SMASH AND GRAB Notorious crooks broke into a company network in 48 minutes. Heres how. Report sheds new light on the tactics allowing attackers to move at breakneck speed. Dan Goodin Feb 21, 2025 1:17 pm | 3 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreIn December, roughly a dozen employees inside a manufacturing company received a tsunami of phishing messages that was so big they were unable to perform their day-to-day functions. A little over an hour later, the people behind the email flood had burrowed into the nether reaches of the company's network. This is a story about how such intrusions are occurring faster than ever before and the tactics that make this speed possible.The speed and precision of the attacklaid out in posts published Thursday and last monthare crucial elements for success. As awareness of ransomware attacks increases, security companies and their customers have grown savvier at detecting breach attempts and stopping them before they gain entry to sensitive data. To succeed, attackers have to move ever faster.Breakneck breakoutReliaQuest, the security firm that responded to this intrusion, said it tracked a 22 percent reduction in the breakout time threat actors took in 2024 compared with a year earlier. In the attack at hand, the breakout timemeaning the time span from the moment of initial access to lateral movement inside the networkwas just 48 minutes.For defenders, breakout time is the most critical window in an attack, ReliaQuest researcher Irene Fuentes McDonnell wrote. Successful threat containment at this stage prevents severe consequences, such as data exfiltration, ransomware deployment, data loss, reputational damage, and financial loss. So, if attackers are moving faster, defenders must match their pace to stand a chance of stopping them.The spam barrage, it turned out, was simply a decoy. It created the opportunity for the threat actorsmost likely part of a ransomware group known as Black Bastato contact the affected employees through the Microsoft Teams collaboration platform, pose as IT help desk workers, and offer assistance in warding off the ongoing onslaught.Within minutes, at least two of the employees took the bait and followed instructions to open the Quick Assist remote access app built into Windows and hand off control of their desktops to the person on the other end. With that initial access, the breakout time clock was now ticking.Gaining control of an employee device inside a targeted network is only the first in a long series of steps required to tunnel into the fortified regions and steal sensitive data stored there. Most networks these days are segmented, meaning each device and account has access only to the resources needed to perform specific tasks assigned.The person who accessed one of the employees' devices knew that they had to move fast. In the first seven minutes, they connected the employee desktop to their remote command-and-control server by opening IP ports 443 and 10443, which are typically reserved for TLS traffic.They then attempted to use the SMB networking tool, also built into Windows, to upload a malicious Dynamic Link Library file to a sensitive OneDrive directory responsible for performing updates. The techniqueknown as DLL sideloadingworks by placing a malicious DLL file in the same directory as a vulnerable application. Because Windows apps first search their own directories for the DLL files they need, the malicious one gets loaded.When SMB failed, the attacker tried uploading the file using RDP, short for the remote desktop protocol, combined with the Windows PowerShell command window. This time, the upload worked as planned. The attacker went on to use PowerShell to trigger the malicious payload to run on compromised administrator accounts. With that, the attacker was able to connect to the control server through the targeted network, another key rung in the breakout ladder climb.The attacker then used the connection to gain privileged system rights by accessing a service account, likely compromised earlier, for managing an SQL database. Using credentials stored inside the database, the attacker created a new account and assigned it the highest administrative permissions available. The attacker used the privileged system rights to scan the network for vulnerable targets using the SoftPerfect Network Scanner. Attackers and defenders alike often use this tool to identify resources that accounts inside a network have access to.ReliaQuest and its customer have been unable to determine precisely how the attacker gained such access to the service account, but they speculate it was purchased from whats known as an initial access broker. These are a type of threat actor that focus solely on compromising accounts and, when necessary, escalating privileges. The brokers then sell this access to others for use in breaches.In any event, the attacker had now gained persistent, privileged access to the network and was in a position to exfiltrate sensitive data from it. The following image lays out the timeline. The breakout time begins at 5:47 pm and concludes at 6:35 pm, just 48 minutes later. Timeline showing steps that occurred in a recent ransomware attack. The breakout time starts once an employee gave the attacker remote access to their desktop device. Credit: ReliaQuest Elements of successA lot of planning, skill, and experience went into the breach. The spam decoy was effective because it contained no malicious links or attachments, giving it the appearance of an easily contained threat that did little other than making employee inboxes unable to function normally. It also gave the attacker a convincing pretense for contacting the employees and offering IT support.This low-tech but highly effective method allows threat actors to gain initial access and convince users to grant them control of their machines, ReliaQuest researcher John Dilgen wrote. Given its success, its likely that other threat groups will adopt this technique in the near future.The attacker was also proficient in:using DLL side-loading, a technique that first requires identifying a vulnerable app running inside the networknavigating through a maze of network directories using command-line tools and having the agility and breadth of experience to switch to RDP and PowerShell once SMB failedrelying solely on the use of legitimate tools such as Quick Assist, Teams, SMB, RDP, and SoftPerfect to avoid detectiona technique defenders call living off the landpainstaking research and preparation ahead of time, including the acquisition of a previously compromised service account they could access once they had gained initial accessBlack Basta and most other ransomware groups are built on a model known as RaaSshort for ransomware as a service. Under this model, a core group develops the ransomware and rents it out to one or more affiliates. Often, two or more affiliates work together. This allows for each affiliate to perform specific tasks, for instance: draft initial spam messages, pose as IT help personnel, and burrow deeper into a network using command-line tools.There are a variety of things organizations can do to harden their networks to withstand these sorts of attacks. Steps include uninstalling remote access apps like Quick Assist when theyre not needed or restricting access to a small number of hosts, disabling accounts that are no longer needed, and establishing robust verification procedures for employees to confirm theyre interacting with legitimate help-desk staff. The above-linked posts lay out many other best practices.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 3 Comments

