Knit Hats For Babies: 2020

September 22, 2020

What The Heck Is Going On?

So, at this point, I'm a week late for a new episode. Don't fear, a new one is coming. Probably next week. I recognize that I've skipped weeks before and haven't ever said why, except perhaps in passing. Normally, it's because I'm off performing my two weeks of annual training for the National Guard. But not this time.

It's like this. I need to get my life to a better place. Mainly with my health, but also my relationship with my wife and kids. I have high blood glucose and I need to get it under control. I've drastically altered my diet and am exercising more. That means earlier mornings, which require earlier nights. That means less time for recording and editing and everything else that goes into making the podcast.

If you're reading this, I assume you're a regular listener. For that I thank you. I owe you quite a bit. For example, I owe you more and better content. It's coming. Exactly what form that is, I don't know.

But back to my main point.

I'm exercising more, eating better, working harder on my Cub Scout commitments (I'm Cub Master for the Pack my son is in), working harder in my National Guard posting (Senior Platoon Trainer NCO for Officer Candidate School), and wanting to do more "hobby stuff." All of this takes time. Unfortunately, all of these things take a higher priority than simply banging out a podcast when it comes due.

Now, there is some cross-pollination in there. It's especially evident when it comes to my National Guard pursuits and my hobby. For example, Henry Hyde will be publishing an article I wrote as a direct result of my recent military education. Additionally, I'll be writing about my experience in planning a staff ride for the Officer Candidates. More on that later. Furthermore, I'm planning more articles for Henry.

As for the hobby stuff, I want to spend more time with my kids. Luckily, they both want to paint figures with me and play more games. Anticipate that generating more content for the podcast and maybe more blog posts here. For example, the projects I'm actively pursuing include:
- A semi-secret Seven-Years War project
- My son's 40k Orks
- A Full Thrust project using Halo ships
- A microarmor game I'm developing with my brother Chris
- Rommel in 3mm
- The Commands & Colors Epic Fantasy (not BattleLore) project (and I might have a writing partner for this one now)
- The space station project I talked about previously for sci-fi skirmish (possibly Oldhammerish)

Lots of other stuff is ruminating as well. What can I say, I'm a gaming magpie from way back. In the meantime, I'm trying to read more history, historical fiction, self-help, US Army doctrine publications and even the occasional hobby magazine!

I'm a busy guy. Part of this little pause has been taken up with some thought, soul searching, prioritizing, planning, and figuring what the hell I'm doing next. Part of that is going to take me becoming more personally disciplined in how I go about things. I've never scheduled "free time" before, but I might have to start.

We're all busy. So, I hope you can understand why I might be late with the podcast. I hope you'll forgive me. One of these days, you might even think what I produce was worth what you paid for it.

That is all.

September 21, 2020

EA Cricket 2018 Download For Free Full Version

SCREENSHOT

System Requirements Of Cricket 2018 Download Free

Tested on Window 7 64 Bit
Operating System: Window XP/ Vista/ Window 7/ Window 8 and 8.1/10
CPU: 2.0 GHz Intel Pentium 4 or later
RAM: 512 MB
Setup size: 1.1 GB
Hard Disk Space: 4 GB

September 12, 2020

So Where Does Level 2 Leave South African Gaming?

President Cyril Ramaphosa announced in a national address on Saturday evening on 15 August 2020 that a number of South Africa's lockdown regulations will be relaxed as the country moves to a level 2 lockdown from midnight on Monday (17 August 2020).

In lockdown level 2 restrictions from Monday, the following restrictions pertinent to the hosting of events be eased:

All restrictions on inter-provincial travel will be lifted;
Accommodation facilities will be permitted, in line with approved protocols;
Restaurants, bars and taverns will be permitted to operate subject to regulations;;
The curfew will remain in place from 22h00 – 04h00;
Gatherings of more than 50 people are still prohibited, as are sports events with spectators;
International travel is still prohibited outside of the existing regulations.

The easing in restrictions come nearly five months after the country first moved into a lockdown.

Such regulations still mean that it is practically impossible for MSSA to hold Provincial and National face-to-face championships as MSSA cannot restrict the number of entrants to such events.

It is therefore likely that MSSA will continue to hold its events for the rest of the year as online events in order to continue to deliver with its membership.

However, Regional Championships can be offered as smaller events which will be in line with the new regulations.

Nothing will stop a member club from hosting and event that only allows 40 players and then has the required support staff to ensure that are protocols and procedures are in place.

