How to protect your devices from Hackers in 5th Edition, Or how I learned to worrying and love the GOD. Options

[Epicedion]

Yeah, but it's a question of scale. Having your phone hacked would be annoying. Having your eyes hacked?

And regardless, the second people can do high-speed impromptu hacking in a wireless environment, the way we use wireless devices will change completely, and it won't be average users who drive it, it will be industries who sell and use the products.

The continuity of SR5 exists in a world where people are unbelievably stupid. We're not talking about your 60 year old parents in 2013 not knowing how information security works. This is like imagining your future adult great-grandkids not understanding how information security works. People whose entire lives have existed in a world where these kinds of vulnerabilities were well known, and a world where information security vulnerabilities had nearly killed the world twice with the Crashes.

Well half the population is uneducated huddled masses, most of them aren't even legal citizens of where they were born, the population density suffered from some pretty hideous pandemics, so by and large most of everybody doesn't care so long as they can watch the trid and eat soyburgers.

The dragons mostly just laugh, and the corps have their really important stuff under so many safeguards it takes orbital thorium rod strikes to make them pay attention.

[Tzeentch]

The problem is that paradigm exists today and yet everyone goes wireless everywhere

This is not comparable to the ease of hacking in Shadowrun and the level of damage you can cause with trivial attention from the hacker (or no attention at all if you just have an Agent start zapping everything). The rules would have you believe people are totally copacetic with having their commlinks getting bricked just by walking down the street because a hacker glanced at them for a second. A single activist hacker in a business district could cause a lot of damage, and even executives are not going to have spiders running overwatch when they go to Starbucks (but they should, in the SR5 network model).

[Draco18s]

The continuity of SR5 exists in a world where people are unbelievably stupid. We're not talking about your 60 year old parents in 2013 not knowing how information security works. This is like imagining your future adult great-grandkids not understanding how information security works. People whose entire lives have existed in a world where these kinds of vulnerabilities were well known, and a world where information security vulnerabilities had nearly killed the world twice with the Crashes.

Has anyone been watching Continuum?

How about the more recent episodes where they use a 1/8th slice of a time machine as a super computer to do massive data-mining in under 30 seconds ("connect me to all the security cameras and key in on Alec's face").

Think that kind of power being used in a brute-force attack on WPA2 passwords. And everyone has that kind of computing power in their pocket.

[Epicedion]

This is not comparable to the ease of hacking in Shadowrun and the level of damage you can cause with trivial attention from the hacker (or no attention at all if you just have an Agent start zapping everything). The rules would have you believe people are totally copacetic with having their commlinks getting bricked just by walking down the street because a hacker glanced at them for a second. A single activist hacker in a business district could cause a lot of damage, and even executives are not going to have spiders running overwatch when they go to Starbucks (but they should, in the SR5 network model).

I've said this before -- people knock over convenience stores with firearms every day, yet you still go to convenience stores.

[Wired_SR_AEGIS]

And regardless, the second people can do high-speed impromptu hacking in a wireless environment, the way we use wireless devices will change completely, and it won't be average users who drive it, it will be industries who sell and use the products.

We can already do high-speed impromptu hacking in a wireless environment. There are some videos online proposing WEP done in under 3 minutes based on a 'Zero Knowledge' model.

Bluetooth isn't especially inspiring from a security perspective either, yet its the defacto standard for wireless phone accessories.

Regardless -- This discussion has DRAMATICALLY shifted from 'How to Secure your Wireless Devices in SR 5' into 'Wah wah, my last thread complaining about Wireless Access doesn't have much activity so I want to $#&@ in this one.'

We get it. You're a little sore. That's not what this thread is about.

-Wired_SR_AEGIS

[Tzeentch]

I've said this before -- people knock over convenience stores with firearms every day, yet you still go to convenience stores.

... uh. Is that the best analogy you could come up with?

If a criminal could "knock over the convenience store" (I assume that is your indirect allusion to bricking your gear) in a second or two, with only the most trivial attention (he could do it in his sleep, or there was a special entrance just for convenience store robbers with an untraceable taxi waiting outside), and by firearm you mean he has a minigun he can use indiscriminately, ok.

