Monday, April 13, 2020

Cómo Hago "Inbox Zero" Usando MyPublicInbox

Hacer Inbox Zero, o dejar todos los días el correo electrónico procesado para que no se te queden cosas atrasadas siempre fue una quimera inalcanzable para mí. En mi desesperación, hace tiempo, escribí una historia del famoso e-pingpong, donde por cada correo electrónico que escribes y/o contestas, te llegan muchos más. Algo que a mí siempre me generó ansiedad.

Figura 1: Cómo hago "Inbox Zero" usando MyPublicInbox

Con mis conocidos y gente cercana, siempre hablaba de que para mí tener 50 correos electrónicos en la carpeta de entrada del buzón, era un número aceptable, y que para conseguir ahorrar el máximo de tiempo, había dejado de clasificar los mensajes hace mucho tiempo. Los mensajes en la bandeja de entrada necesitan una acción, los mensajes que no necesitan una acción se van a una carpeta llamada "Vistos"  en la que ya haré búsquedas en el futuro si necesito algún mensaje concreto.

Camino de "Inbox Zero"

Aún así, procesar el correo electrónico siempre fue, y sigue siendo - y más ahora en este escenario de Teletrabajo Total - una de mis tareas recurrentes. Reservo 2 horas por las mañana, y otras 2 horas por la noche para procesar el correo electrónico, e incluso tengo una entrada recurrente para hacer este trabajo y evitar que se me acumulen muchos mensajes, como podéis ver en la imagen. 

Figura 2: Reserva de horas para procesar el e-mail todas las mañanas
Pero un día decidí que "el correo electrónico estaba muerto", y tenía que hacer para que volviera a ser  un canal productivo. Y después de varios meses siendo estricto y tomando medidas firmes, esta Semana Santa conseguí el tan deseado "Inbox Zero" que podéis ver en las imágenes que acompañan a este artículo. Y por si os son de utilidad, os las voy a dejar por aquí.

Tened en cuenta que, leer un mensaje de correo, y escribir una repuesta puede llevarte unos 8-10 minutos de media, lo que me deja una capacidad máxima para procesar y responder alrededor de 20 25 correo electrónicos al día (y os garantizo que recibo muchos más solo de mi trabajo). 

Figura 3: Mi buzón de correo electrónico de ElevenPaths en "Inbox Zero" por primera vez.

Por supuesto, hay muchos mensajes que solo lees. Otros que, si tienes confianza, contestas con una sola línea. Otros los borras y/o archivas nada más verlos. Y otros son los que necesitan que hagas algo antes  - como leer un documento, preparar un documento, pedir algo a otra persona - y te quitan mucho tiempo.

Cuando decidí tomarme en serio mi "Inbox Zero", el número de mensajes que estaba recibiendo eran superior a 200 entre mis distintos buzones de e-mail, donde me llegaban mensajes directos de gente que tenía mi dirección - o se la habían pasado - y mensajes directos en redes sociales que acababan en mi buzón.

Contactar conmigo en Internet es fácil: Tengo un buzón público

Como ya os conté, la idea de crear una cuenta en MyPublicInbox no es para generar dinero para los que tenemos un buzón ahí, sino para tener un canal que sea fácilmente accesible para todos los que deseen contactar contigo, al tiempo que bloquea SPAM, malware, listas de distribución y correos de personas que realmente no valoran tu tiempo.

Figura 4: 8 Motivos por los que tener un buzón en MyPublicInbox

Si alguien que yo no conozco quiere contactar conmigo para resolver una duda, para proponerme una entrevista, para pedirme consejo personal sobre estudios, tecnología, trabajo, ofrecerme una conferencia, o cualquier otra cosa, puede hacerlo. Solo tiene que usar mi buzón en MyPublicInbox que para eso está, y yo le contestaré porque dedicaré mi tiempo a leer y contestar lo mejor que sepa y/o pueda.
Al final - y si no me crees haz la prueba - leer un mensaje y escribir una respuesta con cuidado y esmero te puede llevar unos 10 minutos de media, como ya os he dicho antes, dependiendo de si tienes que buscar antes alguna referencia, encontrar un enlace, una conferencia en Youtube donde ya hablé de eso, o mirarte un programa de Máster o Universidad sobre el que te están preguntando. 
Si alguien valora mi tiempo, yo me voy a leer su correo e intentar contestar lo mejor que pueda, pero si no valora mi tiempo, no tendrá mi tiempo.