Drop the beat Googles cheaper YouTube Premium Lite subscription will drop Music The plan could soon arrive in the US, Australia, Germany, and Thailand. Ryan Whitwam Feb 21, 2025 12:45 pm | 37 Credit: Getty Images | NurPhoto Credit: Getty Images | NurPhoto Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreYouTube dominates online video, but it's absolutely crammed full of ads these days. A YouTube Premium subscription takes care of that, but ad blockers do exist. Google seems to have gotten the messagea cheaper streaming subscription is on the way that drops YouTube Music from the plan. You may have to give up more than music to get the cheaper rate, though.Google started testing cheaper YouTube subscriptions in a few international markets, including Germany and Australia, over the past year. Those users have been offered the option of subscribing to the YouTube Premium plan, which runs $13.99 in the US, or a new plan that costs about half as much. For example, in Australia, the options are AU$23 for YouTube Premium or AU$12 for "YouTube Premium Lite."The Lite plan drops YouTube Music but keeps ad-free YouTube, which is all most people want anyway. Based on the early tests, these plans will probably drop a few other features that you'd miss, including background playback and offline downloads. However, this plan could cost as little as $7$8 in the US.Perhaps at this point, you think you've outsmarted Googleyou can just watch ad-free music videos with the Lite plan, right? Wrong. Users who have tried the Lite plan in other markets report that it doesn't actually remove all the ads on the site. You may still see banner ads around videos, as well as pre-roll ads before music videos specifically. If you want access to Google's substantial music catalog without ads, you'll still need to pay for the full plan.Bloomberg reports that YouTube Premium Lite is on the verge of launching in the US, Australia, Germany, and Thailand."As part of our commitment to provide our users with more choice and flexibility, weve been testing a new YouTube Premium offering with most videos ad-free in several of our markets," Google said in a statement. "Were hoping to expand this offering to even more users in the future with our partners support."The spice ads must flowAnyone who has used YouTube without a subscription over the past few years will no doubt have noticed Google's increasing ad density. The company has also embarked on a campaign to discourage the use of ad blockers, primarily by nagging users and blocking the blockers right back. As this cat-and-mouse game continues, a cheaper premium offering could attract users who are sick of evading Google's policies.The more aggressive advertising is part of Google's goal of rapidly increasing its streaming revenue. In the company's most recent quarterly earnings call, CEO Sundar Pichai noted that Cloud and YouTube reached $110 billion in revenue for 2024, which exceeded Google's expectations by $10 billion. YouTube also continues to be the most popular streaming platform in the US, according to Google. Still, no matter how popular YouTube may be for video, Spotify, Apple Music, and others are even bigger in music. If you want to sell users of those services ad-free YouTube, it's silly to make them pay for another music streaming platform. It's harder to avoid YouTube ads these days. This change is long overdueGoogle's merging of music streaming with YouTube had all the earmarks of ill-conceived corporate synergy. The result was confusing branding, overpriced subscriptions, and a very clunky migration from Play Music. It should not have taken Google five years to do something about it, but here we are.Google doesn't have a specific timeline to share for the rollout of Premium Lite subscriptions, but it shouldn't be long, given the months of testing. There's no hint of an option to subscribe only to YouTube Music, so that service remains bound to ad-free YouTube, even if the opposite is no longer true.Ryan WhitwamSenior Technology ReporterRyan WhitwamSenior Technology Reporter Ryan Whitwam is a senior technology reporter at Ars Technica, covering the ways Google, AI, and mobile technology continue to change the world. Over his 20-year career, he's written for Android Police, ExtremeTech, Wirecutter, NY Times, and more. He has reviewed more phones than most people will ever own. You can follow him on Bluesky, where you will see photos of his dozens of mechanical keyboards. 37 Comments

Brandon Taylor, Digital Editorial Program ManagerFebruary 21, 20255 Min ViewInvesting in substantial automation that enables agile and strategic business operations are vital to compete and grow in todays digital landscape.In this archived keynote session, Rachel Lockett, vice president of business technology solutions and operations at Surescripts, and Jason Kikta, CISO and senior vice president of product at Automox, discuss how organizations are utilizing automation to find value and regroup to meet challenges.This segment was part of our live virtual event titled, The CIO's Guide to IT Automation in 2025: Enabling Innovation & Efficiency. The event was presented by InformationWeek on February 6, 2025.A transcript of the video follows below. Minor edits have been made for clarity.Rachel Lockett: So, the outcomes and consequences of alert fatigue in all its different forms can be ignored alerts, slowed response times, and ultimately not reacting with urgency when something is due. They can also result in burnouts. Since joining the healthcare field, I have heard more now about provider burnout.There have been news stories about alert fatigue resulting in things being missed and ignored that resulted in patient deaths. So again, let's make a correlation to the technology field. What have you seen in your experience? What have been the direst consequences and costly mistakes that you've seen because of alert fatigue and lack of automation?Related:Jason Kikta: I think one of the best and easiest examples for people to orient on when they think about it, especially at the intersection of IT and security, are the number of vulnerabilities. So, this is the slide that you and I showed the audience when we met last year. This was the projection for the number of CVEs.The number of security vulnerabilities