"People lose at Candyland each day. So that justifies always-on cyberware." -- Shadowrun 5 Development Journal

[Redjack]

A single activist hacker in a business district could cause a lot of damage

I would submit, welcome to the modern age. I like to reflect now on a little demo the FBI did a few years back in (I think) downtown SF. They hacked into every wireless network in range (in minutes) to prove wireless encryption was not real security.

The real difference between Shadowrun and the current world in this regard? The incompetence of law enforcement tracking down Shadowrunners.

[Epicedion]

... uh. Is that the best analogy you could come up with?

If a criminal could "knock over the convenience store" (I assume that is your indirect allusion to bricking your gear) in a second or two, with only the most trivial attention (he could do it in his sleep, or there was a special entrance just for convenience store robbers with an untraceable taxi waiting outside), and by firearm you mean he has a minigun he can use indiscriminately, ok.

"People lose at Candyland each day. So that justifies always-on cyberware." -- Shadowrun 5 Development Journal

No, that's the comparison to "hackers could hack the entire public! no one is safe in Starbucks!" problem. A dude with a gun could walk into Starbucks and shoot up the place. A hacker could take down people in Starbucks with his hacker gun. The point is that both of these actions are

A) Very Illegal

B) Somewhat Rare, and

C) Dangerous to the Assailant.

The majority of hackers aren't going to hop down to the local Starbucks to grief the customers. Some activists may go out and slap offensive AR protest signs in people's faces while they try to drink their coffee, which would be the equivalent of throwing paint on people wearing fur.

But bricking 'ware and potentially harming random people in public? Lone Star would go out in force to find and stop them.

Remember that in Shadowrun there's a certain amount of Matrix forensics that can be done -- instead of inside a Run where bricking the Rigger's VCR will get an alert sent out for security, doing something like that in public would draw the 21st Precinct Lone Star Decker Division to the local Matrix grid almost instantly (remember, Matrix, fast), they'd bombard the area with traces, tag the hacker so they can locate him wherever he is, and send in the foot troops.

The only people who would be able to get away with that sort of activity for very long would be expert criminals who could cover their tracks, and why would they spend time, energy, money, and risk on random violence? Especially Deckers, who don't pay 450 bucks for a used pistol, but tens of thousands of nuyen on the decks and programs you need to even try.

It's like saying that high class movie-style art thieves exist, so you have to worry about them stealing all the Home Goods quality art from the nearby Applebee's.

[Draco18s]

I like to reflect now on a little demo the FBI did a few years back in (I think) downtown SF. They hacked into every wireless network in range (in minutes) to prove wireless encryption was not real security.

Glorious. You have a link to the story?

(Semi-related: beware of imitation calamari)

[Kruger]

We get it. You're a little sore. That's not what this thread is about.

You don't want to know what I "get" about you. (IMG:style_emoticons/default/smile.gif)

Why don't you leave the insults at home, because you'll lose that battle kid.

[cryptoknight]

I'm still considering the idea of just taking every piece of matrix enabled cyberware and turning it into its own rating 6 device. Stuffing it with as much IC as I can, and hoping that as the hackers keep disabling my ware, that eventually GOD will blow them out of cyberspace when they leave one of my pieces of now bricked ware, and go to the next one.

If not... at least they have to 'ware by 'ware, brick stuff, and my IC may tear them a new one at some point. After all, each piece of 'ware will have it's own damage boxes, no?

[Tymeaus Jalynsfe...]

You can stop here. You misunderstand the technology.

I actually don't. All that is required is a Comlink. You can go dark for EVERYTHING ELSE, even in SR5.

[Tymeaus Jalynsfe...]

Then you've already been hacked. You just don't know it yet, because you don't understand Security Engineering. Let me help you:

You exist in a world that has a permanent denial of service attack perpetuated against it.

Except, in this case, instead of your computer being hacked they went straight to the brain hack. (IMG:style_emoticons/default/wink.gif)

-Wired_SR_AEGIS

I do understand it, I even work in the damned field. *shrug* (IMG:style_emoticons/default/smile.gif)

[Tymeaus Jalynsfe...]

