Medic test seems to be like a healing test to me, therefore wound modifier would apply since Aku is performing the healing.
In the book, it just says "for every 3 boxes of damage, -1 wound modifier applies". I was thinking along the same line as Aku before where he wouldn't take any modifier until he's reached 3 boxes of damage. However, looking at the condition monitor part of the character record sheet on page 350 has changed my mind. I think Dashifen is right. A character receives -1 wound modifier for 1-3 boxes of damage, -2 for 4-6, etc.
Edit: wrong page number, it should be 350
Full Version: Idiot's Guide to the Matrix 2.0
| QUOTE (Hasimir) |
| So I sit into the building and use the computer terminal of some Wage Slave that works here...right? I "turn the computer on" and am confronted with an identification request to access it...this calls for my Hacking+Exploit test. This way I manage to somehow get User-Access. Now I am into the computer terminal (that is a node) of Mr WageSlave with what seems a legitimate User account and are free to search it for his real user ID and Password...getting myself a REAL User account. There should be no chokepoint node, I am already into a "place" INSIDE the network! After that I will have the same privileges and access options that this employee has when working at his own desk...being free to roam in the network as a legitimate user. |
That is correct. However, if you used Hacking to get into the system then you are not a legitimate user. I think this is where we disagree. To me, the use of the Hacking skill represents the fact that you're working to fool a system into thinking that you're legitimate when, in truth, you're anything but. If you have to make a Hacking test to break into a system, then that system is going to use its security against you, even if due to luck or skill those security measures fall short as they seem to have done vs. Aku in this example.
However, if you're sitting down at Mr. Wageslave's desk and using his login/password or biometrics to gain legitimate access to the system then you would not have to deal with the security of said system. Thus, Mr. Wageslave doesn't have to navigate the chokepoint every time they access the system.
'Course, I could say that they do have to. Every morning when I sit down at my computer I have to log into the machine and then set up a VPN connection to the network since I use a wireless card for access rather than a wired one. Therefore, I do -- from a certain point of view -- have to deal with the security of the system despite being a legitimate user.
| QUOTE (Hasimir) |
| ]In your run all of this doesn't happen; as soon as I try to get into the WageSlave terminal I am confronted with a high security chokepoint with just two doors...one leading to the open matrix and one hidden, trapped and guarded by 3 agents o_O'' This means that the work terminals in the building are THE SAME as my house terminal or a street phone-boot...they are EXTERNAL to the corp-network and the chokepoint is the ONLY access point. |
False. If Aku had penetrated the building, and use a legitimate access method to use a WageSlave terminal, then there'd be no (or little) security. However, he didn't do this. He's using his hacking skills to break into the system and, as I stated above, he therefore deals with the security.
| QUOTE (Hunga @ May 4 2006, 10:00 AM) |
| Medic test seems to be like a healing test to me, therefore wound modifier would apply since Aku is performing the healing. In the book, it just says "for every 3 boxes of damage, -1 wound modifier applies". I was thinking along the same line as Aku before where he wouldn't take any modifier until he's reached 3 boxes of damage. However, looking at the condition monitor part of the character record sheet on page 50 has changed my mind. I think Dashifen is right. A character receives -1 wound modifier for 1-3 boxes of damage, -2 for 4-6, etc. |
That's been my understanding from the get go, and seemed to be the consensus around here as well.
Plus, it makes the High Pain Tolerance Quality and some 'ware (i.e. Damage Compensators) superfluous to the game if there isn't a penalty on the first box of damage. Hell, High Pain Tolerance can only be purchased for three boxes, so if you didn't have a -1 to you dice pools while at 1 box of damage, the first two levels of High Pain Tolerance would be wasted BP.
________________
Anyway back to the tutorial: I've got bad news. A few posts back I mentioned that I'd be going away for two weeks. Well, those two weeks are upon us. I'll be around tomorrow perhaps, but after that I won't be back until May 19th. At that time, we'll continue this tutorial, so don't forget to Track this topic, if you're interested in it, so that when I get back you'll see the thread's activity start up again.
I had intended, as indicated by posts above, to post information about the new node that Aku is hacking, but it seems to me that this might be a good way to start out the second half of this tutorial once I get back from vacation.
Hope you all hang in there while I'm away!
but when in the system he used his skills to get thhe REAL ID and password of the legitimate user
relogging in with that UserID
relogging in with that UserID
I don't recall him doing that. Had he done so, and penetrated the building, then I'd consider removing the security. However, he'd still be limited by the access controls of the user that whose account he appropriated. Thus, he still may have to hack his way to a greater access level and at that point, the security would start to come back.
um reread the second paragraph of his you quoted
And the simple fact is that if that account had core datastore access of any kind I can go into the core datastore before going back into hack mode, ignoring the chokepoint
Oh and -1 foe every full three boxes does not invalidate high pain tol 2
as in 4th pain tol reduces the number of evvective boxes you have for determining wound penalties
so if you have 4 boxes and high pain tol 2, you have 2 boxes of damage
And the simple fact is that if that account had core datastore access of any kind I can go into the core datastore before going back into hack mode, ignoring the chokepoint
Oh and -1 foe every full three boxes does not invalidate high pain tol 2
as in 4th pain tol reduces the number of evvective boxes you have for determining wound penalties
so if you have 4 boxes and high pain tol 2, you have 2 boxes of damage
| QUOTE |
| If Aku had penetrated the building, and use a legitimate access method to use a WageSlave terminal, then there'd be no (or little) security. However, he didn't do this. He's using his hacking skills to break into the system and, as I stated above, he therefore deals with the security. |
I kinda remember reading in one of your posts that Aku was supposed to be INTO the building...but I can't find it anymore.
