Hi folks,
If the TM in your party is going to hack another person's Comm, are you adding the +6 threshold for the Comm only having an Admin user function? I'm on the fence about this; on one hand a Comm should be as secure as possible on the other, any intrusion is a complete p0Wn4g3 of the Comm.
So, do you add the +6 or ignore it?
Full Version: Comm access level: user or admin?
| QUOTE (kigmatzomat @ Nov 27 2006, 03:44 PM) |
| Hi folks, If the TM in your party is going to hack another person's Comm, are you adding the +6 threshold for the Comm only having an Admin user function? I'm on the fence about this; on one hand a Comm should be as secure as possible on the other, any intrusion is a complete p0Wn4g3 of the Comm. So, do you add the +6 or ignore it? |
I'd assume the peronsal comm is Admin only mode unless it's used by other people. Maybe a "Guest" (or Personal) account that lets you operate it, but not change anything (anyone have kids or nephews?).
Personal account wouldn't get you much more than another hop to your next target for helping defeat some Traking IC IMO. Admin > all for if you want to own the commlink.
There are several levels of access to your commlink.
Guest level: Your personal homepage and social networking information. What is available to everyone who notices your node and wants to look it up. Your shared folders. when you walk down the street everybody's commlinks are noticing each other, accessing each other's nodes and sharing/downloading/networking. This is the access level you set for others to do this. Often, you won't even set a password to this, just letting anyone who wants to come in come in. Of course, good runners keep nothing implicating them here. Even for the average user, this is probably a read only area.
Security level: this is the level of access allowed to lone star, the feds, your corp, and others who have further legal rights to query your commlink. Every commlink has the codes that allow the authoritities this level of access on them when sold, and they automatically update themselves via the matrix. This gives them access to specific personal data that they need without you having to broadcast it to everyone. Probably also includes limited rights to alter/delete data, I'm not sure.
Admin level is what you log into your own commlink with. It gives you full rights to do whatever you want. This is probably the only level of access that allows full read/write access, program use, etc.
A runner's mission commlink has probably had all but their admin access erased.
Guest level: Your personal homepage and social networking information. What is available to everyone who notices your node and wants to look it up. Your shared folders. when you walk down the street everybody's commlinks are noticing each other, accessing each other's nodes and sharing/downloading/networking. This is the access level you set for others to do this. Often, you won't even set a password to this, just letting anyone who wants to come in come in. Of course, good runners keep nothing implicating them here. Even for the average user, this is probably a read only area.
Security level: this is the level of access allowed to lone star, the feds, your corp, and others who have further legal rights to query your commlink. Every commlink has the codes that allow the authoritities this level of access on them when sold, and they automatically update themselves via the matrix. This gives them access to specific personal data that they need without you having to broadcast it to everyone. Probably also includes limited rights to alter/delete data, I'm not sure.
Admin level is what you log into your own commlink with. It gives you full rights to do whatever you want. This is probably the only level of access that allows full read/write access, program use, etc.
A runner's mission commlink has probably had all but their admin access erased.
It might not have user level accounts anymore, but it still has user level access exploits on it.
I would want to know what I want to accomplish before hacking in, tell the DM what you plan on doing and asking him what access would be required. I don't think the book spells out what each could do.
Personally user level access would allow you view data on different subscribed devices, check and send messages/calls, and view "read only" type of data. Security would give you rights to actually change which devices are subscribed, block/allow certain senders, etc. Admin might allow you to make changes to the OS itself? I don't really know without knowing what someone wants to do specifically.
I would want to know what I want to accomplish before hacking in, tell the DM what you plan on doing and asking him what access would be required. I don't think the book spells out what each could do.
Personally user level access would allow you view data on different subscribed devices, check and send messages/calls, and view "read only" type of data. Security would give you rights to actually change which devices are subscribed, block/allow certain senders, etc. Admin might allow you to make changes to the OS itself? I don't really know without knowing what someone wants to do specifically.
| QUOTE (Lord Ben) |
| It might not have user level accounts anymore, but it still has user level access exploits on it. |
Which is why you have an agent running on the comlink, running analyze periodically, looking for signs of activity at an inappropriate user level.
