Help - Search - Members - Calendar
Full Version: How to protect your devices from Hackers in 5th Edition
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3, 4
Wired_SR_AEGIS
Interestingly enough, in the real world of security engineering (See also the definitive book on the subject, Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems), the question is never if your system will be vulnerable/insecure, but the degree by which risk will exceed benefit. This is perhaps best illustrated by the following maxim: Secure Systems are unusable. Usable Systems are insecure.

Therefore, everything you personally use is, by definition, insecure.

It seems that in the world of Shadowrun 5th edition, everything is also, by definition, insecure. Which, when you think about it, is great: It keeps Shadowrunners employed.

So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

(It's also informative to consider that when the cost of a counter-measure exceeds the benefit that will be derived from it, risk is often accepted rather than mitigated. Remember that when someone suggests that the 100% solution to matrix-aware gear vulnerabilities is to always keep you gear off-line.)

-Wired_SR_AEGIS
Seerow
Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?
Epicedion
What does GOD stand for anyway? I've seen the acronym but missed the full version.
Werewindlefr
QUOTE (Epicedion @ Jun 24 2013, 06:40 PM) *
What does GOD stand for anyway? I've seen the acronym but missed the full version.

Grid Overwatch Division. Created in the ol' Deus days (I remember them being mentioned in Target: Matrix)
apple
Grid Overwatch Division. The 2070 Matrix Gestapo.

SYL
hermit
QUOTE
What does GOD stand for anyway? I've seen the acronym but missed the full version.

Grid Overwatch Division. A corp court mandated special forces decker unit from 2E. Probably Grid-cops from CP2020 in SR5.

QUOTE
So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

Use bioware. Be awakened. Don't use cyberware if you can help it.

In the case you are stubborn abut this being a cyberpunk game, despite better knowledge: Assuming slaving works somewhat like in SR4, and you can still route a commlink's traffic through another: use a bottleneck commlink you can hard reboot with little problems with the enemy decker inside (dumpshocking them) as a gateway to your actual PAN commlink, which is connected with a fiberglass wire and has (active) wireless deactivated. All your PAN is slaved to this commlink, ideally with wires.

Assuming wires have also become lostech for gamist reasons, slave devices to your commlink and wait to be hacked, the reboot your commlink hoping to dump the enemy decker. Of course, you'll be blind and spasming since your ware stops working without the hub it communicates over, but hey, better than having half a million worth of ware bricked, right?
Kruger
QUOTE (Wired_SR_AEGIS @ Jun 24 2013, 02:37 PM) *
It seems that in the world of Shadowrun 5th edition, everything is also, by definition, insecure. Which, when you think about it, is great: It keeps Shadowrunners employed.

They never had trouble finding work before. wink.gif
Tzeentch
QUOTE (Wired_SR_AEGIS @ Jun 24 2013, 10:37 PM) *
So at the advice of another poster in another thread, I thought I'd start this up to discuss the best methods, and solicit the collective wisdom of Dumpshock, for securing your devices and your cyberware.

Well, the easy answer is to not use cyberware. At all (may be easier to justify for the actual decker character). If you want to talk risk-reward, it certainly makes sense from a players perspective as it entirely eliminates vulnerability to an entire aspect of the game universe that would otherwise be an easy/lazy avenue of attack for the GM. Completely nullifying deus ex machina plots related to easily tracking your location or shutting down your characters advantages is a big deal, even with good GMs.

Compartmentalize your Matrix legwork. Only use a commlink when necessary and both power it down and store it in a RF shielded bag when not in use (you know, like real criminals). Take a look at the character generation rules and see if you can convert your cyber-samurai concept into a bio-samurai or adept.

Pro Tip: Discuss with your GM how dickish he intends to be with deckers, and plan accordingly.
DireRadiant
QUOTE (Seerow @ Jun 24 2013, 05:40 PM) *
Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?


Slaving to a Master device makes an Brute Force attempt on your device us the Master Device and Hackers rating for Willpower and Firewall.
DireRadiant
Run Silent. Hackers need to take an extra step or two to find you.
DireRadiant
Agent performing Matrix Perception and removing uninvited Marks from your own devices.
Epicedion
Commlink 1: broadcasting as normal.

Commlink 2: broadcasting only 1m, connected through matrix though commlink 1.