Also read:

Calendar of Events: 2020
Esports titles selected: MSSA's School Championships.
Esports titles selected: MSSA's Student Championships
Esports titles selected: MSSA's Premier Championships.
Selecting esports titles to be played in MSSA Provincial and National Championships.
How clubs offer to host official mind sports events.
Why schools and universities should invest in esports.
New National Team Selection Criteria
Further increasing MSSA's footprint. (All about hosting Regional Championships)
Affiliation: Schools
Affiliation: Private clubs
Selecting the national Protea teams for Mind Sports South Africa.

Noctropolis (PC)

Developer:

Flashpoint

Release Date:

1994

Systems:

DOS (EE version: Windows, Linux, macOS)

This week on Super Adventures, I'm playing my fourth PC game in a row! This one's from the mid 90s though, so I've escaped 2001 at least.

Noctropolis is an "adult graphic adventure", which is apparently a lot like a regular adventure, except a couple of hours in you get to see an actress's breasts for a few seconds. You won't find a screenshot of it here though, this site's safe for work (also I'll have stopped playing ages before then).

I own the game on Steam so that means I'm playing the Enhanced Edition released by Nightdive a few years back. It doesn't actually say that, it's listed in my game library as just 'Noctropolis', but it didn't boot up DOSBox when I started it so it must be the new version. Oh hang on, they mention it on the store page: "New Enhanced Edition for Steam!" So that's cleared that up.

Man, this music on the title screen sounds like it's going to break into a Batman theme at any moment. Not any particular Batman theme, just a Batman theme. That's probably a good sign, as the game's supposed to be going for a comic book tone. In fact they were originally going after a comic book licence, but they couldn't get hold of one and had to make up their own setting instead. They apparently tried to approach this problem from the other direction and get a comic book published based on the game, but their meeting with legendary artist Rob Liefeld at Image didn't lead to anything.

Before I start going through the game I feel like I should warn you that it gets a bit edgy at times. To put it bluntly, a main character gets raped off-screen and it's not dealt with all that tactfully.

Read on »

September 4, 2020

Downlod Hit Man 2 Free By Ayush Anand (No Part Only Crack)

downlod free hit man

minumum reqirments 2gb ram32bit 1 tb hardiskwndow 7.8.10
downlod full updated games from here

the games was given by y.yadav gamer

We were expecting some sort of Hitman 2 game ever since IO started referring to the last game as 'The Complete First Season', which rather suggested that there was going to be a Season 2. (Though, as you'll know by now, those expectations have turned out to be not entirely accurate.)

Before a Hitman 2 release date could even be a thing, we needed a Hitman reboot that would be a return to form for the series. After the leaden and muddled Absolution, it's clear IO intends to build on the same sandbox formula they've perfected over the past few years.

After some stealthy – but decidedly non-violent – deduction work, we know loads of Hitman 2 trailer and gameplay details. We know the location of the first two missions, the ways in which the design of the initial game is being expanded, and a few of the silly/excellent costumes you'll be donning. Here's everything we know about Hitman 2.

HITMAN 2 RELEASE DATE

IO Interactive was not shy about revealing this one. The Hitman 2 release date is November 13, 2018. Hitch-free assassinations require patience, but that's barely a wait at all.

HITMAN 2 LOCATIONS

All of Hitman 2 locations have been revealed it looks like Agent 47 is going to acquire lot of air miles. The six locations are Miami, Colombia, New Zealand, India, USA, and the North Atlantic with Austria being the setting for the Sniper Assassin Game Mode. We've seen plenty of Miami and Columbia and in IO's most recent trailer we can feast our eyes on Hawke's Bay, Mumbai, Vermont and the Isle of Sgàil.

MIAMI, USA

Miami was the first Hitman 2 location that we got to feast our eyes on. We've played through Hitman's 2 Miami mission where Agent 47 attended the final hours of the Global Innovation Race a spectacle for the fastest cars in modern racing. In Miami you are tasked with killing a motorsport driver.

SANTA FORTUNA, COLOMBIA

We've also played the game's second mission, and know that Agent 47's work will take him to the thick Colombian jungle. In this level, foliage is your ally as Agent 47 will be slinking through the underbrush to make his kills. There are three targets: Rico Delgado, Jorge Franco, and Andrea Martinez. There are hippos, heavy-chandeliers, drug-filled souvenirs, a precariously rickety gold statue, and the opportunity to stab someone with a tattoo pen. Clearly creatively bumping people off will remain at the forefront of this sequel. IO also said in a press release that guards won't be the only threat this time, so prepare for wild animals and poisonous plants.