Mi correo personal es personal

Y por tanto, es solo para mis amigos y conocidos. Esa dirección de correo electrónico no la comparto con nadie, tengo filtros estrictos para bloquear cualquier SPAM, y para todos aquellos que se hacen con esa dirección y no sé quienes son, tengo una "Auto Respuesta" que deja claro que mi buzón público de Internet es el que está en MyPublicInbox.com.

Figura 7: No había tenido mi Gmail así desde el día que lo cree

Además, mis amigos y conocidos saben que no tienen que compartir esta dirección con nadie sin preguntarme antes, así que el resultado durante meses es el que veis ahora.

Blogs, Redes Sociales y DMs

Además, en mi buzón personal tenía las alertas de los mensajes directos en redes sociales y blog, por lo que hice varias cosas: Primero desactivar las alertas por e-mail de las redes sociales. Segundo poner moderación de comentarios en el blog para evitar abusos de la libertad mal entendida por spammers y haters







A post shared by Chema Alonso (@chemaalonso) on

Tercero, a los que me envían mensajes por redes sociales y no son amigos/conocidos - que generalmente tienen mi buzón personal o mi número de teléfono -, reciben un mensaje de "Respuesta Automática" informándoles de que no leo mensajes de redes sociales  - especialmente por Instagram - donde solo reviso de vez en cuando para ver cuántas peticiones de hackear cosas me han hecho... (siempre infinitas).

Gestión de MyPublicInbox

La gente que tiene interés en mí y valora mi tiempo, usa habitualmente mi buzón en MyPublicInbox, y el resultado es el que veis. Casi 200 mensajes en estos 6 meses que lo he estado utilizando. Y todas las mañanas, de mi tiempo de "Inbox Zero" que saco para mi trabajo, compañeros y amigos, le presto atención a MyPublicInbox.

Figura 9: Mi buzón en MyPublicInbox (Tengo solo 3 sin contestar aún)

Y se ha convertido en una herramienta de comunicación por la que he cerrado entrevistas, conferencias, acuerdos de colaboración con 0xWord, publicaciones de posts en mi blog, he dado consejos de estudio, laborales, de problemas de seguridad personal que han tenido, etc... Ellos han sido respetuosos con mi tiempo, y yo dedico mi tiempo a responderles. Como podéis ver en la Figura 11, esto es algo que se anima a hacer a todos los que tenemos buzón en esta plataforma.

Figura 10: En el perfil tienes el historial de Tempos de tu wallet

Como veis, me ha generado unos 50.000 Tempos  en mi Wallet (unos 500 €) durante este medio año, que, como os imaginaréis no es un salario extra. De hecho, yo utilizo esos Tempos para comunicarme con otros Perfiles Públicos de MyPublicInbox, para ser responsable con su tiempo. Pero aún así, invertir mi tiempo en contestar correos a través de Internet podría gastarlo en mi suscripción de Netflix o Spotify si quisiera.

Figura 11: Se puede activar la "respuesta gratuita" a un hilo.
Algo que yo marco a veces sí. A veces no.

Además, en MyPublicInbox, yo puedo decidir que una conversación sea gratuita en el futuro o no. Es decir, si alguien se pone en contacto conmigo y tengo dudas, o quiero dejar que me envíe alguna otra cosa, con MyPublicInbox puedo marcarle que me puede contestar a ese hilo gratis, lo que me ayuda a que la comunicación sea adecuada y cumpla su función. Pero si considero que el tema está zanjado, cierro el tema.

