Long Before the Apple-FBI Battle, Lavabit Sounded a Warning
30 de Março de 2016, 21:05
Three years ago, Ladar Levison, the founder of the now-defunct secure email service known as Lavabit, was in the same position Apple finds itself today: facing off against a formidable government foe with unlimited resources and an aggressive determination to break his tech company’s defiance.
But although the two have found themselves on the same path, their fates are already proving to be very different. Where Apple’s very public battle has received strong support from dozens of tech giants like Microsoft and Facebook and has dominated mainstream media for weeks and been discussed in congressional hearings and presidential debates, Levison’s case played out in secret under seal for many months. He was left largely to fight the government on his own under extreme duress, including the threat of arrest if he didn’t do what it wanted—which was hand over the encryption keys for his email service so the government could access Edward Snowden’s Lavabit account and look at his email.
But the two cases also differ for another important reason: Levison didn’t have the resources or time to assemble a highly skilled legal team to fight his battle and properly exercise his right to due process. Although he approached one of the attorneys who is now representing Apple for help, he couldn’t afford the lawyer’s fees and in the absence of other options ended up representing himself during the initial stages of his fight—a move that ultimately proved to be his, and Lavabit’s, undoing.
“There was a lot more pressure back in 2013,” he told WIRED recently. “Everything happened over the course of a few weeks, which is an incredibly short period of time [to mount an adequate defense].”
Levison shut down Lavabit back then rather than let the government undermine the privacy of his users, and the legal case against him ended on a technicality months after it began. But it was the canary in the coal mine that foreshadowed what was to come. It highlighted the extraordinary and aggressive measures the government was willing to take in its standoff with tech companies and also highlighted how the odds are stacked against firms, and the customers they represent, who don’t have the resources or friends that Apple has to fight back.
But Levison’s case has an even more direct connection to Apple’s battle than this: it made a surprising cameo this month in a brief filed by US attorneys in that case. The attorneys invoked the Lavabit case in a footnote as part of a not-so-veiled threat to Apple, suggesting that if the tech giant continued to defy a court order to create a software tool that could help the government access the San Bernardino iPhone, the government’s next step might be to compel Apple to hand over its source code and signing key so the FBI could create the software tool itself.
“For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature,” the government wrote in the footnote. “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. See In re Under Seal, 749 F.3d 276, 281-83 (4th Cir. 2014) (affirming contempt sanctions imposed for failure to comply with order requiring the company to assist law enforcement with effecting a pen register on encrypted e-mail content which included producing private SSL encryption key).”
The sealed case referenced in the footnote is Levison’s. The implication is that a 4th Circuit Appellate Court ruling in the Lavabit case set a precedent for the government to demand Apple’s source code and signing key. Levison took umbrage at this in a Facebook post published Tuesday night, lambasting the government for grossly misrepresenting his case. The ruling that the government cited in its footnote simply upheld a contempt citation against Levison issued by a lower court. It wasn’t a ruling on the substantive legal issue raised in his case—whether the government had the authority to compel Lavabit to hand over its encryption keys. The three-judge panel punted on that important question by ruling that Levison had forfeited his right to appeal, based on what Levison says was a “contrived” technicality.
“The government’s citation of the Lavabit case, and their description of its outcome, is disturbingly disingenuous,” Levison wrote on Facebook. “The language used [in the footnote] is incredibly misleading, as it insinuates a precedent unsupported by the appellate court’s ruling…. This verbiage suggests the seizure of third party encryption keys was found lawful by the appellate court, which is wholly unsupported by the appellate court’s opinion.”
A review of the Lavabit case is insightful for what it tells us about the battles that tech companies are facing today and the importance of due process to ensure that they have the ability to adequately defend themselves and their customers.
“The current Apple case, together with the Lavabit case, join a growing litany of recent court decisions which have eroded away our personal liberties,” he wrote in his Facebook post. “Taken together, these rulings force us to ask difficult questions. Specifically, can the federal government be trusted to defend our rights, and protect our freedom?”
