Skillwires Abuse, Random thought Options

[The Jake]

Sure I've read the clustering rules. But if the GM rules that the clustered nodes can't run the software you want to run, then it won't run regardless of how many you cluster together. If a Toaster can't run an Agent program, 500 Toasters still can't run an Agent program. Unwired leaves the decision with the GM: is the device "Peripheral" or "Standard" and if "Peripheral" can it run the software you want it to run? Those are the GM's decisions.

I'm pretty sure this is explicitly covered in the BBB where it talks about defensive measures for protecting cyberware - something about "cracking up the Firewall and loading up the IC". This would pretty much say to me agents/IC can definitely run on cyberware and you can put IC in your Smartlink, MBW, Skillwires, etc.

I was thinking that slaving your skillwires to an internal commlink may not be such a bad idea anyway. Use that for storage of all your skillsofts, agents to update them, massive IC to protect them, etc.

Would it be possible to have an agent loaded with skillsofts and load those instead? A bit of a stretch but I'm just wondering.

- J.

[Rotbart van Dain...]

I was thinking that slaving your skillwires to an internal commlink may not be such a bad idea anyway. Use that for storage of all your skillsofts, agents to update them, massive IC to protect them, etc.

It is a very bad idea, as anybody having hacked your comlink will immeadiatly have full access to your skillwires.

Usually, a secure cyberware setup is a followed (no additional cost, neither in nuyen nor essence per RAW):

No datajack(!), no wifi & skinlink (at all, not even deactivated) on any implant other than the implanted commlink, only selected internal interconnects, every implant (cluster) strong ecrypted for 24h and stealthed, every implant with the hardware limitation that DNI always retains Admin access and DNI can't be disabled - (neural) triggers have the hardware limitation so they can't be disabled anyway.

The internal commlink (with an automatic trigger to be shut off by the internal biomonitor if the user become unconcious) is the door and chokepoint to the world, running the usual (hacking) programs (the standard ones as ergonomic versions, so ergonomic malware will automatically fail to run) - the only connection in is to the senseware cluster running sensorsoft, tacsoft and much IC (which can, by Unwired, hop onto the commlink node while still running on and consuming system rescources of the cluster).
Then there are two connections out: One to the skill-system cluster consisting of a skillwire and a sim module (with an automatic trigger to be shut off by the internal biomonitor if the user takes physical matrix damage), running all skillsofts and IC, the other to the bio-system cluster, usually consisting of a (nano)biomonitor and stuff like autoinjectors (usuall with automatic trigger to be activated if the user become unconcious) and nanite hives.

Of course, the skill-system cluster will have it's network suspended by default - if you need to transfer software, you can always turn it on with a free action.

[The Jake]

It is a very bad idea, as anybody having hacked your comlink will immeadiatly have full access to your skillwires.

Usually, a secure cyberware setup is a followed (no additional cost, neither in nuyen nor essence per RAW):

No datajack(!), no wifi & skinlink (at all, not even deactivated) on any implant other than the implanted commlink, only selected internal interconnects, every implant (cluster) strong ecrypted for 24h and stealthed, every implant with the hardware limitation that DNI always retains Admin access and DNI can't be disabled - (neural) triggers have the hardware limitation so they can't be disabled anyway.

The internal commlink (with an automatic trigger to be shut off by the internal biomonitor if the user become unconcious) is the door and chokepoint to the world, running the usual (hacking) programs (the standard ones as ergonomic versions, so ergonomic malware will automatically fail to run) - the only connection in is to the senseware cluster running sensorsoft, tacsoft and much IC (which can, by Unwired, hop onto the commlink node while still running on and consuming system rescources of the cluster).
Then there are two connections out: One to the skill-system cluster consisting of a skillwire and a sim module (with an automatic trigger to be shut off by the internal biomonitor if the user takes physical matrix damage), running all skillsofts and IC, the other to the bio-system cluster, usually consisting of a (nano)biomonitor and stuff like autoinjectors (usuall with automatic trigger to be activated if the user become unconcious) and nanite hives.