No, you just use your admin powers.
Admin often gets to decided what lower level access gets to view and change. User, and Security are just names for levels of access allowed. Admin has full access. So you may hack into security level and find security level isn't allowed access to view or alter any of the data.
Think about on a real company computer,
Think about the power on a webboard.
You have
Unregistered,
User Level, like myself on this forum.
Moderator
and Admin.
They each have a level of access and things they can view and alter.
The admin on comlink gets to decided what is user, security or admin access. A runner will put everything on admin access.
So my street samurai sets the viewing and changes his devices to admin only.
Admin often gets to decided what lower level access gets to view and change. User, and Security are just names for levels of access allowed. Admin has full access. So you may hack into security level and find security level isn't allowed access to view or alter any of the data.
Think about on a real company computer,
Think about the power on a webboard.
You have
Unregistered,
User Level, like myself on this forum.
Moderator
and Admin.
They each have a level of access and things they can view and alter.
The admin on comlink gets to decided what is user, security or admin access. A runner will put everything on admin access.
So my street samurai sets the viewing and changes his devices to admin only.
What should your Agent be 'packing', besides Analyze?
| QUOTE (Fortune) |
| What should your Agent be 'packing', besides Analyze? |
Hmm, welll a attack program would be good, the hacker can't hack your devices and defend againts and attack at the same time. At least not as well.
Medic and armor could allow the agent to stay active during the fight.
Scan and Track could allow the agent to find the hacker. I've learned a hacking can end real quick with a few physical world bullets.
Different DM's will handle it different ways because the book doesn't specifically say.
Personally for me however you may be able to set the ringtone on your commlink with only admin accounts if you'd like but a hacker wanting to change that would only have to find a low level (read user) level vulnerability in your comlink to change the ringtones without authorization.
Personally for me however you may be able to set the ringtone on your commlink with only admin accounts if you'd like but a hacker wanting to change that would only have to find a low level (read user) level vulnerability in your comlink to change the ringtones without authorization.
But who cares if they change the ring tones? annoying maybe a threat no.
User level access can only do what it has been allowed.
The system admin should get to decided what access user, security and admin have on comlinks.
Just ilke as the admin of my own computer I get to decided what access/viewing and changes lower level users can make so should owners of shadowrun's comlinks.
If you user level has no viewing or editing powers, then a hacker gaining access at that level has no powers. read the the hacking section again.
On both hacking on the fly and probing the target they have this paragrapth.
"This will get you personal account access; if you want security level access, increase the threshold by +3, or +6 for admin access."
When you hack, you usually hack for personal account access. (actually the book shows you only hack for personal account access)
In the case of NPC's the GM decided what account levels have access to.
But PC's should get to decided what account levels have access to on there comlinks.
A user level vulnerability only exists if there is a user level account exists and actually has access to things.
User level access can only do what it has been allowed.
The system admin should get to decided what access user, security and admin have on comlinks.
Just ilke as the admin of my own computer I get to decided what access/viewing and changes lower level users can make so should owners of shadowrun's comlinks.
If you user level has no viewing or editing powers, then a hacker gaining access at that level has no powers. read the the hacking section again.
On both hacking on the fly and probing the target they have this paragrapth.
"This will get you personal account access; if you want security level access, increase the threshold by +3, or +6 for admin access."
When you hack, you usually hack for personal account access. (actually the book shows you only hack for personal account access)
In the case of NPC's the GM decided what account levels have access to.
But PC's should get to decided what account levels have access to on there comlinks.
A user level vulnerability only exists if there is a user level account exists and actually has access to things.
| QUOTE (Fortune) |
| What should your Agent be 'packing', besides Analyze? |
My comlink would run analyze, encrypt, browse, and command. When on runs I'd tack on an agent and stealth.