How It Began
On June 28, 2013, shortly after newspapers published the first NSA leaks from Edward Snowden, FBI agents showed up at Levison’s door in Texas to serve him with a pen register order for the email account of one of his customers. Pen register devices collect metadata like the “to” and “from” lines on email messages as well as the IP addresses used to access the email account, but they don’t collect the content of communications. The agents also told him verbally, however, that they wanted his SSL keys—the keys used to encrypt passwords and other data that passed between his customers and his web site.
Levison has been barred from identifying the target of the investigation, and information about the customer was redacted from court documents later made public, but as WIRED and others reported in 2013, there was never doubt in anyone’s mind that the target was Edward Snowden, who was known to have a Lavabit email account and was hiding in a safe house in Hong Kong when Levison was served with the pen register order. A recent clerical error made by the government confirmed that Snowden was the target.
Levison spoke to the FBI agents without seeing the pen register order—they said they had sent it to him in email—and he told them he needed to consult an attorney. But as with the Apple case, the government didn’t wait to get a response from him. Instead, they immediately filed a motion to compel his compliance. US Magistrate Judge Theresa Buchanan ordered Lavabit to comply or face a criminal contempt citation.
The problem was that Levison, like Apple, had specifically engineered his system with privacy in mind and it was not designed to log metadata. In order to comply, he had to figure out a way to capture that data and at the same time quickly find an attorney to represent him, which wasn’t easy since the Fourth of July holiday was approaching.
Going After the Source Code
A week later on July 9, when he hadn’t provided the government with any metadata, authorities filed for a summons ordering him to appear at a US District Court in Virginia on July 16 to explain why he hadn’t complied. Two days later, the government served him with a grand jury subpoena demanding his SSL keys. They would later issue a search warrant for his SSL keys as well—which meant they had used three methods to obtain them, including the pen register order, the grand jury subpoena and the warrant. They said they were seeking the keys because his system wasn’t engineered to provide metadata. Levison said he would modify his system to provide the metadata, but the government said it didn’t trust him and that even if he did this it wouldn’t provide them with data in real time as the keys would.
“Anything done by Mr. Levison in terms of writing code or whatever, we have to trust Mr. Levison that we have gotten the information that we were entitled to get since June 28th,” prosecutor James Trump told US District Judge Claude M. Hilton, in a closed-door hearing in Virginia on August 1. “He’s had every opportunity to propose solutions to come up with ways to address his concerns and he simply hasn’t.”
Like the Apple case, the government insisted it was only interested in one account, but Levison knew that handing over the keys put all of his customers at risk.
But Levison figured out that the government was misrepresenting to the court what it wanted. It wasn’t really metadata it was seeking but Snowden’s password. If the government could get Lavabit’s SSL keys—which it was trying so desperately to get—it would be able to intercept and see Snowden’s password and communications in real-time and also use that password to decrypt and read his protected communications stored on Lavabit servers. Unlike the Apple case, where the government appears to be confident that it can bruteforce crack the password on the San Bernardino iPhone, Levison suspects the government knew Snowden had likely chosen a complex password for his Lavabit account that would have been impervious to bruteforce attacks, so they wanted the SSL keys in order to intercept the password and get his stored communication as well, which Lavabit didn’t have the ability to decrypt. Using those keys to get Snowden’s password, however, meant they would have been able to get the passwords and communication of every other Lavabit customer as well, since the datastreams they would intercept to get his password would also include the password and communication of other customers. Lavabit had 410,000 user accounts at the time. Like the Apple case, the government insisted it was only interested in one account, but Levison knew that handing over the keys put all of his customers at risk.
Going It Alone
Levison was at an extreme disadvantage, however. Unlike Apple, his case was sealed, so he couldn’t gather support from the public to take on the government. He also still didn’t have an attorney. He had to find one that could represent him in Virginia, where the case had moved once it advanced from the magistrate level. “It’s hard to [find an attorney] when the case is sealed, because you can’t do anything publicly. I couldn’t send anything to a list [to ask for referrals],” he says.
