Idiot's Guide to the Matrix 2.0 Options

[Serbitar]

[Rotbart van Dain...]

[Aku]

[Serbitar]

Hm, where does this -1 for load come from?

[Aku]

that is for running 11 programs on a response 6 comm

[Serbitar]

Thats what I meant. Your response was lowerd by one for running 11 programmes.
That was lowering your System to 5 and thus, all your programmes.

Of course, after failing the reality filter, your response was 4, and thus all your programmes (stealth, too).

[Hasimir]

@ Aku : to clarify the situarion...from the discussion it came out that:
- you are ALONE
- you are OUTSIDE the building

@ Serbitar
The problem is...in past edition the system tryed to be realistic (maybe too much) while in SR4 the system is more symple (maybe too much) :P

In theory what Aku did was a "hack on the fly" ... meaning that he has exploited some bug of the programs running on the target network, getting "shell access".
Shell access, in poor words, is what allows a user to "do stuff".

Since some stuff is rooted deeper into the system, maybe even behind some passive security like passwords and hidden folders and similar things, you may imagine that a hacker may just be content with User-Level access intead of more usefull but more difficult Security/Admin-level access.

The problem is that this access to the command shell DOES NOT correspond to ANY account!
When the system asks for UserID and Password you are basycally putting up a "mask" and trying to "fast-talk" past the security:
< No sir...I'm not editing this file...I'm just an email... >
THIS is what your Stealth software does (in past edition it was a "Masking" program ;) )

So...the Aku Icon knoks at the network door and says: "Hi, I am a phone call from WhateverCORP...can I come in?"
The Firewall runs a check while Aku tryes to throw smoke and lies all around.
Hopefully the Firewall is fooled and lets you in.

Now Aku is inside disguised as a phone-call with some basic User-Level access options and, unless he does something "hackish", he should be fine and left alone.

BUT this system filters all entering data through a security node to provide extra security.
Aku-phone gets inside and is looked upon by some Agents, for the simple reason that these Agents are supposed to look at ANYTHING that comes through.
The Agents look at the Icon of Aku...that looks like a phone-call but IS NOT a phone-call NOR it has any valid user account.
Aku manages again to disguise himself as some kind of legit data-file...so the Agents are satisfied and let him be.

This way Aku is left alone while:
- trying to alter the skulpted reality
- lounching and subscribing an Agent (that caused a "spike" in the system :P )
- tapping the flow of data in the node
- analyzing the node
- poking a hidden databomb
- running a medic software
- stiking around for ONE HOUR probing the hidden node

If you think in this terms, it all makes sense.
Too bad the rulebook goes in a too simple way explaining such things...so anyone supposes to have a user-ACCOUNT, while in truth they only have user-ACCESS ... that is a very different thing!

If Aku, disguised as a warez-porn-movie, manages to find a legit user-ACCOUNT (ID and Pass...or "Key" as the rulebook says) he then can do whatever he wants unpunished, becaus any security-query will receive a proper code-answer.

[Aku]

well, i guess that changes how im viewingt hings, but, to clairify, the INTERVAL time is 1 hour for the slow probing, i made 5 rolls, so really, i was in there for 5 hours!

[Serbitar]

[Hasimir]

It's not an "interpretation".
I stated it in the beginning of my post: what I described would be a hacking that followed "real world" rules and principles.

SR4 gets too simple and skips it all by directly giving you an ACCOUNT.
On this you are right.
Agents will scan Aku, but Aku has an account...so no test should be done unless Aku breaks the laws of his current account.

I deem this rules too "light", not because I like rolling dices, but because they take away the brain from the hacking process.
One thing is having an hacker to figure out a way to get a valid accout (by meat-world legwork/spying/corruprtion/etc) or a safe entry-point (by phisically breaking inside the network building)...becaus hacking from the outside gets you just "access privileges", meaning that you are "hot" untill you get a legit account.

Another world is if you just have to roll high on a stupid test...and if you do BAM! you get it all:
- you get a legit account
- you don't need to break into the building
- etc...

But yes...the book states that you get an ACCOUNT.
I was just trying to explain the reason behind the happenings of this run ;)

[Rotbart van Dain...]