Agent (rating 4 because of houserules) would run analyze, stealth, track, and armor.
I disagree, those rules are for system vulnerabilities, not valid userID's. You can change the valid user ID's but you can't fix all the loopholes that would normally allow people to change that stuff.
But each DM is free to interpret it how they like.
But each DM is free to interpret it how they like.
| QUOTE (Lord Ben @ Nov 27 2006, 08:40 PM) |
| I disagree, those rules are for system vulnerabilities, not valid userID's. You can change the valid user ID's but you can't fix all the loopholes that would normally allow people to change that stuff. But each DM is free to interpret it how they like. |
No they are for hacked user ID's, read the breaking in section of the book again.
On the fly.
To hack on the fly, you spend a Complex Action and make
a Hacking + Exploit (Firewall, 1 Initiative Pass) Extended Test.
This will get you personal account access; if you want securitylevel
access, increase the threshold by +3, or +6 for admin access.
Probing
Probing is handled as an Extended Hacking + Exploit Test
with a threshold equal to the target’s System + Firewall. The
interval is 1 hour if done in VR, 1 day if done by AR. This will
get you personal account access; if you want security-level access,
increase the threshold by +3, or +6 for admin access.
According to the book, when you hack into a system you exploit vuneriblities to gain personal account access. If you don't agree thats fine, but near as I can tell its RAW.
And concidering how computers work, it makes sense. When you hack you either gain access to a personal account, geting the powers that go along with it. Or you get directly to the coding. Which would give you beyond admin powers.
Yeah, if all you do is read that section it would appear that way. But reading a desciption of the exploit program it looks like you just get an exploit with admin type access
--------------
Exploit (Hacking)
Exploit programs are constantly-evolving hacker tools specifi
cally designed to take advantage of security fl aws and weaknesses
so that a hacker can gain unauthorized access to a node.
Exploit programs are used for hacking in without authorized access
(p. 221).
---------------
So what setting everything to admin only does on a commlink IMHO is make it so that only the admin can perform user level access. It wouldn't change the exploits used to change ringtones, etc. I just view it as the difficulty of finding the proper exploit to do a task. Much more logical and consistent I think.
--------------
Exploit (Hacking)
Exploit programs are constantly-evolving hacker tools specifi
cally designed to take advantage of security fl aws and weaknesses
so that a hacker can gain unauthorized access to a node.
Exploit programs are used for hacking in without authorized access
(p. 221).
---------------
So what setting everything to admin only does on a commlink IMHO is make it so that only the admin can perform user level access. It wouldn't change the exploits used to change ringtones, etc. I just view it as the difficulty of finding the proper exploit to do a task. Much more logical and consistent I think.
Not if you think of the flaws as being in the account access. The page I mentioned is in HOW you use the program to hack in. The page you mention is in how the program does what it does.
Lets forget about ring tones and other meaningless crap. If your hacking a comlink its to go after smartguns, image links and data files. Not to annoy to guy with spam and changing his ring tones.
Its cutting of his communication, locking up his smartgun or screwing with any other wireless linked device.
What you do appears to take admin and security level out of the equation and make them meaningless.
Whats the point of the +3 for security and +6 for Admin level access if the hacker can just ignore Security and Admin level access and hack the same things anyway?
Lets forget about ring tones and other meaningless crap. If your hacking a comlink its to go after smartguns, image links and data files. Not to annoy to guy with spam and changing his ring tones.
Its cutting of his communication, locking up his smartgun or screwing with any other wireless linked device.
What you do appears to take admin and security level out of the equation and make them meaningless.
Whats the point of the +3 for security and +6 for Admin level access if the hacker can just ignore Security and Admin level access and hack the same things anyway?
Changing the ringtone isn't a threat?
If your mission is to sabotage a merger, changing one of the key player's ringtone to something horrifically offensive and then calling him during one of the meetings could be a great way to start.