Well...then my critic doesn't stand at all, since Aku IS breaking into the system from outside!
True, in the hypothetical situation presented by Hasimir, the person could hack in, determine a valid access method, log out and then re-log in using the valid code. Using the old Validate utility in SR3 was basically standard operating procedure for most of my Deckers in a similar fashion.
Regardless, however, I don't remember Aku saying that he was going to try and perform a similar maneuver to this. If he intended to act in this way, then I misunderstood, but it's probably buried so far back in the tutorial that it's not worth retrofitting the entire thread to make up for the mistake.
Regardless, however, I don't remember Aku saying that he was going to try and perform a similar maneuver to this. If he intended to act in this way, then I misunderstood, but it's probably buried so far back in the tutorial that it's not worth retrofitting the entire thread to make up for the mistake.
I think I recall, though I don't have the moment to look for it now, that Aku was in the building, but he never made the effort to find a legitimate access method. I honestly don't recall at the moment.
| QUOTE |
| I think I recall, though I don't have the moment to look for it now, that Aku was in the building, but he never made the effort to find a legitimate access method. I honestly don't recall at the moment. |
No problem
| QUOTE |
| I don't remember Aku saying that he was going to try and perform a similar maneuver to this. |
He ddidn't, and even if he did...he can't.
INSIDE the building you have your hands on a personal terminal that could contain the account data you need.
OUTSIDE the building you have to ENTER the network (getting past the "security" node where he is now), roam around to FIND a personal terminal and THEN you can search for the account data stored there.
He is outside...so no problem ^_^
To my understanding, you ARE a legitemate user when you hacked in.
Just consider:
- You have to do computer/hacking tests, everytime you do something. Accounts do not have anything to do with it. If you want to alter a file, you have to make a computer+edit test. Normally editing something is so easy that you do not have to roll, but if you want to do something complex you have to do an edit test, no mater what your acces rights are.
- Imagine you have hacked yourself in with administrator rights. You still have to do computer tests, for everything you do. So what is the difference between hacking in with admin rights or without.
The answer is simple: When you do something that is within your permissions, you are not checked, the system does not check against your stealth. If you do something that is not within your permissions, you are checked.
The same goes for normal user and security acess rights.
Thats why you should not be checked (or in other words, you could be checked, but you have valid user rights for this session and can never be detected as false) when you do something that is in your permission range.
Furthermore I would subdivide nodes into "devices" and "hosts". It is extremely silly to think that a full blown matrix host would have the processing power of a mere comlink.
Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa). Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible).
Just consider:
- You have to do computer/hacking tests, everytime you do something. Accounts do not have anything to do with it. If you want to alter a file, you have to make a computer+edit test. Normally editing something is so easy that you do not have to roll, but if you want to do something complex you have to do an edit test, no mater what your acces rights are.
- Imagine you have hacked yourself in with administrator rights. You still have to do computer tests, for everything you do. So what is the difference between hacking in with admin rights or without.
The answer is simple: When you do something that is within your permissions, you are not checked, the system does not check against your stealth. If you do something that is not within your permissions, you are checked.
The same goes for normal user and security acess rights.
Thats why you should not be checked (or in other words, you could be checked, but you have valid user rights for this session and can never be detected as false) when you do something that is in your permission range.
Furthermore I would subdivide nodes into "devices" and "hosts". It is extremely silly to think that a full blown matrix host would have the processing power of a mere comlink.
Thus I would rule, that "devices" (comlink and everything else that does not have a bigger computer behind it) are affected by response "degradation", but hosts are not. That solves the DOS attack. IC would have to be restricted by common sense (as it was in SR3), maybe with some traffic arguments to make it reasonable (high traffic nodes have less IC and are less secure, and vice versa). Furthermore a host can maintain alsmost infinite subscriptions (or matrix cafes wouldnt be possible).
I agree that you can be a legitimate user for some tasks after hacking in. For example, when I gave Aku a free perception on the data he intercepted I didn't bother to make him roll because, as a user of the system, he'd be able to take a peak at what's going. However, if he tried to break the encryption, that would have been above his user level clearance and, thus, the security would have analyzed him. It's a case by case thing based on the user level of the account that's hacked.
The hard part is finding limitations on the Admin level of access......
The hard part is finding limitations on the Admin level of access......
Sure, no problems with that. I just wouldnt have allowed the analyze stuff by the IC, after sucessfully hacking in. I would only allow further analyze actions when the hacker performs actions which are not allowed (like defusing the data bomb).
Furthermore I would only allow one such test, per action. Normally, if you don't find a virus, you wont find it by re-running the program. The chances that a maxed node (12 dice) finds a maxed hacker (6 stealth) are pretty high anyway (17%).