Mi correo profesional es mi correo profesional, no un buzón de spam

Yo tengo un buzón de correo profesional - dos de hecho, uno en Telefónica y uno aún en ElevenPaths - pero son buzones para que yo me comunique con mis compañeros de trabajo con los que tengo relación. No es un buzón para que me bombardeen con todo tipo de peticiones. Yo tengo que hacer que ese canal sea productivo con mi equipo, clientes y partners, y por tanto solo contesto a esas comunicaciones. El resto, las archivo o elimino.

Figura 12: Mi buzón de trabajo en "Inbox Zero"

Al final, como os he dicho, el número de mensajes de correo electrónico que puede procesar una persona al día es muy limitado. Y depende del número de horas que le dedique a eso. Yo tengo que trabajar, escribir mi blog, tener tiempo libre para mis amigos, familia, leer o hacer deporte. Así que no me puedo dedicar el día a contestar 200 mensajes, como os imaginaréis.

Contestar mucho para estar en Inbox Zero

Que no os confunda. Yo sigo escribiendo un montón de correos electrónicos todos los días, pero priorizo correctamente gracias a que soy estricto con el consumo de mi tiempo. Por eso, mi prioridad es mi trabajo, luego amigos y familiares, y la gente respetuosa que me contacta por mi buzón en MyPublicInbox, ya que ellos me demuestran ser respetuosos con mi tiempo así que les dedico algo de lo que tenga cada día. El resto de comunicaciones, lo siento pero se quedan fuera de poder tener una comunicación privada conmigo por sencilla falta de tiempo material en mi vida.

Figura 13: Perfiles Públicos por categorias

Si crees que MyPubicInbox puede ser también una herramienta para ti, tienes los requisitos en la web de la plataforma para solicitar ser un Perfil Público. Si lo que quieres es contactar con algún Perfil Público de forma respetuosa, tienes una selección de los más relevantes por categorías en la web.

Saludos Malignos!

Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related links


  1. Pentest Recon Tools
  2. Pentest Tools Github
  3. Hack Tools
  4. What Are Hacking Tools
  5. Hack Tools
  6. Hack Tools
  7. Pentest Tools Review
  8. Pentest Tools
  9. Pentest Tools Bluekeep
  10. Pentest Tools For Windows
  11. Hacking Tools For Kali Linux
  12. Hack Website Online Tool
  13. Tools For Hacker
  14. Hacker Tools Windows
  15. Hack Apps
  16. Hacker Tools Apk Download
  17. Hacker Tools For Pc
  18. Hacking Tools Windows
  19. Pentest Automation Tools
  20. Pentest Tools Online
  21. Hacking Apps
  22. Hack Tools Download
  23. What Are Hacking Tools
  24. Pentest Tools Framework
  25. Hacking Tools For Games
  26. Pentest Tools
  27. Hacker Tools 2020
Posted by at No comments:

ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction


The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()


If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.




The macro:



















More articles

Posted by at No comments:

How tO Secure Yourself From Evil Twin Attack

How To Secure Yourself From Evil Twin Attack ?
Hello, in this article you are going to learn how to secure yourself from getting hacked using evil twin attack.


1) Do not connect to any public networks, anyone can sniff your data while you are on a public network.Evil Twin attack will be performed as a public network, so wherever possible restrict connecting to any open or public networks mainly if it wifi name is same as your wifi name

2) When your internet connection suddenly stops working, you might be under DOS attack using evil twin attack, just restart the router and the hacker need to restart the attack and as it takes some time.  Maybe they leave it or continue some other time 

3) Running a VPN to ensure that any browsing and transmitted data is done through an encrypted tunnel that cannot be easily snooped. 

4) Do not always rely on the name of the network, make sure it is a legitimate and trusted network or not. 