The problem is that paradigm exists today and yet everyone goes wireless everywhere, AP's not even using WEP (yes, broken but keeps out most), blue tooth everywhere, despite the fact it can be hacked from a lot farther than the advertised 25' range. I submit that people are lazy by default and take the easy way. Security is not a primary consideration for most. Shadowrunners are stuck working in a world that is designed for convenience, not security.

NOT EVERYONE, and that is the POINT.
In game, Security is a Primary Concern for the Megas and their operatives, and it is also a concern for the Shadowrunners. Not everyone is Lazy, and they will take the necessary steps to secure their stuff. In fact, that is WHY the new paradigm of unsecured stuff now exists in Shadowrun, because Shadowrunners and their targets took those steps in the previous editions.

[Wired_SR_AEGIS]

You don't want to know what I "get" about you. (IMG:style_emoticons/default/smile.gif)

Why don't you leave the insults at home, because you'll lose that battle kid.

Did I miss the part where I insulted you? I didn't miss the part where you hijacked the thread. (IMG:style_emoticons/default/wink.gif)

I did, however, miss the direction this thread could have gone which is why I drew attention to it: How to protect your devices in 5th Edition. (IMG:style_emoticons/default/smile.gif)

-Wired_SR_AEGIS

[BishopMcQ]

Please remember this is a game. It is not based on real world computing. This is also an internet forum for people who want to discuss that game, not posture and threaten others about a potential argument which they may or may not lose. Take a deep breath, get a cup of coffee, and close your browser for ten minutes.

On a much lighter note, and not in my mod voice. I remind people of xkcd.

[hermit]

I've said this before -- people knock over convenience stores with firearms every day, yet you still go to convenience stores.

And people react to this by arming themselves. In the real world, there are reactions to problems like this. In SR, there should be, too. Instead, it seems, people in SR just don't mind.

[Epicedion]

And people react to this by arming themselves. In the real world, there are reactions to problems like this. In SR, there should be, too. Instead, it seems, people in SR just don't mind.

Or they do mind for some things, but wired reflexes are still mostly illegal milspectech so that one doesn't so much.

[Wired_SR_AEGIS]

People in America (where this is an endemic problem) own 2.1 firearms per citizen because of this. Not trying to get a gun control debate up, just pointing out that yes, there ARE reactions in the real world to such things. People will do what thexy can to secure themselves. And if the Matrix becomes too hackable, people will start to black out. Today even, cellphone usage is servely restricted for higher-ranking government employees in Germany, France and other non-Five-Eyes nations.

The underlying principle is that there exists a place where the risk generated by a threat to a vulnerability is accepted due to the benefits associated with maintaining that risk. It occurs in a number of ways. For instance, legacy computer systems are may be frequently left unpatched because their reliability, and availability are more important than the costs associated with the exploitation of a vulnerability. Or there are mitigating factors at work. This may even include web facing resources, if the revenue associated with those devices dramatically exceeds the cost of protecting them!

Alternately, each and every one of us use our internet browsers daily because of the perceived benefits we draw from internet browsing.

The risk of being robbed at Starbucks is miniscule. Even in California where owning a firearm will get you pelted by eco-friendly sustainable clam. So that risk is frequently accepted. Much like people drive places instead of cowering at home, despite the risk associated with operating a motor vehicle.

That risk vs. reward paradigm is maintained in SR 5.

On to the topic at hand: Has anyone run any simulations of various defensive device stats against common hacker dice pools, to develop a model for good cost vs. protection? It seems like a nice, high rating Commlink to slave your gear to is essential. What's the formula for calculating commlink cost?

-Wired_SR_AEGIS

[Daedelus]

without the actual book this would be a wasted effort using speculative data. I will likely do this when I get my copy on the 11th.