Of course, the skill-system cluster will have it's network suspended by default - if you need to transfer software, you can always turn it on with a free action.

Normally I'd agree it pays to be this paranoid (I work in IT Security!) but the ability to download, search for skillsofts, obtain automatic updates - is very powerful. Using a datajack at least means there is no means to hack you by wireless methods and adds another layer of separation.

- J.

[Rotbart van Dain...]

Normally I'd agree it pays to be this paranoid (I work in IT Security!) but the ability to download, search for skillsofts, obtain automatic updates - is very powerful.

While the Horizon option is nice, it only exists for registered knowsoft - and any registered software is a no-go for runners using more than one SIN. (That is, any runner still alive)

To search for skillsoft, your commlink suffices - and periodic updates and download in the 'paranoid mode' just require you to use two additional free actions by mental command... hardly anything compared to the number of complex and simple actions spend to search and download said software.

Using a datajack at least means there is no means to hack you by wireless methods and adds another layer of separation.

Actually, a normal datajack provides wifi - and, additionally, the attacker with the exception to directly access every implant - and of course, the ability to feed you black snuff BTLs.

[Warlordtheft]

do you think it would underpower the skill wire to use this and also say a skill wire only adds 1/2 it ratting dice rounded up to the roll.


ie a rating 3 skillsoft would add 2 dice and be cap at 3 success

Depends on how much you want to nerf them. IMHO, I think limiting it to the skillwire rating is sufficient. One of the drawbacks in previous editions was that skillwires could not add dice from the diecpools, this, I think adds the same flavor.


Think about an opposed succes with firearms: Robot Wannabe Runner Ronney rolls 6 dice for a firearms (3 for agility, 3 for 3 Firearms skillwires) he gets four successes (so only 3). Dodger don the physad he's shooting at gets to roll his dodge+reaction and needs only 3 successes to get out of the way. Also, it makes any task with a higher threshold than the skill wire impossible to achieve.

That aside none of my players have even broached skillwires or emotoys yet...

[Malachi]

I'm pretty sure this is explicitly covered in the BBB where it talks about defensive measures for protecting cyberware - something about "cracking up the Firewall and loading up the IC". This would pretty much say to me agents/IC can definitely run on cyberware and you can put IC in your Smartlink, MBW, Skillwires, etc.

I know, I remember the passage. However, Unwired came out later than the BBB, specifically to address questions as possible "exploits" in the rules. I remember in the BBB that it mentions putting IC in a Smartgun or Cyberarm, but Unwired specifically lists a Smartgun as a "Peripheral" Node, of which the GM has ruling over what exactly the OS of the Peripheral node can run. Here's the point (as far as I see it). There was perceived to be an "exploit" in the rules that was called "Agent Smith." Essentially, since there were no specific rules preventing someone from simply copying an Agent, and because "everything's a node" and there were no rules limiting what a particular device could and couldn't run, it was perceived that a Hacker could go out buy 100 toasters for about 10 (IMG:style_emoticons/default/nuyen.gif) apiece, copy 100 Agents on to them, and sic their army on any Node they wanted, which would inevitably fall under the sheer weight of probability.

Now, Unwired attempted to mitigate this with a couple of updates: 1) Although Agents can be copied, they still have the same Access ID and thus when the copy of an Agent attempts to access a Node where another copy is already running, the logon is automatically rejected. Changing a copied Agent's Access ID takes a significant amount of time: Rating x 3 weeks (Unwired pg. 111) (IMO, the option to patch an Agent's Access ID should be removed entirely); 2) Not every Node can run an Agent (eg. a toaster). Thus Unwired classifies some things as "Peripheral Nodes" and leaves it up to the GM what the OS of said Node can or cannot run.