He interviewed more than a dozen lawyers in the week before his July 16 hearing, but most of them worked in criminal defense and didn’t understand the privacy issues that were at stake. “Most would say my options were to give the FBI what it wants or go to jail. I don’t need an attorney for either of those options. I need an attorney capable of giving me a third option,” Levison says of that search now. He finally found Jesse Binnall, a criminal defense attorney who seemed to understand the larger issues at stake and wanted to help. But Binnall wasn’t able to make it to court the day of Levison’s hearing, so Levison had to represent himself. Binnall had a week to prepare for the next hearing, but the court barred him from consulting outside experts who could help explain the complex technical issues to him and also wouldn’t give him timely access to transcripts from the previous hearing so he could know what had been said. He had to rely on Levison’s memory and knowledge of the legal issues that were discussed.
During the next hearing, Binnall tried to argue that all of Lavabit’s customers were at risk if the government got its SSL keys, but the judge believed the government was only after a single account and ordered Levison to hand over the keys. With no other option, he did so the next day. In an act of defiance, however, he gave the government the keys in a printout of 11 pages all in minuscule, 4-point type.
“To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data,” prosecutors complained to the court.
No Other Choice
The judge found him to be in contempt and ordered Levison to hand over the keys in electronic form or be fined $5,000 for every day he didn’t comply. He racked up $10,000 in fines before he did what the court ordered. But he also did something else: he immediately shuttered Lavabit, preventing the government from now getting the data it wanted and signaling to customers and the rest of the world, in the only way he could, that something was amiss.
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit,” he wrote in a cryptic note posted to his web site on August 8. “After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on—the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.”
And in a final warning to customers, which reverberated far beyond his client base, he wrote, “This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.”
Of this warning, Levison says that he was foreshadowing exactly what is happening to Apple now. “I did everything I could to tell people. When I said … that you should not trust your private data to a product or service with physical ties to the US, this is what I meant.”
With the issue finally public after the closure, though not the details, Levison appealed the contempt charge and fine to the 4th Circuit Court of Appeals. During his appeal, he and his attorney raised some of the important Fourth Amendment privacy issues that Apple is raising now.
But the appellate judges, as noted, avoided addressing them. Because he had failed to raise an objection at an earlier stage of the case about the government’s unlawful use of the pen register statute to obtain SSL keys, an issue his attorney was now raising in the appeal, the judges said he had waived his right to appeal. It didn’t matter to the court that Levison had been forced to represent himself during those rapid early stages of his case and had been denied an extension of time to prepare a proper defense.
The ignoble end to both his secure messaging platform and the landmark privacy case meant the court never resolved the crucial precedent-setting question of whether the government could compel a company to give up the master encryption keys for its entire operations to help them spy on the communication of a single user. In hindsight, that may have been a lucky oversight for encryption advocates.
Avoiding a Precedent
“The court focused its decision on procedural aspects of the case unrelated to the merits of Lavabit’s claims,” ACLU attorney Brian Hauss, said at the time. “On the merits, we believe it’s clear that there are limits on the government’s power to coerce innocent service providers into its surveillance activities.”
Levison has said that if he’d had more time and resources, he might have been able to preserve his business and his customer’s privacy.
“It’s possible that if I had more resources and better attorneys and attorneys at the first … hearing, they might have realized that [the judge] had basically allowed [the government] to collect SSL keys under the pen register, trap-and-trace order [and object to it at that early stage],” he says.
But he doesn’t think that Judge Hilton would have favored them. Hilton is a former FISA Court judge—the secret court responsible for granting the FBI and NSA permission to conduct one of their most controversial surveillance programs, the bulk phone records collection program exposed by Snowden.
“It was pretty clear, based on everything that happened and how it happened, that he had an inherent bias [in favor of the government],” Levison says.
He also thinks that if he had lawyers sooner in the process and more time “that technicality that they tried to throw at me at the appeal level would certainly never have happened. We would have been able to force the appellate court to make a decision” on the substantive issues.
