) regularly show fingerprint and handprint scanners being spoofed by hauling around the unconscious body of a recently-knocked-out security guard, and modern crime dramas show fingerprints being lifted from coffee-mugs with scotch tape, but it's actually possible to spoof finger-print readers without ever coming in contact with the person, or even an object they touched.
A German hacker by the name of "Starbug" managed to reproduce the fingerprints of German Defense Minister Ursula von der Leyen using a couple of high-resolution photos of her hands taken at a press conference (from a distance of about 10 feet) and some commercially available software. This coming on the heels of his cracking Apple's touch-ID feature last year, only 48 hours after it was released using a camera and a laser printer.
Note: video is in German.
For, another good reason not to bother with finger-print ID, in October a Virginia Circuit Court judge ruled that a criminal defendant can be compelled to give up his fingerprint to unlock a cell phone, but not a password, PIN, or other code. The judge noted in his written opinion that “giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A passcode, though, requires the defendant to divulge knowledge, which the law protects against.”
4) Woe to network console gamers...
While video games are not really my bailiwick, I do have to feel sorry for anyone who got a game for Christmas that required a connection to the Playstation Network (PSN) or Xbox Live to play (though I always feel sorry for people who would waste time on networked video-games when they could be playing a tabletop RPG instead). 
Both networks were hit with a six-hour-long DDoS attack, which started Christmas day. The attack ended when Kim Dotcom offered the attackers, a group calling itself the Lizard Squad, vouchers for one year of 500GB storage on his "Mega" service. The Lizard Squad then followed up with an attack targeting the TOR network, taking over or setting up some 3000 Tor relays in an effort to deanonymize users, though the relay vetting process kept this from having any real effect, and the attack on TOR incurred the wrath of Anonymous.

Friday, December 19, 2014

The Amazons: Session 4 (GM's Notes)

Battle Cry awoke with a gasp and a scream. Four of her sisters in arms leaned over her with worried looks on their faces. "What happened?" she croaked out through her still raw and bloodied throat.

"You were killed..." Had Enough said.

"...?" Battle Cry replied.

"Princess too," Hot Flanks added. "The white crocodile thing did it. We had the potion for you, but Princess..." she broke down sobbing, unable to continue.

Don't Fail picked up where she left off, "We were waiting for you to wake up before burying her. We thought you might want to do the honors of sending her on."

Battle Cry tried to sit up, but only ended up back on her back, wracked with pain as she coughed up more blood. She could feel the regenerative powers of the potion working, so she willed herself to remain still until the fit had stopped. "No!" she finally said emphatically. "Everyone break out your purses, her time here is not done."

"The Bishop?" Had Enough asked.

"Yes," Battle Cry coughed again, but there was no blood this time. "Tyr is an ally, his priests cannot refuse a fervent request to see justice done." She tried to sit up again, then whispered, "Help please..."

Worthy of Armor and Hot Flanks each put an hand under her arms and held her between them. "Good," said Worthy. "We'll pool out funds to get our friend raised, then go back to the keep and finish the job."

"Yes," said Don't Fail. "Councilwoman Mondaviak passed us a letter from one of the citizens of Kryptgarten. He says they can make sure the back passage is open to aid us in taking the keep."

"Fuck the keep," Battle Cry croaked. "We have no time for lands or politics, this is matter of vengeance, and Hoar's vengeance will not be delayed." She coughed a few more times wincing, then continued. "Once Princess is back on her feet, I will ask Hoar where these criminals are hiding, and we will go kill them."

"Hear, hear!" Hot Flanks and Had Enough both agreed.

"Alright," Worthy of Armor said, "to the temple of Tyr's Waiting then."


Roughly four hours later, Princess woke up to find all of her friends leaning over her, along with a fat, bearded old man in a funny hat. She was whole, awake, and just as confused as Battle Cry had been. The party quickly filled her in on the nature of her recently dead condition and Battle Cry's plan to track down Squire Grimnir. "Fuck yes!" she said, "The Handsome Prince is so going to kill that guy."

She was less enthused to learn that the party had spent all but a small pittance of their accumulated wealth to pay to have her raised from the dead and to regrow Hot Flank's lost hand. "Really? All of it?" This finally made her cry. "Can't we at least claim the bounty on these guys heads then?"

"No!" Battle Cry said emphatically, "This is a matter of Hoar's vengeance now. They killed one of ours, so we kill them all..." Battle Cry bowed to the Bishop, "I have need of a prayer room." The Bishop assented and she stomped out. "I'm going to find them. Meet me in the ladies' dormitory at dawn."


After a long night of railing against unrighted wrongs, unsolved crimes, and unavenged evils, and pleading for Hoar's intervention, Battle Cry arrived red-eyed at the Tyrran dormitory where the girls were staying after their 'generous donation' to the church. "Found them," she said through a yawn. "Almost due north, in a cave on a snow-capped mountain peak, with a lake at the bottom of the cliff-face..."

"What the...!" Had Enough said.

"The Dragonspines." Don't Fail said. "Though this is a rough time of year to be mountain climbing..."

"Sounds like the perfect place for fugitives to be hiding. Remote, uninhabited..."

"Even in good weather it'd take a week to get there." Hot Flanks groaned. "How did they move so fast. They must have left before the notice of their crimes was even put out."

"So they might not know that they're being hunted?" Princess remarked. "Perfect! The better to surprise them in their cave and stab them repeatedly."

"We'll need horses. For all of us. Plus supplies, pack animals, weather gear, climbing gear..." Don't Fail started to look worried.

"Can I help you dears?" The thin, white-haired, old priestess in charge of the dormitories asked. "I couldn't help but overhear your friend shouting in the middle of the night. Sounds like you've got quite the quest on your hands."

Battle Cry nodded, "Indeed Sister..."

"Theymr." The priestess nodded. "The Council writ against these criminals you speak of bears the Bishop's own seal and calls for the heads of the traitors. Normally our Lord Grimjaws frowns on those seeking to take justice into their own hands, but your concern about seeing justice done is admirable."

"How can you help?" Don't Fail asked.

"Why, just give me a list of what you'll  be needing and I'll send my sisters to fetch it." Sister Theymr said. "Tyr's will and that of your own gods seem to be right in line on this one."

The ladies thanked Sister Theymr profusely. By mid-day, the priestess of Tyr had acquired all they needed--requisitioning mounts, pack animals, warm clothes, tents, provisions, and tools for surviving winter in the mountains.

They rode out at once.

Even with horses, or perhaps, especially with horses, the going was slow. They stayed as close to the river as their senses of smell would allow, fighting their way through the deep snow and the biting cold. As Worthy of Armor reminded them, "There is a reason wars are always put on hold in the winter..."

"At least they probably won't be going anywhere," Princess suggested.

Battle Cry, again, got the worst of it. Each night she sat before the fire, loudly decrying the evils of the Squire of Kryptgarten and praying for Hoar to guide the way, and during the day she road slumped in her saddle, barely able to keep her eyes open.

On their third day out from Phlan, a storm picked up from the north. The wind blew head-on into their faces, stinging their eyes and biting their cheeks with airborne ice crystals. Now and again, when the wind blew particularly hard, they thought they could hear the sound of an organ playing faintly in the distance. They turned away from the river and sought shelter under the boughs of the Quivering Forest that night.

Some time around midnight, Battle Cry's howling rancor against her quarry was cut off by another howl. Hearing a second howl, closer, she shook awake the others just as a pack of large, white-furred wolves appeared, circling their campsite.

Battle Cry, apparently not thinking strait due to sleep deprivation, roared and leaped on the nearest wolf, wrapping her arms around its neck and gouging at its eyes with her bare hands. Similarly quick, but still groggy, Hot Flanks and Worthy sprang out of their bedrolls and swung, ineffectively, at the darting wolves.

Two of the wolves charged, snapping at the horses, each taking a great bite out of one horse's flank. One of them was sent flying away by a powerful kick from Worthy's of Armor's horse, 'Boyfriend'. The wounded horse bucked free of its tether and went fleeing off into the woods, the second wolf on its heels. The remaining horses panicked, straining against their tethers, but were unable to break free.