in software was growing at an alarming rate and becoming a lot to process. We talked about this, and we said by the time we get to 2025 it's going to be up to 32,000 a year, and it's going to be bad. We had 28,000 in 2023, but then in 2024 we had 40,000! It totally blew out the curve.Now, there is some nuance here, right? This is not necessarily a bad thing in terms of cybersecurity, because part of this is vendors have gotten better as well as security researchers. They've gotten better at finding these vulnerabilities, and vendors have become more disciplined in reporting these vulnerabilities.So, there is some healthiness to those numbers being high, but it still doesn't change the base condition. I spoke to a company late last year, and their security team was trying to manually read through every CVE that was released by every vendor and match it up with their environment to see if they had it somewhere in their tech stack.Related:Then, they would make a manual determination about how they were going to proceed. Were they going to patch it? If so, how quickly were they going to patch it? It was mind boggling. I thought to myself, how do you keep up? The gentleman I spoke to chuckled and said, well, we keep up poorly. Poorly is the answer.RL: Right, because first, that's intensive labor based on the cost involved. But how can you catch up on time? There's going to be a delayed response because there's just too much volume.JK: Another great example is the National Vulnerability Database where they can't even keep up. They are the ones charged with maintaining the global authoritative database, and they've had trouble keeping up. And this was as of last summer.They don't have newer numbers out, but their last announcement in November was that we've added a lot of external contractor support, and paid a lot of money to bring on this extra capacity. We are now keeping up with all the new ones, but we're still behind in the backlog. We don't have an effective way to burn that down.Related:These problems are not getting better, in fact, they're getting worse on the demand side. So, we must fix the supplies, or maybe it's backwards. Maybe it's the supply side, right? The amount that needs to be dealt with is just going to keep rising, and the ability to keep up with it manually is going to be overwhelming. So, you must fix it through better automation and thinking through these processes more holistically.RL: You brought up exactly what I wanted to talk about next. Again, always coming at these things from the human impact perspective. A common solution, which you just described, is to throw more people at the problem, right? Hire more contractors and let's just keep throwing more people at the problem.Things like rotating responsibilities between team members can help to reduce the impact of alert fatigue for a while, but it's just not a sustainable long-term solution. There's also another industry trend that's making this harder and harder to do, and that's the shortage of technology resources. We talked about this last summer.What's happened since then? Is the problem of scarce technology resources getting better? Is it getting worse? Is it remaining the same? Where are we at?Watch the archived CIO's Guide to IT Automation in 2025: Enabling Innovation & Efficiency live webinar on-demand today.About the AuthorBrandon TaylorDigital Editorial Program ManagerBrandon Taylor enables successful delivery of sponsored content programs across Enterprise IT media brands: Data Center Knowledge, InformationWeek, ITPro Today and Network Computing.See more from Brandon TaylorNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Does time move backwards in some situations?sakkmesterke/AlamySome quantum systems may have two arrows of time, one running forwards as usual and another moving backwards. This means that, at some extremely small scales, time may have the option of moving in both directions a stunning feature that may have been overlooked across much of physics.If you consider the most basic equations of quantum physics those that deal with single particles there is no reason why time should always run forwards. This means fundamental

The flaxseed felt pricey upfront.I mixed the flaxseed with water to create my egg alternative Paige Bennett I first tested my recipe with flaxseed.I had a bit of sticker shock paying $9 for a 16-ounce bag of the stuff, but it's shelf-stable and should last a long time in my pantry since most recipes only require a small amount.To replace one egg, I mixed a tablespoon of flaxseed with about 3 tablespoons of water. Then, I let it sit for 10 minutes to thicken and become a "flax egg."At first, my dough seemed off.My finished dough seemed a bit crumbly. Paige Bennett From there, I continued to follow my cookie recipe by creaming the butter and sugars, then adding vanilla and the "flax egg."In a separate bowl, I whisked flour, baking soda, and salt together, then added these dry ingredients to the wet ingredients.Once the dough was incorporated, I mixed in chocolate chips and scooped the cookies onto a baking tray. The dough seemed dry and crumbly, which had me worried that the cookies would fall apart during or after baking.These took longer to bake than my usual cookies.The finished flaxseed cookies looked good to me. Paige Bennett I baked the flaxseed cookies for a total of 17 minutes. They needed more time than my usual recipe, as they seemed too underbaked on top after the 14-minute mark.Despite my worries with the dough, the finished cookies looked golden and very similar to my usual batch.My "flax egg" cookies tasted nutty and delicious.The cookie I made with the "flax egg" turned out pretty great. Paige Bennett After letting the cookies cool slightly, I was treated to a delicious cookie with an appealing texture.The flaxseed added a nutty flavor to them that reminded me of browned butter. The cookies were crisp on the edges and chewy in the center.I used a commercial egg replacer in the next batch.The egg replacer I got came as a powder. Paige Bennett The commercial egg replacer also felt a bit pricey upfront at $5.89 for a 12-ounce bag. However, it should also last a long time in the pantry as it only calls for one tablespoon to replace one egg.Like the flaxseed, the replacer had to be mixed with a few tablespoons of water to create a thicker substance. It only needed to sit for one minute to thicken to the right consistency.The dough seemed fine.I wasn't worried about the cookies made with egg replacer. Paige Bennett I followed the cookie recipe as expected, and the dough came out moist with smaller crumbs.Once I finally incorporated all the small crumbs, the dough had the consistency of Play-Doh. It seemed similar to my dough with egg.I watched these in the oven closely.It took a beat for the cookies made with egg replacer to turn golden. Paige Bennett After about 12 minutes in the oven, the egg-replacer cookies finally fell out of their rounded, scooped