So, the conclusion here is that it's all about how you like to run your game. In my SR4 games, I like to keep my Matrix stuff fast and to the point. Thus, I heavily emphasize the "central node" idea where there is a central Node that controls a whole bunch of "little" nodes. You can go and Hack all the little nodes if your really but that will take time, or may not be an option if they are Slaved to a Central Node. Thus, its far more efficient (even if it is more dangerous) to just Hack the central Node, have some fun Cybercombat, and subvert the system from there. Usually the Hacker is getting into the system to do something: disable devices, look for files, take control of things, I prefer that the rules not bog the player down in a bunch of time-wasting before they get to do what they came to do (SR2).

[The Jake]

While the Horizon option is nice, it only exists for registered knowsoft - and any registered software is a no-go for runners using more than one SIN. (That is, any runner still alive)

To search for skillsoft, your commlink suffices - and periodic updates and download in the 'paranoid mode' just require you to use two additional free actions by mental command... hardly anything compared to the number of complex and simple actions spend to search and download said software.

Actually, a normal datajack provides wifi - and, additionally, the attacker with the exception to directly access every implant - and of course, the ability to feed you black snuff BTLs.

Where does it say that datajacks provide wifi?

Also pirated software doesn't auto update. I believe we were speaking about hacked software that is dirt cheap, hence the point re: using agents to autoupdate.

Malachi, thanks. I after that post I think we see things more on the same wavelength than I originally thought.

- J.

[Dragnar]

In 2070 every electronic device provides wifi.

Still, that's no disadvantage as you can always deactivate it (and with a hardware switch no hacker can reactivate it).

[pbangarth]

By the wording of some of the posts in this thread, I am getting the impression that some think the datajack is a venue for hacking the software/hardware in a person by allowing the attacker to plug into it physically. Am I reading this correctly?

It would seem to me, as at least one other poster has said, that if the attacker is that close and can stick something into your head, you have more worries than being hacked.

Peter

[Rotbart van Dain...]

People always tend to forget that sooner than later, said datajack is connected somewhere by the user.

[Dragnar]

Yeah, and connecting something else to your head via fibreoptic cable is more secure than any other method, not less.

[Cain]

Where does it say that datajacks provide wifi?

All cyberware has a Device Rating, which in turn means it has a Signal rating.

By the wording of some of the posts in this thread, I am getting the impression that some think the datajack is a venue for hacking the software/hardware in a person by allowing the attacker to plug into it physically. Am I reading this correctly?

No. I don't have my books handy, but IIRC, a datajack provides a direct line to all your cyber, as well as everything you've got plugged into it. This direct line will bypass even a slaved system. Additionally, since a datajack is wifi-enabled, you can't stop this back door unless you slave your datajack-- which kinda ruins the point of having one. If you shut off the wifi, you also lose a lot of the capabilities of the datajack.

[pbangarth]

Does shutting off the wifi interfere with the use of an optical cable?

And doesn't a skillwire system have all the memory it needs anyway, so there is no need to keep skillsofts outside?

Peter

[Stahlseele]

No

Yes

Me

i don't know how people can say that it's not secure to first bring your comlink online to download the latest patches and softs.
then hardwired switch off the wifi . . run scanners, defrag, antivir and everything else you might need to clean up such stuff . .
then connect the comlink now without wireless to the completely wireless datajack(beta used ripped out of some old guys head who got it in a time where such jacks did not have wifi) and transfer the softs into the system, then disconnect the optical cable and you are done . .

[The Jake]

All cyberware has a Device Rating, which in turn means it has a Signal rating.

No. I don't have my books handy, but IIRC, a datajack provides a direct line to all your cyber, as well as everything you've got plugged into it. This direct line will bypass even a slaved system. Additionally, since a datajack is wifi-enabled, you can't stop this back door unless you slave your datajack-- which kinda ruins the point of having one. If you shut off the wifi, you also lose a lot of the capabilities of the datajack.

I have just assumed it functioned like the old versions (a faulty presumption to some extent) - basically a socket in your head which allows DNI to your cyberware.

Allowing open wireless to any piece of cyber is just plain silly (penile implants anyone???).

I don't care what the rulebook says on wireless. Common sense has to prevail at some point. I play with 2 other IT techs and agree that the cyberware and Matrix rules need serious houseruling to maintain even "partial" suspension of disbelief.