Furthermore I would only allow one such test, per action. Normally, if you don't find a virus, you wont find it by re-running the program. The chances that a maxed node (12 dice) finds a maxed hacker (6 stealth) are pretty high anyway (17%).
True ... the analysis was for the icon on the host, not the hacking. Walking a fine line, I know, but I wanted to try and actually stop him in the chokepoint ... it being a chokepoint and all
Actually the only "bad looks" Aku got from the system where:
1) the extended Firewall+Analyze test while he was trying to hack in
2) an automatic Pilot+Analyze test from each agent...not because "he was hacking" but simply because "he was there".
These agents were configured to check upon ALL the traffic in the node, be it legit or not, internal or external.
This takes just a minimal toll on the traffic because any legit user with a "real" account would have turned up FINE no matter how many hits the Agets scored...with no need for a Hack+Stealth test on the User's part.
| QUOTE (Hasimir) |
| 2) an automatic Pilot+Analyze test from each agent...not because "he was hacking" but simply because "he was there". These agents were configured to check upon ALL the traffic in the node, be it legit or not, internal or external. This takes just a minimal toll on the traffic because any legit user with a "real" account would have turned up FINE no matter how many hits the Agets scored...with no need for a Hack+Stealth test on the User's part. |
I say that it will turn up fine, no matter how many hits the agents score, because Aku had valid user acess rights. When you hack in with a certain oermission category, you HAVE these rights, they are valid for the session. What good would an admin acess do, if ou would be analyzed all the time anyway? What would be the difference to a normal user acess (ok, you have to use hack+edit, instead of computer+edit . . . what a difference . . .) ?
Furthermore I would rule to restrict the system (including IC/agents) to one analyze test (per invalid action), because of balancing reasons. Invent some fluff about traffic to cover that up if you need to.
| QUOTE (Serbitar) | ||
I say that it will turn up fine, no matter how many hits the agents score, because Aku had valid user acess rights. When you hack in with a certain oermission category, you HAVE these rights, they are valid for the session. What good would an admin acess do, if ou would be analyzed all the time anyway? What would be the difference to a normal user acess (ok, you have to use hack+edit, instead of computer+edit . . . what a difference . . .) ? Furthermore I would rule to restrict the system (including IC/agents) to one analyze test (per invalid action), because of balancing reasons. Invent some fluff about traffic to cover that up if you need to. |
My impression is that Aku doesn't HAVE valid user rights, he is FAKING valid user rights.
For any of the commands which are within the user rights, he rolls computer + program because he has faked the system into believing he is a user. For commands outside his user scope, he rolls hacking + program to convince the system it is within his rights.
The IC which scanned him upon entry are programmed to scan everyone who comes in. They are programmed verify that the user that they just scanned is who they say they are, thus Aku needs to roll again to fake out these IC just as he faked out the firewall. In other words, the IC act a lot like a secondary firewall, only they trigger an alert instead of keeping you out of the node.
| QUOTE (Kiyote) |
| My impression is that Aku doesn't HAVE valid user rights, he is FAKING valid user rights. For any of the commands which are within the user rights, he rolls computer + program because he has faked the system into believing he is a user. For commands outside his user scope, he rolls hacking + program to convince the system it is within his rights. The IC which scanned him upon entry are programmed to scan everyone who comes in. They are programmed verify that the user that they just scanned is who they say they are, thus Aku needs to roll again to fake out these IC just as he faked out the firewall. In other words, the IC act a lot like a secondary firewall, only they trigger an alert instead of keeping you out of the node. |
Tell me then please, what admin access is for, if you only switch computer with hacking skill and the rest stays the same? What is the advantage of faking admin acess?
Furthermore, I rule out this whole agent scanning stsuff, because of balancing reasons. It is making hacking virtually impossible.
Aku was a maxed out hacker, and he was hacking a system with 11 dice for node detection (12 is max), and 2 times 10 dice for this custom agent detection.
The chances for beeing detected with stealth 6 by 11 dice is 12% on one roll and 79% in two rolls. That is already pretty much impossible to achieve. There is no need to further unbalance things by adding these extra 10 dice anlayzers, that analayze verytime.
The chance to detect a stealth 6 with 11 dice (one time roll), and adittional 10 dice and 10 dice are 25% percent (as opposed to 12% with only 11 dice).
So after Hacking in with 2 tries (Chances of a 12 dice hacker to do it in one try are only 12% as we know) and performing one action a stealth 6 guy has a chance of 82% of being detected. This is already a suicide mission. I would not even consider something if I do not have at least 50% chance of achieving it.
But the two additional 10 dice analyzers turn this suicide mission into a certain failure:
They turn the 12% (which is just bearable) chance of being detected each time an illegal action is performed to killing 60%. (The chances to lose, not draw, for example a 10vs10 test are somewhere arround 35%)
And this is a maxed hacker. The hacker which has to fight against systems with analyzing IC can as well go home.
