158 stories
·
5 followers

Boyfriend Dungeon is all about dating your weapons, and it looks rad

1 Comment

Ever wanted to date your sword? Here you go

We’ve already found our favorite mashup of 2019: Boyfriend Dungeon, a dungeon crawler from indie team Kitfox Games (Moon Hunters, The Shrouded Isle), which combines hack-and-slash gameplay with very, very cute guys and girls.

Boyfriend Dungeon is exactly what it says on the tin, based on the first trailer. Players are a tiny warrior fighting through monster-ridden areas. Scattered across the procedurally generated dungeons are a bunch of lost weapons — which, once rescued, turn out to actually be extremely cute singles.

That’s when the dungeon crawler turns into a romance game, and it’s also when we all realized that Boyfriend Dungeon is something special. Every romance option has their own specific weapon to equip, from an epee to a dagger and then some. Players work to level up those weapons, but also to win over these sweet babes during dialogue scenes. If this isn’t the smartest combination of genres we’ve seen in some time, we don’t know what is.

Oh, and it looks like one of the eligible bachelors is a cat. Put us down for one copy of Boyfriend Dungeon when it launches sometime in 2019, and pay attention to Kitfox Games’ social media channels for development updates.

Read the whole story
aranth
1 day ago
reply
Truly blessed to live in this golden era of gaming.
Share this story
Delete

Me too, son.

1 Share

The mainstream media has collectively lost its mind in the past week over the “shocking” revelation that a movie producer would abuse his power over the careers of aspiring actors in order to sexually harass and assault them, then scare them into silence with the exact same set of implied threats that allowed him to commit the crimes in the first place. Since the vast majority of my readership is female, I’m sure none of you were floored by the revelation, given that this kind of shit goes on literally everywhere all the time and has since the dawn of the age of homo sapiens (and, of course, earlier). While it’s heartening to see the dark and dirty truth blip into the public consciousness, it’s likely that the furor will die down in short order and that everyone will resume the charade. Everything is cool, ladies. We caught the bad guy.

I moved to Hollywood in 1999, just after I turned 21. I had zero interest in being an actor (or having anything to do with the film and television industry); I just moved there because it was an affordable neighborhood (this was 1999) in the closest big city to San Diego, where the people I was hanging out with were such degenerates that I decided I had to jet in order to avoid jail or an overdose. I’d like to say that situation improved after the move, but I just traded in a crew of reprobate upper-middle-class bros for a city full of predatory gutterballs with more money.

One needn’t seek employment in the entertainment industry to attract the attention of unctuous perverts in LA. One of my first jobs on arrival was as a waitress at the semi-infamous Mel’s Drive-In, where James Woods propositioned Amber Tamblyn, 16 at the time, with an impromptu jaunt to Vegas with him and some other senior citizen. He must have made a serious habit of propositioning women a third of his age at Mel’s, because he did the same thing to me (though I had at least reached the age of majority; he was 52 at the time). The remainder of the transaction was as awkward as you would imagine. James Woods was — in my mind — only marginally famous, yet he felt like he was a big enough deal that teenagers ought to jump at the chance to be molested by him. Andrew Dice Clay, the epitome of a has-been at the time, had been 86ed from the establishment for groping waitresses just months earlier.

But it wasn’t just the town’s well-known actors, producers, and talent agents who considered the city of Los Angeles a smorgasbord of potential victims. At that same restaurant, I had two male coworkers who had moved to the city to become famous and were just waiting tables until the entertainment elite recognized their mediocre looks and revolting personalities as star material (the cliché is real, y’all). One was a dude from somewhere in the Northeast named Anthony who insisted on being called “London.” Most interactions I had with him consisted of him pointing at bananas and then at his own dick. (You can find this specimen in the archives of the dating show Fifth Wheel if you’re interested.) The other one, Reagan, managed to behave like a reasonable (though dorky) person at work most of the time, but once put on a Frank Sinatra song and tried to make out with me, despite my obvious lack of interest (that quickly morphed into mortified laughter once he tried to Swingers me).

Then there were the mystery men who sat in my section and, shortly before paying their bill (and just before they decided what kind of tip to leave), would ask me if I was an actress. When I replied that, no, unlike every other young woman in town waiting tables, I had no interest in acting, they would say something like, “Well, you’re gorgeous and you should be. Why don’t you give me your number and I can introduce you to some people.” The conditions attached were unspoken, but were louder than a Miami bass war.

I had to “grow up” sometime, so I left Mel’s and got a job at the corporate office of a national chain of lingerie stores headquartered in Hollywood. The office was mercifully free of men, despite the fact that the company produced clownish lingerie ostensibly designed for men’s entertainment and titillation.  (I mean, I couldn’t see the draw of a red bra with underwires but no cups, so men must have been the target market.) Still, I spent at least 2% of my time at work fielding obscene phone calls.