HAWKE'S BAY, NEW ZEALAND

Hawke's Bay, New Zealand looks to be an interesting location. The location trailer shows Agent 47 on a beach at night time perusing his target, sand being kicked up everywhere. With just the sand dunes and the sea for as far as you can see, its going to put your stealth skills to the test.

MUMBAI, INDIA

Mumbai is on the complete opposite end of the spectrum, its loud, crowded, and there are plenty of opportunities for a sneaky and stealthy kill.

August 31, 2020

Why (I Believe) WADA Was Not Hacked By The Russians

Disclaimer: This is my personal opinion. I am not an expert in attribution. But as it turns out, not many people in the world are good at attribution. I know this post lacks real evidence and is mostly based on speculation.

Let's start with the main facts we know about the WADA hack, in chronological order:

1. Some point in time (August - September 2016), the WADA database has been hacked and exfiltrated

2. August 15th, "WADA has alerted their stakeholders that email phishing scams are being reported in connection with WADA and therefore asks its recipients to be careful" https://m.paralympic.org/news/wada-warns-stakeholders-phishing-scams
3. September 1st, the fancybear.net domain has been registered

   Domain Name: FANCYBEAR.NET
   ...
   Updated Date: 18-sep-2016
   Creation Date: 01-sep-2016

4. The content of the WADA hack has been published on the website
5. The @FancyBears and @FancyBearsHT Twitter accounts have been created and started to tweet on 12th September, reaching out to journalists
6. 12th September, Western media started headlines "Russia hacked WADA"

7. The leaked documents have been altered, states WADA https://www.wada-ama.org/en/media/news/2016-10/cyber-security-update-wadas-incident-response

The Threatconnect analysis

The only technical analysis on why Russia was behind the hack, can be read here: https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/

After reading this, I was able to collect the following main points:

It is Russia because Russian APT groups are capable of phishing
It is Russia because the phishing site "wada-awa[.]org was registered and uses a name server from ITitch[.]com, a domain registrar that FANCY BEAR actors recently used"
It is Russia because "Wada-arna[.]org and tas-cass[.]org were registered through and use name servers from Domains4bitcoins[.]com, a registrar that has also been associated with FANCY BEAR activity."
It is Russia, because "The registration of these domains on August 3rd and 8th, 2016 are consistent with the timeline in which the WADA recommended banning all Russian athletes from the Olympic and Paralympic games."
It is Russia, because "The use of 1&1 mail.com webmail addresses to register domains matches a TTP we previously identified for FANCY BEAR actors."

There is an interesting side-track in the article, the case of the @anpoland account. Let me deal with this at the end of this post.

My problem with the above points is that all five flag was publicly accessible to anyone as TTP's for Fancy Bear. And meanwhile, all five is weak evidence. Any script kittie in the world is capable of both hacking WADA and planting these false-flags.

A stronger than these weak pieces of evidence would be:

Malware sharing same code attributed to Fancy Bear (where the code is not publicly available or circulating on hackforums)
Private servers sharing the IP address with previous attacks attributed to Fancy Bear (where the server is not a hacked server or a proxy used by multiple parties)
E-mail addresses used to register the domain attributed to Fancy Bear
Many other things

For me, it is quite strange that after such great analysis on Guccifer 2.0, the Threatconnect guys came up with this low-value post.

The fancybear website

It is quite unfortunate that the analysis was not updated after the documents have been leaked. But let's just have a look at the fancybear . net website, shall we?

Now the question is, if you are a Russian state-sponsored hacker group, and you are already accused of the hack itself, do you create a website with tons of bears on the website, and do you choose the same name (Fancy Bear) for your "Hack team" that is already used by Crowdstrike to refer to a Russian state-sponsored hacker group? Well, for me, it makes no sense. Now I can hear people screaming: "The Russians changed tactics to confuse us". Again, it makes no sense to change tactics on this, while keeping tactics on the "evidence" found by Threatconnect.

It makes sense that a Russian state-sponsored group creates a fake persona, names it Guccifer 2.0, pretends Guccifer 2.0 is from Romania, but in the end it turns out Guccifer 2.0 isn't a native Romanian speaker. That really makes sense.

What happens when someone creates this fancybear website for leaking the docs, and from the Twitter account reaches out to the media? Journalists check the website, they see it was done by Fancy Bear, they ~~Bing~~ Google this name, and clearly see it is a Russian state-sponsored hacker group. Some journalists also found the Threatconnect report, which seems very convincing for the first read. I mean, it is a work of experts, right? So you can write in the headlines that the hack was done by the Russians.

