How to protect your devices from Hackers in 5th Edition, Or how I learned to worrying and love the GOD. Options

[LurkerOutThere]

It's tough to one-shot a device without a mark or three, so there's that.

I'm not sure how you figure. Defense of device is effectively static right now, there is a pretty hard cap on a persons device rating + firewall and willpower. It may be difficult to brick a device in one go for starting characters but people arn't going to stay that way for long, nor should that be the sum total of it. Plus there's edge expenditure.

[Tymeaus Jalynsfe...]

Strangely enough, exactly like Wired Reflexes would be.

Indeed...
There is a vast difference between Internal Cyberware and the Computer environment a business uses. One should never have online requirements at all (it is firmware), and the other functions more efficiently (possibly) if it is online.

I have absolutley no issues with a Network of computers having issues with a Hacker. I have great issues with a Hacker screwing with internal 'ware.

[Aaron]

I'm not sure how you figure. Defense of device is effectively static right now, there is a pretty hard cap on a persons device rating + firewall and willpower. It may be difficult to brick a device in one go for starting characters but people arn't going to stay that way for long, nor should that be the sum total of it. Plus there's edge expenditure.

Data Spike damage is Attack + net hits, resisted normally. That's not usually enough for the 9+ boxes of damage required to brick a device in one shot, even with a very high Cyebrcombat stat. Each mark on the target adds 2 to the damage, so it's helpful to have a mark or three to push the total up above what the target can reasonably resist.

[Tymeaus Jalynsfe...]

Data Spike damage is Attack + net hits, resisted normally. That's not usually enough for the 9+ boxes of damage required to brick a device in one shot, even with a very high Cyebrcombat stat. Each mark on the target adds 2 to the damage, so it's helpful to have a mark or three to push the total up above what the target can reasonably resist.

Or just data spike it twice and be done, No Marks required.

[Kruger]

Though, if a Street Sam can equip his cyberware with Black IC, then perhaps then having Wireless gear becomes fun and amusing. (IMG:style_emoticons/default/biggrin.gif)

[Tymeaus Jalynsfe...]

Though, if a Street Sam can equip his cyberware with Black IC, then perhaps then having Wireless gear becomes fun and amusing. (IMG:style_emoticons/default/biggrin.gif)

Why would he do that... a Data Spike would completly ignore the IC from what I have seen. Though Maybe I have read that wrong.

[LurkerOutThere]

8 Intelligence + 5 cybercombat + is base dicepool. I could also get the hotsim bonus Currently i will typically running a attack rating of 7 or 8 (6 or 7 plus decrypt). Against anything but a comlink with an absurdly high DR I will probably crush it, and do 7 or 8 damage plus net successes plus 2 for hammer. So yea anything not protected very very well indeed is probably going bye-bye. And this is a character with just a few modules under their belt, on less then optimal conditions.

My complaint remains, matrix combat needs some form of dodge or parry. Some way to bring skill back into the equation. Right now it absurdly penalizes defenders.

[Mäx]

I was simply pointing out an application that cannot be run without an internet connection.

You should probably do some more research before making silly claims like that.

[Kruger]

You should probably do some more research before making silly claims like that.

Guess those jerks didn't read SR5 before they did that. Their Photoshop test is only going to be a +1, not a +3.

[Redjack]

(Also it would take a good long while for any group to be willing to develop enough trust to slave their stuff to someone else's gear. It's one thing accepting some matrix overwatch, it's another thing to surrender control of everything you own to someone else. Hell in real life where I don't have my life on the line if my stuff is compromised, I still am hesitant to give someone else access to my stuff, much less full control over it.

Given that people give up their administrative password to technical support people every day and that failure to properly secure your comlink means that the lives of fellow teammates are on the line, I think many teams would be hesitant to head out with a team mate whose comlink hasn't been cleared as clean and secure. Just my $0.02, not supporting the slaving option, just the notion of not allowing the team hacker the access.

Agreeed... Just becasue my computer is not connected to the Internet, it is not rendered useless. In fact I can do everything (except browse the Internet, which is not a necessity) on my computer without EVER having to connect to the internet at all, if I like.