But it’s probably better that the appellate judges didn’t ultimately rule on those issues. Three years ago, the mood in the country was very different. Many of Snowden’s biggest revelations were still to come, and as a result, the public awareness of government surveillance wasn’t anywhere near where it is today. As a result, few judges were pushing back against that surveillance in the way some of them are today. If the appellate judges had ruled that the government could indeed legally seize Lavabit’s encryption keys in the way that they did, it would have set a bad precedent for other companies to fight.
Levison tried to address that precedent in his appeals. “We… brought it up in our appellate brief, that based on the government’s theory [of its powers], there is no limit to what they could demand [next] … and Apple has basically said the same thing,” he says. It is likely that Apple, one of the most successful companies in the world—and which has immensely more money and resources than Lavabit had—will have better luck getting that message heard.
Source link
Videogames Hardware Handbook Vol.1 – 2nd Revised Edition 2016
30 de Março de 2016, 19:45Para os “retro gamers”, uma coletânea com os grandes videogames, de 1977 à 1999. O hardware, como foram criados, os games de cada console, uma verdadeira enciclopédia dos videogames clássicos.
See Destiny's New Gear Here
30 de Março de 2016, 17:11
Following today’s Destiny livestream event, developer Bungie has now released a short video that covers some of the “more powerful” rewards coming to the game through its April update.
Check it out:
Earn new and more powerful rewards in Destiny’s April Update on 4/12.https://t.co/7LPZMDsdZV
— Destiny The Game (@DestinyTheGame) March 30, 2016
Bungie is also releasing images of the April update Exotics on its Instagram page. You can click through the images in the gallery below to see all of the items showcased so far.
Destiny’s April update arrives on April 12. In addition to the new gear, the free update for Taken King owners comes with a variety of new activities, including more quests and bounties.
Next week, on April 6, Bungie will hold the third and final Destiny April update livestream during which it will talk about Crucible and sandbox updates.
Looking further out, a “large” Destiny expansion is coming this fall, while a full-on sequel will debut in 2017.
Source link
OONI Explorer
30 de Março de 2016, 17:07O OONI – Open Observatory of Network Interference (Observatório Aberto de Interferência em Rede) lançou recentemente a versão pública do sistema OONI Explorer, um mapa mundial contendo mais de 8,5 milhões de medidas efetuadas na internet de 91 países ao longo dos últimos 3 anos. O sistema é baseado em 15 testes desenvolvidos em software livre e destina-se a detectar:
- bloqueio de sites;
- sistemas de censura;
- vigilância e manipulação de informação;
- acessibilidade à rede Tor;
- proxies, VPNs e domínios considerados sensíveis.
Os testes no OONI confirmaram censura à internet em 9 países: Irã, Arábia Saudita, Turquia, Grécia, China, Rússia, Índia, Indonésia e Sudão. Em outros 71 países, foram detectadas “anomalias”, isto é, sintomas de censura através da manipulação do tráfego de internet.
Aqui no Brasil foram detectadas 15711 “anomalias”. Porém, ainda estamos livres para acessar a internet como quisermos, por enquanto.
PentestBox 2.0
30 de Março de 2016, 16:34PentestBox é um software de alto potencial e completo, que oferece todas as ferramentas de segurança como um pacote, tirando de foco uma possível exigência de máquinas virtuais ou ambientes DualBoot no sistema operacional Windows.
Ele fornece uma plataforma eficiente para testes de penetração na plataforma Windows. Há duas variantes do PentestBox, um sem Metasploit e outra com Metasploit. Além disso, os antivírus e firewalls precisam ser desativados para instalar e operar a versão com Metasploit.
Por ser uma ferramenta de linha de comando e para que o usuário conheça todos os comandos, é disponibilizado uma lista explicativa no tools.pentestbox.com.