BTW: Aku had only a stealth of 5. His chance of being detected for hacking in and doing one action were: 97,3%
SO please game masters, do not allow analyzing IC for game balancing reasons. Deploying constantly analyzing IC is killing every hack attempt. If you want to make hacking impossible, you can do it. But if you want to make hacking possible and plausible, you better invent some fluff and justify that there can only be ONE analyze attempt per illegal action.
| QUOTE (Serbitar) | ||
Tell me then please, what admin access is for, if you only switch computer with hacking skill and the rest stays the same? What is the advantage of faking admin acess? |
According to your comment:
| QUOTE (Serbitar) |
| I say that it will turn up fine, no matter how many hits the agents score, because Aku had valid user acess rights. When you hack in with a certain oermission category, you HAVE these rights, they are valid for the session. |
It doesn’t matter what account permissions you hack, they are all valid logons so they don't get scanned. Thus I do not see what the differences between user and admin accounts have to do with this discussion. Your point does not provide any special benefits to admin that do not get applied to users.
However, since you asked, the biggest differences in the mechanics are where you roll the hacking skill vs. were you roll the computer skill. Most other differences would depend on the GM, for example Dashifen made the following statement on March 27th:
| QUOTE (Dashifen) |
| However, Admin access to this system also provides information about the host at the other end of the chokepoint's gauntlet. This information is the physical location and address of that node. Thus, admin access could have saved one operation after logging in at the expense of potentially not getting in at all. |
| QUOTE (Serbitar) |
Furthermore, I rule out this whole agent scanning stsuff, because of balancing reasons. It is making hacking virtually impossible. … |
There is nothing wrong with holding that opinion. If that is how you want to run things, then go for it.
My opinion on this is that the IC only get to scan you a few times. To keep with the point of this thread, Aku was only scanned by the IC once (when he first logged in). He did not get scanned again for uploading his agent, he did not get scanned again for tying to disarm the door, and he did not get scanned again for using a medic utility. The idea is that the IC would periodically scan, but periodically is a rough term and should be left up to the choice of the GM. Don’t forget that this is a choke point designed for security. Free roaming IC would not be on every node. Work nodes, for example, would potentially have many users on and they would be on for long times. I could see no roaming IC on such a node, and if there were such IC on the node, maybe there is a chance they never get around to scanning you for one reason or another.
I still think the main difference is that you do not get scanned by the host for legal actions (actions that are allowed by the account permissions). The difference between hacking+skill and computer+skill is nonexistant. The additional information suggested by Daishen is not enough for the risk.
As admins have rights for everything, they would never get scanned by the host. On the other hand, faking an admin account on an all 6 host is almost impossible. You would have to get 12 hits before the system got 6 (stealth) hits.
As admins have rights for everything, they would never get scanned by the host. On the other hand, faking an admin account on an all 6 host is almost impossible. You would have to get 12 hits before the system got 6 (stealth) hits.
| QUOTE (Serbitar) |
| The difference between hacking+skill and computer+skill is nonexistant. |
I completely agree with this statement. It feels like the computer skill/hacking skill break out was done just go give deckers two skills that they have to raise. I also agree that the Admin account does not have enough benefits to make it worth it.
Perhaps if actions which are in the computer skill/hacker skill limbo were given a +1 or +2 threshold for using the hacking skill, then the admin account would be more desirable without being overpowered. However, I feel that this discussion is for another thread and is not related to active IC scanning icons as additional security.
ugh scratch that post. my brain must have been in a diffrent existence...
| QUOTE (Serbitar) |
| As admins have rights for everything, they would never get scanned by the host. On the other hand, faking an admin account on an all 6 host is almost impossible. You would have to get 12 hits before the system got 6 (stealth) hits. |
On the fly only.
Getting root access in full VR going slow takes some hours, but is almost certainly secure.
On the other hand, every non-agressive test in the book concerning equipment requires Computer... not having it is a bad idea.
| QUOTE (serb) |
| BTW: Aku had only a stealth of 5. His chance of being detected for hacking in and doing one action were: 97,3% |
Umm, is there supposed to be an if in this statement? or did i mis-write my text above? i actually have a stealth of 6, skill of 5, but due to dice penelties, only rolled 9 dice (i think) but in either case my stealth is 6
As for differences in access levels, i definately think it's going to be up to the GM to make beleiveable access privilages, but i do think that everything would be logged, and on sight security might pop up if the same set of actions came up from the same admin account. However, i also think that having user level access and doing dasterdly deeds might be more... "believable" than an admin account... there are only os many admin/security accounts within a given corp, and the chances of all of those people knowing most, if not all of the people with the same privilages are high, and i would suspect that for 1 location nodes, the addition of a new account with those privilages would set up a flag faster than a new user level.
Also, i remember being told that i was going to be on site for this, and i thought i had "buddies" in the meat world, protecting me (which is what prompted my response of getting my team fragged because i'm sitting in a chair for 5 hours try to not get detected) i still think it would be dangerous either with or without a team (probably more-so without, because now i'm just a guy in an office that may or may not look like i belong in the chair im sitting in...)
| QUOTE (Rotbart van Dainig) |
| On the fly only. Getting root access in full VR going slow takes some hours, but is almost certainly secure. |
True, but as soon as you have a tiered network, you will have to hack the second row on the fly, as you will have to be in the first node to access the second. Sitting arround there for two hours might not be a good idea . . .
| QUOTE (Aku @ May 5 2006, 06:56 PM) |
| Umm, is there supposed to be an if in this statement? or did i mis-write my text above? i actually have a stealth of 6, skill of 5, but due to dice penelties, only rolled 9 dice (i think) but in either case my stealth is 6 |
Wasnt your response lowered to 5? Then your effective stealth is 5, too (as your effective system is 5, too, for everything except response degrading calculations to avoid the spiral of death)
| QUOTE (Serbitar) |
| True, but as soon as you have a tiered network, you will have to hack the second row on the fly, as you will have to be in the first node to access the second. Sitting arround there for two hours might not be a good idea . . . |
That depends on how good you are - and the intervall of internal scans.