Thank You for Reading, Hope It's Useful

@£V£RYTHING NT

Related news


  1. Hack Tools For Games
  2. Hacking Tools For Windows Free Download
  3. Hacking Tools Free Download
  4. Hack Tools For Games
  5. Hacker Tools Windows
  6. Hacker Tools Software
  7. Hacker Tools 2020
  8. Kik Hack Tools
  9. Hacker Tools
  10. Pentest Tools Subdomain
  11. Hacking Tools For Games
  12. Physical Pentest Tools
  13. Bluetooth Hacking Tools Kali
  14. Pentest Automation Tools
  15. Top Pentest Tools
  16. Hacking Tools Free Download
  17. Hacker Tools Mac
  18. Hack Tools For Games
  19. Hacking Tools Mac
Posted by at No comments:

Insecurities Of WhatsApp's, Signal's, And Threema's Group Chats

Recently, the theoretical and practical analysis of secure instant messenger protocols received much attention, but the focus of prior evaluations mostly lay in one-to-one communication. In this blog post we want to presents the results of our work that focuses on group chat protocols of three major instant messenger applications; namely Signal, WhatsApp, and Threema.

In this blog post, we aim to focus on the practical impact and the found weaknesses identified by our analysis. The interested reader may also look into our paper for more details.


Our Aim and What We Were Looking For

End-to-end encryption protects the confidentiality of communication that is forwarded via central servers to the designated receivers. As a consequence, neither parties on the network route of the messages, nor the provider of the central server (e.g. the WhatsApp server) should be able to read any information out of the observation of the communication. In particular, no other user of the application should have access to the communication. Further it might be desirable to require that also the messages' integrity is end-to-end protected and that a sender is informed about the delivery state of sent messages.
Delivery state information in Signal (upper screenshot) and WhatsApp (lower screenshot)

In a two party scenario, this analysis is rather fixed to two components of the protocol: the key establishment between both parties and the communication channel protection using the established key (mostly consisting of an encryption algorithm and a scheme for providing integrity like MACs or signature schemes).

Regarded attackers


In a group setting, the same attackers apply (network, provider, other users). However the requirements for secure communication differ. It is further necessary that only group members can write to and read content from the group. Additionally, only administrators of the group are able to add new members.

In addition to these standard requirements, we also evaluated the protocols' security guarantees if the client's secrets were revealed (forward secrecy and future secrecy).

Our Approach

We analyzed the mentioned protocols by reading the source code and debugging the apps. We also used alternative open source implementations of Threema and WhatsApp as a help and we traced the network traffic. When using alternative implementations, we only took incoming traffic into account, which was generated by official applications. Thereby we extracted the protocol descriptions and evaluated them regarding the defined requirements.

Our Findings

In WhatsApp and Threema, the provider was able to manipulate the set of members. Threema only allowed the provider to rewind the set of members to a previous state. As a consequence previously removed members could have been added to the group again. The WhatsApp provider is able to arbitrarily manipulate the member set. Thereby further members and administrators can be added to the group. Since the authenticity of group manipulation is not protected, the WhatsApp provider can set the real group administrator as the source of manipulation even though this administrator was not active.

Since Signal's key exchange protocol provides future secrecy, we also evaluated the protocol's ability to recover into a secure group state after a member's state was compromised. The essential weakness here is that a sender only needs to know the static group ID to send a message to the group. If a group member receives a message with the correct group ID, no verification regarding the current member set takes place but the message is directly added to the group communication. Consequently it is sufficient to retrieve the group ID in order to send messages to the group. Since Signal treats content messages the same way as messages for the manipulation of the group set, an attacker who knows the group ID can add herself to the group and thereby read the subsequent group communication.

In addition to this, in all cases the delivery state of sent messages was not securely provided. Threema's group chats do not inform the sender about the delivery state while Signal and WhatsApp do not protect the delivery information on the end-to-end layer. Therefore the central provider can forge this information and drop messages without letting the communicating parties detect this.

Also the order of messages was manipulable for the providers of the applications such that the provider is able to deliver the messages in a different order than they were sent. Threema's weakness of rewinding a group state results from missing replay attack protection.

Impact of Weaknesses

Even though end-to-end encryption is implemented in all analyzed applications, the central providers can largely manipulate the communication in groups and partially also read it.
In all applications, the provider can undetectably drop and reorder messages during the delivery and thereby manipulate the view of the communication such that further attacks can be obfuscated.
The central servers of WhatsApp can be used to add arbitrary users to groups and thereby receive their communication.
To achieve the same result for Signal, it suffices to retrieve the group ID. An earlier member who left the group once still knows this ID since it is static. However, in contrast to WhatsApp, the origin of the manipulation is correctly displayed in the Signal application (which was not the fact when we started our analysis).