If your mission is to sabotage a merger, changing one of the key player's ringtone to something horrifically offensive and then calling him during one of the meetings could be a great way to start.
| QUOTE (PlatonicPimp @ Nov 27 2006, 09:22 PM) |
| Changing the ringtone isn't a threat? If your mission is to sabotage a merger, changing one of the key player's ringtone to something horrifically offensive and then calling him during one of the meetings could be a great way to start. |
Hmm no, its not, as its a ring tone.
What you'd do is hack in under admin access pretend to be him and then say something horribly offensive as most comlink mergers are done via the matrix so the other guys wouldn't here the ring tone.
If they were all on a conference room. I'd bet it have Wi-fi paint to prevent outside access. If the comlink rung in there. They might guess something was up.
Now givin all that Lord Ben has said, even if you avoid gaining Admin level access and give commands to devices that are only ment to be controled vial admin access. Wouldn't that automaticly set off alarms as the command came from a non admin user.
No, with how I'd run it you'd still need admin access because turning off those devices and editing files requires a security/admin level exploit vulnerability.
How I do it the hacker could say he wants to read all the email on the comlink of the girl across the street. Whether she's a cute college girl or a prime runner with super duper awesomeness the level exploit needed is user. The only difference will be that the college girl has stock operating systems and the prime runner has her commlink loaded up with IC and rating 6 programs/firewall and possibly even subscribed to the teams hacker so you need to crack through him to read her emails.
How I do it the hacker could say he wants to read all the email on the comlink of the girl across the street. Whether she's a cute college girl or a prime runner with super duper awesomeness the level exploit needed is user. The only difference will be that the college girl has stock operating systems and the prime runner has her commlink loaded up with IC and rating 6 programs/firewall and possibly even subscribed to the teams hacker so you need to crack through him to read her emails.
Well it didn't sound like it to me,
But we still have the question of who decides what device or feature is at what level to be exploited
But we still have the question of who decides what device or feature is at what level to be exploited
It'd mostly be a function of the hardcoded OS (or GM fiat).
Look at it from the flipside. You set only your admin account to change ringtones (it's as good an example as any) because you're super paranoid and you think it'll give you +6 firewall for cheap. A hacker tries to get access to your system and his exploit program notices that if you initiate a call and terminate it before the ringtone loads and repeat it 3 times then a diagnostic menu opens up to figure out the problem between the two devices. Once in that diagnostic menu you can change certain settings. The settings this menu allows you to change are equivalent to user access rights. HOWEVER, since only the admin has access when he punches up the details of who is in the account he's dealing with to diagnose ringtone problems he notices that the same account has access to financial records, smart links, forbidden cyberware implant controls, etc. Bonus!
One reason I interpret it like I do is that having only admin access is a cheap way to get +6 firewall. The book clearly didn't list "only admin accounts" as a cheap way of increasing your security. It might make sense from certain points of view, but it goes against my feel of the game. Same as PAN's aren't listed as being able to operate in "receive only" mode. It's called hidden and it still gives off a wireless signal in the rules as written.
Look at it from the flipside. You set only your admin account to change ringtones (it's as good an example as any) because you're super paranoid and you think it'll give you +6 firewall for cheap. A hacker tries to get access to your system and his exploit program notices that if you initiate a call and terminate it before the ringtone loads and repeat it 3 times then a diagnostic menu opens up to figure out the problem between the two devices. Once in that diagnostic menu you can change certain settings. The settings this menu allows you to change are equivalent to user access rights. HOWEVER, since only the admin has access when he punches up the details of who is in the account he's dealing with to diagnose ringtone problems he notices that the same account has access to financial records, smart links, forbidden cyberware implant controls, etc. Bonus!
One reason I interpret it like I do is that having only admin access is a cheap way to get +6 firewall. The book clearly didn't list "only admin accounts" as a cheap way of increasing your security. It might make sense from certain points of view, but it goes against my feel of the game. Same as PAN's aren't listed as being able to operate in "receive only" mode. It's called hidden and it still gives off a wireless signal in the rules as written.