But usually, the chokepoint is the biggest obstacle, and the the following nodes are much easier to hack.
After you hopped into the secondary systems, perhaps only as a user, you can take your time again to get root everywere else.
| QUOTE (Serbitar) | ||
Wasnt your response lowered to 5? Then your effective stealth is 5, too (as your effective system is 5, too, for everything except response degrading calculations to avoid the spiral of death) |
hmm you might be right, but i'm too tired to consider it.... but i think thats an extreme whamy, as you're then essentially get double the dice penalties for it (once for the - dice pool for load, and once of the lowered programs) or am i misunderstanding what i'm doing in my extreme tiredness?
Hm, where does this -1 for load come from?
that is for running 11 programs on a response 6 comm
Thats what I meant. Your response was lowerd by one for running 11 programmes.
That was lowering your System to 5 and thus, all your programmes.
Of course, after failing the reality filter, your response was 4, and thus all your programmes (stealth, too).
That was lowering your System to 5 and thus, all your programmes.
Of course, after failing the reality filter, your response was 4, and thus all your programmes (stealth, too).
@ Aku : to clarify the situarion...from the discussion it came out that:
- you are ALONE
- you are OUTSIDE the building
@ Serbitar
The problem is...in past edition the system tryed to be realistic (maybe too much) while in SR4 the system is more symple (maybe too much)
In theory what Aku did was a "hack on the fly" ... meaning that he has exploited some bug of the programs running on the target network, getting "shell access".
Shell access, in poor words, is what allows a user to "do stuff".
Since some stuff is rooted deeper into the system, maybe even behind some passive security like passwords and hidden folders and similar things, you may imagine that a hacker may just be content with User-Level access intead of more usefull but more difficult Security/Admin-level access.
The problem is that this access to the command shell DOES NOT correspond to ANY account!
When the system asks for UserID and Password you are basycally putting up a "mask" and trying to "fast-talk" past the security:
< No sir...I'm not editing this file...I'm just an email... >
THIS is what your Stealth software does (in past edition it was a "Masking" program )
So...the Aku Icon knoks at the network door and says: "Hi, I am a phone call from WhateverCORP...can I come in?"
The Firewall runs a check while Aku tryes to throw smoke and lies all around.
Hopefully the Firewall is fooled and lets you in.
Now Aku is inside disguised as a phone-call with some basic User-Level access options and, unless he does something "hackish", he should be fine and left alone.
BUT this system filters all entering data through a security node to provide extra security.
Aku-phone gets inside and is looked upon by some Agents, for the simple reason that these Agents are supposed to look at ANYTHING that comes through.
The Agents look at the Icon of Aku...that looks like a phone-call but IS NOT a phone-call NOR it has any valid user account.
Aku manages again to disguise himself as some kind of legit data-file...so the Agents are satisfied and let him be.
This way Aku is left alone while:
- trying to alter the skulpted reality
- lounching and subscribing an Agent (that caused a "spike" in the system )
- tapping the flow of data in the node
- analyzing the node
- poking a hidden databomb
- running a medic software
- stiking around for ONE HOUR probing the hidden node
If you think in this terms, it all makes sense.
Too bad the rulebook goes in a too simple way explaining such things...so anyone supposes to have a user-ACCOUNT, while in truth they only have user-ACCESS ... that is a very different thing!
If Aku, disguised as a warez-porn-movie, manages to find a legit user-ACCOUNT (ID and Pass...or "Key" as the rulebook says) he then can do whatever he wants unpunished, becaus any security-query will receive a proper code-answer.
- you are ALONE
- you are OUTSIDE the building
@ Serbitar
The problem is...in past edition the system tryed to be realistic (maybe too much) while in SR4 the system is more symple (maybe too much)
In theory what Aku did was a "hack on the fly" ... meaning that he has exploited some bug of the programs running on the target network, getting "shell access".
Shell access, in poor words, is what allows a user to "do stuff".
Since some stuff is rooted deeper into the system, maybe even behind some passive security like passwords and hidden folders and similar things, you may imagine that a hacker may just be content with User-Level access intead of more usefull but more difficult Security/Admin-level access.
The problem is that this access to the command shell DOES NOT correspond to ANY account!
When the system asks for UserID and Password you are basycally putting up a "mask" and trying to "fast-talk" past the security:
< No sir...I'm not editing this file...I'm just an email... >
THIS is what your Stealth software does (in past edition it was a "Masking" program
)So...the Aku Icon knoks at the network door and says: "Hi, I am a phone call from WhateverCORP...can I come in?"
The Firewall runs a check while Aku tryes to throw smoke and lies all around.