BigLinux 12.04
30 de Março de 2016, 15:54O ponto principal do projeto BigLinux é ser um centro de desenvolvimento de aplicativos para o Linux, focado na criação de facilidades para o usuário, tornando recursos complexos acessíveis em modo gráfico e de forma simplificada. Para disponibilizar de forma pronta e otimizada todos esses recursos, também é mantida a distribuição BigLinux – uma distribuição planejada para levar ao usuário um sistema operacional completo, seguro e fácil de utilizar.
Why Hospitals Are the Perfect Targets for Ransomware
30 de Março de 2016, 15:03
Ransomware has been an Internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.
The malware works by locking your computer to prevent you from accessing data until you pay a ransom, usually demanded in Bitcoin. Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
“If you have patients, you are going to panic way quicker than if you are selling sheet metal,” says Stu Sjouwerman, CEO of the security firm KnowBe4. Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general,” he says. Instead, their primary concern is HIPAA compliance, ensuring that employees meet the federal requirements for protecting patient privacy.
Last month, attackers took computers belonging to the Hollywood Presbyterian Medical Center in Los Angeles hostage using a piece of ransomware called Locky. Computers were offline for more than a week until officials caved to the extortionists’ and paid the equivalent of $17,000 in Bitcoin.
Earlier this month, Methodist Hospital in Henderson, Kentucky was struck by Locky as well, an attack that prevented healthcare providers from accessing patient files. The facility declared a “state of emergency” on a Friday but by Monday was reporting that its systems were “up and running.” Methodist officials, however, said they did not pay the ransomware; administrators in that case had simply restored the hospital’s data from backups.
Then this week, news broke that MedStar Health, which operates 10 hospitals and more than 250 out-patient clinics in the Maryland/Washington, DC area, was hit by a virus that may be ransomware. MedStar wrote in a Facebook post that its network “was affected by a virus that prevents certain users from logging-in to our system,” but a number of employees told the Washington Post that they saw a pop-up screen appear on their computers demanding payment in Bitcoin. The organization responded immediately by shutting down large portions of its network. Employees were unable to access email or a database of patient records, though clinics and other facilities remained open and operating. MedStar did not respond to a call from WIRED.
A Profitable Business
Ransomware is rampant because it works. The digital extortion racket has been around since about 2005 and began in Eastern Europe, but attackers greatly improved on the scheme in recent years with the development of ransom cryptware, which encrypts files on a machine using a private key that only the attacker possesses, instead of simply locking the keyboard or computer.
Generally, victims get infected with ransomware through phishing attacks that carry a malicious attachment or instruct recipients to click on a URL that downloads malware to their computer. But victims can also get infected through malvertising if they visit a web site that is serving up compromised ads.
It’s like getting a key to your hotel room and discovering that it actually gives you access to many other rooms as well. Adam Laub
The payoff for hackers can be huge. The FBI estimated in 2014 that the extortionists behind the CryptoLocker strain of ransomware swindled some $27 million in just six months out of people whose data they took hostage.
And ransomware attackers have upped the ante in recent months with attacks that encrypt not just files on an individual computer but on core servers, to prevent an entire organization from accessing shared files and databases. The really malevolent attacks also go after backup repositories that victims might ordinarily use to restore data.
The FBI has released flash alerts warning about an uptick in attacks that use a strain of ransomware called MSIL/Samas—one such warning as recently as last Friday. The FBI first warned about Samas last year, stating that it “encrypts most file types with RSA-2048 [a strong encryption algorithm]. In addition, the actor(s) attempt to manually locate and delete network backups.”
The ransomware known as Locky does this as well, and much more, says Sjouwerman. Locky searches for Volume Shadow Copy files, a feature in Windows systems that backs up copies of files automatically, even while people are working on them. Locky erases them.
Locky attacks are different for another reason; they’re a hybrid of standard ransomware infections—which involve spray-and-pray phishing campaigns that deliver a mass email to a lot of people with the hope that some will click get infected with the ransomware—and traditional network breaches that involve lateral movement through a network to gain control of key servers. While the email portion of the attack is “mass market, low cost, and fully automated,” he says, the lateral movement requires the attacker to use tools like backdoors and keystroke loggers to steal administrative credentials and gain access to core systems. Once they do, they’ll lock up file-share servers where hundreds of employees in the organization might access shared files.