shapes and looked more like what I expected.It took another five minutes (for a total of 17) before they were golden and baked through. The resulting cookie still retained a lot of height in the oven.The cookies made with an egg replacer had good rise and a soft center.The batch of cookies I made with egg replacer looked golden brown. Paige Bennett The bottoms of the cookies were dark golden and very crispy, and the top had some crispiness as well. The center was gooey and soft, just shy of being underbaked.As for flavor, these tasted very close to the original recipe with egg, but I did get an extra hint of starch that had a very slight floury taste. That could be because the egg replacer contains potato starch, baking soda, tapioca flour, and psyllium husk.I don't think this flavor would be noticeable to someone who wasn't closely examining the cookie, though.Applesauce could bind and emulsify in the recipe.This time, I used applesauce instead of egg in my cookie recipe. Paige Bennett According to Business Insider's egg-replacement chart, applesauce would be helpful for binding the dough and thickening the cookies, but it wouldn't be too great for leavening.By comparison, flaxseed was good for binding only, while egg replacer was ideal for binding, emulsifying, and leavening.Of the alternatives I tried, applesauce felt especially accessible especially since I typically keep it on hand anyway, and it has many uses (including being eaten on its own).For this experiment, I bought the cheapest option at my local grocery store: six small cups of applesauce for $3. I used 1/4 cup of applesauce (nearly all of one single-serving cup) to replace one egg.My dough was sticky and produced fewer cookies than usual.The applesauce seemed to make my dough more dense and sticky. Paige Bennett My dough certainly smelled good, but the applesauce made it dense and sticky.The cookie scoop I used packed the dense dough in so much that this batch made only 11 cookies instead of 12.The applesauce cookies looked thick and pale.The cookies I made using applesauce instead of egg didn't look quite right as they baked. Paige Bennett These cookies took about 19 minutes to bake, as they were staying too soft on top and looked pale for longer than expected.After they'd cooled, they looked very thick but much lighter in color than my other batches.The applesauce made for some very chewy cookies.The applesauce made these cookies chewier. Paige Bennett These had a good flavor and tasted like standard chocolate chip cookies, with no hint of apple at all.However, perhaps because of the added sugar in applesauce, they were very chewy and tougher than the others I baked.They weren't unpleasant to eat by any means, but the texture just wasn't as good as the other batches.Plain yogurt is a staple in my house, and the cookies only needed a small amount of it.I didn't need a lot of yogurt for this substitution. Paige Bennett I use plain yogurt for smoothies, bowls, and even as a sour-cream alternative, so I always have a tub of it in the fridge.For this test, I used a scoop from my 24-ounce tub of 2% fat plain yogurt from a local dairy producer that cost me $7.50. However, a small, single-serving cup of store-brand yogurt could work for this recipe for a lower upfront cost.Based on my internet queries, it only takes 1/4 cup of yogurt to replace an egg.My yogurt dough was dense and crumbly.My dough wasn't sticking together the way it normally does. Paige Bennett This dough smelled very strongly of yogurt, with a tangy scent that was pretty unpleasant. It felt dense but also crumbly.These cookies took the longest time to bake.The cookies I made using yogurt instead of egg had a lot of height. Paige Bennett Yogurt can be good for emulsifying and leavening, so it's no surprise that this batch had cookies with the most height.They barely flattened as they baked, which meant the centers of the cookies needed more time in the oven. In total, these took 21 minutes to bake the longest time of the five batches.The resulting cookies had a lot of height and more of a dense, blondie-like consistency.The cookies I made using yogurt instead of egg had a lot of height. Paige Bennett The texture of the yogurt cookies was nice, with a slightly chewy bottom and a very soft but dense center. They reminded me of a brownie or blondie.I didn't notice much of a difference in the flavor of the cookies compared to the original recipe.Finally, I made use of waste by whipping up aquafaba.I used a frother to whip my aquafaba. Paige Bennett For the final batch, I reserved some aquafaba from a can of chickpeas. This is a popular egg substitute in vegan recipes.The can of chickpeas cost under $2, and I was using the legumes to make lunch. I don't normally reserve this liquid, so it felt nice to use up something that I usually just strain down the sink.To replace one full egg, I reserved 3 tablespoons of aquafaba. Then, I used a handheld milk frother to whip it until foamy.The dough seemed normal and didn't smell weird.I couldn't smell chickpeas in these cookies. Paige Bennett The aquafaba didn't smell great at first, but the fragrance seemed to neutralize after whipping.Fortunately, the dough didn't take on any odd or chickpea smells. Still, it was somewhat dense and pretty sticky.This batch baked quickly, but the cookies spread a lot.My aquafaba cookies spread the most. Paige Bennett The cookies made with aquafaba took the shortest time in the oven, requiring only 15 minutes.In that time, the cookies spread out more than the other batches. They just didn't have much of that rise that an egg can give.The resulting cookies were tasty but quite crumbly.The cookies I made using aquafaba felt a little crumbly. Paige Bennett The flavor was nearly identical to my standard cookie recipe with egg, and I was impressed that the aquafaba didn't leave behind an earthy taste at all.The cookies fell apart as I handled them, though, a problem that none of the other cookies had. Because of that, I think these might be best suited for crumbling over ice cream.All in all, I'd use most of these substitutes again in a pinch.From left to right, cookies made with: flaxseed, egg replacer, applesauce, yogurt, aquafaba. Paige Bennett Overall, I was pretty impressed with most of these egg substitutes. Every batch tasted great, so most issues came down to texture.I'd probably skip the applesauce for chocolate chip cookies because they turned out too chewy for my liking.The aquafaba cookies tasted great, but this substitute isn't my top choice because these cookies were a bit thinner and more crumbly than the others. The yogurt-based cookies were fine, if a little dense and chewy.My favorites of the bunch were the flaxseed and the egg-replacer cookies. Both ingredients resulted in cookies with excellent taste and texture.In my house, we particularly liked the nutty flavor of the flaxseed eggs, and that will be our go-to egg alternative for our favorite cookie recipe.

