I think you still need to think about what that vulnerability gets you. Assuming a world similar to the ads in Minority Report or just thinking ahead to social networks that will reside on your phone in the future, wireless makes a lot of sense, regardless of the security. Its needed for AR and for the world to be what its made out to be in 4e.

The question you must ask is what data is on that wireless enabled node? Taking a node that might read in your Access ID when you step into a Stuffer Shack and hit you with AR ads of your commonly purchased items that are on sale... There's likely an API on that node that queries some large database with all purchases on it. So, the hacker, could get on that node and say they had an Access ID of someone they want to look up. They could get all their purchasing information, maybe even some account numbers they used to purchase stuff. But, you are not going to get the delivery records for all Stuffer Shacks. You are not going to get personnel files of all Stuffer Shack employees. You are not going to get any R&D files. Those systems just aren't likely to be connected to some node that has wireless enabled.

I think it is very realistic that in 60 years, there will be a whole lot of wireless access. But, just having wireless access isn't the security concern. The concern is what data do those wi-fi nodes have access to. The less "important" data it has access to, the less security you have to worry about, because the data that you can get, while it may be private, is not itself, important in a general sense.

I agree that databases, security, etc would not likely be on the wireless node. I would submit that they are 1-2 hops away and interconnected in all but the most secure implementations. I once saw a guy hack a server with nothing more than port 80 open through a firewall. He then 0wned that server and created a root shell. As a white hat, I can tell you that any connection is a vulnerability, no matter how insignificant a person convinces themselves it is or how much they try to convince themselves that a database connection or web server connection alone could not be exploited for full root access.

My point is this: Wireless everywhere is realistic. 98%+ of the systems being vulnerable either directly or indirectly from those wireless access points is realistic and it is my real-world experience that the most vulnerable accounts are many times those with the most access (be it data or systems).

it is if the walls are not shielded and someone has a really sensitive directional antennae. Passive RFID is only supposed be a few inches, but someone can bounce a signal and read your card up to 40 meters away with a shot gun antennae. (so much for security)

Shielding a room completely is going to be really expensive. Anti wireless will cause issues. Also means that you cannot effectively communicate with the outside world.

So much easier to just drop in a wire and a hub.

Do you know how rare it was to have a TN higher than 6? Really, really rare. The system was new and innovative and exciting. That faded after many years, but the later editions made it better (for the most part). We never had any real problems with the game system, at all. And I ran/played in 2-3 games a week (during my heyday). Few systems can claim that. And it was somewhat easy to figure out TN's once you had a feel for the system.

Now it just a modified version of another companies (bad) game system. I'm not saying that it is necessarily a bad game system now, but it just seems too much like WW's system and I don't like it.

I still love the game world, but now I am much more likely to just convert rules for Hero System or Feng Shui to play it.

It's funny that most of the "security" complaints people have about wireless networking in SR4 are addressed in the rules, but no one ever stops to read them (IMG:style_emoticons/default/smile.gif) .

I would say pools were groundbreaking... The 6=7 thing was around before Shadowrun. And if its that big of deal you can change the 6 to a 0 and have a 0-5 die then move the TN down to 3 as average... problem solved.



I have yet to see a company not treat wireless traffic as hostile and put the router on the DMZ. I'm sure the coffee shop may just have an open network but just in every company I've done buisness with over the years from 50 employees to 50,000+ you stick the wireless out on the DMZ and treat it as internet hostile traffic.



Unwired did fix my complaints with encryption though not very elegantly.

Top level execs being the biggest violators is no secret. However, you have to remember this is only the nascent phases of the Digital Age. The DotCom boom was in 1998-1999. We've been at this for only a little over a decade. Obviously the Internet and computers are much older than that, but this is relatively new hat on a grander scale. A lot of top level execs, especially for major corporations, have been in business long before this was all just "normal" like it is for pretty much anyone under thirty. My dad worked in computer sales for companies like Lanier and Sony in the late seventies. Think about the kinds of advances in technology that have happened since then.

You're thinking in the "right now" of information security and not the "fifty years from now", and that is where you come up short. By 2050(60,70) it's not new hat. People have grown up in a world entirely digital, with passwords and information security etc as a regular instance in life. Sure, at the street level, people are going to be lazy. At the corporate level, not so much. In 2010, we're also at the very earliest phases of wireless technology. This whole "everyone connected, all the time" idea is relatively new. Obviously you've never been into a government building where you have to surrender any mobile phone with a camera. I'll tell you, the idea that corporations would allow people to just wander around in their buildings connecting wirelessly to everything when they know that everyone has a wireless device? Absurd. The IS manager's head would have exploded the first time it was mentioned.