“You don’t have to lock an entire network,” Sjouwerman says. “You just need to find where are the critical files in a network—what servers are serving up the millions of files that most workers use…. And you only need to lock maybe two or three file servers to essentially block the whole network.”
Organizations often discover they’ve been infected with malware only after workers start complaining that they can’t access files on a shared server. “The [administrator] goes through the file server and sees [files with names like] ‘decrypt.html’ and ‘decrypt.txt’ with instructions on how to pay. And then they know that they’ve been hit.”
Worse, not only can attackers lock out all workers who need access; they can also use those shared files as a means of infecting anyone who accesses them, in order to spread ransomware to more machines.
“All-employee access groups are the exact type of data under attack by Ransomware,” says Adam Laub, a senior vice president at STEALTHbits. “It’s like getting a key to your hotel room and discovering that it actually gives you access to many other rooms as well. All a would-be intruder needs to do is try it in each door…. If access rights to file shares were better controlled via groups with only the proper users, the ability for ransomware to rapidly spread far and wide would be drastically reduced.”
How Hospitals Can Protect Themselves
When ransomware strikes a hospital, the first reaction is often panic. After MedStar got hit with what is believed to be ransomware, it immediately shut down most of its network operations to prevent the malware from spreading. This meant health-care professionals could not access email or easily schedule patient visits or surgeries. The hospital reverted to paper records for communication and scheduling.
This was actually the proper response, says Sjouwerman, whose firm distributes a 20-page “hostage manual” (.pdf) instructing ransomware victims on what to do after an attack and how to prevent one.
The company advises victims to disconnect infected systems from a network and disable Wi-Fi and Bluetooth to prevent the malware from spreading. Victims are also told to remove any USB sticks or external hard drives connected to an infected computer to prevent those from being locked as well.
Security awareness training for employees is also key to prevent them from clicking on phishing emails.
It helps to know what strain of ransomware is on your system; if it’s well-known, there may be information published online by security firms or even tools that can bypass the encryption—if the attackers designed it poorly.
Barring this, a victim has two options: pay the ransom or restore data from backups. If formal backups don’t exist, it may be possible to restore data using Shadow Copy files and other methods. The best action, of course, is for hospitals to take steps to prevent attacks and maintain what he calls weapons-grade backups.
Sjouwerman says security awareness training for employees is also key to prevent them from clicking on phishing emails. With good training “you can actually truly get a dramatic decrease in click-happy employees,” he says. “You send them frequent simulated phishing attacks, and it starts to become a game. You make it part of your culture and if you, once a month, send a simulated attack, that will get people on their toes.”
Over the course of a year, measuring some 300,000 users, his company saw a drop in clicks from 15.9 percent to just 1.2 percent on average in companies that had training.
Or hospitals could whitelist their machines to prevent ransomware installing. This involves scanning a machine to note all the legitimate applications on it, then configuring it to block any other executables. This can involve hundreds or thousands of machines, each with different applications, which is why few organizations actually take this step. It can be laborious and easily run aground by office politics.
“Doctors are gods and don’t let anybody tell them what to do, so enforcing whitelisting in an organization [and telling doctors they can’t run certain applications] is a political exercise not just a technical one. It is fraught with organizational ‘challenges’” he says.
His company also recommends configuring mail servers to block zip or other files that are likely to be malicious. Most importantly, they tell organizations to restrict permissions to areas of the network. Instead of having thousands of people accessing files on a single server, they recommend breaking into smaller groups so that if a server gets infected, it won’t spread ransomware to everyone. It also forces attackers to work harder to locate and lock down more servers.
“You need to protect every damn layer [of your network] within an inch of your life,” Sjouwerman says, to make attackers work harder. Hackers are looking for a quick and easy return on their investment. And if you can turn your network into a hard target they’ll “simply go away,” he says, and search out an easier mark.