I spent about $7,700 taking my family of five to Disneyland for three nights this past winter.Although they get expensive, Disneyland trips have become a family tradition for us.For us, staying on the property and booking three nights instead of two was worth the added cost. Disneyland has always held a special place in my heart.I grew up in Orange County, California, and every summer night, my family watched the Disneyland fireworks from our back patio.I visited the parks as a teen, then with my wife when we first got married. Once our son arrived, visiting the Disney parks became our family tradition.Eventually, he got "too old" to hang out with mom and dad. For many years, my wife and I continued to visit Disney parks just the two of us, but we missed sharing the experience with loved ones.Now that our son has his a wife and child, though, we've brought back the tradition of visiting the parks as a family and Disneyland has become one of my favorite places once more.Winter trips to Disney have become a new family traditionFor us, December Disney visits have become a fairly new holiday tradition.For the second year in a row, we had our son, his wife, and their kid fly from Washington state to California so we could treat them to a Disney trip. It's a treat for us, too, because we get to spend time with them and our 3-year-old granddaughter. My wife and I are snowbirds, so the trip is also a chance to see our family in the winter without having to face the colder temperatures and snow in Washington.We always try to learn from our past tripsLast time, we did a two-night Disney trip but it felt too short. This time, I booked four days and three nights instead.The extra night allowed us to check into the hotel and enjoy its amenities without taking too much time away from the parks. It was worth the added cost.On our last trip, we booked a Costco Travel package to save money. This time, I chose to book directly through Disney so I could better customize our longer trip. Although staying on Disney property can be more expensive than staying at nearby hotels, it comes with several benefits, like getting early access to the parks (and a short walk to get to them). My family stayed at Disneyland Hotel. AaronP/Bauer-Griffin/GC Images So, we stayed on the property again this year. I wanted to book a two-room suite at Disneyland Hotel, but none were available when I made my reservation in August.Instead, I reserved two connecting rooms for $4,456. However, just three weeks before our trip I checked the Disney website and saw a suite was available.First, I'm glad I kept regularly checking the Disney site you never know when someone else could cancel and the room you want will open up. This could work for hard-to-get meal reservations, too.Second, I'm grateful I called guest services to change my reservation. The staff member even helped find me a promotion that would save me over $1,300 on the listed suite rate. In the end, our stay cost $4,571 so I paid just $115 more to upgrade to the suite. The trip is never cheap, but it's worth it for us After booking the hotel, we also paid for parking for two cars ($240), two-day tickets with admission for one park a day for four adults and one child ($1,630), food, drinks, and souvenirs.All totaled, our trip was about $7,700. This time, I was also able to cover about $1,100 of the charges using rewards dollars I'd earned with my Disney Visa card.Throughout the trip, we were able to just enjoy time as a family whether we were going on rides, watching a parade, or swimming at our hotel.It was a lot of money, but the memories we made once again made the cost worth it. I'm confident we'll be back as we continue to cement this as our family tradition.

Kim Kardashians career has been one big guessing game. Since founding the extremely successful shapewear company Skims in 2019, the reality-star-turned-lifestyle-influencer has embarked on a number of surprising if not totally puzzling ventures, from trying to become a lawyer to starring in a poorly rated season of American Horror Story to filming an eerie Santa Baby music video. Thanks to her recent Instagram activity, though, her followers have already started to suspect her next move. The theory is that Kardashian is making a rightward turn, cozying up to those currently in power as she continues to grow her economic empire and align herself with the worlds most powerful business leaders. While not a foregone conclusion, its all in the tea leaves. Lets back up.Earlier this month, Meta CEO Mark Zuckerberg posted a cheery photo of himself on Instagram wearing a hoodie that read Kim is my lawyer with the caption My only appropriate hoodie. Kardashian commented with Hahaha I love it!!! before sharing the selfie on her Instagram Stories. It still isnt clear what inspired Zuckerbergs shoutout. Did family momager Kris Jenner, whos tagged in the caption, send Zuckerberg the hoodie? Was this some sort of poorly executed promotion for Kardashians upcoming Ryan Murphy legal drama Alls Fair? Will Kardashian, not actually a member of the bar, be representing Zuckerberg in his next lawsuit? Just a few years ago, the queen of selfies having a virtual giggle with a fellow billionaire like Zuckerberg wouldnt have raised many eyebrows. However, Zuckerberg has spent the past year publicly ingratiating himself to President Donald Trump: altering Facebooks speech policies in his favor, donating to his inauguration fund, and attending the ceremony in January. Along with Amazon founder Jeff Bezos and Tesla CEO Elon Musk, Zuckerberg has been labeled a member of the broligarchy, a moniker for several tech billionaires trying to curry favor with the Trump administration with the hopes of influencing deregulation policies or attaining government power. Musk has already torn through the federal workforce with his Department of Government Efficiency.More damning, though, has been Kardashians public ties with Musk, adding extra suspicion to her recent interaction with Zuckerberg. Last year, she repeatedly shilled for Musk, whos had a long, storied friendship with her ex-husband Kanye West. In addition to being spotted around Los Angeles in her Tesla Cybertruck, she posted the companys Optimus Bot on X less than two weeks after the presidential election, as well as staging a bizarre, sexy photoshoot with the android on Instagram. (In a strange effort to stave off backlash, she clarified that she wasnt paid to post the robot.) Shes even broadcast her affinity for members of the Trump family. In addition to her well-documented friendship with Ivanka Trump, she shared a caption-less photo of first lady Melania Trump on her Instagram Stories the day of the inauguration. All these pointedly apolitical but public interactions with Trumps family and associates have Kardashians followers wondering if shes preparing to go all in on the president himself. In contrast to Trumps first term, its become more common to see popular celebrities interact with the Trump administration or, at the very least, withhold critical opinions. A slew of rappers, including