As a result, the end-to-end protection of WhatsApp is not sufficient to reach confidentiality in groups. For Signal no future secrecy is reached in groups and Threema was vulnerable to replay attacks which resulted in further weaknesses.

Responsible Disclosure

We disclosed our findings to the developers and received varying response. Threema updated their protocol in version 3.14 such that our attacks are not feasible anymore. Moxie Marlinspike responded that Signal is "working on an entirely new group mechanism that we should be deploying soon". WhatsApp did not hold out the prospect of fixing the described vulnerabilities (Update 01/18: According to Facebook's Security Head, the invite links make a fix more difficult [1]; we proposed a way to solve this issue [2]).

[1] https://twitter.com/alexstamos/status/951169036947107840
[2] https://web-in-security.blogspot.de/2018/01/group-instant-messaging-why-baming.htmlMore info
  1. Hacking Tools 2019
  2. Growth Hacker Tools
  3. Pentest Tools
  4. Hacking Tools Download
  5. Hack Tools
  6. Pentest Tools Website Vulnerability
  7. Hacking Tools Hardware
  8. Hacker Search Tools
  9. Hack Tool Apk No Root
  10. Hack App
  11. Easy Hack Tools
  12. Pentest Tools For Ubuntu
  13. Hacker Tools Hardware
  14. Beginner Hacker Tools
  15. Hacking Tools For Mac
  16. Hacking Tools Usb
  17. Pentest Reporting Tools
  18. Hacker Tools Apk
  19. Hacking Tools Online
  20. Hackrf Tools
  21. Pentest Recon Tools
  22. Hacks And Tools
  23. Pentest Tools
  24. What Are Hacking Tools
  25. Hacker Tools Free
Posted by at No comments:

Saturday, April 11, 2020

Experimenting With Outlines

I posted recently about how I often do one-week projects to learn and experiment. I don't have a strict one-week time limit. Sometimes I'll extend a project or come back to it after I've learned something new.

Ten weeks ago I had a one-week project in which I wanted to draw outlines on an isometric view of a dungeon game. I didn't want to outline each block, which could be implemented easily by editing the sprites. Instead, I wanted to outline the larger units. Here's a comparison:

Outlines around every sprite vs around walls

The second thing I wanted to do was to implement all of this in shaders. My first attempt was to draw a "surface id" to a texture, and then draw black outlines whenever the surface changes.

Draw a black line whenever the surface id changes

There were lots more details to implement, including outlines around billboard sprites, field of view, and lighting of wall blocks beyond the outline.

Dungeon map with outlines

I was pretty happy with that, even though it had some glitches, and I decided that project was finished.

A few weeks later I re-opened this project to explore a different approach. Instead of drawing the lines in a post-process step, I wanted to draw the lines as the sprites were being rendered. I posted some images on Twitter and got a suggestion from @Rezoner, who had made a version where some lines were white and some were black, depending on camera direction. I took that idea and ran with it, making white lines where the player could see the walls.

Dungeon map with lit and unlit outlines

I was pretty happy with this version too. I then merged the code together into one unified demo, with a toggle. Now I think I'm finished. But who knows? Maybe I'll re-open it later.

Take a look at the demo!

Things for me to keep in mind:

  • The one-week self-imposed deadline is just a rough guide. I don't have to follow it strictly.
  • Sharing unfinished work can lead to more ideas for improvement. I should share more things early.
  • Sometimes all I need is a proof of concept. I don't need to make everything work perfectly. If I actually use this in a real project, I can work out those details then.
Posted by at No comments:

Wednesday, April 8, 2020

Shadow Of The Comet – Won!

Written by limbeck

And so we arrive at the final showdown. The town itself is cleansed from the four families that were working to bring their evil plans to fruition, but all is not yet clear in the skies over Illsmouth. NARACKAMUS is still alive and the comet's passing is tonight. I have a lot of work still ahead of me and not enough time.