Hopefully the Firewall is fooled and lets you in.
Now Aku is inside disguised as a phone-call with some basic User-Level access options and, unless he does something "hackish", he should be fine and left alone.
BUT this system filters all entering data through a security node to provide extra security.
Aku-phone gets inside and is looked upon by some Agents, for the simple reason that these Agents are supposed to look at ANYTHING that comes through.
The Agents look at the Icon of Aku...that looks like a phone-call but IS NOT a phone-call NOR it has any valid user account.
Aku manages again to disguise himself as some kind of legit data-file...so the Agents are satisfied and let him be.
This way Aku is left alone while:
- trying to alter the skulpted reality
- lounching and subscribing an Agent (that caused a "spike" in the system
)- tapping the flow of data in the node
- analyzing the node
- poking a hidden databomb
- running a medic software
- stiking around for ONE HOUR probing the hidden node
If you think in this terms, it all makes sense.
Too bad the rulebook goes in a too simple way explaining such things...so anyone supposes to have a user-ACCOUNT, while in truth they only have user-ACCESS ... that is a very different thing!
If Aku, disguised as a warez-porn-movie, manages to find a legit user-ACCOUNT (ID and Pass...or "Key" as the rulebook says) he then can do whatever he wants unpunished, becaus any security-query will receive a proper code-answer.
well, i guess that changes how im viewingt hings, but, to clairify, the INTERVAL time is 1 hour for the slow probing, i made 5 rolls, so really, i was in there for 5 hours!
| QUOTE (hasimir) |
@ Serbitar The problem is...in past edition the system tryed to be realistic (maybe too much) while in SR4 the system is more symple (maybe too much) |
And I want to keep it simple. I dont want to have roll 10 times for the various IC in a node, just because it is now possible to set IC to constantly analyze stuff. By just dissallowing this I keep it simple. And with my interpretation of the rules, this comes naturally.
| QUOTE |
In theory what Aku did was a "hack on the fly" ... meaning that he has exploited some bug of the programs running on the target network, getting "shell access". Shell access, in poor words, is what allows a user to "do stuff". Since some stuff is rooted deeper into the system, maybe even behind some passive security like passwords and hidden folders and similar things, you may imagine that a hacker may just be content with User-Level access intead of more usefull but more difficult Security/Admin-level access. The problem is that this access to the command shell DOES NOT correspond to ANY account! When the system asks for UserID and Password you are basycally putting up a "mask" and trying to "fast-talk" past the security: < No sir...I'm not editing this file...I'm just an email... > THIS is what your Stealth software does (in past edition it was a "Masking" program ) |
Thats your interpretation. This is stated nowhere in the rules. The facts, that you are being able to get security or admin rights indicates something else.
Furthermore the rules for hacking in on the fly ssay explicitly:
| QUOTE (SR4 p. 221) |
This will get you personal account access. |
| QUOTE |
So...the Aku Icon knoks at the network door and says: "Hi, I am a phone call from WhateverCORP...can I come in?" The Firewall runs a check while Aku tryes to throw smoke and lies all around. Hopefully the Firewall is fooled and lets you in. Now Aku is inside disguised as a phone-call with some basic User-Level access options and, unless he does something "hackish", he should be fine and left alone. |
Phone calls are data. Data does not have access rights. Users and processes have. Furthermore this is again your interpretation.
| QUOTE |
BUT this system filters all entering data through a security node to provide extra security. Aku-phone gets inside and is looked upon by some Agents, for the simple reason that these Agents are supposed to look at ANYTHING that comes through. The Agents look at the Icon of Aku...that looks like a phone-call but IS NOT a phone-call NOR it has any valid user account. |
Aku has a valid user account. He got it by hacking in as a normal user. If he had hacked in as admin, he would have a valid admin account. What else would be the reason to hack in as admin, if you dont get a valid admin account for this session?
| QUOTE |
Aku manages again to disguise himself as some kind of legit data-file...so the Agents are satisfied and let him be. This way Aku is left alone while: - trying to alter the skulpted reality - lounching and subscribing an Agent (that caused a "spike" in the system )- tapping the flow of data in the node - analyzing the node - poking a hidden databomb - running a medic software - stiking around for ONE HOUR probing the hidden node If you think in this terms, it all makes sense. Too bad the rulebook goes in a too simple way explaining such things...so anyone supposes to have a user-ACCOUNT, while in truth they only have user-ACCESS ... that is a very different thing! |
Again, your interpreation. You can interprate it that way, but Ic an interprate it a different way. I say, there is no difference between ACCESS and ACCOUNT. This is not indicated in the rulesbook and would make things much more complicated.
| QUOTE |
If Aku, disguised as a warez-porn-movie, manages to find a legit user-ACCOUNT (ID and Pass...or "Key" as the rulebook says) he then can do whatever he wants unpunished, becaus any security-query will receive a proper code-answer. |
Again, your interpretation. Mydifferent interpretation was posted above.
It's not an "interpretation".
I stated it in the beginning of my post: what I described would be a hacking that followed "real world" rules and principles.
SR4 gets too simple and skips it all by directly giving you an ACCOUNT.
On this you are right.
Agents will scan Aku, but Aku has an account...so no test should be done unless Aku breaks the laws of his current account.