- J.

[Dr Funfrock]

Well I believe there's also the fact that Device Rating serves as whichever stats are appropriate for that device. I am not aware of any rule which states that anything with a device rating automatically has a signal rating. From what I can see it's just a useful little catch-all stat for whatever the GM happens to need at the time, to save on giving detailed stats to everything.

[Cain]

I have just assumed it functioned like the old versions (a faulty presumption to some extent) - basically a socket in your head which allows DNI to your cyberware.

Allowing open wireless to any piece of cyber is just plain silly (penile implants anyone???).

I don't care what the rulebook says on wireless. Common sense has to prevail at some point. I play with 2 other IT techs and agree that the cyberware and Matrix rules need serious houseruling to maintain even "partial" suspension of disbelief.

I'm not a computer nerd or IT guy, so I'll take your word on it. I will say that by RAW, bone lacing is wireless. I'll also say that since there's a lot of people like me out there, people who only have the slightest idea what wi-fi is all about, common sense isn't going to be too common.

Well I believe there's also the fact that Device Rating serves as whichever stats are appropriate for that device. I am not aware of any rule which states that anything with a device rating automatically has a signal rating. From what I can see it's just a useful little catch-all stat for whatever the GM happens to need at the time, to save on giving detailed stats to everything.

Anything with a Device rating has a value that stands in for its Matrix stats. Appropriateness doesn't factor into it. However, even if we give it varied stats-- Signal 0-- it can still be hacked from any node or person within 3 meters.

[Dragnar]

Keep in mind that "Signal 0" is not the same as "no signal". The first describes a really weak wifi capability, the second describes quite literally no capability for wireless information exchange whatsoever. You simply cannot hack a device that can't communicate with you (in fact, you can't hack a device which doesn't want to communicate with you, either, so you don't even need to mechanically kill the wifi capability to be unhackable).

Bone lacing is wireless by default, because it makes the job of the cybertechnician that performs the maintenance on it easier (he can look at its diagnostics without having to cut you open), you can get almost the same ease of use with a wifi-less hardware link that breaks your skin, though, and still be unhackable (a hardware link like, say, your datajack). Or you could opt to make the technicians job more annoying and simply deactivate external access alltogether.
And a datajack is nothing more than a piece of ware allowing you to have a wired DNI-link to a device outside of your body. It doesn't need wifi (infact, its main point is making you less dependent of wifi). It doesn't allow anyone to hack your cyberware just because it's there. Your cyberware is vulnerable if it's connected to your PAN and your PAN is accessible for the hacker (by being wireless, for example), there's no magic way to get access to a piece of ware you don't allow access to one way or the other.

[KCKitsune]

Hey everyone... I've got a question. If you have a datajack in a cluster that's slaved to your commlink can the 'Link override the "accept no connections except from the link" so that you can use it to talk to your smartgun or hook into an external commlink?

I can see the datajack being set in a bridge mode where the data traffic is pumped directly into the 'Link and not through the cluster at all.

[Cain]

You simply cannot hack a device that can't communicate with you (in fact, you can't hack a device which doesn't want to communicate with you, either, so you don't even need to mechanically kill the wifi capability to be unhackable).

While I agree with the first point, isn't hacking how you defeat the second point? Right now, if I find an encrypted wi-fi network, it doesn't want to talk to me, thereby blocking me out. But if I use a few tricks, I can hack the network, and start communicating with it. Doesn't that amount to the same thing?

[The Jake]

While I agree with the first point, isn't hacking how you defeat the second point? Right now, if I find an encrypted wi-fi network, it doesn't want to talk to me, thereby blocking me out. But if I use a few tricks, I can hack the network, and start communicating with it. Doesn't that amount to the same thing?

There is a world of difference between you're suggesting vs physically not even being able to CONNECT to it in order to attempt to hack it (which is what I'm proposing).

Side note, not all cyber is wireless. It specifically says (BBB IIRC, or maybe Augmentation) that stuff like bioware and some stuff like bone lacing is NOT wireless.