Source link
Capacitação por meio de Tecnologias de Informação e Comunicação
30 de Março de 2016, 14:20
Este eBook foi convertido ao formato digital por uma comunidade de voluntários. Você pode encontra-lo gratuitamente online. A compra da edição Kindle inclui os custos da entrega sem fio.
GameTrailers.com: 5 Ways to Survive XCOM 2
30 de Março de 2016, 13:10
Please note that any reproduction of this video without the express written consent of GameTrailers is expressly forbidden.
Source link
A Ascensão dos Dragões (Reis e Feiticeiros – Livro 1)
30 de Março de 2016, 10:01
“Se você achou que não havia mais motivos para viver após o final da série O Anel do Feiticeiro, você estava enganado. Em A ASCENSÃO DOS DRAGÕES, Morgan Rice começa o que pode se se tornar mais uma série brilhante, que nos levará a um mundo de fantasia com trolls e dragões em uma história de luta, honra, coragem, mágina e confiança quanto ao destino. Morgan mais uma vez conseguiu criar personagens fortes que deixarão todos na torcida a cada página… Recomendado para fazer parte da biblioteca permanente de leitores que apreciam o gênero de fantasia.”
–Books and Movie Reviews, Roberto Mattos
Bestseller nº1!
Da autora Besteseller Morgan Rice surge uma nova série de fantasia épica: A ASCENSÃO DOS DRAGÕES (REIS E FEITICEIROS – Livro 1).
Kyra, 15 anos, sonha em se tornar uma guerreira famosa, como seu pai, embora ela seja a única garota em uma fortaleza de meninos. Enquanto luta para entender suas habilidades especiais, – sua misteriosa força interior, ela percebe que é diferente dos demais. Mas um segredo quanto ao seu nascimento e sobre uma profecia está sendo guardado, deixando Kyra se perguntando quem ela realmente é.
Quando Kyra atinge a idade prevista e um senhor local se aproxima para levá-la embora, seu pai planeja realizar um casamento para salvá-la. Mas Kyra se recusa, e começa sua própria jornada, por uma floresta perigosa, onde ela encontra um dragão ferido – e inicia uma série de eventos que mudarão o reino para sempre.
Enquanto isso, Alec, um garoto de 15 anos, se sacrifica pelo irmão, assumindo o seu lugar durante a convocação e sendo levado para as Chamas, uma parede de fogo com cem metros de altura, pra impedir o avanço do exército de trolls em direção ao Ocidente. Do outro lado do reino, Merk, um mercenário que luta para deixar seu passado para trás, atravessa a floresta em busca de se tornar um Vigilante das Torres e ajudar a proteger a Espada de Fogo, a fonte de todo o poder mágico do reuno. Mas os Trolls também querem a Espada – e se preparam para uma invasão em massa que poderia destruir o reino para sempre.
Com esta forte atmosfera e personagens complexos, A ASCENSÃO DOS DRAGÕES é uma saga de cavaleiros e guerreiros, reis e senhores, honra e coragem – uma história mágica, repleta de monstros e dragões. É uma história de amor e corações partidos; de decepções, ambição e traições. O melhor do gênero de fantasia, levando os leitores de todas as idades a um mundo que nunca será esquecido..
Livro nº 2 da série REIS E FEITICEIROS será publicado em breve.
“A ASCENSÃO DOS DRAGÕES é um sucesso – desde o começo… Uma excelente história de fantasia… Ela começa, como deveria, com as dificuldades de um protagonista e se desenvolve em uma série de eventos envolvendo cavaleiros, dragões, mágica, monstros e destino… Todos os ingredientes do gênero da fantasia estão presentes, desde soldados e batalhas a questionamentos internos… Uma ótima recomendação para os fãs de fantasia, em uma narrativa impulsionada por protagonistas fortes e jovens.”
–Midwest Book Review, D. Donovan, eBook Reviewer
”