I deem this rules too "light", not because I like rolling dices, but because they take away the brain from the hacking process.
One thing is having an hacker to figure out a way to get a valid accout (by meat-world legwork/spying/corruprtion/etc) or a safe entry-point (by phisically breaking inside the network building)...becaus hacking from the outside gets you just "access privileges", meaning that you are "hot" untill you get a legit account.
Another world is if you just have to roll high on a stupid test...and if you do BAM! you get it all:
- you get a legit account
- you don't need to break into the building
- etc...
But yes...the book states that you get an ACCOUNT.
I was just trying to explain the reason behind the happenings of this run
I stated it in the beginning of my post: what I described would be a hacking that followed "real world" rules and principles.
SR4 gets too simple and skips it all by directly giving you an ACCOUNT.
On this you are right.
Agents will scan Aku, but Aku has an account...so no test should be done unless Aku breaks the laws of his current account.
I deem this rules too "light", not because I like rolling dices, but because they take away the brain from the hacking process.
One thing is having an hacker to figure out a way to get a valid accout (by meat-world legwork/spying/corruprtion/etc) or a safe entry-point (by phisically breaking inside the network building)...becaus hacking from the outside gets you just "access privileges", meaning that you are "hot" untill you get a legit account.
Another world is if you just have to roll high on a stupid test...and if you do BAM! you get it all:
- you get a legit account
- you don't need to break into the building
- etc...
But yes...the book states that you get an ACCOUNT.
I was just trying to explain the reason behind the happenings of this run
| QUOTE (Hasimir) |
| I deem this rules too "light", not because I like rolling dices, but because they take away the brain from the hacking process. |
That's exactly what they should do: make playing a Hacker an easy and fun thing for the non-nerd to to.
And, BTW - when using vulvernabilities, you always use an account... the one the software that has the exploit runs under.
Actually, in the "real world" of computer cracking, if you're using a computer, you have an account. Maybe it's somebody else's legitimate account (which is the easiest way to go), and maybe it's one that you created (as through an overflow error such as the one used by Karl Koch and other members of the Chaos Computer Club in the late 80's), but it's still an account. An agent running on their system could be merely a process, since it's not attached to any external ports, but it would still have to be associated with an account, which would define its privileges.
Furthermore, somebody mentions above that a hacker or agent could use Stealth to look like porn. This is actually not possible in the "real world." You could use Stealth to look like a user or a normal process, but not a file. Consider reading through your process list to see if anything unauthorized is running, and coming across a process (program) called boobies.jpg -- it makes no sense that a data file would be running as a process.
One example that sums up both points about stealth nicely is the Open Search Web adware browser hijacking program. It inserts a process called "AIM README.EXE" into your running processes. First of all, one should become suspicious that a readme file has come to digital life; it's like a cookbook getting up and tossing ingredients around and yelling, "BAM!" Second, it is pretending to be a legitimate process, albeit poorly.
I think that the core of the debate here is what it means for a user to have a personal account, security account, or an admin account. I mean, yes, a normal user-level account would be able to do certain things without raising suspicions, but the question is, what are those things? At what level can a user scan the node's connections? At what level can they decrypt a normal file? What about a security camera file?
The answer, I think, is relatively simple. It's different for each node. Yeah, that sucks, but that's how it is in real life, too. Each administrator has his or her own favorite settings. Some settings are obvious (kernel access and shutdown privileges belong to the admin only), but some are a matter of taste (can users see who else is on the node?).
Most of the time, this last point is moot; the overwhelming majority of nodes in 2070 only have an admin account: cameras, vending machines, cyberarms, civilian vehicles, etc. It's the machines that multiple people access and/or use that are going to have different levels of access: nodes that run building security, mainframes, hotel nodes, personal commlinks, and the like.
Well, that went on longer than I thought it would. Sorry about that.
Furthermore, somebody mentions above that a hacker or agent could use Stealth to look like porn. This is actually not possible in the "real world." You could use Stealth to look like a user or a normal process, but not a file. Consider reading through your process list to see if anything unauthorized is running, and coming across a process (program) called boobies.jpg -- it makes no sense that a data file would be running as a process.
One example that sums up both points about stealth nicely is the Open Search Web adware browser hijacking program. It inserts a process called "AIM README.EXE" into your running processes. First of all, one should become suspicious that a readme file has come to digital life; it's like a cookbook getting up and tossing ingredients around and yelling, "BAM!" Second, it is pretending to be a legitimate process, albeit poorly.
I think that the core of the debate here is what it means for a user to have a personal account, security account, or an admin account. I mean, yes, a normal user-level account would be able to do certain things without raising suspicions, but the question is, what are those things? At what level can a user scan the node's connections? At what level can they decrypt a normal file? What about a security camera file?
The answer, I think, is relatively simple. It's different for each node. Yeah, that sucks, but that's how it is in real life, too. Each administrator has his or her own favorite settings. Some settings are obvious (kernel access and shutdown privileges belong to the admin only), but some are a matter of taste (can users see who else is on the node?).