It got so old that, while perusing online job ads at work one day, I decided to apply for a job as a receptionist at Creative Artists Agency, a fairly influential organization in the entertainment world. The interviewer was about 60 and I was still 21. He spent the entirety of the thirty years or so that I was in his office alternating between licking his lips and telling me I would look good up front and lowballing me on the job’s pay. He kept dangling the promise of becoming an assistant to one of their agents, assuring me that one day I would be a big deal Hollywood agent provided that I was up to the task of working there (and would accept poverty wages). The task was in his shorts. I still don’t know what this asshole’s job title was, or why he was selected to interview me, but I have to assume the intent was to weed out the kind of spoilsports who couldn’t handle a little sexual harassment.

All work and no play makes for a boring account of the wide world of Hollywood sexual misconduct. Through some very odd circumstances, I ended up spending a lot of time with a couple of *dudes who had been famous as teen heartthrobs in the early 90s. They were decent people (they had probably endured some sexual abuse themselves, having been child actors) despite the fact that one was a Scientologist (wasn’t everyone in LA in 1999). But their friends were unbelievable. A crew of trust-fund twentysomethings whose only connection to the entertainment industry was their parents, they were brazen and merciless in their tactics of manipulating hopeful young women into having sex with them by pretending to have connections they didn’t have and promising opportunities they had no access to (and no intention of following through on if they did).

They once took me to a club that was nigh impossible to get into at the time, Barfly, where I stood around picking at my clothing while Corey Feldman (he wasn’t there with us) made an ass of himself on the dance floor and an old fat man chased attractive young women around the room with handfuls of hundred dollar bills. Though it was an odd sight, the only reason anyone made sport of his behavior was that he made plain the (usually) unspoken but pervasive assumption that all young women in Los Angeles are for sale. (Hey, loser, get some game and quit being so extra.)

Then there’s the kid we all used to refer to affectionately as “little Will.” We found it amusing to see a 13-year-old trying to breakdance while in a K-hole. You might know him as The Gaslamp Killer, who has raped who knows how many women now that he’s all grown up and famous and has access to roofies and female fans.

Then there was ol’ “shocked and apalled” Ben Affleck, who regularly staggered his way around my neighborhood breakfast cafe, drunkenly sexually harassing the female staff at 7 AM because he could.

Then there was the *globular millionaire son of a director who had no friends whatsoever and would invite young people (male and female) to his house when the bars closed, shove piles of “free” cocaine at them, and then demand that they perform sexual entertainment as payment at the end of the night, later sending them big-screen televisions in the hopes of a repeat engagement. And the *”photographer” who actually made his living selling ecstasy at Garden of Eden and using the proceeds to lure women half his age to his apartment down the street, where he fed them drugs and bullshit until they acquiesced to his sexual demands (free headshots, anyone?).

These vignettes all derive from the outskirts — if not from outside of — the entertainment industry. You can imagine — and have learned in the past few weeks the specifics of — the heights of sexual menace inside the offices of people with actual power in Hollywood. A city brimming with young women (and men) intent on becoming famous makes a great hunting ground for manipulative sexual predators up and down the payscale.

And let me tell you, I’ve got a lot more where this comes from involving men who are about as closely connected to the entertainment industry as I am to Richard Spencer.

Harvey Weinstein isn’t an outlier. He’s an example of the entitlement of nearly all men in positions of power over women’s careers, and all men who know the threat of violence, rape, and public humiliation keep women polite in the face of harassment and quiet about what happens to us after the fact. Men like Weinstein are a dime a dozen. Every woman I know has a list as long as The Brothers Karamazov of stories of sexual harassment and assault at work, on the street, at school, at parties, at the liquor store, on the subway, at Jimmy John’s, at Home Depot, in court, at a funeral, at a wedding, in line for tickets to see Cats, while shopping for diarrhea medication, and so on ad infinitum.

I’ll dip out with a plea to everyone who can safely do so to come out with their lists in every public forum available to them. I may even recount my workplace sexual harassment stories from my teenage years in a sequel-as-prequel to this post.

*I’d include these people’s names, but I’m sure they Google themselves constantly and would instantly guess who wrote this.


Filed under: Entertainment, Rape and Sexual Assault

Read the whole story
aranth
4 days ago
reply
Share this story
Delete

Lawyer Music Video Asks You Not to Call It “Velcro”

1 Comment and 2 Shares

Pretty good video here from Velcro Companies, which seems to be the confusingly singular name of the company or companies that makes the product known as Velcro®. You may or may not have known that “Velcro” is a trademark, not just the name for the stuff. The company and its legal team would very much like you to know that, though, so that “Velcro” doesn’t become “generic” enough to lose trademark protection.