[X-Kalibur]

I keep hearing bluetooth and the like being brought up for smart phones, but what about people like me who disabled that on their phones because they don't use it. My phone still works perfectly well, I'm just denied some shitty little accessories and QoL items. My smartphone still works perfectly well, but my wifi and bluetooth are off. (Furthermore, I password protect all my stuff too, so even physical hacking it going to take longer, that of course fits into making it worthwhile).

As for convenience stores, we as consumers also have the option to go to stores that aren't getting held up constantly. So why wouldn't our characters, as consumers, have the option to get some of these items that don't require the wireless connection but still retain their bonuses.

[Tymeaus Jalynsfe...]

I keep hearing bluetooth and the like being brought up for smart phones, but what about people like me who disabled that on their phones because they don't use it. My phone still works perfectly well, I'm just denied some shitty little accessories and QoL items. My smartphone still works perfectly well, but my wifi and bluetooth are off. (Furthermore, I password protect all my stuff too, so even physical hacking it going to take longer, that of course fits into making it worthwhile).

As for convenience stores, we as consumers also have the option to go to stores that aren't getting held up constantly. So why wouldn't our characters, as consumers, have the option to get some of these items that don't require the wireless connection but still retain their bonuses.

Because securing your devices against hacking has been declared Bad-Wrong-Fun?

[Daedelus]

I keep hearing bluetooth and the like being brought up for smart phones, but what about people like me who disabled that on their phones because they don't use it. My phone still works perfectly well, I'm just denied some shitty little accessories and QoL items. My smartphone still works perfectly well, but my wifi and bluetooth are off. (Furthermore, I password protect all my stuff too, so even physical hacking it going to take longer, that of course fits into making it worthwhile).

As for convenience stores, we as consumers also have the option to go to stores that aren't getting held up constantly. So why wouldn't our characters, as consumers, have the option to get some of these items that don't require the wireless connection but still retain their bonuses.

Again you are making the point for matrix bonuses. Yes your cell works perfectly well without the Bluetooth. That is the baseline. Those thing you consider accessories that are superfluous, are of n
much more importance to me. I drive a lot and a headset is indispensable to me. Thus the bonus is worth the risk in my opinion. In your opinion it is not. The same goes for the matrix bonuses. If you feel that the bonus is not worth it then don't turn it on. I may feel it is, and that flexibility of options is good for the game. Should Bluetooth be discontinued because you don't use it? I would thank you not to try to make my mind up for me.

[Tymeaus Jalynsfe...]

Again you are making the point for matrix bonuses. Yes your cell works perfectly well without the Bluetooth. That is the baseline. Those thing you consider accessories that are superfluous, are of n
much more importance to me. I drive a lot and a headset is indispensable to me. Thus the bonus is worth the risk in my opinion. In your opinion it is not. The same goes for the matrix bonuses. If you feel that the bonus is not worth it then don't turn it on. I may feel it is, and that flexibility of options is good for the game. Should Bluetooth be discontinued because you don't use it? I would thank you not to try to make my mind up for me.

Actually, he is making a point for Standard Functions to be Standard. There is no benefit to having your ware matrix enabled. The attempts, so far, to rationalize their inclusion do not really hold up under scrutiny. In the example above, yes, Blue tooth has a purpose, and is therefore useful, but it in no way impacts the standard functionality (to make phone calls) of the smart phone to begin with. Now, if you could ONLY talk through the Blue tooth, that would be ridiculous, don't you think?

[X-Kalibur]

Again you are making the point for matrix bonuses. Yes your cell works perfectly well without the Bluetooth. That is the baseline. Those thing you consider accessories that are superfluous, are of n
much more importance to me. I drive a lot and a headset is indispensable to me. Thus the bonus is worth the risk in my opinion. In your opinion it is not. The same goes for the matrix bonuses. If you feel that the bonus is not worth it then don't turn it on. I may feel it is, and that flexibility of options is good for the game. Should Bluetooth be discontinued because you don't use it? I would thank you not to try to make my mind up for me.

Some things should have genuine bonuses, but others make no sense. It would be like your watch not telling you time because it doesn't have a bluetooth connection to your phone. I wasn't saying that features should be discontinued, simply that they shouldn't exist in certain devices. I don't need bluetooth for my shoes to work.