How hard is it to hack a random passersby commlink and simply dl all their nuyen?
| QUOTE (FriendoftheDork) |
| How hard is it to hack a random passersby commlink and simply dl all their nuyen? |
Hard the nuyen is stored in the bank and highly encrypted. Comlinks are not credsticks, they store no cash.
The comlink just allows access, you wouldn't have the password for his bank account.
Unless he wrote down the password on his comlink. Otherwise you'd have to hack the bank.
It'd be very easy. Getting away with it is the hard part.
Some people might just have you hack in with admin access and then download it into your commlink. Personally I think you could make small transactions (with some logical daily limit) easily. However they're probably not carrying certified credsticks and to transfer it to something the bank that holds the account is likely to check the SIN it's being transferred to. And a record definately exists and the person WILL notice the missing money. At the very best you're out a 6000y fake SIN you used for the transaction because anything you used it for before or since will probably be tracked. And the fake SIN has to come from somewhere too. Better hope the security investigator from the bank doesn't have a mobster SIN maker as a connection or you're screwed...
Some people might just have you hack in with admin access and then download it into your commlink. Personally I think you could make small transactions (with some logical daily limit) easily. However they're probably not carrying certified credsticks and to transfer it to something the bank that holds the account is likely to check the SIN it's being transferred to. And a record definately exists and the person WILL notice the missing money. At the very best you're out a 6000y fake SIN you used for the transaction because anything you used it for before or since will probably be tracked. And the fake SIN has to come from somewhere too. Better hope the security investigator from the bank doesn't have a mobster SIN maker as a connection or you're screwed...
| QUOTE (PlatonicPimp @ Nov 27 2006, 06:15 PM) |
| Admin level is what you log into your own commlink with. It gives you full rights to do whatever you want. This is probably the only level of access that allows full read/write access, program use, etc. |
Disclaimer: I'm simply making conjecture here as to how a commlink works. The "traditional" account levels I'm referencing here might not actually work that way in the SR commlink.
Actually, if you wanted to look at it from the regular "computer" standpoint, you shouldn't be using your commlink as an Admin on a normal basis either. If you're on it as an Admin, and therefore have full rights, you're open to installation of malware, bad scripts, etc (well, the AR/SR equivalent anyway) from places you access. You should be running as a user (or the SR equiv.) to better protect yourself, only logging into it as Admin when you need to alter programs and stuff.
| QUOTE (Jack Kain) |
| Hard the nuyen is stored in the bank and highly encrypted. Comlinks are not credsticks, they store no cash. The comlink just allows access, you wouldn't have the password for his bank account. Unless he wrote down the password on his comlink. Otherwise you'd have to hack the bank. |
Isn't that a little like saying that your credit card/debit card contains no cash, so there's no danger of anyone using it to steal your money? Access = access.
Its not exactly your credit card, A credit card contains value as you can use it to spend money you don't have.
The comlink has access to your bank account but it still requires a passcode (the bank) unless you store the pass code on your comlink. The hacker would have explot the password. However it is the bank not the comlink that contains the cred.
Think of it at an ATM card, not a credit card. If your ATM card is stolen its useless with out the password. A credit card could be used if they don't check for ID.
The comlink has access to your bank account but it still requires a passcode (the bank) unless you store the pass code on your comlink. The hacker would have explot the password. However it is the bank not the comlink that contains the cred.
Think of it at an ATM card, not a credit card. If your ATM card is stolen its useless with out the password. A credit card could be used if they don't check for ID.
The point is, there's a breed of character called a hacker. From what I've seen in threads, half of what people want to do with a hacker is hack people's commlinks. After hacking a commlink, a hacker would ostensibly be able to hack your password.
It doesn't matter how much work it takes, the point is that you are vulnerable either way. Credsticks required some form of identification as well (from a code to full on biometrics), but that didn't keep people from hacking them and stealing your money.