A third wolf lunged at Princess, but she managed to roll out of her bedroll and plant her sword, 'Handsome Prince', deep into the wolf's side.

The wolf which Battle Cry was holding onto threw back its head and howled, unleashing a burst of icy wind and snow, swirling through the camp, freezing Princess, Battle Cry, and Don't Fail solid under a coating of ice and snow. Had About rose shivering to one knee and laid her sword into the side of the ice- breathing wolf, dealing it a terrible blow.

The fifth, and final, wolf lunged at the frozen Don't Fail, baring her to the ground and tearing at her hamstring with its teeth, leaving a messy, bloody, frost-rimed wound.

Enraged, Hot Flanks shouted "Down!" and leveled the end of her enchanted club at the center of the clearing and slightly up. "May you burn in the fires of Flandal’s forge!" she cried, and there was a huge blossom of flames in the air as she, Had Enough, and Worthy of Armor dropped to the ground.

The flames engulfed the wolves, consuming three of them where they stood, and leaving the fourth singed and whimpering. The horses, likewise, stood little chance against the blast of magical flame, and all of them, save Boyfriend and one pack mule were slain. The girls, forewarned and either on-the-ground or shielded by their encasement in magical ice, fared better than the animals, and they were left smoking, but all alive.

As the explosion dissipated, Worthy of Armor rolled to her feat, and, with a mighty cry, chopped off the head of the last wolf with one blow.

Had Enough turned on Hot Flanks, "What were you thinking?! The tents! The provisions?! The horses!! It's the middle of winter, we're all wounded, three days ride from the nearest town, and you torch all of our food AND our mounts?!"

"Calm down," Worthy of Armor pleaded, "her aim was off, but her thinking was sound. One more blast of that icy breath and we would all be dead..." As she spoke Worthy rushed to their three companions, thawed now, but unconscious. She layed hands on each of them, staunching the bleeding and helping with the worst of the burns.

Hot Flanks grabbed her polearm and began turning over the tents, tossing the flaming canvas away from the bedrolls beneath them. "Yeah, shut up and help, Had Enough. Everything close to the ground should be fine if we can put the fires out before they spread too much..."

Working together, the three girls tossed the flaming remains of the tents onto their campfire and sorted out those goods that had not been significantly damaged.

Had Enough finally stopped, panting from their quick work, and looked around. "Okay, so its the middle of winter, three of us down, everyone injured. We have two horses, also injured, bedrolls, no shelter, and enough food for two days..."

"Okay. Yeah. We're fucked." Hot Flanks admitted.

"You're on watch for the rest of the night," Worthy of Armor said. "Just remember to point those fireballs away from camp if more wolves show up..."

"So what, do we head back to Phlan in the morning?" Hot Flanks asked.

"We're too far to make it back with what we've got and with Battle Cry out we have no idea where we're going. And with the horses gone we're not really equipped to drag Princess, Battle Cry, and Don't Fail back to town. I think we should look for defensible shelter nearby, hole up, and try to get the others back on their feet..."

Had Enough looked up from where she was still checking their stores. "I hope you guys like horse meat..."

To be continued

Thursday, December 18, 2014

The Third Party: Session 13 (GMs notes)

14 Hammer, 10:15 am

Melastasya and Kevorkian stood staring around the underground, Nogian chapel, then decided to explore the rest of the compound. They asked Radar (via Grimnir) where the 'Library' was and he directed them to the northern/left-hand exit from the chapel.

They passed through the big bronze doors and, of course, through the first right-hand door they encountered. The room was small and filled with petrified wooden cots and footlockers. Kevorkian found an ugly wooden mask on one of the beds, and promptly put it on. Mel grabbed a pick-axe and smashed open the lockers to find nothing of interest--whatever may have been in them had long since decomposed.

Across the hall they encountered another door, this one locked and covered by a sheen of melting ice. Mel opened the lock with little trouble and pushed through into a small antechamber with three more rooms leading off of it. The first was a small lavatory, and, as long-abandoned pre-germ-theory toilets in the subterranean headquarters of ancient murder cults go, it was alright. She spent an inordinate amount of time down in the cesspit, hacking away at the petrified feces. Her tenacity did, eventually, pay off however, as several feet down she encountered a piece of petrified organic waste so old that it had changed into a turd-shaped diamond.

The next room off the antechamber was a bedchamber, filled with petrified, though once nice, furnishings. The two of them searched the room thoroughly. Under the stone pillow, Kevorkian found a lovely gem-encrusted satin glove, which he also put on. Behind a wall panel over the bed, Melastasya found several drawers filled with thousands of small glass spheres, very similar to the enigmatic bauble found in Yarash's maze (complete with the strong auras of magic and evil), each containing a small model of the mountain peak, along with the graveyard and old petrified shrine.

Kevorkian, ever curious, grabbed one of the spheres and began banging it against the wall. After three tries, the thing smashed, then promptly vanished. Mel seemed to have no memory of him smashing the sphere, but Kevorkian simply chalked that up to her inferior intellect [which was always the case, he was certain].

He explained how the sphere vanished, and Mel, also curious picked up a sphere and examined it closely. Inside she could see a group of tiny figures making their way up the mountain, then watched as one plummeted off a cliff. She, of course, smashed the thing. As before, the pieces vanished, and Kevorkian seemed to have no memory of the act. He did, however, suddenly remember the horrible fate the Grimnir had suffered, and he and Mel spent some time weeping over the loss of their friend who had fallen to his death.

Kevorkian and the young gypsy girl shrugged and began shoveling the remaining spheres into bags to take with them--figuring that if nothing else they might be useful as marbles. Kevorkian had a strange sensation that he had been talking to an old woman just a moment before, but neither he nor Melastasya had any idea who that might have been.

14 Hammer, 11:00 am

Once all the spheres they could carry were collected, they went into the last room off the antechamber to find, an actual Library! The petrified wooden shelves had long-since collapsed, leaving a heaping pile of dust and ancient, crumbling books. Feeling that they needed more time to study, they rushed back to the water clock. Melastasya set the clock forward twelve hours, and vanished. Kevorkian set the clock back twelve hours, and froze time.

15 Hammer, 11:00 pm

Three iterations of clock manipulation later (which is 3 seconds for Melastasya, 3 days for Kevorkian, and 36 hours of real time), Kevorkian, after a brief instance of being blinded, AGAIN, by the first page he looked at, and the rest of the party had managed to glean everything they thought they could from the books. Though most of the items were damaged by time, inexplicably abstruse, or recorded cult activities in code (in addition to all being written in Noga), eleven relatively intact and useful volumes were recovered.