In the end of the previous post, Dr COBBLE gave me a message and a warning. The message was from Mr UNDERHOUSE, who was requesting my help. The warning was about Sgt. BRAGGS, who considered me responsible for last night's carnage (and with good reasons I will add). So, I need to go to the post office without running into BRAGGS.


Or Miss PICOTT, but that seems impossible.
Outside of Dr COBBLE's house is Miss PICOTT, who is seriously distressed about previous night's events and is also looking for her niece. She also tries to play matchmaker once again, but I avoid the commitment. Still, it won't hurt to pay a visit to her niece. I know where she lives after all.

It seems that BRAGGS is indeed after me. I have to go directly to the post office. If I go to the Mayor's barn for example, he follows me and arrests me. I cannot completely get rid of him myself. When I enter the post office I speak to a distressed Ms GUILDCHRIST at the counter and Sgt BRAGGS arrives. I take him upstairs to meet Mr UNDERHOUSE, who jumps to my rescue when I fumble for a response on my whereabouts. UNDERHOUSE even places suspicion on the bartender, ZEKE, who apparently ratted me out. BRAGGS leaves in anger to find him.

After that, UNDERHOUSE gives me a note speaking about a sacred bow, with an arrow and feather that I need to find. NATAWANGA, a local Native American can help me, but his location in the forest is unknown, but the feather and stick will find him. The note from him says that the bow is where the fire lives at the accursed family's youngest member. The accursed family is probably the HAMBLETONS and I think CURTIS is the youngest. In that case, I have to go to his place again. Before I leave, UNDERHOUSE hands me the feather and wishes me luck.


And reminds me of my biggest enemy

On my way to CURTIS's place, I note that JUGG's house is again open for visitors, so I go in. One of the butterflies is missing from the case. The label says it is the one mentioned in the book of rituals. I will need to find it. Naturally, it is not in the house.

I meet BISHOP outside CURTIS's house. He informs me that HAMBLETON is not inside and he is probably with GREENWOOD. I saw them together the previous day, but when I go to GREENWOOD's house, nobody is there. I come back to CURTIS's place.

The door to his house is locked, but there is a stick lying outside. I pick it up and I manage to remove the bar that was from the INSIDE. How on earth did CURTIS get out and then lock his door? Or lock his door and then get out? I will think about that later. For the time, I just use the pin from the locket to pick the lock and get inside.


I suppose this answers my previous questions

Yes, CURTIS is definitely dead. He was killed brutally and left hanging from his legs to dry. As I inspect the crime scene, I notice some moccasin tracks on the dusty floor and, in good detecting practice, I add my footprints as well. Maybe I should get going, but first I need the bow and arrow. As predicted, the bow is under the fireplace. The arrow was under a loose floorboard I had noticed in my first visit. Feeling really sorry for CURTIS, who really did not deserve any of this, I leave quietly to find NATAWANGA.

The note NATAWANGA gave to UNDERHOUSE said that the feather will fly to him. I don't know how or where to use it, so I start wondering around the forest trying to use the feather and even the arrow and the bow. I wasted some time here, also partly to my carelessness. I had understood that I needed the feather for the arrow, but I had misread the instructions. I just needed to use the feather. It was a bit frustrating anyway, as I had to be in a specific spot in the forest, without any other clue, where I could put the feather on a stump. Then, a crow came and picked it up and I turned into a white crow and flew to NATAWANGA's hut.


Clearly, turning into a white crow and back messed up my perceptive abilities

NATAWANGA asks me a number of questions to which I answer correctly. NARACKAMUS's tribe: Mic Macs, He Who Howls in the Night: Yog Sothoth, Year BOLESKINE observed the comet: 1834, Sign of the four families: Star, Name of undersea monstrosity: Dagon.

Once I pass the quiz, he gives me some advice on how to kill NARACKAMUS. He hides in "the eye that is set deep in the earth" and I need fire born of the earth to defeat him with my bow and arrow. My Journal agrees that these are indeed too many riddles. He also gave me a pot of red paint and his ring. I am turning into a well sought out bachelor. The ring has no stone, so I must find one.