And trying to argue the logic of the Wireless Matrix using logic taken from the 4e rulebooks is going to be an epic failure in this argument since it's pretty obvious that the writers of 4e and the Wireless Matrix didn't put enough thought into its implementation and just wanted to do something new with the game. I won't bother hashing into posts like Smokesin's. 4e suggests that this whole idea of AR and wireless Matrix isn't absurd in its premise. Kinda hard to argue for something, using that very something as the evidence, lol. "I argue this idea works because it is this idea."

We've read them. They are just stupid.

We know that they have been addressed. The solutions aren't practical or viable. Just because it's in the rules doesn't mean that it makes sense, or reflects reality.

Its not just government (IMG:style_emoticons/default/wink.gif) and sometimes even your phone without the camera doesn't work in the building anyway (IMG:style_emoticons/default/biggrin.gif) back in geez 2003 IIRC I had a big argument with a cell phone rep trying to get a cell phone without a camera. They couldn't understand why I would want a phone without a camera and kept trying to sell me one with fancy features, I couldn't get it through their skull that if it has a camera I can't take it in the building.

I'm not specifically talking about unwired, or about specific rules. I'm actually talking about the descriptions on the core books that specifically counter the most common complaints.

"No corp would ever leave their secret servers open to the outside!". Well, they don't. The entire point of the new Matrix system is that your party's decker has to go in with the rest of the team and get past all those security perimeters in order to reach a point inside the corp where he can access said servers, be it a hardwired jackpoint (those are still around, you know) or a very limited WLAN boxed in by Faraday cages.

"No one in their right mind would leave open wireless networks hanging around his PAN!". Well, they don't. There was an entire sidebar describing tactics you could use for securing your own commlink and PAN. ICE is not just for corporate servers anymore. You can safely assume most people would have something like that in their commlinks, even if it's not as high-grade as what a secure corporate server would be packing. And if your PCs aren't taking any of these precautions, well, the joke's on them.

"Why do my underpants need wireless access? That's ridiculous!" Well, your average pair of underpants doesn't have any wireless access. It probably does have a few RFID tags for the convenience of the store, but that's definitely not the same thing. If those tags get you spotted when you break into a corp lab, well, the joke's still on you, tag erasers are right there in the gear chapter.

As for cyberware, well, there's some pieces that derive real benefit from being linked to your PAN, and there's some that don't. If you think it would be silly for a given piece to have wireless access then it probably doesn't have any. For those which do need this access, you're back to issue number 2, which is solved by properly securing your PAN.

It will be better to focus on what you like about various editions rather then arguing or trying to convince others.

Take any specific things you want to discuss thoroughly to other threads.

This admin post is not addressed to any specific post, but to the emerging trend of discussing specifics back and forth.

It is a Megacorp. Do they really care about how expensive protecting something more valuable is?

Also, you can communicate with the outside world if you still use wires, which most corps do. It is in the books!

Just have a nice wired node full of nasty IC and high firewalls protecting the closed network inside of the shielded building.

I think some people forget that the whole idea of 4th edition is to make the hacker come with the rest of the team! Plan and make security appropriately!

Not talking about you BTW. Anyway, yeah, a wire and a hub would work just as well!

Yes I know it's a megacorp, the thing is, a wire is cheaper. That is what I was saying.

The other thing about faraday cages, is that they have to be completely sealed. That's not easy to do. Any holes for power cables, air vents, etc... let wireless signals leak. That means that you will either have to mesh the whole building, including over all the windows, have some kind of airlock for each door.

The point of making the decker come along with the team, is moot. They was there before. Isolate the server in the lab, make sure that there are maglocks all over the place. A vlan with cameras. I have never in my gaming session ever had to "pizza time" a decker. They were always there, opening doors for us, looping cameras, or doing overwatch from the inside, in order to lower target numbers related to subsystems and LTGS. The only time a decker gets more time, is when they are doing information gathering, like getting plans from city hall.

That is why I like 2e.