This debate is starting from a flawed premise. Your comlink is not your computer.... It is your phone + computer + interface to AR. The latter alone makes you handicapped in many places without. Unable to pay. Unable to read menus. In some places in gross violation of the law (ergo. Required Active Mode).

[Draco18s]

You should probably do some more research before making silly claims like that.

Nice. I hadn't looked around for pirated CC, not really relevant. (IMG:style_emoticons/default/nyahnyah.gif) We're still running on a mix of CS5 and CS5.5 (we still can't get every computer in the office on the same page and there's only seven machines!)

[Tymeaus Jalynsfe...]

This debate is starting from a flawed premise. Your comlink is not your computer.... It is your phone + computer + interface to AR. The latter alone makes you handicapped in many places without. Unable to pay. Unable to read menus. In some places in gross violation of the law (ergo. Required Active Mode).

Okay... So a Smartphone? Fair Enough? So.... Still not seeing any reason that I would be vulnerable to the vagaries of the Internet and hacking IRL, because I do not even own a Cell Phone, let alone a Smart Phone.

In Shadowrun, all that is required is that you have "something" that broadcasts your Identity in those places that require it (and amazingly enough I can still browse AR with it, but not connect it to anything else, because it would be a security breach). There is nothing requiring that you use the Matrix, or even be active online. There never has been, either. But Wait... Since Shadowrunners have been so keen on Matrix security that the hacker is useless, lets Force them to open up their devices (including those that make no sense to be online, like Internal Ware) so that they can be hacked... that sounds like it would be fair, becasue Hackers don't have anything else to do in combat...

Lunacy Indeed... (IMG:style_emoticons/default/smile.gif)

[Seerow]

Given that people give up their administrative password to technical support people every day and that failure to properly secure your comlink means that the lives of fellow teammates are on the line, I think many teams would be hesitant to head out with a team mate whose comlink hasn't been cleared as clean and secure. Just my $0.02, not supporting the slaving option, just the notion of not allowing the team hacker the access.

There's a big difference between allowing access and turning over full control though. Giving the decker access pre-run to make sure you're not already infected, or have any glaring vulnerabilities? Sure. But his access is going to be removed almost immediately afterwards unless I trust that guy with my life.

Seriously how many people in the world would you trust to have constant total control over machinery inside your body?

[Redjack]

Seriously how many people in the world would you trust to have constant total control over machinery inside your body?

My counter is: How well do you know the street doc working on your ware? Or a modern day equivalent: How well do you know the next surgeon, anesthesiologist, nurse, etc when you have an operation? Despite our best paranoia, there are times you must extend unearned trust.

There's a big difference between allowing access and turning over full control though. Giving the decker access pre-run to make sure you're not already infected, or have any glaring vulnerabilities? Sure. But his access is going to be removed almost immediately afterwards unless I trust that guy with my life.

Unless your character has a software R2 or higher, this doesn't fly. He has NO idea what the hacker is doing once inside...

[Redjack]

Okay... So a Smartphone? Fair Enough? So.... Still not seeing any reason that I would be vulnerable to the vagaries of the Internet and hacking IRL, because I do not even own a Cell Phone, let alone a Smart Phone.

Welcome to the 2070's my friend. You either opt in or opt all the way out.

In Shadowrun, all that is required is that you have "something" that broadcasts your Identity in those places that require it (and amazingly enough I can still browse AR with it, but not connect it to anything else,

You can stop here. You misunderstand the technology.

[Wired_SR_AEGIS]

Okay... So a Smartphone? Fair Enough? So.... Still not seeing any reason that I would be vulnerable to the vagaries of the Internet and hacking IRL, because I do not even own a Cell Phone, let alone a Smart Phone.

Then you've already been hacked. You just don't know it yet, because you don't understand Security Engineering. Let me help you:

You exist in a world that has a permanent denial of service attack perpetuated against it.

Except, in this case, instead of your computer being hacked they went straight to the brain hack. (IMG:style_emoticons/default/wink.gif)

-Wired_SR_AEGIS

[Epicedion]

Okay... So a Smartphone? Fair Enough? So.... Still not seeing any reason that I would be vulnerable to the vagaries of the Internet and hacking IRL, because I do not even own a Cell Phone, let alone a Smart Phone.