the previously anti-Trump Snoop Dogg, performed at one of Trumps inaguruation galas. When asked about Trump attending the Super Bowl this month, Kansas City Chiefs Travis Kelce had nothing but polite words to offer.Locating the Kardashian-Jenner clans politics has always been a confusing, maybe even thankless task. Any mention of social issues or electoral politics has felt mostly inorganic coming from members of the privileged family, one of whom unabashedly claimed that they dont even read the news. The rest have spent the better part of their careers offending various demographics online. Nevertheless, the Calabasas influencers rose to power on the internet in the 2010s, around the same time that social movements like Black Lives Matter and Me Too were resounding online and demanding the engagement of celebrities. The familys proximity to Black culture, whether through their romantic partners or their affinity for Black beauty trends, also put them in the position of being pressured to speak on racial issues and called out when they didnt. Arguably, these were opinions we didnt actually need to hear. For the most part, Kardashian has associated herself with left-leaning politics, using her platforms to support support Black Lives Matter, calling for stricter gun laws, and criticizing the Supreme Courts decision to overturn Roe v. Wade. She also supported Hillary Clinton in the 2016 election. Notably, shes the only family member to fold social justice work into her brand, specifically around criminal justice reform. Beginning in 2018, she successfully advocated for the release of Alice Marie Johnson and Chris Young from prison. She also helped persuade the Trump administration to sign the First Step Act, aimed at changing sentencing laws and decreasing prison populations. Since then, shes advocated for the clemency of multiple prisoners on death row and other incarcerated people, including the Menendez brothers. From left, Jared Kushner, Kim Kardashian, and Ivanka Trump at a 2019 White House event for criminal justice reform. Saul Loeb/AFP via Getty ImagesAs witnessed by her prison-reform efforts, she hasnt been afraid to do direct business with Trump to advance her own causes. As much good as Kardashian may have done for the pardoned inmates, the clemency deal also just happened to redirect attention from her ex-husbands comments about slavery and bring some goodwill to the Kardashian brand. RelatedThe TrumpKim Kardashian meeting, explainedThe worlds most famous business leaders are also making what feels like a unified move to the right and being regarded as a serious player in the business world has long been a concern for Kardashian. On her Hulu reality show The Kardashians, shes discussed her obsession with proving herself as a businessperson and her desire to be seen as a corporate disruptor on the level of a Zuckerberg or Steve Jobs. In an episode of season 2, Kardashian says: All of the big banks and VCs everyone says, Apple, Nike, Skims. Were in that conversation, and it just makes me really proud. For a high-powered billionaire like Kardashian, it is perhaps only a matter of time before she kisses the ring, much the way her techier brethren have.Its not evident that Kardashian personally aligns with the views of MAGA. Her attendance at a Black business gala earlier this month suggests that shes probably not in support of Trumps sweeping anti-DEI agenda. Her own businesses have relied on the support and compliance of Black and nonwhite celebrities and models, who are often featured in her Skims and KKW beauty campaigns. Plus, it arguably still wouldnt be the smartest move for a reality star trying to earn their stripes in Hollywood to start donning a red cap. Whatever Kardashians intentions, her attempts to appeal to both sides of the aisle have already been undermined. The same day that Kardashian posted a photo of Melania Trumps inauguration outfit on Instagram, President Trump signed an executive order titled Restoring the Death Penalty and Protecting Public Safety, a direct blow to the prison reform efforts shes been fighting for for years. See More:

Broken Arrow, from Steel Balalaika and Slitherine, leaves a strong first impression once you get over its setting, and it left me completely excited to play moreTech14:41, 21 Feb 2025Broken Arrow's more familiar setting could help it become a force in the RTS genre(Image: Steel Balalaika/Slitherine)If youve ever been curious about the RTS genre, Broken Arrow might be a great place to start. With some of the most famous entries focused on alien tech or magical units, its almost a breath of fresh air to play a real-time strategy game set on the more familar fields of conflict.Steel Balalaika and Slitherines tale of a fictional Eastern European conflict may cut a little too close to home in the current political climate, but its off to a really promising start from what Ive played so far.Here's why it's giving me the same feeling of playing with Micro Machines when I was a kid.Maps are massive, befitting the scale of the warfare(Image: Steel Balalaika/Slitherine)Thankfully, what plot there is is conveniently left in the background in place of caricacture-like generals.That brings it closer to feeling more what an 80s action movie would use as a backdrop than anything wholeheartedly believable, but I think thats to Broken Arrows advantage Im not sure I could stomach dropping bombs on recognisable units on the other side of the continent.Artillery can turn the tide of a skirmish(Image: Steel Balalaika/Slitherine)Broken Arrow also plays really nicely for genre newcomers, or lapsed RTS fans. Units respond quickly to orders, and while its heavily-weighted in terms of vehicles, sending jets on bombing runs and breaching and clearing buildings as a small group of soldiers are two actions that are equally easy to complete.The idea is to hold specific capture points, funnelling additional forces to the best possible location as they arrive from bases. Its not fun seeing the new unit youve called in get blown to smithereens before it can make an impact on the battlefield, but the same can be done to your opponents and wrecking a convoy that wouldve caused your side a lot of harm in just a few minutes' time feels great.Tanks and infantry require different approaches(Image: Steel Balalaika/Slitherine)While vehicles often feel like difference-makers, theres always room for squaddies.I was worried theyd feel paper-thin, easy to mow down and almost pointless, but they can capture buildings Advance Wars style, and a line of sight system means you can engage in genuinely engaging infantry-only combat that feels like an RTS XCOM 2.Taking cover is important when troops are so squishy, and Im excited to build strategies befitting both infantry and armoured units, as well as the best way to employ aircraft.Broken Arrow might end up being the game that grabs non-RTS fans thanks to its responsive movement and orders, and its more grounded setting.Article continues belowWell find out soon enough its slated for a July 2025 release.Previewed on PC.