Cyberware connected to commlink 2 (and thus the Matrix through commlink 1)

Commlink 1 loaded with counterintrusion agents.

To get at the actual PAN (that is, commlink 2), any hacker would either have to be within 1 meter or fully hack into commlink 1 as a node to which commlink 2 is accessible as another node. If commlink 1 starts acting up, commlink 2 can sever the connection and lose the Matrix bonus to its connected 'ware.

Now, get commlink 1a, 1b, 1c, 1d, and 1e. If commlink 2 severs from commlink 1a, automatically connect it to commlink 1b, and so on down the line. A hacker would have to hack 5 commlinks to even try to get at your PAN, and after the last one would only have succeeded at removing Matrix bonuses from your 'ware. By that point the hacker should be meat.
LurkerOutThere
QUOTE (Seerow @ Jun 24 2013, 05:40 PM) *
Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?


No they cannot. The best the can do is if someone is slaved then them they can take a -10 on their inititiave to throw their willpower into the tests involved.
Seerow
QUOTE (LurkerOutThere @ Jun 24 2013, 11:36 PM) *
No they cannot. The best the can do is if someone is slaved then them they can take a -10 on their inititiave to throw their willpower into the tests involved.


Well there's a big stinker. I was hoping to see something like Electronic Warfare acting as a counterspelling bonus for allies, making their team's gear passively more resistant to hacking attempts.

And seriously, giving up a full pass to add willpower? That's really lame.
Deathstorm
To start, I'll point out that I only have 4th edition so far, so can't confirm how well these translate to 5th.

Some things you can do to help lessen your chance of getting screwed by your PAN:

1: Hidden mode. Best case, this might mean the opposing hacker spends enough time scanning that your team hacker spots and neutralizes him. Worst case, a good hacker will take a microdrone with a sprayer filled with hacker nanites that will give you a direct link to his commlink, and might start hacking you that turn. Keep your real commlink hidden, physically as well as matrixly. Matrixally? Whatever.

2: IC. Think about it. Since 1st edition, corps have made sure THEIR computers had IC floating around their systems to give deckers/hackers a bad day. So, you've got your system, with YOUR paydata (or valuable cyberware), so why wouldn't you give it the same consideration that the corps do. Chances are you are NOT good enough to program your defender yourself, so get someone you trust to do it for you. That's what fixers are for. To fix you up with things.

3: Redundancy. Add extra steps to hacking your cyberware. Skinlink your wares to your main commlink. Link that with a cable to your burner link. Link THAT via cable to another one. The hacker will need to go through each node to get to the good stuff, and each hacking attempt (after the first) gives you two chances to notice them. One for the node he's in, and another for the one he's hacking. Plus the chance for your hacker buddy to scan him down.

4: Decoys. Bring four commlinks. Three of them in hidden, and the fourth your real one. Better still, have one of the decoys in passive mode, with links to your "cybergun" and other things. Face it. Everybody knows street samurai aren't smart. If they see a Street Sam with a commlink in passive mode declaring him "Super Samruai" (misspelling intentional), they're going to waste their time hacking IT, because we all assume street samurai ARE that dumb. Then, they need to go from there to your fake wares, and only then do they figure out that you pulled a fast one on them. That's a minimum of two-three turns for you to find and pull a fast GUN on them! Again, get your fixer to hire you a hacker to program RFID tags or some junk nodes to fake your cyberware.

5: Redundancy. Yeah. I had to make that joke. Slightly different version though. Don't assume any one security method is enough. Do all of these, plus any others that you like from other people. Plus have a hacker or technomancer on overwatch scanning for bugs. AND have everything set to flush all users and delete their accounts(except you, specifically) the instant it spots ANY suspected intrusion. Heck, along with 3 and 4, set them all up to perform a synchronized flush+delete any time ANY of them spot a suspected intrusion. If you've got a REALLY good hacker on tap, they might even have some way to randomize the ID for the commlinks, so each time the flush+delete happens, the commlinks swap IDs to make things even MORE annoying to figure out (the commlink they try to hack is now one of the decoys, unless they rescan).