That’s happened with a number of other familiar terms, including (according to Wikipedia) “aspirin,” “dry ice,” “escalator,” “teleprompter,” and “trampoline,” all of which were once brand names entitled to trademark protection, but now aren’t. There are lots of other terms that are often used generically (such as “Band-Aid,” “Dumpster,” “Formica,” and of course “Google”)  but are still trademarks at least for now. (A petition is currently pending before the U.S. Supreme Court about the status of “Google,” as it happens.)

As the Velcro Companies legal team says in the song, the company would prefer you call it “hook and loop,” not “Velcro”:

Actually, according to the making-of-the-video video, most of these people are probably actors, but at least two of them are in fact “real lawyers” who really do represent the company. It’d be better if all of them were really part of the company’s legal team, but then again maybe it wouldn’t be.

Read the whole story
aranth
17 days ago
reply
Share this story
Delete
1 public comment
skittone
17 days ago
reply
Sorry, Velcro. That ship has sailed. (And I say this as someone who calls the product Velcro (tm) brand hook and loop tape, mostly as a Paranoia joke.)
HarlandCorbin
15 days ago
Yep, sorry, velcro is shorter than hook and loop fastener or whatever they want us to say. Tough. You lost the TM, get over it.

Photo

1 Share


Read the whole story
aranth
21 days ago
reply
Share this story
Delete

Experian Site Can Give Anyone Your Credit Freeze PIN

2 Comments and 3 Shares

An alert reader recently pointed my attention to a free online service offered by big-three credit bureau Experian that allows anyone to request the personal identification number (PIN) needed to unlock a consumer credit file that was previously frozen at Experian.

Experian's page for retrieving someone's credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.

Experian’s page for retrieving someone’s credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches.

The first hurdle for instantly revealing anyone’s freeze PIN is to provide the person’s name, address, date of birth and Social Security number (all data that has been jeopardized in breaches 100 times over — including in the recent Equifax breach — and that is broadly for sale in the cybercrime underground).

After that, one just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. I’m certain this warning would deter all but the bravest of identity thieves!

The final authorization check is that Experian asks you to answer four so-called “knowledge-based authentication” or KBA questions. As I have noted in countless stories published here previously, the problem with relying on KBA questions to authenticate consumers online is that so much of the information needed to successfully guess the answers to those multiple-choice questions is now indexed or exposed by search engines, social networks and third-party services online — both criminal and commercial.

What’s more, many of the companies that provide and resell these types of KBA challenge/response questions have been hacked in the past by criminals that run their own identity theft services.

“Whenever I’m faced with KBA-type questions I find that database tools like Spokeo, Zillow, etc are my friend because they are more likely to know the answers for me than I am,” said Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI).

The above quote from Mr. Weaver came in a story from May 2017 which looked at how identity thieves were able to steal financial and personal data for over a year from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering KBA questions about those employees.

In short: Crooks and identity thieves broadly have access to the data needed to reliably answer KBA questions on most consumers. That is why this offering from Experian completely undermines the entire point of placing a freeze. 

After discovering this portal at Experian, I tried to get my PIN, but the system failed and told me to submit the request via mail. That’s fine and as far as I’m concerned the way it should be. However, I also asked my followers on Twitter who have freezes in place at Experian to test it themselves. More than a dozen readers responded in just a few minutes, and most of them reported success at retrieving their PINs on the site and via email after answering the KBA questions.

Here’s a sample of the KBA questions the site asked one reader:

1. Please select the city that you have previously resided in.

2. According to our records, you previously lived on (XXTH). Please choose the city from the following list where this street is located.

3. Which of the following people live or previously lived with you at the address you provided?

4. Please select the model year of the vehicle you purchased or leased prior to July 2017 .

Experian will display the freeze PIN on its site, and offer to send it to an email address of your choice.

Experian will display the freeze PIN on its site, and offer to send it to an email address of your choice. Image: Rob Jacques.

I understand if people who place freezes on their credit files are prone to misplacing the PIN provided by the bureaus that is needed to unlock or thaw a freeze. This is human nature, and the bureaus should absolutely have a reliable process to recover this PIN. However, the information should be sent via snail mail to the address on the credit record, not via email to any old email address.

This is yet another example of how someone or some entity other than the credit bureaus needs to be in put in charge of rethinking and rebuilding the process by which consumers apply for and manage credit freezes. I addressed some of these issues — as well as other abuses by the credit reporting bureaus — in the second half of a long story published Wednesday evening.