It doesn't matter how much work it takes, the point is that you are vulnerable either way. Credsticks required some form of identification as well (from a code to full on biometrics), but that didn't keep people from hacking them and stealing your money.
| QUOTE (eidolon @ Nov 28 2006, 01:11 PM) |
| The point is, there's a breed of character called a hacker. From what I've seen in threads, half of what people want to do with a hacker is hack people's commlinks. After hacking a commlink, a hacker would ostensibly be able to hack your password. It doesn't matter how much work it takes, the point is that you are vulnerable either way. Credsticks required some form of identification as well (from a code to full on biometrics), but that didn't keep people from hacking them and stealing your money. |
I'm not saying they can't do it, what I am saying is they'd have to do more then hack the comlink. A comlink is not a credstick. Its a bank card that when combind with the password allows access to your account.
A credstick contains cred!,
What I'm saying is full access to the comlink does not equal full access to there account. The money on a credstick is in the credstick, but the comlink contains no cred its just how the user access's his bank account.
Thats how one spends cred with there comlink.
"To spend cred, you subscribe to your bank’s online network and authorize transactions"
If someone steals your ATM Card, but doesn't have the password they'd have to hack the machine.
(like conor does in Terminator 2 with his stolen card) "Please insert your stolen card now"
So aftter hacking the comlink, and breaking the Encryption to get at the personal data (default of encrypt of 5 according to the book) you can then connected to their bank accounts. But the Bank is just Node B and you hacked Node A. Unless the person stored the password to the account on there comlink or you got them to give it up to you. You'd have to explot the account. The account is at the bank. Thus you have to hack the bank.
Its easier to hack someones comlink then hack into there bank account then to hack the bank directly. But its more complicated then just hacking a comlink.
When you hack a credstick, you have to break the encryption on the credstick, to get access to the credit.
So I think it makes sense that as the cred in the bank account is stored at the bank. You should have to hack the bank to steal the cred.
Look, my main question is tied to:
| QUOTE (BBB p.216) |
| " Note that standard electronic devices only have admin accounts, as there is no need for other accounts for their software. |
If you try to hack something considered a "standard electronic device" do you add the +6 threshold for hacking an admin account or is it the standard difficulty b/c it is the "default" user level?
I didn't mean to start a tangent discussion by our campaign's decision that an off the shelf comm is a "standard electronic device."
Well that's an interesting quote. I didn't notice that before. In my game you're just hacking for certain levels of exploits, not the actual account. So I'd still have 3 levels even if the guy only has one password...
Another thing I assume is that "standard electronic devices" are probably going to be subscribed to the main commlink and thus unhackable anyway.
Another thing I assume is that "standard electronic devices" are probably going to be subscribed to the main commlink and thus unhackable anyway.
| QUOTE (kigmatzomat) | ||
Look, my main question is tied to:
If you try to hack something considered a "standard electronic device" do you add the +6 threshold for hacking an admin account or is it the standard difficulty b/c it is the "default" user level? I didn't mean to start a tangent discussion by our campaign's decision that an off the shelf comm is a "standard electronic device." |
That's how I've been running it. +6 to just about everything. The only things that doesn't apply to is things that are designed to have multiple users with multiple levels of access, i.e. hosts.
Well, I do allow multiple levels for commlinks, similar to what PlatonicPimp suggested very early in this thread, but since admin is the only one really useful to a hacker, the other levels don't come up much.
| QUOTE (Moon-Hawk) |
| +6 to just about everything. The only things that doesn't apply to is things that are designed to have multiple users with multiple levels of access, i.e. hosts. |
That's how I see it as well.
Any hacker worth her salt will hack to admin level anyways. Nothing like making a legit account to log into a millisecond later and be ignored by any IC in the area.
It's not that simple. IC still check legit accounts to verify they're doing proper stuff. Plus logs exist that there used to be 4 accounts and now there is 5. That stuff gets checked out from time to time.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.