6: Imagination trumps science. Remember, this is a cinematic game. This means that movie hacking is the way to think. So if you think of something that would be "impossible" with realistic hacking, try it anyway. If you see something awesome (yet realistically implausible) in a movie, either try it yourself or have your hacker buddy try it! In fact, ABUSE that idea. Like how movies ALWAYS have the timer stop at 1 second, have a built in timer set so anybody who logs in gets a pop up saying "Security violation! Enter code to stop:" with a timer counting down from 4 seconds and a box with space for 4 digits. The correct answer is of course to wait the timer down, and it'll stop and say "Violation cancelled. Have a good day!" or something like that. If any input is made, then boom, instant full alert! Sure, it means you have to wait an extra combat turn when you log into your commlink, but that's better than having some hacker having an easy time getting to your goodies, right?
LurkerOutThere
QUOTE (Deathstorm @ Jun 24 2013, 07:15 PM) *
To start, I'll point out that I only have 4th edition so far, so can't confirm how well these translate to 5th.


So then please don't start.
Aaron
QUOTE (Seerow @ Jun 24 2013, 05:40 PM) *
Here's my main question: Can a group's hacker provide passive protection to his group against hackers in the same way a mage can passively provide counterspelling to his whole group?

Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.

I should also mention that SR5 doesn't have daisy-chaining. A device is either on the Matrix or it isn't; there is no gateway architecture (if anybody thinks that we disregarded modern networking practice in the interests of playability, then my counter-argument is ... I got nothing; yeah, we did that).
binarywraith
So yeah.


Be a Mystic Adept.


That's pretty much the optimal solution.
Wired_SR_AEGIS
QUOTE (Aaron @ Jun 25 2013, 12:58 AM) *
Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.

I should also mention that SR5 doesn't have daisy-chaining. A device is either on the Matrix or it isn't; there is no gateway architecture (if anybody thinks that we disregarded modern networking practice in the interests of playability, then my counter-argument is ... I got nothing; yeah, we did that).


Well. In your defense... I think you could build a case that the distributed computing available across the matrix in conjunction with new security protocols could reduce the need to use classic network gateway architecture, based on the latency expense it would incur. Particularly when, even today, six white papers titled 'The Host is the new Perimeter' crop up weekly.

Theorizing about the fundamentals of the 2070 Matrix in today's terms would be like listening to a Babbage Contemporary opine about the possibilities of the modern GPU.

-Wired_SR_AEGIS
Seerow
QUOTE
Yes. Not exactly the same way, but they can provide passive protection in the form of their own stats when the devices they're protecting are slaved. There is a minor to moderate risk to the master.


To my understanding though, with how expensive cyberdecks are, it's actually much cheaper to get a high rating non-deck, and slave things to that, than slave things to the decker's deck. Like in another thread I saw someone make a point that there was like some rating 6 commlink or something for 5000 nuyen, where you'd spend several hundred grand to get something similar out of a deck. Which means the decker really isn't contributing much of anything to defending the group.

(Also it would take a good long while for any group to be willing to develop enough trust to slave their stuff to someone else's gear. It's one thing accepting some matrix overwatch, it's another thing to surrender control of everything you own to someone else. Hell in real life where I don't have my life on the line if my stuff is compromised, I still am hesitant to give someone else access to my stuff, much less full control over it.
Aaron
QUOTE (Seerow @ Jun 24 2013, 08:10 PM) *
To my understanding though, with how expensive cyberdecks are, it's actually much cheaper to get a high rating non-deck, and slave things to that, than slave things to the decker's deck. Like in another thread I saw someone make a point that there was like some rating 6 commlink or something for 5000 nuyen, where you'd spend several hundred grand to get something similar out of a deck. Which means the decker really isn't contributing much of anything to defending the group.

More or less. Taking the commlink route is a perfectly legit means of defense, but you miss out on a couple of things. First, the hacker usually has decent Mental attributes that you wouldn't have access to except via slaving. Second, without a Sleaze attribute running silent is much less effective (having a smaller dice pool to defend against spotting attempts) and potentially dangerous (smaller dice pool means higher chance of glitching, especially if you Logic isn't too high).


QUOTE
(Also it would take a good long while for any group to be willing to develop enough trust to slave their stuff to someone else's gear. It's one thing accepting some matrix overwatch, it's another thing to surrender control of everything you own to someone else. Hell in real life where I don't have my life on the line if my stuff is compromised, I still am hesitant to give someone else access to my stuff, much less full control over it.

I find this both wise and insightful.
LurkerOutThere
QUOTE (DireRadiant @ Jun 24 2013, 05:22 PM) *
Agent performing Matrix Perception and removing uninvited Marks from your own devices.