Just imagine an expert in the USA or Canada writing in report for WADA:
"the hack was done by non-Russian, but state-sponsored actors, who planted a lot of false-flags to accuse the Russians and to destroy confidence in past and future leaks". Well, I am sure this is not a popular opinion, and whoever tries this, risks his career. Experts are human, subject to all kinds of bias.

The Guardian

The only other source I was able to find is from The Guardian, where not just one side (it was Russia) was represented in the article. It is quite unfortunate that both experts are from Russia - so people from USA will call them being not objective on the matter. But the fact that they are Russian experts does not mean they are not true ...

https://www.theguardian.com/sport/2016/sep/15/fancy-bears-hackers--russia-wada-tues-leaks

Sergei Nikitin:
"We don't have this in the case of the DNC and Wada hacks, so it's not clear on what basis conclusions are being drawn that Russian hackers or special services were involved. It's done on the basis of the website design, which is absurd," he said, referring to the depiction of symbolically Russian animals, brown and white bears, on the "Fancy Bears' Hack Team" website.

I don't agree with the DNC part, but this is not the topic of conversation here.

Alexander Baranov:
"the hackers were most likely amateurs who published a "semi-finished product" rather than truly compromising information. "They could have done this more harshly and suddenly," he said. "If it was [state-sponsored] hackers, they would have dug deeper. Since it's enthusiasts, amateurs, they got what they got and went public with it.""

The @anpoland side-track

First please check the tas-cas.org hack https://www.youtube.com/watch?v=day5Aq0bHsA , I will be here when you finished it. This is a website for "Court of Arbitration for Sport's", and referring to the Threatconnect post, "CAS is the highest international tribunal that was established to settle disputes related to sport through arbitration. Starting in 2016, an anti-doping division of CAS began judging doping cases at the Olympic Games, replacing the IOC disciplinary commission." Now you can see why this attack is also discussed here.

My bet is that this machine was set-up for these @anpoland videos only. Whether google.ru is a false flag or it is real, hard to decide. It is interesting to see that there is no google search done via google.ru, it is used only once.
The creator of the video can't double click. Is it because he has a malfunctioning mouse? Is it because he uses a virtualization console, which is near-perfect OPSEC to hide your real identity? My personal experience is that using virtualization consoles remotely (e.g. RDP) has very similar effects to what we can see on the video.
The timeline of the Twitter account is quite strange, registered in 2010
I agree with the Threatconnect analysis that this @anpoland account is probably a faketivist, and not an activist. But who is behind it, remains a mystery.
Either the "activist" is using a whonix-like setup for remaining anonymous, or a TOR router (something like this), or does not care about privacy at all. Looking at the response times (SQLmap, web browser), I doubt this "activist" is behind anything related to TOR. Which makes no sense for an activist, who publishes his hack on Youtube. People are stupid for sure, but this does not add up. It makes sense that this was a server (paid by bitcoins or stolen credit cards or whatever) rather than a home computer.

For me, this whole @anpoland thing makes no sense, and I think it is just loosely connected to the WADA hack.

The mysterious Korean characters in the HTML source

There is another interesting flag in the whole story, which actually makes no sense. When the website was published, there were Korean characters in HTML comments.

https://web.archive.org/web/20160913013727/http://fancybear.net/

When someone pointed this out on Twitter, these Korean HTML comments disappeared:

https://web.archive.org/web/20160914231209/http://www.fancybear.net/

These HTML comments look like generated HTML comments, from a WYSIWYG editor, which is using the Korean language. Let me know if you can identify the editor.

The Russians are denying it

Well, what choice they have? It does not matter if they did this or not, they will deny it. And they can't deny this differently. Just imagine a spokesperson: "Previously we have falsely denied the DCC and DNC hacks, but this time please believe us, this wasn't Russia." Sounds plausible ...

