Data Bomb Detection/Ignoring Options

[BlackHat]

Okay, this is probably covered somewhere, and I am just not finding it - but the only reference I can find to detecting databombs says that you can do so with a successful matrix perception test. Does that mean that they only need one success (in which case, just about everyone would see them)? or does the placement of a data bomb include the act of attempting to hide it in the file (in which case it would roll program rating + stealth)?

Also, if it is the later case, which I suspect it is, whose stealth is used? The persona that is placing the bomb, or the node upon which the file rests? The first one makes the most sense, I suppose, but its bizarre that his stealth program would help long after he has left and logged off. The later just means that if you're going to bother data bombing your data, it better be on a node that can afford to run a stealth program in addition to analyze, encrypt, and the usual fare.

Also, it says "Anyone attempting to access the file without the proper passcode". Does that mean someone tries to open a databombed email message and they're given a prompt to enter the passcode into, and the bomb only goes off if they enter the wrong one? Can they wait it out and not enter anything? Can they cancel? I doubt any of that is in the rules, anywhere, but I am having trouble mapping the passcode aspect of a databomb to anything in real life. If you're going to accept a password, a user needs a way to enter it - which means they need time to enter it, which means they have plenty of warning that the file is, in fact, bombed before the bomb really goes off.

[DireRadiant]

No one is going to open a data bomb when they know it's a data bomb? They are going to open a file. When the file prompts for a password, and they enter it, that is when it goes off revealing that it is a data bomb instead?

If you are looking for a data bomb, then you aren't looking for that file you want.

So you browse for File X. You read File X, it asks for a password, you enter one, It's wrong the bomb goes off.

If you check for data bombs. You browse for file X, you do a matrix perception test on file X, you see it has a data bomb attached. You get the password prompt. You can enter the correct password and be fine, or enter the incorrect one and have it blow up, or you can attempt to disarm the databomb.

[BlackHat]

I mean, let's say someone left an email on their computer, and data bombed it in case his wife comes snooping around.
His big corporate job gives him a legal databomb program, and a license, but not a stealth program.

His wife sees the file and uses he perfectly legal, and probably reasonably rated analyze program to find out what it is. My first question was, does she only need one success to notice there is a bomb (a successful matrix perception test) or is it an opposed roll between her computer+analyze and the databomb's rating (with no stealth, since there is no stealth program involved in this example)?

Lets assume she doesn't notice the databomb, but does notice that it is an email, that it isn't encrypted, and that she suspects it has something juicy in it, so she decides to use her edit program to take a peek at the contents of this file. She tries to open it, and the computer asks her for a password, which, given that it wasn't encrypted, can mean only one thing.
Data bomb.

At this point, if she types in the wrong password, the email will probably be deleted, and her persona will take some damage (not enough to crash it - more of a kick in the knees) and she'll have to explain to her husband why she was snooping around on his work computer. My second question was, if she just stands there, or logs off, rather than entering a passcode, does the bomb still go off? If it goes off for a non-response to the passcode query, it seems like there would have to be some delay (to give the user a chance to enter it, look it up, etc) or it would require split-second reflexes for safety reasons.

[DireRadiant]

His wife sees the file and uses he perfectly legal, and probably reasonably rated analyze program to find out what it is. My first question was, does she only need one success to notice there is a bomb (a successful matrix perception test) or is it an opposed roll between her computer+analyze and the databomb's rating (with no stealth, since there is no stealth program involved in this example)?

Ah, in this case just one hit should reveal the file has a data bomb attached. In principle there's no reason to have a data bomb hidden. The existence of a data bomb is often deterence enough. I'd say you need to make the effort to hide a data bomb with stealth actively in order to produce something intended to hurt someone.

Lets assume she doesn't notice the databomb, but does notice that it is an email, that it isn't encrypted, and that she suspects it has something juicy in it, so she decides to use her edit program to take a peek at the contents of this file. She tries to open it, and the computer asks her for a password, which, given that it wasn't encrypted, can mean only one thing.
Data bomb.

Encryption != Authentication
You can have unpassworded encrypted files, and password protected unencrypted files.

So a password prompt does not mean there is a databamb.

At this point, if she types in the wrong password, the email will probably be deleted, and her persona will take some damage (not enough to crash it - more of a kick in the knees) and she'll have to explain to her husband why she was snooping around on his work computer. My second question was, if she just stands there, or logs off, rather than entering a passcode, does the bomb still go off? If it goes off for a non-response to the passcode query, it seems like there would have to be some delay (to give the user a chance to enter it, look it up, etc) or it would require split-second reflexes for safety reasons.

It shouldn't go off unless someone specifically has it set that when prompted a password must be entered within X time, which is somewhat unusual.

[BlackHat]

That all makes sense. Thanks for the help.

The encryption vs authentication thing is a little bit fuzzy, though.

AFAIK there are three ways to password protect something in SR4. Encrypted files (which can be decrypted), data bombs (which can be defused) and accounts on nodes (which can be hacked). If you could put password protection on any-old file, without using either of the first two methods, there aren't any rules for someone else trying to bypass it (although, I suppose using exploit as if hacking in would suffice). Yeah, I like that ruling, actually. You'd basically have ot hack the other guy's account to read his files (or give yourself security or admin privileges).

[Jack Kain]

Databombs also have a nasty habit of destroying the attached file, so in general you'd rather the hacker knows the databomb is there and hope it deters him then he blunders in sets off the data bomb and destroys your file. I suppose you could have some stealth databomb attached to phony files and such.

I recall a couple encrypted files with databombs attached, had to disarm the databomb before you could attempt decryption.

[Dashifen]

Unwired provides rules for nodes running programs (e.g., Analyze as discussed in the main book). I wouldn't have a problem with a node running a Stealth program actively working to hide a databomb and/or a Construct of some kind (e.g., an Agent/Sprite) doing the same. Regardless, DireRadiant is correct: 1 success will tell you about the data bomb.

[Aaron]

I think Unwired already has a thing for running Stealth on a file. Yeah, it's under Decoys, p. 72.

Also, I believe that each hit on a Matrix Perception Test lets you ask one question about what you're looking at. I believe "does it have a data bomb?" is fair game.

[Cheops]

That all makes sense. Thanks for the help.

The encryption vs authentication thing is a little bit fuzzy, though.

AFAIK there are three ways to password protect something in SR4. Encrypted files (which can be decrypted), data bombs (which can be defused) and accounts on nodes (which can be hacked). If you could put password protection on any-old file, without using either of the first two methods, there aren't any rules for someone else trying to bypass it (although, I suppose using exploit as if hacking in would suffice). Yeah, I like that ruling, actually. You'd basically have ot hack the other guy's account to read his files (or give yourself security or admin privileges).

You hit it pretty much on the head at the end of this post. I'd suggest rereading Account Privileges (BBB 216, Unwired 52) with this question in mind. Admin sets up privileges for each user and group of users. So everyone in Accounting has read access to the Accounting Software while everyone in HR has read access to the HR Database. Accounting cannot access the HR Database and HR cannot access the Accounting Software. A Basic User in either department would have access to certain extra parts of each system.

eg. The AR Clerk has write access to the Accounts Receivables functions but only read for everything else.

At Security status you'd have the department managers or "priviledged" users. They can access and modify bigger areas of the computer system.

eg. At my job everyone is able to enter trades for clients but only a few people are allowed to access Staff accounts to place trades.