The Elder Scrolls 6 Hammerfell will have dragons and naval battles or will it?GameCentralPublished February 21, 2025 5:37pmUpdated February 21, 2025 5:38pm This is Hammerfell artwork from The Elder Scrolls Online (Bethesda)Rumours about the setting and features for The Elder Scrolls 6 are doing the rounds online but the information may not necessarily be what it seems.Of all the mostly keenly speculated secrets in gaming today, the name and setting of The Elder Scrolls 6 is one of the most hotly debated. Each new entry is always named after a fictional realm in the world of Tamriel and, assuming creator Bethesda dont make any new ones up, theres relatively few of those left that havent been done before.Skyrim was equivalent to Scandinavia, and before that Oblivion (which is rumoured to be getting a remaster this summer) was essentially the games version of Hell. Its long been rumoured that The Elder Scrolls 6 will be set in Hammerfell, which is Bethesdas analogue for Africa, and a new rumour has surfaced which seems to confirm that.Except theres confusion as to whether it is a new rumour or if its just recycling earlier ones that didnt get as much traction the first time round.This weeks excitement began with leaker eXtas1s, whose track record is patchy but not something that can be dismissed immediately. He certainly seems to have contacts within Microsoft, as hes got a lot right in the past with news related to Game Pass, but in this case the information doesnt come directly from him.Its been difficult to determine exactly whats going on, as his original video is in Spanish, but it seems that not only is he merely repeating rumours from fellow leaker ColtEastwood but that information comes from an unverified source on 4chan.Normally, that would be the end of it right there, except the supposedly leaked information is so obvious its probably going to end up fairly accurate anyway, simply because elements of the game are easy to predict and/or Bethesda has already hinted at it.https://twitter.com/eXtas1stv/status/1892741990099345811What are the latest The Elder Scrolls 6 rumours?For the record eXtas1s says that dragons will return in the game, that it will have 12 to 13 big cities, and that there will be no pre-set class types. So, very similar to Skyrim.High Rock will also be location, which has also been previously rumoured, and there will be the ability to build your own villages and fortresses to lord over, which seems a logical extension of things Bethesda has been doing for years now.The only unexpected element is the promise of naval battles, ship customisation, and underwater exploration. Although even that was hinted at by a previous leak involving an artist studying images of fish and underwater environments.More TrendingTherell also apparently be procedurally generated islands and dungeons, which seems like it would probably be using similar tech to Starfield.Like we said, its all very believable, and predictable, but thats the problem. The original source is unknown and theres no reason to think its not just a knowledgeable fan making educated guesses.The only time they go out on a limb is the idea that the game will be shown this July, which seems far too early considering its not expected to launch until 2028 at the very earliest.Its probably the hope that that element of the leak is accurate thats propelled the rumour around the internet so quickly, but unfortunately its probably the only part that definitely isnt true. The Elder Scrolls 4: Oblivion is rumoured to be getting a remaster this year (Bethesda)Emailgamecentral@metro.co.uk, leave a comment below,follow us on Twitter, andsign-up to our newsletter.To submit Inbox letters and Readers Features more easily, without the need to send an email, just use ourSubmit Stuff page here.For more stories like this,check our Gaming page.GameCentralSign up for exclusive analysis, latest releases, and bonus community content.This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy

The Wheel of Time is preparing to crank back up again, with the first three episodes arriving March 13 on Prime Video; like seasons one and two, itll run eight episodes, with a weekly drop after the premiere through April 17. That mini-binge may be enough to plunge you back into Robert Jordans world (after yesterdays amuse-bouche: the limited-time early release of the seasons fiery first 11 minutes), but if you need a reminder of where season two left off, io9s got you covered. First, though, here are some Wheel of Time explainers weve shared in the past: The io9 Guide to Wheel of Time, which digs into the epic Robert Jordan book series that provides its source material, as well as Everything to Remember About Wheel of Time Ahead of Season 2, which explains the premise of the series and goes over the main characters that were introduced in season one. That post also details the events of season oneincluding the reveal that Rand alThor is the Dragon Reborn, destined to face off with the Dark One in a Last Battle that will either end or save the world. That 2023 post also notes something thats worth re-iterating: you dont have to read the Robert Jordan books to enjoy the series. But the creators of the Prime Video adaptation (led by showrunner Rafe Judkins) do sprinkle in Easter eggs for longtime fans, while making sure to explore the finer points of the lore for newcomers. What happened in The Wheel of Time season two? Seanchan damane and suldam. Prime Video Following season ones climactic showdown with the Dark Onein the form of his fiercest representative, the Forsaken named Ishamaelthe Two Rivers friends were mostly scattered across different lands. Rand, fearful that he might hurt his loved ones because channeling the One Power has a way of driving