  1. A scroll containing a chant which, when read aloud, would force lycanthropic creatures to remain at a distance of at least 10 feet from the reader. The scroll can be used (and re-used) by anyone able to read and speak Noga, and the effect lasts for as long as the chant is maintained.
  2. A book presenting a theory about how water can be transformed into liquid time, and used to trap souls. It is too vague and theoretical to be of practical use, but is clearly related to the workings of the time-stopping water clock, the spheres of liquified souls, and much of the other strange magics/tech found in the ruins.
  3. "Resonance Of The Bound Spheres". A small pamphlet containing a Ritual (class-agnostic, spell level agnostic) usable by any spellcaster. The ritual allows the caster to commune with other alternate realities, as per the Contact Other Planes spell, asking up to three questions, but require as a medium a special sphere containing an experimental portion of the alternate reality to be contacted.
  4. A piece of sheet music titled "The Empyreal Hymn" (a slow march with a lot of base)
  5. A piece of sheet music titled "Devour Me" (and upbeat pop song with such catchy lyrics as "Devour me/drown me in your arms/abyssal wyrmwell/fathomless...").
  6. The "Grimoire of Hybrid Flesh", which Kevorkian took considerable time reading and thought might be a nice gift for Yarash. It describes methods for fabricating functioning prosthetics from the remains of humanoid limbs.
  7. A Cult record referring to rebuilding the western wall of the kitchen and to the tunnel beyond the High Altar beyond the fountains.
  8. A single page from a crumbled larger tome, containing the ritual names of 10 cultists buried in "The Crypt of the Warriors" and 1 buried in "The Place of Honored Sacrifice". Melastasya wrote to Sorrassar to confirm that the names were "true and useful".
  9. A second page from the same book, detailing the names and titles of notables entombed in "The Tombs of the Greater Repugnancies". Including The Twin Inquisitors, Eizethrat Nexx and Gorgulos Nexx, Vorgen Pox the Slaughterer, Nazir An-Azat the Red Architect, Exalted Interrogator Aetheldredd Aleph, Aervik Narn the Testifier, and The Blessed Afflictor, Praetor-Pontifex Cyris Carnithrax Maximus. It also refers to a rivalry between The Slaughterer, Vorgen Pox and the Twin Inquisitors.
  10. A mostly incomprehensible cult record with a reference to a curse upon those who fail to leave an offering in the coin fountains and those who lie to Aetheldredd Aleph, the Exalted Interrogator.
  11. A mostly incomprehensible book of prophecy or verse. The opening line is "I commandeth the nine million, I commandeth the seventy blasphemies, I speak through the worms in the heart of the Grey-Black Star”. It contains references to “The God Entombed Beneath The Mountain” and “The Symbiote God”, and explains that the souls of the dead are held in the body of the Symbiote God.
  12. A map...

Map courtesy of Jez Gordon
Hacked a bit
After finishing his three-day reading binge, Kevorkian went back to the clock to retrieve Melastasya. On their way back to the others, they found that the ice in the complex was melting. Most noticeably,  the ice skulls hanging from the ceiling in the chapel had completely melted away. Intrigued by the names they had collected, they agreed to seek out the "Tomb of the Warriors", but first decided to try the ritual for communicating with the enigmatic spheres first.

Grieving for Grimnir's tragic fall and having surmised something of the nature of the spheres, their first questions were simple, boiling down to "Is anyone in our party dead?" As soon as they came upon one where the answer was "no", Melastasya smashed the new sphere. Again the pieces vanished and Grimnir berated Mel for having broken yet another priceless magical and unspeakably evil treasure. Mel shrugged his shoulders and patted Melvin, Kevorkian's beloved pet duck, on the head.

Radar informed them that the complex was still free of other beings, both living and undead, so Kevorkian and the cross-dressing gypsy boy left the rest of the party to continue their research in the library and headed for the Crypts, taking old-man Radar along with them to translate. They went back through the chapel, to a door with a basin full of human teeth mounted on the front and no apparent way to open it. Mel ran back to the area with the clock and pulled a few teeth from the skulls in there. When he returned to the chapel, he nonchalantly dumped the teeth in the basin, causing the door to open, and palmed a gold locket from the basin as he did so.

Beyond the offering door, they found a corridor with a number of large, bronze vault doors, but stopped first by a familiar-looking vivisection/embalming room, complete with four stone slabs stained with ancient blood, bandages, surgical tools, and oddly-shaped bronze instruments as well as a podium with a book on it. The book was titled "The Grimoire of New Flesh", and detailed a process for the creation of "Unthings"—a form of semi-sentient, lesser flesh golem--taking about 2 weeks, a strong electrical charge, and at least 10 fresh corpses at least as large as a cat.

They then pressed on into the Crypts, turning the great bronze vault wheels to open the, otherwise unlocked, doors. First to the crypt of the priests, then the warriors, and on to the commoners. They were disappointed to find that the names seemed to have no power to animate the bodies in the crypt of the warriors, but were duly impressed by the thousands upon thousands of bodies mummified, petrified and stacked like cordwood in the giant split-level tombs. They poked around a bit, finding a number of valuable trinkets as well as two musical scores--the "Dismissal Fugue" from the crypt of the priests and "The Core Remains" in the crypt of the commoners.

Also by Jez Gordon
Through the final vault door at the end of the hall, they found a giant stone eye, made up of millions of ever-smaller eyes, carved into the wall opposite the door. They were also immediately assaulted by blaringly loud, discordant singing coming from an open door at the end of the next hallway. They peaked at the far door to see a pale, aged, completely bald human head hanging off the front of the bloated mass like the knot in a dirty white balloon flanked by a pair of thin, feeble shoulders terminating in equally frail arms. A galaxy of glass-like spheres were clearly visible, interspersed throughout the creature’s vast, organless body.

Since the thing seemed to not be moving from the room, the decided to poke around the hallway before investigating the singer. Mel noticed a small hole, filled with water and a few coins, at the base of the eye carving and tossed a coin in. He immediately felt much healthier, so Kevorkian did likewise, only to find himself less wise.

The headed through the right-hand passage from the corridor, naturally, and found another large vault-door, flanked by a pair of fountains. The two fountains featured statues of children vomiting black unholy water into the fountain's basins and were marked with a pattern of copper coins making the Noga rune for “Gift”. Mel tossed a coin into each fountain and the great vault-doors opened into the Crypt of the Children. Unlike the other crypts, here thousands of wrapped and petrified children, ranging infants and toddlers to pre-teens, were mounted free-standing on their own individual plinths staring mutely at the door, like some kind of grotesque museum. They explored a bit, descending to find the second level of the crypt much like above, and left Melvin to paddle happily around in the water collecting on the floor from the melting ice.

They then headed across the hall from the fountains into a small prayer room filled with pedestals, petrified kneeling pillows, and tablets, stained dark with old blood. The tablets contained the usual fatuous and esoteric blasphemies (“Annihilate, traduce, devour”, “I am healed and hollowed", "I am the house of insurrection”, etc.). An ink pot and a pile of rusting needles sat on a podium with a bronze plaque affixed to it, reading “My Gift Is Defiance, And My Gift Is Its Mark” in Noga. Mel read the plaque aloud and he and Kevorkian were both immediately compelled to tattoo the Noga sigil for "Death" on the back of their inhuman hands using the needles.

Once done getting their matching tattoos, they headed back out and went to check out the singer. Kevorkian stepped closer to examine the creature and got bitch-slapped by a disturbingly stretchy arm for his trouble. The sphere-filled gelatinous form filled the entire room, including a deep shaft cut into the floor and ceiling. The actual room could be seen by looking through the creature as through clear marbles in a fishbowl. The 30 foot ceilings arched above a giant carved skeleton on the west wall covering an intricately carved waist-high altar against which the bloated body pressed two golden goblets, and a large, ornate book.

16 Hammer

Not wanting to get hit again, they backtracked out, leaving the vault doors open so they could continue to listen. As they retreated, Kevorkian suggested that maybe playing something on the organ might placate the singing whatever-it-was. Mel suggested that they needed a back up plan and searched through the glass spheres, looking for one in which things were obviously going badly.

He settled on one in which the mountain had been reduced to a pile of rubble and the party was clearly seen fleeing down it. Using the Resonance of the Bound Spheres, he asked first "Are we all dead", to which the answer was simply, "No". Then, "Is anyone going to leave here alive", "Yes". And lastly, "Why isn't the mountain a mountain", to which the reply was "We woke it up".

Satisfied, Mel pocketed that sphere away from the others, sat down, and rocked out 'Devour Me', resulting in another tremor and louder singing from down the corridor. Deciding that must be the wrong one, he followed up with the 'Dismissal Fugue'. This was accompanied by an even stronger tremor, and, as the last note faded out, everything went black and he and Kevorkian found themselves suddenly elsewhere.

By elsewhere, they were, specifically, in a small room, sealed by a large bronze door covered with hundreds of tiny, barbed bronze hooks, over which a collection of withered faces were stretched. In the center of the room was a plain, unadorned sarcophagus, which Mel quickly popped open with his crowbar. Lying inside was a skeleton, a thing membrane of yellowed skin pulled tight across the bones, and a gold chain around its neck. It, naturally, sat up and asked "What oath do you take?"