Most of the time, this last point is moot; the overwhelming majority of nodes in 2070 only have an admin account: cameras, vending machines, cyberarms, civilian vehicles, etc. It's the machines that multiple people access and/or use that are going to have different levels of access: nodes that run building security, mainframes, hotel nodes, personal commlinks, and the like.
Well, that went on longer than I thought it would. Sorry about that.
| QUOTE (Aaron) |
| Maybe it's somebody else's legitimate account (which is the easiest way to go), and maybe it's one that you created (as through an overflow error such as the one used by Karl Koch and other members of the Chaos Computer Club in the late 80's), but it's still an account. |
Not quite - creating accounts is a step after that.
Code inserted via buffer overflows is treated as a part of that defective software, which causes it to run under the very same account. (That's why people hate StarForce with such a passion... especially since Windows allows any program to give orders to anything else.)
| QUOTE (Aaron) |
| Actually, in the "real world" of computer cracking, if you're using a computer, you have an account. Maybe it's somebody else's legitimate account (which is the easiest way to go), and maybe it's one that you created (as through an overflow error such as the one used by Karl Koch and other members of the Chaos Computer Club in the late 80's), but it's still an account. An agent running on their system could be merely a process, since it's not attached to any external ports, but it would still have to be associated with an account, which would define its privileges. |
you never create an account with a buffer overflow attack. what you do is make the original prosess crash, and use that crash to make the os fire up a new prosess that you can use to gain access under the same account that the original prosess was running.
as i have stated before, i find the new matrix rules more realistic then the old ones, in a very abstract kind of way
hmm, to slow yet again...
| QUOTE (Rotbart van Dainig) |
| Not quite - creating accounts is a step after that. Code inserted via buffer overflows is treated as a part of that defective software, which causes it to run under the very same account. (That's why people hate StarForce with such a passion... especially since Windows allows any program to give orders to anything else.) |
Right, but that's not the point. The point is that when you're intruding on a system, you're doing it under an account of some sort, whether you've just created it or not. What you describe can easily be accounted for in the Exploit Extended Test.
Ultimately, the specifics don't matter, since the rules handle it the same way. I'd say that if the player knows the difference, have him or her describe how they're doing it, 'cuz this is Shadowrun, where style is just as important as substance.
| QUOTE (Hasimir) |
| I stated it in the beginning of my post: what I described would be [...] But yes...the book states that you get an ACCOUNT. I was just trying to explain the reason behind the happenings of this run |
Ok, no problem with this.
I know that a "file" listing as a "process" and generating system traffic is like a blinking neon signal calling for divine retribution.
But I just couldn't resist the ancestral call of the P.O.R.N.
Instead, the some account concept scores a good point, being also more in-line with the rulebook.
A question.
Most devices, as stated above, just have a "default" setting with one account that has total access (Admin Level).
Does this means that to hack into a stupid I-Pod I have to get an Admin Account (threshold +6) or that the basic Personal Account automatically grants me Admin privileges?
But I just couldn't resist the ancestral call of the P.O.R.N.
Instead, the some account concept scores a good point, being also more in-line with the rulebook.
A question.
Most devices, as stated above, just have a "default" setting with one account that has total access (Admin Level).
Does this means that to hack into a stupid I-Pod I have to get an Admin Account (threshold +6) or that the basic Personal Account automatically grants me Admin privileges?
it realy depends on what device is supposed to be used for i think.
with a i-pod (or ares-pod as i guess it would be named in SR ) i would hazard that it would grant you a admin account as if you requested a normal account. but if you try to attack someones comlink that only have a admin account i would think you would run into a higher treshold.
with a i-pod (or ares-pod as i guess it would be named in SR
) i would hazard that it would grant you a admin account as if you requested a normal account. but if you try to attack someones comlink that only have a admin account i would think you would run into a higher treshold.
So........ is Dash back yet?
Yes, I'm back as of yesterday, but the inevitable back log of work-related stuff will probably delay the restart of the thread until tomorrow at the latest. At the very least I have to get through all of my email first!! But, this is basically a heads-up to let everyone know that I'm back. Also, Hasimir, I love the way you explained user-access vs. user-account above. Well done, sir.
Hrm ... I'm bogged down (if you couldn't tell by my extended two week absence) with real life at the moment. Honest question: is there still interest in continuing this thread? If so, do we want to continue with Aku's scenario? Would it assist people to switch to a different scenario? Bueller?
I am interest in the thread still but I think you and Aku should set up some time so there isn't 2 or 3 days inbetween a single dice roll. Thanks for what you have done.
*knock knock*
hey Dash, hope you and Aku can carry on with this. I was lurking here for a while reading and figured i'd show my support for the topic. Brought up a bunch of good idea's and showed me how I could better describe my players encounters in a full VR setting.
**edit- me not proof reading**
hey Dash, hope you and Aku can carry on with this. I was lurking here for a while reading and figured i'd show my support for the topic. Brought up a bunch of good idea's and showed me how I could better describe my players encounters in a full VR setting.
**edit- me not proof reading**
Thanks for this thread, Dash, Aku.
Serbitar - By your argument, someone who takes their time to hack in and get an admin account would never be scanned ever. Have I read you wrong somewhere?
Serbitar - By your argument, someone who takes their time to hack in and get an admin account would never be scanned ever. Have I read you wrong somewhere?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.