In Shadowrun, all that is required is that you have "something" that broadcasts your Identity in those places that require it (and amazingly enough I can still browse AR with it, but not connect it to anything else, because it would be a security breach). There is nothing requiring that you use the Matrix, or even be active online. There never has been, either. But Wait... Since Shadowrunners have been so keen on Matrix security that the hacker is useless, lets Force them to open up their devices (including those that make no sense to be online, like Internal Ware) so that they can be hacked... that sounds like it would be fair, becasue Hackers don't have anything else to do in combat...

Lunacy Indeed... (IMG:style_emoticons/default/smile.gif)

I'm sure you can install the new Tinfoil Hat cyberware if you like...

[X-Kalibur]

I'd like to throw out these descriptive texts for digestion.

Reaction Enhancers: By replacing part of the spinal column with superconducting material, a character’s reaction time can be increased.

Wired Reflexes: This highly invasive operation implants a multitude of neural boosters and adrenalin stimulators in strategic locations all over the body, catapulting the patient into a whole new world where everything around her seems to move in slow motion.

Why would the first implant even have wireless connectivity? Or the second for that matter? SR4 just had them having RFID for diagnostic purposes. There is no reason for these to requires a matrix connection.

[Jaid]

Given that people give up their administrative password to technical support people every day and that failure to properly secure your comlink means that the lives of fellow teammates are on the line, I think many teams would be hesitant to head out with a team mate whose comlink hasn't been cleared as clean and secure. Just my $0.02, not supporting the slaving option, just the notion of not allowing the team hacker the access.

This debate is starting from a flawed premise. Your comlink is not your computer.... It is your phone + computer + interface to AR. The latter alone makes you handicapped in many places without. Unable to pay. Unable to read menus. In some places in gross violation of the law (ergo. Required Active Mode).

and nobody is complaining that you can hack things that are online and require online to function.

we're complaining that some things make absolutely no sense to have an online requirement, or would be mind-blowingly stupid to have an online requirement.

it's fine to have an ebay app that requires online connectivity. nobody will complain that hackers can hack your device that has the function of running your ebay app, nor will anyone complain that you lose the usefulness of your ebay app should you take it offline. frankly, for the most part, hackers won't care about this app, and there's millions or even billions of copies of this app or equivalents that the hacker could target instead, with most likely nothing particular to make yours stand out as a target. there is minimal risk, and it's basic function requires that it be accessible. there is no problem with this being hacked.

it makes no sense whatsoever for military-grade hardware to be designed to have completely unnecessary vulnerabilities. by nature, any time you need to use it, you are probably going to be going up against someone else with significant resources, significant motivation for targeting you over the many other people in the world with that device (on account of they're not dealing with those other people that have the device), and the resources they can call on are easily accessible from pretty much anywhere in the world, at a moment's notice. equipment designed for military use *should* be designed with the assumption that there will be a gigantic bullseye painted on it, because for all intents and purposes that is the case.

so when you have the sort of thing that pretty much only gets used by special forces/black ops teams, and for which the basic functionality does not inherently require that it be accessible to everyone, it makes no sense to have extra vulnerabilities added in. thus, we're upset that there is a bonus for wired reflexes and reaction enhancers, because their function is to make you move faster. they don't need an internet connection to make you move faster. if more processing power is required, because of the nature of the device, the only reasonable solution is to build in more processing power, or tone down the device so that it has fewer requirements, not to open the whole system up to another avenue of attack by using cloud computing and paint a gigantic "i'm an idiot, please nuke me" sign on the person dumb enough to buy and use such a moronic device.

so, in short: we're not angry that some devices have online bonuses. we're angry that devices which have absolutely no valid reason to have online bonuses, have online bonuses, and we're angry that those so-called bonuses are things that should be basic functionality. we want the mechanics to work, but it has to work within the setting provided. high-grade milspec gear that is most likely to see use in covert ops being designed so that it is less secure than it could be does not work within the setting provided. the intended market for that gear would pitch a fit over having an added weakness that is easily exploited.