Mel and Kevorkian found themselves unable to move anything save their mouths. Mel quickly blurted out "I will destroy this place and all that have brought it into being!" and found himself able to move again. Kevorkian then pronounced "I will enhance my race through trial, error, and self-sacrifice." Once free, Kevorkian backed towards the door while Mel asked the creature if it was 'The Exalted Interrogator' and was corrected and informed that he was "Aervik Narn the Testifier".

Suddenly they found themselves again paralyzed and faced with the question, "What oath do you take?" Kevorkian swore "To complete the work that I have been tasked to do," then threw open the door and rushed into the hall.  Mel said, "I will eat ten hardboiled eggs in one setting", then followed. Just before Mel slammed the door behind him, the thing in the sarcophagus warned him, "Know that your oaths are bound by infernal law. If left unfulfilled, in that moment you will be drawn into hell and tortured for 1001 years."

Mel shuddered and looked down the corridor they had rushed into. The right-hand wall sported several doors, each unique. The first covered with hundreds of sharpened bone spikes. The second was not only barred but painted shut—red paint covering the door and its frame--and bore a Noga inscription across the lintel reading “I will create a slaughterpen above the valley, I will create a place of injury and error.” The third had fifty skeletal fists nailed to it, and the next was painted with a flaking mural in which a robed woman on a pedestal looks on as naked slaves disembowel themselves.

Mel decided that the one painted shut was the least intimidating and proceeded to chip the paint away, then pop the lock. Inside Mel and Kevorkian found a bright bronze lamp hanging above a sarcophagus shaped like the ancient city below--complete with a scale model of the stairway to heaven. Within was a lean, dessicated, and petrified skeleton, draped in blood-coloured robes and bedecked with gold jewelry. The skeleton stretched and sat up, greeted the two of them in a friendly manner, and asked them to "tell me of your exploits."

Mel and Kevorkian proceeded to expound upon their past adventures, with the skeleton occasionally interrupting them and adding details that they had left out. The skeleton eventually introduced itself as 'The Red Architect' and seemed amused by Mel, bored with Kevorkian, and oddly omniscient (or close enough to such).

Then, of course, Kevorkian noticed that their three shadows, stark and sharp in the light of the bronze lamp, were moving on their own...

To be continued...

Monday, December 15, 2014

Justification for Your Paranoia

I'm busy investigating a ransomware infection on my company's internal fileshare. In the meantime, here is your next dose of security nonsense...

1) Someone hacked a space-ship!
Last Friday, NASA launched their Orion spacecraft for the first time. That spacecraft includes the names of 1.3 million people and might also store a (not-malicious but unapproved) payload injected by researchers at Germany-based Vulnerability Lab
In October, NASA launched a website where users could get a "boarding pass" to fly their name on Orion's first flight. However, the fields where users entered their first name and their last name were plagued by an input validation vulnerability.
Benjamin Kunz Mejri, of Vulnerability Lab, said he reported the vulnerability to NASA, but not before injecting three payloads to test the flaw. NASA addressed the issue and put Mejri's name on a "No Fly List", but it is believed that the agency spotted only two of the payloads, while one passed the verification process. Mejri found that one of his test payloads was still marked as a valid ticket for the Orion flight scheduled for December 4.
Despite the injected stowaway code, Orion's flight was virtually flawless, landing in the pacific only a mile and a half off target. NASA claims the chip storing the names was isolated and non-executable and therefore posed no risk to the spacecraft.

2) Yes, you can even hack your coffee machine...
As a non-coffee-drinker, I don't particularly care about this one, but plenty of my friends might. The oh-so-popular Keurig 2.0 coffee machine is designed to only use genuine Keurig approved coffee K-Cups (a design choice that was the subject of an anti-trust law-suit earlier this year). However, a flaw in the verification method can allow you to use unauthorized K-Cups. The Keurig 2.0 does not verify that the K-Cup foil lid used for verification is not re-used.
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate.
Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack.
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an "oops" error message stating that the K-Cup is not genuine.
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place.
Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup. 
In the business we would call this a "spoofing vulnerability", but for you coffee lovers, just call it "Freedom from oppression". Here is a handy video demonstration. Go forth and enjoy whatever single-cup insta-caffeine you like.
3) The Iranians have a Cleaver...
In 2010 Iran's infrastructure was affected by a computer worm known as Stuxnet, which significantly damaged Iran's nuclear fuel enrichment program. Well, it looks like they are getting their revenge...
According to a report by security firm Cylance, an on-going, two-year long attack by pro-Iranian hackers has compromised critical infrastructure in 16 different countries, targeting more than 50 companies (including airports, hospitals, telecom, chemical manufacturers, and others). 
Cylance researchers wrote: "The level of access seemed ubiquitous: Active Directory domains were fully compromised, along with entire Cisco Edge switches, routers, and internal networking infrastructure. Fully compromised VPN credentials meant their entire remote access infrastructure and supply chain was under the control of the Cleaver team, allowing permanent persistence under compromised credentials. They achieved complete access to airport gates and their security control systems..."
You get the picture.
And, just for giggles I guess, they wiped out the network of a Vegas casino.

4) So you want your watch to be Smart?

First people wanted Smart phones, then they wanted tablets, then connected devices in the home...now it's all about the wearables, with so-called "Smart Watches" being the new hotness. What should be obvious is that, if everything prior is still hackable, or course your fancy new watch is.
When paired with a phone, everything from sms to e-mail to facebook notifications are constantly being sent to your watch via bluetooth. This transmission is obfuscated, but only by a 6-digit PIN. Which are historically easy to break (having only 1 million possible combinations).
Researchers from security firm Bitdefender mounted a proof-of-concept hack against a Samsung Gear Live smartwatch that was paired with a Google Nexus 4 running Android L. Using readily available hacking tools, they found that the PIN obfuscating the Bluetooth connection between the two devices was easily brute forced. From that point on, they were able to monitor the information passing between the watch and the phone in plaintext. They even made a handy video showing how they did it.
On the plus side, bluetooth has a pretty short range, so an attacker would have to be sitting right behind you to intercept the communication and brute-force the PIN. So...just don't use it in a coffee shop/airport/other location with lots of people with laptops in close proximity...

Saturday, December 13, 2014

The Third Party: Session 12 (GMs notes)

13 Hammer

Art by Jez Gordon
The party stood on the mountain's peak, shivering in the cold, winter air and staring down at the defile on the north side, wherein had been carved an ancient Nogian city. The dominant feature was a great spiral staircase that once reached to the heavens, now just a vast ruin stretching across the mountain ridge. Huge, ragged chunks of dull gray masonry lay strewn across the landscape for hundreds of yards in either direction, like the building blocks of some enormous and forgetful child, the largest sections easily ten yards or more across. The building were nothing but rubble, save for two structures near the center of the city that looked like they might have intact roofs. Nearby to the two buildings were seven large, earthen mounds. Silhouetted against the darkening sky to the north and east was was a second, even taller peak.

Ash, finally tired of his new form, doused himself in powder of reversal and, after several excruciating minutes of transformation, resumed his familiar, elven shape. As he and Grimnir discussed long-term goals and what to do about their new 'allies'--aboleths, giants, and crazed wizards--Melastasya tied off a rope and rappelled down towards the city. Halfway down she noticed an old trail, winding its way up the cliff to the peak and pointed it out to the others, who took the less dramatic route down.

Mel made a bee-line for the center of the ruins and the more-or-less intact buildings she had seen from above, anxious to seek shelter from cold before the sun had completely hidden its face. The building they passed seemed to be of predominantly wooden construction and impossibly old, the wood having completely petrified. The last rays of the sun were fading behind the mountains when they reached the first of the intact buildings. An ancient stable by the look of it.

A quick search revealed nothing immediately dangerous, but did find a strange bevel-edged stone covering a hole in the ground in one of the stalls. Ash, still in the prime of his youthful strength compared to Mel, Grimnir, or Ginger, pried the thing open and sent 'Zorch', a brightly-glowing, electrified imp-like creature whom he had freed from its confinement in his wand of lightning, down the pit to investigate. The living lightning spouted some quick commentary about a tunnel at the bottom of the shaft before his speech was quickly cut off.