The eye set deep in the earth seems a lot like the well. Let's see if the well is anything more than a changing screen.


Quite spacious

As expected, I can climb down in the well and arrive at an underground river. Now, if I may say, a well so close to the sea would not need to be so deep to reach water and the water would be brackish at best, but I'll play along.

When I reach the bottom, if I try to walk on the bank, I reach a place where the wild water carries me away and I drown. If, however, I throw the pail with paint that NATAWANGA gave me, the water calms and I can cross. In the next cavern is a set of cans. One is empty, but the others hold acid, tar and nitroglycerin. I assume that this is what "fire from earth" comes about. And I also think it will be a brute force puzzle, because all these are associated with fire, or at least a burning sensation. Acid can cause chemical burns, tar can burn if set on fire and nitroglycerin, well, it just needs a good shake!

I start with the empty can and the can of acid, as they are the first on the line. In the next cavern, I pick two flints. A bit later, I drown in a pool. Next time, I avoid the pool and move south, into NARACKAMUS's inner chamber. I can do nothing and he explodes me to death. This repeats a few times. Apparently my can of acid or tar or nitroglycerin are not fire from earth enough.


If I carried the nitroglycerin with me, I could blow up the whole town

I am sure the empty can is part of the solution, so I start clicking around. I die many times in the pool until I find the correct spot again and I fill in the can with naphtha.

Would it hurt you Infogrames to add a bit of FEEDBACK when I push L? I can see what is in the room, so tell me what it is! If I drown in a pool of liquid, I can definitely see there is liquid. And if I randomly use my empty can to get naphtha, I should know that this is naphtha. Or at least tell me that "You get a very particular odour in this room. Smells like naphtha / petroleum". I could figure out the rest. Rant over.

With naphtha in my possession, I use it immediately as I enter the next chamber (N. immediately recognises the smell. See game?). Then I use the flints to set it on fire and then again the bow and arrow to kill NARACKAMUS. Victory?


I know that Lovecraft was not big on dialogues, but this line could do with some more work

We have not won of course. I have yet to see the comet. After I kill NARACKAMUS, Lord BOLESKINE's apparition appears and tells me I have to stop Dagon from being set free. His temple is on an island off the coast of Illsmouth, so I need a boat to get there. Maybe BISHOP has one? Before I leave, I pick up two gems, a turqoise and an aquamarine, and the butterfly stolen from JUGG's house from next to NARACKAMUS's throne. Then I leave. And die a couple more times on the way.

I get to the port and see a boat and BISHOP, so I naturally speak to him. After a few attempts, during which he gets frustrated and refuses to talk to me until I leave and enter again, I persuade him to lend me his boat, which I then use to travel to the island.


Insert Monkey Island music

On the island, there is a fallen head from a statue, which has two gems as eyes, a ruby and an emerald. I naturally pocket both. Then I try to enter the temple and I get stuck because of the obligatory...


Frustrating sliding puzzle!

I wonder if there some secret agreement among mystery adventure game designers that they should include sliding tile puzzles in their games? I understand it is easy to program and implement, but it adds frustration and artificially lengthens the game. It is not fun. I enjoy such puzzles, but in the abstract.

Anyway, inside the temple is a grotesque mound of stone which could well be a statue of Dagon or Jabba the Hutt. On the floor there are several slabs with signs carved on them. There are some gems as well set in the walls and as the statue's eyes. I cannot really look at anything, so, once again, I don't know what I should be interacting with.

I find out that I can interact with the gems and the statue's eyes. I try one gem at random and am electrocuted. I try with a ruby, and this time a beam is emitted from it and is reflected around the cave. It could be trying to form a sing, but, if so, it is incomplete. I suppose I should be doing something about it. As I am thinking, a creature breaks through the belly of the statue and kills me.


Too many deaths to count

I spend some time on this puzzle. I do not have much time once I climb down. I die a few times trying to find the solution. It turns out that I had to hold the aquamarine gem and walk on the slab with the correct sign. The creature then bursts into fire and I run out in slow motion to jump ahead of an explosion, Hollywood style. Again, it is a clever puzzle in retrospect. I think there was a clue in one of the books at JUGG's library, speaking about sitting on the sign, but it again seemed a bit unclear to me.