the only way it could make sense if there was a consumer model, and a security/military model, and at that point, we're right back into not working with the setting. what company would be selling the kind of equipment that costs a small fortune (seriously, you could buy a small fleet of vehicles with that kind of money) and which has the primary function of making you better at killing things to private customers?

we're ok with the idea that you can hack things that are online. we're ok with the idea that some things get a bonus for being online.

but we want the bonus to make sense, and we want the risk to make sense, because that is a requirement for the setting to be at all plausible.

i've yet to see anyone complain that leaving your gear online makes you hackable.

i've seen many people complain that certain specific examples of things getting an online bonus are completely absurd, because their function does not require them to be online.

and i've seen many people complain that certain specific devices are only ever going to be used in situations where there is a high risk factor of them getting hacked, and as such should not be designed to have basic functionality that requires making them available to be hacked.

it's not the whole system of online bonuses that needs to be fixed. it's specific examples within that system that need changes, for the setting to be made plausible.

[Kruger]

Why would the first implant even have wireless connectivity? Or the second for that matter? SR4 just had them having RFID for diagnostic purposes. There is no reason for these to requires a matrix connection.

They shouldn't even need/have RFID. They could just as easily have some kind of I/O port. I mean, just because wireless exists, doesn't mean that there is no longer any use for wires, lol. Environmental plug to keep dust/moisture out, then hook it up to whatever equipment is running the diagnostics. I mean, it's not the easiest solution, but it's far from complicated, and definitely the way you're going to want it to work, when again, you live in a world where people can hack computers with their brains across thin air, lol.

And we're not just talking for Shadowrunners. The world is full of bored dickbags who hack things for fun. Any normal person isn't going to want to have somebody playing with their implants just because some writers of Shadowrun saw an episode of GitS:SAC once.

[Redjack]

The world is full of bored dickbags who hack things for fun. Any normal person isn't going to want to have somebody playing with their implants just because some writers of Shadowrun saw an episode of GitS:SAC once.

The problem is that paradigm exists today and yet everyone goes wireless everywhere, AP's not even using WEP (yes, broken but keeps out most), blue tooth everywhere, despite the fact it can be hacked from a lot farther than the advertised 25' range. I submit that people are lazy by default and take the easy way. Security is not a primary consideration for most. Shadowrunners are stuck working in a world that is designed for convenience, not security.

[Redjack]

so, in short: we're not angry that some devices have online bonuses. we're angry that devices which have absolutely no valid reason to have online bonuses, have online bonuses, and we're angry that those so-called bonuses are things that should be basic functionality. we want the mechanics to work, but it has to work within the setting provided. high-grade milspec gear that is most likely to see use in covert ops being designed so that it is less secure than it could be does not work within the setting provided. the intended market for that gear would pitch a fit over having an added weakness that is easily exploited.

I would agree here.

[X-Kalibur]

The problem is that paradigm exists today and yet everyone goes wireless everywhere, AP's not even using WEP (yes, broken but keeps out most), blue tooth everywhere, despite the fact it can be hacked from a lot farther than the advertised 25' range. I submit that people are lazy by default and take the easy way. Security is not a primary consideration for most. Shadowrunners are stuck working in a world that is designed for convenience, not security.

Which is all well and good, but where is the convenience in having certain 'ware being wireless? The average Joe isn't getting wires or reaction enhancers.

[Epicedion]

Which is all well and good, but where is the convenience in having certain 'ware being wireless? The average Joe isn't getting wires or reaction enhancers.

Corps and military being able to shut down anyone who goes off the reservation?

[Kruger]

Yeah, but it's a question of scale. Having your phone hacked would be annoying. Having your eyes hacked?

And regardless, the second people can do high-speed impromptu hacking in a wireless environment, the way we use wireless devices will change completely, and it won't be average users who drive it, it will be industries who sell and use the products.

The continuity of SR5 exists in a world where people are unbelievably stupid. We're not talking about your 60 year old parents in 2013 not knowing how information security works. This is like imagining your future adult great-grandkids not understanding how information security works. People whose entire lives have existed in a world where these kinds of vulnerabilities were well known, and a world where information security vulnerabilities had nearly killed the world twice with the Crashes.