🆕 blog! “There's nothing you can do to prevent a SIM-swap attack”
It is tempting to think that users are to blame for their own misfortune. If only they'd had a stronger password! If only they didn't re-use credentials! If only they had perfect OpSec! If only...! Yes, users should probably take better care of their digital credentials and bury t…
It is tempting to think that users are to blame for their own misfortune. If only they'd had a stronger password! If only they didn't re-use credentials! If only they had perfect OpSec! If only...!
Yes, users should probably take better care of their digital credentials and bury them in a digital vault. But there are some things which are simply impossible for a user to protect against. Take, for example, a SIM-swap attack.
You probably have your phone-number tied to all sorts of important services. If you want to recover your email, log in to a bank, or prove your identity - you'll probably need to receive a call or SMS. If an attacker can take over your phone number, they're one step closer to taking over your accounts.
I keep saying "your phone number", but that's a clever lie. The phone number does not belong to you. It belongs to the network operator and they define which SIM the number points to.
This means a suitably authorised person at the telco can point "your" number to a new SIM card. That's helpful if you've lost your SIM but bad if an attacker wants to divert your number.
What can you do to stop this attack? Nothing.
Oh, you can have a strong and unique password on your account, and you can hope your telco uses TOTP and PassKeys. But it turns out that it is possible to bribe telco employees for the low, low price of US$1000.
If your security rests on a phone number, you've effectively outsourced your security to the most bribeable manager employed by your telco.
Now, I said there's nothing you can do. That isn't quite true. You can attempt to pen-test yourself.
Go to your phone company's account. Set a long password and complex password. Change your mother's maiden name to HK2BY@]'PU,:!VQ;}baTj. Turn on every security measure you can find. Call the phone company from a different phone and explain that you lost your phone and want a new SIM card. If they ask for your mother's maiden name, say "Oh, I set it to a long stream of gibberish". If they ask where to send the SIM, give a trusted friend's address. If your phone company is negligent and send out a new SIM on the basis of poor verification, then you should move your number to a more reputable provider.
It's good fun to try and social-engineer a call-centre worker for your own details. But it's probably illegal to try and bribe someone to hijack yourself.
Anyway, please try to remove your phone number as a critical lynchpin in your security regime.
Principia is, in its simplest form, a physics-based sandbox game. In Principia, you can build contraptions and simulate them in the physics simulation. This could be a mechanical contraption, an RC car, or a pinball game. Principia also contains a LuaScript object which allows you to write and create Lua programs that can...
Thrive is a free and open source evolution sim from Revolutionary Games Studio that's currently in-development, and a new release has rolled out with v0.6.5 bringing some gameplay additions.
With the latest changes, the Builder tool allows picking the structure you would like to place from a list. This now makes it possible to build go-karts, roller coasters, humpty dumpsters and pavement!
I'm not one for "New Year's resolutions", but I am one for overly ambitious projects.
For 2023, Project365 is "One New Game Per Day".
Given that I have 634 unplayed games in my Steam account and {mumble} unredeemed bundle Steam keys, there's a reason my unplayed collection is tagged "Pile of Shame".
I'll pin this to my profile, and give a brief summary here each day (or x, if I miss x days due to work or stuff).
I'll play 15-30 minutes of (at least) one new game I've never played before (or played less than 15 minutes of). I'll give every game at least 15 minutes, even if I hate every minute of it.
I'm also open to suggestions; if you reply to this thread with a game, I'll schedule it, or tell you what I thought of it.
One of the things that's come up is that I have a bunch of games that I've played once, and not touched again.
February 14, 2024 - Day 410 - NewPlay Review
Total NewPlays: 446
Game: Snowtopia
Platform: Steam
Released: Dec 15, 2022
Installed: Feb 14, 2024
Unplayed: 0d
Playtime: 27m
Rating: 1 - Nope
Snowtopia is a top-down/third-person snow resort management sim. It's the last game in this month's Humble Choice Bundle.
You start out in the middle of nowhere in a snow-covered valley with the main buildings of a snow-resort in the centre, begging for you to build it out into a functional skiing paradise.
There's potential here for something interesting, but it's let down painfully by a tutorial that explains things in a way that still leaves you unsure of exactly what you're supposed to do.
However, the game's biggest failing is that it tells you to build ski runs on the vector-graphics hills, and then when you try to, it gives the cryptic error "Impossible to build on uphill slope."
It feels like it was designed by someone who understands exactly what that is supposed to mean, and since it's obvious to them, it should be obvious to everyone else.
However, having lived just south of the NSW snowfields for over a decade, one of the most important things required for ski runs is the uphill slope, so you have something to ski down.
Don't let the time played fool you; I became determined to at least complete the tutorial. I did not. I gave up in frustration.
February 15, 2024 - Day 411 - NewPlay Review
Total NewPlays: 447
Game: Fantasy Blacksmith
Platform: Steam
Released: Nov 16, 2019
Installed: Feb 1, 2024
Unplayed: 14d
Playtime: 33m
Rating: 1 - Nope
Fantasy Blacksmith is a first-person work simulator, where you get to play as a blacksmith in a fantasy setting, making swords for adventurers.
If it sounds like an interesting idea, that is correct. It's an interesting idea.
The execution, on the other hand, will push you to build your first sword so that you can immediately fall on it, and put yourself out of your misery.
It's like the devs on this game thought of the worst possible way they could do every single thing in this game, and then found a way to make it buggy as well.
Some games are so bad, they cycle through to being some kind of perverse pleasure.
This is not one of those games. This is a game that makes Snowtopia look like a masterpiece of UX design and user-friendliness.
This is a game that will have you longing for pixel art, just so the game is actually bright enough to see what you're doing.
It feels like something that was coded by a repurposed Nutrimatic Drinks Dispenser, producing something which is almost, but not quite, entirely unlike a game.
Every single game element seems to be a psychological challenge to see how hard you can push a user before they break and throw their mouse across the room.
While it doesn't reach the nadir of Edge of Twilight - Return to Glory, it does put in one hell of an effort.
You do not play Fantasy Blacksmith. You suffer through Fantasy Blacksmith. It's a painfully obvious:
Principia 2024.02.29 (principia-web.se)
Principia is, in its simplest form, a physics-based sandbox game. In Principia, you can build contraptions and simulate them in the physics simulation. This could be a mechanical contraption, an RC car, or a pinball game. Principia also contains a LuaScript object which allows you to write and create Lua programs that can...
Free and open source evolution sim Thrive gets big new gameplay features in v0.6.5 (www.gamingonlinux.com)
Thrive is a free and open source evolution sim from Revolutionary Games Studio that's currently in-development, and a new release has rolled out with v0.6.5 bringing some gameplay additions.
LucKey Park 2024-02-07 (luckeyproductions.itch.io)
With the latest changes, the Builder tool allows picking the structure you would like to place from a list. This now makes it possible to build go-karts, roller coasters, humpty dumpsters and pavement!
LucKey park version 13 (luckeyproductions.itch.io)
Structures can now be demolished using the yellow thing...
Naev (github.com)
Following the winter tradition, the Naev DevTeam is proud to announce the release of version 0.11.0....