For certain the sedentary decker was a creation of the lazy or uncreative GM, not the game. No target worth anything is going to have remote access to its important datacache systems so the deckers always had to come along and participate. They were always working in "real time" with the party, even if they weren't physically standing next to them. And unless your games are pink mohawk silliness, the decker never should have felt like they didn't get a chance to shine or do battle with the rest of the team. And if you did have those kinds of games, well, everybody I ever knew used NPC deckers anyway because all the players wanted to do was roll a lot of dice and be told what had just exploded.

But to answer the question posed, yes, the megacorps care how expensive things are. You'd be surprised how much people will nickel and dime even the most expensive of systems. If a lot of money is being spent, it had better be for a good reason. Except when it comes to high level salaries and executive perks, lol.

Heck, with the new wireless system, you still don't have to have an active hacker, so the point is kinda moot about "forcing" hacker players to come along. A sedentary hacker can simply go VR, the team can theoretically jack a wireless hub/commlink straight into the closed system and then the remote hacker can access it from there.

Which is where the wireless inhibiting paint and such come in.

To keep this on topic, one thing I found funny on the 1e material I've read was that shadowrunners tended to be treated pretty much as "adventurers" were on more traditional games. As in, they were likely to be recognized on sight by NPCs as shadowrunners, and most of those NPCs wouldn't get nearly as nervous when meeting them as they would get when meeting, say, a member of the Mafia or Yakuza. Everyone not directly under the thumb of a megacorp seemed to be pretty at home in the shadows.

Well there always DNA/DOA.... even had random encounters in the sewers (IMG:style_emoticons/default/dead.gif)

I think the idea was that the world was split into people who worked for the Corps and everyone else...
...SR 1-2 being much more of a Shadowrun being about people who work and exist in the cracks of a MegaCorp world.

You're only limited by the extent of your creativity and your budget when it comes to Shadowrun. But I can think of some pretty cheap and easy ways to defeat wireless inhibiting paint unless the whole complex is doused in it.

The wireless AR rules were a way of changing the game from "if you're creative enough to think about it you won't do it" to "here's why you kinda have to now because we didn't think you were smart enough".

Wasn't that the 1st SR scenario ??
Maybe it was a transition scenario, to help people move from D&D to SR ??

That is what I played the most. I like it as well.

Allow me to broaden your experience: Some companies allow wireless access to their intranet. "Protected" by WPA(etc), but still direct access.

Actually arrogance and laziness are universal traits that are not copyrighted by the execs of "right now"...

Sadly, technology is already leaving you behind then. I dare say it will not take until 2063 for us to see a reasonable adaptation of it.

In any case, this is a game and not bound to reality. Each person is able to play/not play or like/not like any elements of any edition and mix/match/adapt or drop as they please.

I believe it was the first adventure. Another explanation is that it was just so early in SR that even they hadn't fully figured out their own game style yet and just made it in the style they knew (AD&D). Several of the early adventures were a bit wonky and didn't always make complete sense.

Though the random encounters weren't even the "worst" part of DNA/DOA. It had mutant cockroaches and half-mutated bear-man and tiger-man employees. It was like the Shadowrun equivalent of a SyFy Channel Original Movie. Which, of course, has its charm, but wouldn't fit into any kind of later era "serious" Shadowrun style narrative.

It sounds like you know a reasonable amount about the IT sector, but I got my start in it in 1997 and I've seen it develop as well.

IT security has played a game of leapfrog, more or less. Wireless network security is just now becoming the hurdle as it becomes more and more the standard. I have a hard time believing that the security protocols will not get more advanced and stringent over time. You have to remember, back in 1989 a lot of us thought the 1e Matrix security was really complex. And it was nothing compared to modern 2010 security. Well, aside from the killer firewall programs.

Some companies are stupid too. /shrug I mean, in the wise words of Butt-head: "Huh huh. Some people are dumb."

Well, that and a lot of modern companies have a lot less to worry about data thieves than a 2050+ corp does. Information Security is largely based on perception of threat versus ease of use and accessibility. Modern companies see the threat as relatively low and the importance of utility to be greater. The world of Shadowrun has never seen it that way. Especially since lethal force is apparently authorized in the protection of virtual assets.

I still remember when passwords were limited to 4 standard characters on some systems... Now i got this crazy rotating 8 digit thing+ passpharases etc. The fun one was when I had crazy random passwords of the day. Every morning I got an email of all my passwords for that day. The only password that didnt change daily was for email and that changed monthly. I think one of the strengths of older editions was they didn't try to be real world. We had MP which could really be any type of measurement and attack programs which could be an exploit, denial or any number of attacks.