Attribution

Let me sum up what we know:

It makes sense that the WADA hack was done by Russia, because:

Russia being almost banned from the Olympics due to doping scandal, it made sense to discredit WADA and US Olympians
There are multiple(weak) pieces of evidence which point to Russia

It makes sense that the WADA hack was not done by Russia, because:

By instantly attributing the hack to the Russians, the story was more about to discredit Russia than discrediting WADA or US Olympians.
In reality, there was no gain for Russia for disclosing the documents. Nothing happened, nothing changed, no discredit for WADA. Not a single case turned out to be illegal or unethical.
~~Altering the leaked documents makes no sense if it was Russia~~ (see update at the end). Altering the leaked documents makes a lot of sense if it was not Russia. Because from now on, people can always state "these leaks cannot be trusted, so it is not true what is written there". It is quite cozy for any US organization, who has been hacked or will be hacked. If you are interested in the "Russians forging leaked documents" debate, I highly recommend to start with this The Intercept article
If the Korean characters were false flags planted by the Russians, why would they remove it? If it had been Russian characters, I would understand removing it.
All evidence against Russia is weak, can be easily forged by even any script kittie.

I don't like guessing, but here is my guess. This WADA hack was an operation of a (non-professional) hackers-for-hire service, paid by an enemy of Russia. The goal was to hack WADA, leak the documents, modify some contents in the documents, and blame it all on the Russians ...

Questions and answers

Was Russia capable of doing this WADA hack? Yes.
Was Russia hacking WADA? Maybe yes, maybe not.
Was this leak done by a Russian state-sponsored hacker group? I highly doubt that.
Is it possible to buy an attribution-dice where all six-side is Russia? No, it is sold-out.

Let me know what you think about this, and please comment.

Update: As TheGrugq pointed out, Guccifer has been found to alter documents https://www.reddit.com/r/EnoughTrumpSpam/comments/4uyih3/russian_hackers_altered_emails_before_release_to/?st=IUJDLSIE&sh=e195e908

Related news

August 30, 2020

OWASP Web 2.0 Project Update

Some of you likely recall the talk back in 2016 or so of updating the OWASP Foundation website to not appear so much like a...well, a wiki. That talk was carried forward into 2017 and 2018 and, with each year, the proposal got pushed ahead as there were other, deeper projects to tackle. With the arrival of 2019 and a firm project plan under the guidance of Mike McCamon, Executive Director, we are finally moving toward a functioning, modern website that will be a whole lot less...wiki-like. The journey has been circuitous and, while we are not anywhere near complete, we have a set plan in place to bring it to fruition within the calendar year (second quarter of the year, actually).

TLDR: How Can You Help?

There are certainly ways in which you can get involved now. For instance, we are looking for a clean way to get wiki pages into GitHub markdown format for archival. I have done some work here but there are parsing issues with some of the tools. Do you know a good tool or have you done similar work? Also, are you or do you know a good designer, someone familiar with GitHub pages that can provide some useful help and feedback along the way? A Jekyll expert to help code a theme with a handful of templates would be a great addition. In addition, we could use website server admins who could help with assigning redirects to maintain search integrity. Finally, there will be a great many pages to move that we will also eventually need community involvement in.

So, What Have We Done?

Thus far we have researched various ideas for standing up a new site, including modifying the current wiki, spinning up our own web server, contracting a third party to host and build a new site, and also using existing infrastructure with our own content to launch a new face for OWASP. Our discussions led us to a familiar place, one that nearly every developer in the OWASP space is familiar with: GitHub.

In our conversations with GitHub, it became readily apparent that using the platform would be a win for the Foundation as well as GitHub. Nearly everyone who runs a project at OWASP (documentation or otherwise) uses GitHub. Because our target audience is also mostly developers we know that they are also very comfortable with the platform. And while GitHub has a number of high profile companies using their GitHub Pages, the use of the platform as the basis for the entire website of the number one non-profit foundation in the application security sector is a big draw.

We have run with that GitHub Pages idea and have spent internal manpower on a proof of concept. This proof of concept is less about the UX of the site than the functionality, the ability to utilize the authentication systems, and the ability to utilize automation to push out changes quickly.

Where Are We Now?

We are doing the final stages of website architecture. We are also planning what needs to be in the site, how the pieces will integrate with current projects and chapters, and how we might utilize the community to integrate the pieces so that we have a visually and functionally cohesive website that spans across multiple repositories.

What Is Next?

We will soon be looking for a modern website design that is responsive and clean. We will begin using the knowledge gained from our proof of concept to build out the internals of the website and then we will start implementing the highest traffic pages and administrative areas into the new platform. Once we have the big-ticket items moved we will start looking at what is left and moving over those pieces. The eventual goal would be to have a new, modern website for the future of OWASP while keeping the wiki as an archive of really useful information.

We hope you are as excited as we are about the future of the OWASP Foundation website and will join us as we move toward a modern web presence. If you have any questions or would like to volunteer your time, experience or knowledge, please contact me at harold.blankenship@owasp.com