men mad, told Moiraine to spread the word that didnt survive the fight at the end of season one. Hes now in Cairhien, working at an asylum and spending his nights with an alluring innkeeper named Selene. (Hes still in love with Egwene, but circumstances being what they are) His disguise is a shaved head, not that anyone whos not in league with the forces of darkness would recognize him. Unfortunately for Rand, Selene turns out to be Lanfearanother Forsaken. Shes still carrying a torch for the last Dragon after 3,000 years, and isnt going to give up her hold on Rand without a fight. Eventually, Moiraine turns up in Cairhien and lets Rand know his new squeeze is very bad newsthough Lanfear, who tends to put her own agenda first, does help Rand, Moiraine, and Rand escape the city when Siuan Sanche tries to ensnare Rand, viewing him as a weapon only the Aes Sedai should have access to.At the White Tower, Nynaeve and Egwene are in training to be Aes Sedai; both are known to be powerful channelers, especially Nyneave, though as of yet shes unable to control her abilities. Despite that, she endures the harrowing test required of Novices to become an Accepted. Another Novice, the young royal Elayne Trakand, is assigned as Egwenes roommate, and the newly minted trio escape the tower together on a rescue mission to find Perrin after Liandrinan Aes Sedai whos secretly in league with the forces of eviltells them hes been captured. However, Liandrin ends up kidnapping the girls and presenting them to the Seanchan, a sinister invading force that enslaves women connected to the One Power and uses them as damane, instruments of war. Nynaeve and Elayne escape, but Egwene is put through endless torture as her assigned handler (or suldam), Renna, tries to break her spirit and bring her to heel. Rand and Selene. Prime Video Meanwhile, Perrins own entanglements with the Seanchan come after hes been on a quest to find the Horn of Valere, an essential artifact that was stolen by a Darkfriend at the end of season one. He also learns hes a Wolfbrother, with a unique connection to wolves as well as the ability to glimpse the future, and encounters Aviendha, a fierce Aiel warrior, who pledges to help him after he saves her life. The remaining member of the Two Rivers group, Mat, starts off the season imprisoned in the White Tower as he tries to shake off the lingering effects of the cursed dagger that nearly ruined him in season one; he befriends Min, a fellow prisoner with the gift of foresight, who warns him of her vision that hell eventually kill Rand.As for Lan and Moiraine, they spend much of season two on shaky ground after Ishamael severed Moiraines connection to the One Power at the end of season one. Moirainewhos been banned from the White Tower, on top of her complicated personal and political relationship with Siuan Sanchehas to do a lot of soul-searching to figure out who she is without her magic, though she does remain firmly committed to shepherding Rand along the path to his destiny. Lan and Nyneave find time to realize theyre in love with each other, in a storyline that doesnt get too much traction. In maybe the seasons most cathartic moment, Rand realizes Moiraine hasnt lost her connection to the One Powershes merely been knotted off from itand hes able to restore her abilities just ahead of the finale. What happened at the end of The Wheel of Time season two? Prime Video All roads lead to Falme, where the main charactersplus all the newbies we met this season, including Elayne and Aviendhareunite at last, and everyone works together to fight Ishamael. This time hes vanquished, in a reverse of the season one finale. Teamwork! That is a very simplified description of all the insanity that takes place in the finale, including (but not limited to) Egwene murdering Renna and reclaiming her agency and burgeoning powers; Mat blowing the mythical Horn of Valere, summoning dead heroes from the past to help with the battle against the Seanchan; and Rands status as the Dragon Reborn finally being broadcast to the world at large.At the very, very end of the episode, Lanfear meets another Forsaken, Moghedien, who gleefully tells her all the Forsaken are now releasedone last parting gift from Ishamaelwhich can only mean trouble for everybody as the Last Battle approaches. What can we expect from The Wheel of Time season three? Prime Video Prime Video has yet to put a timetable on The Wheel of Time, but its not yet been renewed past season threewhich means we may or may not be about to see Rand finally fighting that potentially world-ending Last Battle. No pressure!Heres the official description of whats to come: In season three, as threats against the Light are multiplying, Moiraine Damodred (Rosamund Pike) and Rand alThor (Josha Stradowski) embark on a perilous journey to the Aiel Waste to uncover the true fate of the Dragon Reborn. With the Forsaken in hot pursuit and Rands corrupted power growing stronger, Moraine must prevent the Dragon from turning Dark no matter the cost. Book readers have even more to go on, knowing that season three will adapt events from The Shadow Rising and The Fires of Heaven, the fourth and fifth books in Jordans series. Plus, we know there will be even more new characters joining the action, including some played by confirmed genre favorites, including Shohreh Aghdashloo (The Expanse) as Elaida aRoihan, an Aes Sedai who advises Elaynes mother, Queen Morgase Trakand of Andor (Dune: Prophecys Olivia Williams). The Wheel of Time season three premieres March 13 on Prime Video. Want more io9 news? Check out when to expect the latest Marvel, Star Wars, and Star Trek releases, whats next for the DC Universe on film and TV, and everything you need to know about the future of Doctor Who.