Experian has not yet responded to requests for comment.

While this service is disappointing, I stand by my recommendation that everyone should place a freeze on their credit files. I published a detailed Q&A a few days ago about why this is so important and how you can do it. For those wondering about whether it’s possible and advisable to do this for their kids or dependents, check out The Lowdown on Freezing Your Kid’s Credit.

Read the whole story
aranth
29 days ago
reply
lol
Share this story
Delete

Equifax Breach: Setting the Record Straight

1 Share

Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.

equihaxIn my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.

On May 17, KrebsOnSecurity reported that fraudsters exploited lax security at Equifax’s TALX payroll division, which provides online payroll, HR and tax services.

That story was about how Equifax’s TALX division let customers who use the firm’s payroll management services authenticate to the service with little more than a 4-digit personal identification number (PIN).

Identity thieves who specialize in perpetrating tax refund fraud figured out that they could reset the PINs of payroll managers at various companies just by answering some multiple-guess questions — known as “knowledge-based authentication” or KBA questions — such as previous addresses and dates that past home or car loans were granted.

On Tuesday, Sept. 18, Bloomberg ran a piece with reporting from no fewer than five journalists there who relied on information provided by three anonymous sources. Those sources reportedly spoke in broad terms about an earlier breach at Equifax, and told the publication that these two incidents were thought to have been perpetrated by the same group of hackers.

The Bloomberg story did not name TALX. Only post-publication did Bloomberg reporters update the piece to include a statement from Equifax saying the breach was unrelated to the hack announced on Sept. 7, and that it had to do with a security incident involving a payroll-related service during the 2016 tax year.

I have thus far seen zero evidence that these two incidents are related. Equifax has said the unauthorized access to customers’ employee tax records (we’ll call this “the March breach” from here on) happened between April 17, 2016 and March 29, 2017.

The criminals responsible for unauthorized activity in the March breach were participating in an insidious but common form of cybercrime known as tax refund fraud, which involves filing phony tax refund requests with the IRS and state tax authorities using the personal information from identity theft victims.

My original report on the March breach was based on public breach disclosures that Equifax was required by law to file with several state attorneys general.

Because the TALX incident exposed the tax and payroll records of its customers’ employees, the victim customers were in turn required to notify their employees as well. That story referenced public breach disclosures from five companies that used TALX, including defense contractor giant Northrop Grumman; staffing firm Allegis GroupSaint-Gobain Corp.; Erickson Living; and the University of Louisville.

When asked Tuesday about previous media coverage of the March breach, Equifax pointed National Public Radio (NPR) to coverage in KrebsonSecurity.

One more thing before I move on to the analysis. For more information on why KBA is a woefully ineffective method of stopping fraudsters, see this story from 2013 about how some of the biggest vendors of these KBA questions were all hacked by criminals running an identity theft service online.

Or, check out these stories about how tax refund fraudsters used weak KBA questions to steal personal data on hundreds of thousands of taxpayers directly from the Internal Revenue Service‘s own Web site. It’s probably worth mentioning that Equifax provided those KBA questions as well.

ANALYSIS

Over the past two weeks, KrebsOnSecurity has received an unusually large number of inquiries from reporters at major publications who were seeking background interviews so that they could get up to speed on Equifax’s spotty security history (sadly, Bloomberg was not among them).

These informational interviews — in which I agree to provide context and am asked to speak mainly on background — are not unusual; I sometimes field two or three of these requests a month, and very often more when time permits. And for the most part I am always happy to help fellow journalists make sure they get the facts straight before publishing them.

But I do find it slightly disturbing that there appear to be so many reporters on the tech and security beats who apparently lack basic knowledge about what these companies do and their roles in perpetuating — not fighting — identity theft.

It seems to me that some of the world’s most influential publications have for too long given Equifax and the rest of the credit reporting industry a free pass — perhaps because of the complexities involved in succinctly explaining the issues to consumers. Indeed, I would argue the mainstream media has largely failed to hold these companies’ feet to the fire over a pattern of lax security and a complete disregard for securing the very sensitive consumer data that drives their core businesses.

To be sure, Equifax has dug themselves into a giant public relations hole, and they just keep right on digging. On Sept. 8, I published a story equating Equifax’s breach response to a dumpster fire, noting that it could hardly have been more haphazard and ill-conceived.

But I couldn’t have been more wrong. Since then, Equifax’s response to this incident has been even more astonishingly poor.