[Aaron]

Actually, in the "real world" of computer cracking, if you're using a computer, you have an account. Maybe it's somebody else's legitimate account (which is the easiest way to go), and maybe it's one that you created (as through an overflow error such as the one used by Karl Koch and other members of the Chaos Computer Club in the late 80's), but it's still an account. An agent running on their system could be merely a process, since it's not attached to any external ports, but it would still have to be associated with an account, which would define its privileges.

Furthermore, somebody mentions above that a hacker or agent could use Stealth to look like porn. This is actually not possible in the "real world." You could use Stealth to look like a user or a normal process, but not a file. Consider reading through your process list to see if anything unauthorized is running, and coming across a process (program) called boobies.jpg -- it makes no sense that a data file would be running as a process.

One example that sums up both points about stealth nicely is the Open Search Web adware browser hijacking program. It inserts a process called "AIM README.EXE" into your running processes. First of all, one should become suspicious that a readme file has come to digital life; it's like a cookbook getting up and tossing ingredients around and yelling, "BAM!" Second, it is pretending to be a legitimate process, albeit poorly.

I think that the core of the debate here is what it means for a user to have a personal account, security account, or an admin account. I mean, yes, a normal user-level account would be able to do certain things without raising suspicions, but the question is, what are those things? At what level can a user scan the node's connections? At what level can they decrypt a normal file? What about a security camera file?

The answer, I think, is relatively simple. It's different for each node. Yeah, that sucks, but that's how it is in real life, too. Each administrator has his or her own favorite settings. Some settings are obvious (kernel access and shutdown privileges belong to the admin only), but some are a matter of taste (can users see who else is on the node?).

Most of the time, this last point is moot; the overwhelming majority of nodes in 2070 only have an admin account: cameras, vending machines, cyberarms, civilian vehicles, etc. It's the machines that multiple people access and/or use that are going to have different levels of access: nodes that run building security, mainframes, hotel nodes, personal commlinks, and the like.

Well, that went on longer than I thought it would. Sorry about that.

[Rotbart van Dain...]

[hobgoblin]

[hobgoblin]

hmm, to slow yet again...

[Aaron]

[Serbitar]

[Hasimir]

I know that a "file" listing as a "process" and generating system traffic is like a blinking neon signal calling for divine retribution.
But I just couldn't resist the ancestral call of the P.O.R.N. :P

Instead, the some account concept scores a good point, being also more in-line with the rulebook.

A question.
Most devices, as stated above, just have a "default" setting with one account that has total access (Admin Level).
Does this means that to hack into a stupid I-Pod I have to get an Admin Account (threshold +6) or that the basic Personal Account automatically grants me Admin privileges?

[hobgoblin]

it realy depends on what device is supposed to be used for i think.

with a i-pod (or ares-pod as i guess it would be named in SR ;) ) i would hazard that it would grant you a admin account as if you requested a normal account. but if you try to attack someones comlink that only have a admin account i would think you would run into a higher treshold.

[ArchXL]

So........ is Dash back yet?

[Dashifen]

Yes, I'm back as of yesterday, but the inevitable back log of work-related stuff will probably delay the restart of the thread until tomorrow at the latest. At the very least I have to get through all of my email first!! But, this is basically a heads-up to let everyone know that I'm back. Also, Hasimir, I love the way you explained user-access vs. user-account above. Well done, sir.

[Dashifen]

Hrm ... I'm bogged down (if you couldn't tell by my extended two week absence) with real life at the moment. Honest question: is there still interest in continuing this thread? If so, do we want to continue with Aku's scenario? Would it assist people to switch to a different scenario? Bueller?

[Dv84good]

I am interest in the thread still but I think you and Aku should set up some time so there isn't 2 or 3 days inbetween a single dice roll. Thanks for what you have done.

[ZenOgre]

*knock knock*
hey Dash, hope you and Aku can carry on with this. I was lurking here for a while reading and figured i'd show my support for the topic. Brought up a bunch of good idea's and showed me how I could better describe my players encounters in a full VR setting.

**edit- me not proof reading**

[Gort]

Thanks for this thread, Dash, Aku.

Serbitar - By your argument, someone who takes their time to hack in and get an admin account would never be scanned ever. Have I read you wrong somewhere?