- J.

[Rotbart van Dain...]

Yeah, and connecting something else to your head via fibreoptic cable is more secure than any other method, not less.

Actually, if you use a datajack to connect to a commlink, terminal or any other out-bound-capable device... it is less secure than using an internal commlink. Because the latter does not allow your enemy a free pass on all your implants or brain.

[Cain]

There is a world of difference between you're suggesting vs physically not even being able to CONNECT to it in order to attempt to hack it (which is what I'm proposing).

Side note, not all cyber is wireless. It specifically says (BBB IIRC, or maybe Augmentation) that stuff like bioware and some stuff like bone lacing is NOT wireless.

- J.

Bioware is explicitly not the same thing as cyberware. Cyberware is electronic and mechanical, and has a Device Rating, bioware does not. If you check p 214, BBB, you'll see that cyberware types all have a Device rating; bone lacing, being Bodyware, has a Device rating of 1.

As for your setup: again, I'm not an IT guy, so you may need to explain it again. But unless you've physically turned the wireless off, my understanding is that there's no 100% perfect method of protecting it. Someone can always crack it. If the wireless is on, by definition isn't any attempt to break into it "hacking"?

[WeaverMount]

As for your setup: again, I'm not an IT guy, so you may need to explain it again. But unless you've physically turned the wireless off, my understanding is that there's no 100% perfect method of protecting it. Someone can always crack it. If the wireless is on, by definition isn't any attempt to break into it "hacking"?

In SR all software and firmware that try to keep some users from connection to a system amount to a firewall rating. All software and firmware help you get into a system amount to a exploit program of given rating.

In real life people use encryption and frequency hoping to make many valid SR attacks literally or effectively imposable; at least until there is some earth shattering advances in either pure math or computing power. If you dig up Frank's post on encryption he breaks it down pretty well. It's geared towards justifying his matrix rules, but the analysis is spot on whatever your take on his rules may be.

[Dragnar]

Actually, if you use a datajack to connect to a commlink, terminal or any other out-bound-capable device... it is less secure than using an internal commlink. Because the latter does not allow your enemy a free pass on all your implants or brain.

I still fail to see where that idea comes from. A datajack doesn't allow your enemy a free pass on all your implants or brain (infact, nothing short of a PAB unit allows anyone a pass at your brain). It just gives you a wired DNI. Nothing more, nothing less.
If you connect to the matrix via the commlink in your pocket that's connected to your datajack you can operate the commlink by thought and any hacker wirelessy compromising your commlink can do with it whatever he wants and can even connect to your datajack. If you're dumb enough to slave essential cyberware to the jack, he now has access to that ware as well.
If you connect to the matrix via your internal commlink you can operate the commlink by thought and any hacker wirelessy compromising your commlink can do with it whatever he wants. If you're dumb enough to slave essential cyberware to the link, he now has access to that ware as well.
In both situations the commlink is securely wired to your brain, with the (wireless) link itself being the only angle of attack.
Where's the difference exactly?

While I agree with the first point, isn't hacking how you defeat the second point? Right now, if I find an encrypted wi-fi network, it doesn't want to talk to me, thereby blocking me out. But if I use a few tricks, I can hack the network, and start communicating with it. Doesn't that amount to the same thing?

Close, but not quite. Spoofing basically tries to tell a system that you are someone that has the right to give orders to the system, so it better listens up. There are ways to communicate that simply are impossible to spoof, however. The one I talked about is a commlink connected to your jack set to "don't accept any wireless orders, only listen to those order coming up through the cable". Even with the abstraction in the SR-rules, a basic point still remains: For any spoofing attempt to have a chance of success, there has to be a legitimate way to fake. If the link is set to ignore all wireless traffic, not even FastJack can hack it via wifi.
Imagine a door secured with a passkey system: It doesn't matter how good the passkey forger trying to enter is, if the door simply rejects every try as there isn't actually a "correct" key. There's nothing to copy and no way to trick the system.