Mel dropped down the narrow shaft behind the mephit, finding nothing but a trace of ash smeared on the damp, bare-earthen walls of the tunnel. A discharge from her ring of shocking grasp was sufficient to revive the creature, however. As the light brightened from the reconstituting lightning mephit, Mel noticed a grim, gray, silent humanoid figure standing immediately behind where the mephit was manifesting. Ash's sword erupted with black flames, and he and the mephit quickly gunned down the poor undead.

Mel did a quick examination, finding that the undead beast, like buildings above, had almost completely calcified--to the extent that even its stony eyelids were permanently frozen shut. Unperturbed by the presence of the undead, the party all climbed down and struck out to the west. After a shot jaunt up the twisting, curving tunnels, Ash heard the sounds of footsteps above. They backtracked and closed the stone hatch to the tunnels to make sure they were not followed, then pressed on.

They wound their way through the dark, narrow confines of the tunnels for close to an hour, mapping the many branches and intersections as best they could and occasionally hearing more activity from above. After passing several more vertical shafts similar to the one they came down, they finally came to a five-way intersection centered on another such shaft. Deciding that this must be some sort of hub for the city's 'sewers' (as Grimnir seemed convinced they were in) they decided that Ash and Zorch should climb up and investigate the source of the sounds they continued to hear above them.

As soon as the brilliantly glowing mephit stuck its head aboveground, a squadron of gnolls who had been searching the ruins charged the hole Ash had opened, with nine of the creatures baring down on them, and one breaking off and running the other way (whether for reinforcements or because gnolls are notoriously unreliable is hard to say). Ash threw off the lid and dropped down the shaft. The party arrayed themselves in the many side-passages and waited.

When the gnolls poked their heads, and their spears, over the lip of the pit, Grimnir let loose with an eldritch blast, catching one of the creatures under its ample chin. The gnoll was hurled up into the air, only to land spread-eagled over the mouth of the pit. Ash lit the prone gnoll up with a firebolt and Melastasya planted a crossbow bolt in the it's groin. When the gnoll curled up against the pain, one of its companions stomped on it, lodging it in the top of the pit, and another dropped the stone back in place, apparently uninterested in tangling with whatever was in the pit further.

Grimnir pulled the poor, stuck gnoll down and put it out of its misery. At the same time, another of the undead creatures had snuck up on Ash and tore into his back with its rock-hard claws. Grimnir disintegrated the thing with a pair of eldritch blasts and they all headed down the right-most passage.

After a ways, the passage opened up into a large chamber with three exits, in which were waiting a half-dozen more of the undead. Ginger strode nonchalantly out into the middle of the chamber, provoking the things to rush her en-masse, only to blow them back with a well-timed thunderwave. Then, protected by a protection from evil from Grimnir and armed with her shillelagh, she and Ash proceeded to beat on them soundly. Grimnir held back in the passage, keeping the undead from massing again with his repelling blasts, while Mel, unable to harm them with her fists or crossbow bolts, distracted them with her generally insane antics (up to and including dumping buckets of water on their heads).

Even with their magical, the undead landed a few lucky hits, draining Ginger's life energy. Then finally fled when two of their were killed, dispersing into the many side passages. Two escaped, but one was made particularly easy to follow thanks to Zorch clinging to its back and glowing brightly. They ran down the mephit-burdened creature, as well as one of its companions. After a prolonged chase, the companion was plastered on the walls by repeated eldritch blasts and the one was curled up on the floor of the passage, cornered between a flaming sword and a shillelagh, and trying desperately to shake off the electrified imp clinging to its arm.

When the undead creature began moaning something almost intelligible, Ash used a comprehend languages to learn that it was signalling its surrender in the ancient language of Nog. Unable to respond in a traditional fashion, Grimnir used his staff of enslavement to dominate the creature and speak directly to its mind.

The creature, dubbed 'Radar', explained that it and its companions, fifteen in all, were the last remnants of the Noga. They were warriors, mystics, and leaders, slain and buried in honor in the heart of the city (called "Deckon Thar") and that when they awoke as undead, their culture was many thousands of years gone.  The undead Noga served their king, Vinjarek, collecting the souls of would-be looters or explorers as tribute for their king, who in turn gave them as tribute to 'The Parasite'. Radar further explained that their king, as a great Mystic feared nothing from magic, being vulnerable only to sunlight and silver.

When questioned about 'The Parasite' and silver treasures, Radar explained that all items of silver were thrown into a bottomless pit as tribute to 'The Mountain', all else he said was collected for Vinjarek. The Parasite, he said, was an outgrowth of 'The Mountain', feeding on the souls of the dead that were once also tribute to The Mountain (The word used for the Mountain was "Duvan'ku" in the Noga tongue). Though Radar was rather circumspect, it became clear that he believed Duvan'ku was some ancient god buried beneath the mountain.

When questioned as to whether any books or writing had been preserved, Radar explained that they preserved their records in a 'shrine' on the second peak. Radar then informed them that sixteen living, sentient creatures had assembled on the surface, almost directly above them and that the other undead had massed in King Vinjarek's throne room--revealing that, for all that his eyelids were petrified closed, these undead were apparently able to sense the presence of any living creatures, regardless of barriers, at great distance, as well as communicate telepathically with their own kind, and earning his name.

Radar lead the party up out of the tunnels through a shaft that led up into one of the burial mounds, and then another up to the top of the mound. From this vantage, they were able to see that the full moon had risen, illuminating a brilliantly glowing staircase of silvery light, reaching up to the clouds, superimposed over the foundations of the collapsed tower. Radar informed them that this stairway "lead to heaven" (with some admonishment from Grimnir that he should mind his language). Ash clarified that this was one of the mythical "Moon Steps", a place where the Infinite Staircase which linked all plains of existence extended into the material realm.

Standing below them, staring up at the steps, but also scanning the skies anxiously with bows drawn, were nine gnolls and seven humans dressed in the garb of the Eraka horse nomads. The party stayed low, watching the gnolls and barbarians for some time, then saw a trio of manticores sweep over the northern ridgeline and attack the group. The gnolls and barbarians dove for cover amidst the ruins, and returned arrows for tail spikes.

While the gnolls, nomads, and manticores were all clearly distracted, the party followed Radar through the city and up the slope of the north-eastern peak. The wind picked up as they went higher, blowing flurries of snow and ice into their faces. Near the top of the peak they found a graveyard, with thousands of ice-crusted bronze markers, eerily reflecting the moonlight.

Radar informed them that 'the library' (as the party insisted on calling it) was underground, but that they would find the main log in the shrine at the top of the slope. They followed Radar to the shrine, a small building of petrified wood. The roof sagged, as if it were already weighed down with snow and dead centuries long before the petrification occurred, and the exterior walls were scrawled with neurotically minute calligraphic writing in the ancient language of Nog.

Griminir and Ash again used comprehend languages to read the walls (at least those sections not eroded away or buried in snow), making out such obtuse sayings as “Look Upon The Seven Faces of Immensity Look Upon The Breaker of All Things” and “This Is The Fifth Octacle, This Is The Greater Servitude”.  Bands of long-cancelled protective runes circled the building, indicating it was once defended like a fortress. As well as runes referencing a “bound and conquered god”. There were names that come up a lot: "The Twin Inquisitors Eizethrat Nexx and Gorgulos Nexx", "Vorgen Pox the Slaughterer", "Nazir An-Azat the Red Architect", "Exalted Interrogator Aetheldredd Aleph", and "Praetor-Pontifex Cyris Carnithrax Maximus"—all claimed to be “Resting in splendor”, “Gracing this place with death and that which they liberated from life” and other euphemisms for “buried here with a lot of stuff” in “crypts beyond the black tunnel”. There was also what appeared to be an (incomplete) formula for trapping and channeling the energies of tortured and obedient souls in some kind of liquid, which Grimnir hastily copied into his book of shadows.