Moving on, Lord BOLESKINE reappears to give me some half solution again. I need to let the currents lead me to my next stop, in which I have to single-handedly stop Cthulhu himself. And he gave me his ring and said something about our green land (I assume England) in the BOLESKINE family moto.

At Cthulhu's island or sandbank, the cave is too dark. Fortunately, I have been carrying my lantern almost since the beginning. The lantern, which immediately runs out of oil and leaves me in the dark, at the mercy of the creatures that roam the caves.


Actual game footage!

I feel I am in a dead-end, because I cannot refill it. If only I had something that burns. Yes... you guessed it: Napthta. Why would I refill the can after I killed the sorcerer? So I reload from before beating Dagon and head down to the well again to collect that precious liquid.

Now, when I run out of oil in the caves, I can use the can of naphtha to refill. Unfortunately, I find myself in another obstacle course. This time I have to slip past the monsters that roam the two rooms that I must cross. It takes a few tries because there is only so much space between the creatures. I don't know how hard it would be in the CD-ROM version.

When I succeed, I find an altar to Cthulhu and the WEBSTERS, mother and son, tied on a pole and in dire need of help. Cthulhu is sapping their energy and if I do not do something quickly, he will join us. I cannot untie the prisoners so I must stop them. Fumbling around with my stuff, I see that I can put the emerald (green gem) on BOLESKINE's ring. I also use my can of acid on a weird slab on the ground and I reveal a diamond. As soon as I pick this up, Cthulhu starts sucking the life out of the WEBSTERS and tentacles appear. I die a couple of times, as I am too slow thinking what to do. In the end, I use the turquoise (I think) on NATAWANGA's ring and put them on one after another. Cthulhu is banished and I have some free squid for my dinner.


By your powers combined, I am Captain Planet. Or not

I must also say that I like that scene above and give credit where it is due.

I let the WEBSTERS find their own way out and I stay behind to have a chat with Lord BOLESKINE. He says that the way I came in is blocked (I hope after the WEBSTERS got out) and that I need to go to the stone circle quickly and definitely take a photo of the comet. Does he work for my employer? I get out of the caves and I have to look again for the secret passage that takes me out of the collapsed cave and directly at the stone circle.

The last sequence is relatively straightforward and satisfying as far as puzzles go. I can take my time to set up my tripod, put the camera on it, check the butterfly to note the colours on its wings and then place it on my camera. I then put the magnifying glass (my sonic screwdriver) on the camera and add the lantern. Four coloured beams appear and hit 4 stones, leaving a coloured mark, red, green, white and blue. Once I finish, I unwrap the photographic plates and use them on the camera to take photos of the comet. As the comet passes, it leaves a fragment. I am sure astrogeologists would give an arm and a leg to just look at it, but I pick it up and put it on the white spot, which symbolises air. I do the same with diamond (green – earth), flint pieces (red – fire), aquamarine (blue-water). Everything else is technically a cutscene. I say the ritual and Yog Sothoth is banished.


Thank god I didn't have to type the words myself

I am now in the closing cutscene with limited control. In my room I have already packed my stuff and head to port to board the steamer home. Outside Dr COBBLE's house, BAGGS shows me the door not so kindly and lets me know that he had locked ZEKE in just in case. I think he did well, considering the quality of his beer.

At the port, I am greeted by the whole town, or what's left of it, and treated to a warm goodbye. In the last scene, I sit at Mr GRIFFITH's office and get to recount my story once again, looking too sane for it to be true.


Can I go away now?

So, we reach the end of a game, which played almost perfectly like a Lovecraftian short story, though not so much for the main character as for the player. But more on that on our Rating post, which will follow soon.

Session time: 3:00
Total time: 13:10

Sanity lost: 60 from making the acquaintance of the Ancient ones (20 each from Dagon, Cthulhu and Yog Sothoth)
Total sanity lost: 97 (Iäää Iäää FHTAGN!)
Posted by at No comments:
Subscribe to: Posts (Atom)