EQUIPHISH

On Tuesday, the official Equifax account on Twitter replied to a tweet requesting the Web address of the site that the company set up to give away its free one-year of credit monitoring service. That site is https://www.equifaxsecurity2017.com, but the company’s Twitter account told users to instead visit securityequifax2017[dot]com, which is currently blocked by multiple browsers as a phishing site.

equiphish

FREEZING UP

Under intense public pressure from federal lawmakers and regulators, Equifax said that for 30 days it would waive the fee it charges for placing a security freeze on one’s credit file (for more on what a security freeze entails and why you and your family should be freezing their files, please see The Equifax Breach: What You Should Know).

Unfortunately, the free freeze offer from Equifax doesn’t mean much if consumers can’t actually request one via the company’s freeze page; I have lost count of how many comments have been left here by readers over the past week complaining of being unable to load the site, let alone successfully obtain a freeze. Instead, consumers have been told to submit the requests and freeze fees in writing and to include copies of identity documents to validate the requests.

Sen. Elizabeth Warren (D-Mass) recently introduced a measure that would force the bureaus to eliminate the freeze fees and to streamline the entire process. To my mind, that bill could not get passed soon enough.

Understand that each credit bureau has a legal right to charge up to $20 in some states to freeze a credit file, and in many states they are allowed to charge additional fees if consumers later wish to lift or temporarily thaw a freeze. This is especially rich given that credit bureaus earn roughly $1 every time a potential creditor (or identity thief) inquires about your creditworthiness, according to Avivah Litan, a fraud analyst with Gartner Inc.

In light of this, it’s difficult to view these freeze fees as anything other than a bid to discourage consumers from filing them.

The Web sites where consumers can go to file freezes at the other major bureaus — including TransUnion and Experian — have hardly fared any better since Equifax announced the breach on Sept. 7. Currently, if you attempt to freeze your credit file at TransUnion, the company’s site is relentless in trying to steer you away from a freeze and toward the company’s free “credit lock” service.

That service, called TrueIdentity, claims to allow consumers to lock or unlock their credit files for free as often as they like with the touch of a button. But readers who take the bait probably won’t notice or read the terms of service for TrueIdentity, which has the consumer agree to a class action waiver, a mandatory arbitration clause, and something called ‘targeted marketing’ from TransUnion and their myriad partners.

The agreement also states TransUnion may share the data with other companies:

“If you indicated to us when you registered, placed an order or updated your account that you were interested in receiving information about products and services provided by TransUnion Interactive and its marketing partners, or if you opted for the free membership option, your name and email address may be shared with a third party in order to present these offers to you. These entities are only allowed to use shared information for the intended purpose only and will be monitored in accordance with our security and confidentiality policies. In the event you indicate that you want to receive offers from TransUnion Interactive and its marketing partners, your information may be used to serve relevant ads to you when you visit the site and to send you targeted offers.  For the avoidance of doubt, you understand that in order to receive the free membership, you must agree to receive targeted offers.

TransUnion then encourages consumers who are persuaded to use the “free” service to subscribe to “premium” services for a monthly fee with a perpetual auto-renewal.

In short, TransUnion’s credit lock service (and a similarly named service from Experian) doesn’t prevent potential creditors from accessing your files, and these dubious services allow the credit bureaus to keep selling your credit history to lenders (or identity thieves) as they see fit.

As I wrote in a Sept. 11 Q&A about the Equifax breach, I take strong exception to the credit bureaus’ increasing use of the term “credit lock” to divert people away from freezes. Their motives for saddling consumers with even more confusing terminology are suspect, and I would not count on a credit lock to take the place of a credit freeze, regardless of what these companies claim (consider the source).

Experian’s freeze Web site has performed little better since Sept. 7. Several readers pinged KrebsOnSecurity via email and Twitter to complain that while Experian’s freeze site repeatedly returned error messages stating that the freeze did not go through, these readers’ credit cards were nonetheless charged $15 freeze fees multiple times.

If the above facts are not enough to make your blood boil, consider that Equifax and other bureaus have been lobbying lawmakers in Congress to pass legislation that would dramatically limit the ability of consumers to sue credit bureaus for sloppy security, and cap damages in related class action lawsuits to $500,000.

If ever there was an industry that deserved obsolescence or at least more regulation, it is the credit bureaus. If either of those outcomes are to become reality, it is going to take much more attentive and relentless coverage on the part of the world’s top news publications. That’s because there’s a lot at stake here for an industry that lobbies heavily (and successfully) against any new laws that may restrict their businesses.

Here’s hoping the media can get up to speed quickly on this vitally important topic, and help lead the debate over legal and regulatory changes that are sorely needed.

Read the whole story
aranth
29 days ago
reply
Share this story
Delete
Next Page of Stories