The petrified and iced-over front door collapsed inward at a touch from Melastasya, revealing a single, large room, containing by a large, petrified desk, three ancient-looking bronze chairs (all arranged to face directly at the door), the taxidermied and petrified head of some kind of elk, and a tall mirror. The desk was dominated by a single, massive book, the size of a man's torso, bound in bronze and covered with what Ash immedaitely recognized as elven skin.

Grimnir and Ash quickly moved to the book, taking advantage of their lingering enchantments to read it. The cover read "That Which Was Given" in Noga, and it contained what appeared to be a record of nine millenia worth of sacrifices, with dates written in sixty-seven different calendars. The  handwriting and ink varied from page to page, and it was clear that the book had not been in continuous use, with time gaps ranging from a few years to over a thousand. Despite this, there were more than six million names entered in the log, with the most recent dating to the earliest days of Netheril, and some references to corresponding events (a historian's wet dream).

Grimnir and Ash speculated that, given the ritual for trapping tortured souls in liquid inscribed on the outer walls, so many millions of dead might be the true source of the Pool of Radiance, especially given its supposed source being in a cavern just below them.

Art by Jez Gordon
As they poured over the book, Ginger and Melastasya examined the mirror and were surprised to find that Mel and Ash were somehow not reflected in its surface. The glass was faintly bubbled and as cold as ice, and Noga heiroglyphs were visible in the scrollwork around the glass. Grimnir was able to translate the runes around the mirror as “Every Brother” “Every Sister” and “Unseen”.

Ash made his way over to the head hanging on the wall. He noticed that the eyes were clearly separate, looking like small glass orbs filled with some yellow liquid. Gingerly he pried the eyes loose with his knife, but shattered one, spilling the yellow, syrupy fluid on the ground which began flowing towards the door. The party chased the stuff, blasted at it, and threw things, but it managed to make it over the threshold and sink into the snow--or, more specifically, into a corpse that lay buried in the snow right outside the shrine.

The corpse began to making choked moaning sounds. Grimnir asked Radar about the body and was informed that the body was previously one of the Noga, by the name of Norquorve, and that he was still "more dead than undead", lacking the other half of his soul. Just then Melastasya found a locked trap door in the floor, and Norquorve was left to his moaning.

Beneath the trap door was a fifty-foot shaft with rungs in the walls, leading down into the mountain. After being reassured by Radar that this was not the pit of Duvan'ku, Mel climbed down, followed by the others. At the bottom they found a pair of large, double doors made of solid ice and a table with an elaborate water-clock on it which used no reckoning they were familiar with. They watched in fascination as the clock struck the time, releasing a pair of taxidermied ravens--which seemed to enrage Grimnir.

Ash stepped forward and examined the birds, finding that their chests had been replaced with clear ice and filled with what looked like marbles. Mel slashed the birds open and carefully extracted the marbles, which, like the eyes of the head above, were small spheres of ice filled with liquefied souls, and stowed them.

Grimnir began messing with the clock, trying to set the time forward, and vanished. Mel jumped forward and tried to set it back, only to see everyone around her, except Radar, freeze in place. After waiting a rather long time, Mel found that everyone was still frozen, so she climbed back up the shaft, trekked down the mountain past unmoving snowflakes, and into the city where the nomads and the manticores were still locked in combat, the latter hanging unmoving in the air. Enjoying her prolonged time-stop, Mel stashed scribbled some notes and shoved them into the Eraka's pockets, and pelted the frozen manticores with stones until they were black and blue.

Five hours, for her, after the freeze began, Mel climbed back down the shaft in the shrine to find her friends just beginning to move again. Mel explained what had happened to Ash and Ginger, and, with still no sign of Grimnir, sat down to rest. Ash had a good night's sleep, but Mel and Ginger were plagued by nightmares. Nearly ten hours later, Grimnir reappeared standing directly in front of the clock, accompanied by Mel's almost immediate shout of "Don't touch it again!"

14 Hammer

Art by Jez Gordon
Reunited, they pushed open the tall ice doors into a long hallway. Every surface was carved with small twisted faces with tormented expressions and coated with a thin layer of ice which made the faces appear to writhe and move in the light. As they stepped inside, the faces began screaming in Noga. Radar translated, "You are a gift to Nothing!" The hallway terminated at a strange door, shaped like the head of a massive gargoyle, with a bronze key shoved into the space between its nostrils.

Mel turned the key and the jaws opened, allowing them into a room with a massive pair of bronze doors, and ten small tables, each baring a single skeletal left hand inscribed with the Noga words for "transcribe" and "replace". Grimnir collected the strange hands and they pushed their way past the doors into what Radar said was a chapel.

14 Hammer, 10:00 am

The room was filled with three-foot plinths carved of ice and the sound of rattling chains could be heard further on in the darkness. The vaulted ceiling reached a height of thirty-feet, and around the walls were murals, an altar, and an organ, each behind a thin wall of ice, and twelve jawless, toothless skulls made of ice hanging in the center of the room from hooks on chains, dripping.

A wall mural depicted a man in a crown and cape from behind, with many demons bowing before him: the Bloated Goat, The Empress of All Widows, The Primordial Demogorgon, the Ringwolf, and many more. Another wall murals depicted unimaginable violations—one showed hundreds of women hanged from a single spreading tree, another showed hundreds of men impaled on leaning pikes. It bore an inscription in the Noga tongue reading “Name them yet build to them no monument”. Another mural depicted a man stabbed with nine swords being dropped into an hourglass—an inscription read “He is made holy, an eater of souls”.

Melastasya walked towards the organ, whose keys were made of fingerbones, punched her way through the ice-wall to reach it, and sat down and began playing Tocata and Fugue in D Minor. There was a deep tremor in the earth as she played and one of the skulls fell from its hook, shattering and spraying the party with a strange, icy-cold liquid which instantly aged Melastasya another 20 years. Grimnir only barely saved himself from the same fate by employing the all consuming shield (sacrificing much of his intellect to do so). The tremor also caused a panel of the organ to pop loose, revealing a small alcove containing an onyx bowl and a sapphire locket inscribed with the Noga heiroglyph for "death".

14 Hammer, 10:10 am

Grimnir then shoved Melastasya aside and began playing The Entertainer, accompanied by another tremor and causing the remaining walls of ice to shatter and collapse, as well as the ice marbles the Mel was carrying. The souls released from the marbles quickly lodged themselves in Melastasya, who briefly referred to herself as Magen Eisenthrast before the possession was suppressed by another casting of protection from evil by Grimnir.

14 Hammer, 10:15 am
To be continued...

Tuesday, December 2, 2014

Justification for Your Paranoia

Your weekly dose of snarky tech security...

1) Gentlemen, Start Your Torrents!
So, Sony Pictures got totally pwn'd last week, old school, complete with skulls on every desktop background. The extent was such that the entire company shut down--all computers, all mobile devices, all VPN connections. The data caches dumped online include SSH keys, Oracle and SQL database passwords, source code, production schedules, inventory lists, even a file called "'ACCOUNTS WITHOUT PASSWORDS.xls". An estimated 11 Terabytes (11,000 GB) of data in all.
Excuse me while I take a minute to control my laughter...
Okay, better now.  
Sony was previously mass-compromised in 2011, when an attack stole the personal information of 75 million registered PlayStation network users.
So, why Torrents? Well, in addition to all of the juicy technical details, the leak also included 5 yet-to-be-released films, numerous television episodes, and private keys for Sony's anti-piracy automatic content recognition system operated by Audible Magic. Go have fun watching.
And let Sony be a warning to everyone else... 

2) A surprisingly relevant movie...
My wife and I recently watched the movie "Sneakers" on Netflix. I am appalled that I never watched this before. It has everything I like in a movie...tech, heists, comedy, a good ensemble.
For you tech geeks out there, it is also surprisingly not fake in terms of tools and methodology (except for the magical crypto-macguffin, and the math mumbo-jumbo spouted by its creator, but I'll let them have that one). Seriously though, who makes a comedy film about cryptography?  
Because its 20 years old, I won't worry about spoilers. This movie follows group of private penetration testing contractors who get recruited by what they believe to be the NSA to steal a cryptographic device which is supposedly being developed by the Russians and magically capable of breaking any and all forms of data encryption. In the end, of course, it turns out that they were working for "The Mob" (vague organized crime syndicate with some post-Soviet communist leanings). In the end, of course, they hand the device over to the actual NSA with a surprisingly apropos commentary on the NSA's current mission in the real-world:
"The only thing it would be good for is spying on Americans. Sure, with a box like that they could read the FBI's mail. - Or the CIA's. - Or the White House's. No wonder they don't want to share with the other children."
 Here are some other amusing quotes:
Bank Secretary: So, people hire you to break into their places... to make sure no one can break into their places?
Martin Bishop: It's a living.
Bank Secretary: Not a very good one.
Whistler: I want peace on earth and goodwill toward men.
NSA Director: We're the United States Government! We don't do that sort of thing.
Go watch it. 

3) Because sometimes graphics help...
A big part of my job is spying on people, but in a passive and benign way I assure you. Thanks again to the Electronic Frontier Foundation here are some images to help you visualize what various entities out there can see when you are with or without HTTPS and TOR.
If you are curious, I'm effectively the Green guy connected to the ISP.
This is what it looks like if you use neither.
This is most people.

This is what it looks like if you use HTTPS only.
Luckily lots more sites use HTTPS by default now.
This is what it looks like if you use TOR only.
This scenario is pretty rare..
And here is with both running.
This is what you SHOULD be doing...

4) A Strange perspective on passwords...
Not much to say about this other than the article The Secret Life of Passwords, from the NYTimes is a strange perspective on the human component of the passwords we use.
Note, the core of the content is derived from people publicly disclosing their passwords.
It's still fun to read though.

Monday, December 1, 2014

The Third Party: Session 11 (GM's notes)

In which the party learns when to cut and run, and officially embrace their role as the "bad guys"...

11 Hammer

Ginger, Kevorkian, and the Drow finally made their way down the stairs to the third level. The party, reunited, stood staring around at the main piping room. Then Traithe led the way towards the right-hand of the three doors standing on the other side of the room. Finding it neither locked, nor trapped, they barged right in, where they found a stack of barrels, a large vat connected to an inlet coming from the pipe outside and with an outlet pumping the sludge up into a room above. Three lizardmen were chained to the walls--two systematically dumping the contents of the barrels into the vat, and the third working a large bellows-pump to mix the barrel-contents with the black sludge and send it top-side.

Grimnir tried, again, to address the creatures in Draconic. One, at least, seemed to speak the language. They freed the three prisoners and offered them large amounts of fish, and the old-man's corpse, to eat. The draconic-speaker, 'Experiment 321', agreed to accompany the party in exploring the rest of the complex. The other two headed for the exit, but not before one addressed the party in halting Tharian:

"Thankyou for freeing us. Yarasss has Been experimenting on our people, changing them in horrible ways. 'Every night we carry off another with his chest Burst open or his head mangled, Yarasss say he make us like Sa-Hag-An. He always say that he make us stronger, better hunters. 'But all he make us is dead. We were not allowed to speak when Yarasss was around but these marks were passed down to us and remind us of home. They represent the friendword used between our different tribes. If you meet us on the outside, this word may help you."

The party let the two lizards leave and moved on to the next door. This one was protected by a complex lock with a constantly changing series of ten symbols on it, each morphing to a different shape after a few seconds, clearly connected to a complex magical trap of some kind. Mel, Traithe, Ash, and #321 put their heads together trying to disengage the FLUX-lock. At first it seemed like some combination of two of the symbols would work, then Mel, in typical Mel fashion, suggested that Ash should just hit all ten of the symbols at the same time--which, oddly, worked. Behind the door was a small, empty room. A little experimentation revealed that both the left-hand and right-hand walls were teleporters.

Deciding to leave the teleporters alone, the went to the last door and found a small appartment. An old, worn bed, that might have been comfortable at one point, dominated the room, along with a wash-stand filled with blackened water, a wardrobe hung with numerous equally threadbare robes, and a large desk piled with papers. Mel, Ash, and Traithe sifted through the many documents. Amidst various incomprehensible alchemical formulae, they found a few interesting tidbits:

A quick note on an often used piece of paper.
'I must find some hardy allies in case this monster from Phlan sends his troops to attack my island. I need a small, intelligent party who can move through the civilized areas without notice, but who have the skill to traverse the uncivilized areas and the wilderness. I must watch the next groups to come to the lake and see if any would make, proper allies.'
An impressive announcement.
'BOUNTY of 10,000 GOLD!
I will pay 10,000 gold pieces for a live sahuagin! I will pay 1,000 gold pieces for a recently dead sahuagin in good condition. I need a specimen of this man-like salt water aquatic creature for my studies. Bring your specimen to the shore of Lake Kuto and build afire as a signal. Your specimen will be examined. If it is truly a sahuagin you could end up with 10,000 gold pieces. But beware, I will know any forgeries, and I will punish any attempt at deception.
So, capture a live sahuagin, bring him to Lake Kuto, and walk away a rich man!'
Yarash the Sorcerer
An official looking notice
'The time has come for you to add your power to the growing legions of my followers. Come, and supplicate yourself to me and I will reward you as an important officer in my magical forces, you will serve as the advisor to the cohort of soldiers to be based at Sorcerer's Island. Resist and you shall be crushed before, my almighty power. I expect your positive reply within the week.'
"The Boss"
And the unsent reply.
To: The Boss
Valjevo Castle, Phlan
I categorically reject your demand that I submit my island and my powers to your control. I am a free man and I will remain free. No petty tyrant can order about a true mage. If you or your troops make any move toward Sorcerer's Island I shall send an army of my unstoppable aquatic creations down the Barren River and sink your precious castle. Until now you have been beneath my notice. If you value your empire, let us keep it that way.
Yarash, the Sorcerer
A preserved parchment covered with gigantic script:
'I am writing to you to describe my further inquiries into the legend of the Pool of Radiance. It seems the pool has moved several times. Long ago, our mutual friend Aumry actually moved the pool into his abode for a period of time to study it. however, the pool seems to return to its original location after every move. I am now watching the dry hole that is the pools natural location.
When it returns I will be ready. I truly believe that the Pool of Radiance is the key to the wisdom that we seek.
Yours in wisdom,

An unsent note written on sturdy parchment and a rough map.
'An active dragon has made its home in the Dragonspine Mountains to the northwest. Keep search parties away from the area so as not to catch the dragon's attention.'

Beneath all the papers they also found Yarash's Spellbook, which both Ash and Grimnir seemed quite happy to abscond with, and an official proclamation from the Council declaring Grimnir and company to be outlaws, apparently signed that morning.

The party headed back to the center room and, of course, linked hands and jumped through the right-hand teleporter. They appeared in a huge cavern, standing ankle-deep in black water on the edge of a massive underground lake. A huge pipe, clearly the same one from the room above descended from the ceiling down into the water, sucking up the black liquid and carrying it up above. The same impossibly old-seeming, tattered-robed man floated over the lake, examining the pipes and muttering to himself.

Grminir and Ash tried to engage the old man in a conversation. Meanwhile, Kevorkian leaned down and took a drink of the black water and immediately began gasping, his lungs suddenly unable to process oxygen. Kevorkian dove into the lake and found that not only could he breathe under the polluted water, but he could see--a massive, glittering city rested on the bottom of the lake. He surfaced and tried to yell to the others, but only managed to blurt out "There's a city!" before something yanked him down beneath the surface again.

Grimnir addressed Yarash again, asking him to call off his aquatic army, to which he responded roughly, "I can't do anything about it" and also "It's not my problem". #321 dived in after Kevorkian, then burst up to inform the others that he had been pulled down by an Aboleth.

#321 rushed in and stabbed the thing, only to get tail-smacked, flying, out of the water. She (apparently it was a she) was seized in mid-air by a spell from Ash, then grabbed by Megri the dark elf who ran back through the portal, dragging the levitating lizard behind her.

Grimnir snagged Kevorkian with his thorn whip yanking the struggling priest out of the aboleth's grasp and up out of the water, dislocating Kevorkian's knee in the process. Mel grabbed Kevorkian and also sprinted through the portal, Grimnir, Traithe, and Ginger close on her heels.

Ash unleashed a bolt of fire at the foul-smelling water, hoping that it might be flammable, which sadly it was not, and bolted after the others. As he skidded back into the room with the two teleporters, he pulled the black-water filled bracers they had taken from the old man they killed and slapped them onto Kevorkian's wrists, restoring his ability to breathe normally.

As they discussed what to do next, most of which involved running away, the old man from the cavern below appeared in the room with them. Mel showed him the notice from the desk about needing a small, intelligent party, and Yarash agreed that they had proven themselves sufficiently resourceful. They discussed, at length, his need for better test subjects in his research to 'improve' the lizard men--ranging from any scaled beasts to thri-kreen, but ruling out most 'soft-skinned' humanoids.

Kevorkian asked the old wizard if he could do anything along the lines of giving him a new hand. Yarash's eyes lit up and he and Kevorkian vanished. The others sprinted up the stairs and through the teleporter, which led outside, and then backtracked to the labratory-cum-torture-chamber that they had seen before.

Inside Kevorkian was strapped to a table. Again, he found himself somehow able to see, though he soon realized he was looking at himself in the third person--apparently seeing out of Yarash's eyes. Yarash scurried happily about the room, rotating walls of shelves to reveal even more shelves behind them, lined with all manner of body parts preserved in glass jars. Kevorkian shouted suggestions as he mused over a wall of arms, and eventually Yarash picked a large, pincer-clawed monstrosity.

As Yarash began sawing the remains of Kevorkian's left arm off, Kevorkian suddenly asked through gritted teeth, "Can you fix my eyes too?" Yarash smiled broadly, left the hacksaw half-embedded in Kevorkian's shoulder and ran to open a wall, revealing a supply of preserved eyes. Just then the rest of the party walked in.

Ash saw the eyes and apparently saw a kindred spirit. He pulled out the basilisk eyes and showed them to Yarash, who immediately dropped the big jar of eyes he was carrying and rushed over to look. "Those will be perfect!" he said. Yarash took the eyes, quickly measured Kavorkian's sockets with calipers, determined that his skull was too small, and proceeded to begin expanding Kavorkian's eye sockets with some spreaders, inserting carefully cut slivers of other creature's skulls as necessary, until there was room to install the basilisk eyes. Kavorkian, thankfully, passed out shortly into the eye operation...

12 Hammer

Kavorkian woke up nine hours later to find the party casually resting around the operating room, wearing blindfolds or hiding their faces behind books. He was seeing out of his own, newly installed eyes, and looking into the smiling face of "Yarash the Vivisectionist". His arm still hurt horribly from where the hacksaw was still half-embedded, forgotten in his shoulder. Yarash shook his head, "Something's wrong..." he muttered. He then made a slit in Kavorkian's temple, inserted some gruesome spiraling piece of hooked metal, made a few very painful tweaks, and promptly turned to stone.

A moment later, the wizard shook off the effect and cried out gleefully, "THEY WORK!" He then proceeded to saw Kavorkian's arm the rest of the way off. Just as he was about to attach the new one, Melastasya asked if he could replace her damaged arm as well...

Late in the day, the party reassembled in the room next to Yarash's apartment with the pair of teleporters: both Kevorkian and Mel sported new arms (and Mel also had some strange stitches in her lower abdomen), and Kevorkian had a pair of dark glasses covering his eyes. They stepped through the left-hand portal and found themselves...

...standing in the middle of the Council chambers in New Phlan.

Luckily the Council was not in session. Traithe quickly disguised the lot of them as best he could given the situation and they casually strode out. Mumbled something about being lost to some confused-looking guards, and were escorted to the Council Clerk's offices. Grimnir asked the Clerk about the bounty that had been placed on "The Squire's" head. The Clerk informed him that two parties had sought the commission, but that she could not give them any more information.

They left, and asked around town about the accusations, eventually stopping by the Bitter Blade, where the barkeep informed them of a conversation he had overheard between Councilwoman Bivant and a group of lady adventurers she regularly employed, offering them control of Kryptgarten Keep in exchange for 'The Squire's' head.

They took their leave and went to check out Kryptgarten. They found the place relatively peaceful and operational. Grinkle informed them that some women from Phlan had been by asking about them, but had not caused any kind of ruckus. Grimnir decided that Kryptgarten could certainly do worse than having the Amazons in charge, so they simply left (making sure to take Grinkle along with them). On their way out, they found [[:grimnir-s-eidolon | 'Pokey's']] burned-out corpse, which they decided to pack up and haul with them back to Yarash--figuring the massive crocodilian demon would please their new employer. If that's what the crazy old wizard was.

As they walked back, they discussed some of the magics they had seen in Yarash's spellbook, specifically the Clone spell, and how it might be useful for faking their deaths. They agreed to hole up with Yarash and help him with his 'altruistic' research into 'improving' the lizardfolk, then send Clones of themselves back to Kryptgarten in a few months to be killed publicly.

When they reached the shores of the lake, a glowing door was waiting for them, leading directly into the main pumping chamber of Yarash's maze. Yarash was ecstatic on seeing Pokey. He praised the party, clapped like a giddy school-girl, and showed them that he already had clones of Mel and Kevorkian growing in vats in a newly carved out room (for spare parts).

Grimnir mentioned something about Pokey having been his own personal 'Great Old One' and asked if Yarash could craft something for him to remember Pokey by. Yarash was once again enraptured. He asked if Grimnir also served 'The Great Master' and the two of them were whisked off. They reappeared standing on the edge of the underground lake, where Yarash introduced Grimnir to the aboleth and gave him a staff made from one of pokey's spines.

13 Hammer

Ash consulted Yarash the next morning, asking about the Pool of Radiance and Yarash's note from Sorrassar. Yarash admitted that he knew very little about the Pool, but that Sorrassar was an old friend who had "recently" taken up residence at the supposed "home" of the Pool to await its return. The party asked for directions so that they might go question Sorrassar, only to have Yarash simply wave them away.

Literally. He waved and they were away. Far away. In an icy-cold cavern near the top of one of the highest peaks in the Dragonspines. Sitting contemplatively beside a dry, empty basin was a very old looking, blue-skinned man, nearly thirty feet in height.

The giant, Sorrassar, seemed confused to see them, but otherwise fairly relaxed about their sudden appearance. When they explained they were from Yarash, he complained about the old vivisectionist not returning his mail. After some coaxing, and explaining the date, they learned that he had sent that letter to Yarash over six years ago, and, not only had he not received a response, but he had been sitting beside the empty pool all that time.

Sorrassar was very concerned to learn that his 'friend' was under the influence of the Aboleth, explaining that the aboleth had once been a shared experiment of he and Yarash. He explained about some brief experiments that a third of their group, a mage by the name of Aumry of Umbar, had done on the Pool of Radiance, but that Aumry's ability to hold the pool in place had only lasted about fifteen minutes. Given the power expended for them to do that, he was very concerned that six years had passed without the Pool returning to its base location here in the cave.

Convinced that they were unlikely to get any more useful information out of Sorrassar, the party decided to take their leave. Looking out the mouth of the cave, they could see the ice-choked lake that formed the headwaters of the Stojanow river, two-thousand feet strait below. They had a marvelous view of the river stretching away to the south--they could see sorcerer's island, the dark line of the Moonsea coast, and, closer, a lush, green valley through which the headwaters flowed before leaving the mountains. Sorrassar informed them that this was the Valley of Thorns.

Rather than figure out how to scale the two-thousand foot drop to the valley, they climbed up and over the mountain, hoping to find a gentler slope on the other side. Instead they found the ruins of an ancient city carved into the mountain's peak. Grimnir recognized enough of the symbols carved into the structures to identify them as being of Noga origin.

Next time, the Ruins