That doesn't really do much when they don't need a mark to dataspike you.
apple
QUOTE (binarywraith @ Jun 24 2013, 08:06 PM) *
So yeah.
Be a Mystic Adept.
That's pretty much the optimal solution.


Until the day they discover that they used and write the wrong version of the character creation rules, where mystic adepts cannot by a PP for 2 Karma. So there will be an errata out around the time for SR 6th.

SYL
Larsine
QUOTE (Seerow @ Jun 25 2013, 01:46 AM) *
And seriously, giving up a full pass to add willpower? That's really lame.

That bonus lasts for the rest of the combat turn, and is in addition to any other defense you employ.

Sometimes it will be worth giving up that one pass.
Critias
QUOTE (Larsine @ Jun 25 2013, 04:19 AM) *
That bonus lasts for the rest of the combat turn, and is in addition to any other defense you employ.

Sometimes it will be worth giving up that one pass.

It is, essentially, the Full Defense option (for Matrix stuff, instead of meatside dodging). Sometimes worth it, sometimes not. Just like meatside dodging.
Tymeaus Jalynsfein
Just remove wireless from your devices and laugh as the Hacker once again only has the Tacnet and communications to play with, which is powerful in and of itself. That will likely be the end result of the Hacking Ware effect, anyways, and completely removes the forced nature of the change in 5th Edition. Your character builds will be different, but likely still effective, and it bypasses the idiocy of having your Initiative Boosts/Logic Enhancers being Wireless for no good reason.
Aaron
QUOTE (LurkerOutThere @ Jun 25 2013, 02:20 AM) *
That doesn't really do much when they don't need a mark to dataspike you.

It's tough to one-shot a device without a mark or three, so there's that.
DireRadiant
QUOTE (LurkerOutThere @ Jun 25 2013, 02:20 AM) *
That doesn't really do much when they don't need a mark to dataspike you.


That's only one technique you've used to overcome my Defense Option 6 of 20.

For every defense there is an offense and vice versa, more options means you get more fun.

The fact you know an offensive counter to a defense doesn't make the defense invalid. No more then my argument makes your counter argument invalid. Without two sides and options you don't even have a game.
Mäx
QUOTE (Wired_SR_AEGIS @ Jun 25 2013, 01:37 AM) *
Interestingly enough, in the real world of security engineering (See also the definitive book on the subject, Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems), the question is never if your system will be vulnerable/insecure, but the degree by which risk will exceed benefit. This is perhaps best illustrated by the following maxim: Secure Systems are unusable. Usable Systems are insecure.

Therefore, everything you personally use is, by definition, insecure.

Sorry but no, if i pull out the Ethernet cable out from the back of my computer it becomes 100% unhackable from afar and it still works just as well as it did before except i cant surf the net with it.
Serbitar
Read the SGP in my sig. Old but still true.
Serbitar
QUOTE (Mäx @ Jun 25 2013, 03:58 PM) *
Sorry but no, if i pull out the Ethernet cable out from the back of my computer it becomes 100% unhackable from afar and it still works just as well as it did before except i cant surf the net with it.


Which equals unusable today.
Mäx
QUOTE (Serbitar @ Jun 25 2013, 05:07 PM) *
Which equals unusable today.

Not really no.
Tymeaus Jalynsfein
QUOTE (Mäx @ Jun 25 2013, 08:16 AM) *
Not really no.


Agreeed... Just becasue my computer is not connected to the Internet, it is not rendered useless. In fact I can do everything (except browse the Internet, which is not a necessity) on my computer without EVER having to connect to the internet at all, if I like.
Wired_SR_AEGIS
QUOTE (Mäx @ Jun 25 2013, 01:58 PM) *
Sorry but no, if i pull out the Ethernet cable out from the back of my computer it becomes 100% unhackable from afar and it still works just as well as it did before except i cant surf the net with it.


Incorrect. By disconnecting your ethernet capable, you have just inflicted a denial of service attack on yourself -- You've lost all networked capabilities. You've lost network shared resources, distributed computing, as well as a number of local programs that require online authentication prior to launching.

Critical Failure: You failed to secure the availability of your system.

Infact, you probably just executed that denial of service attack on yourself BETTER than a hacker could.

How does that make you feel? Sheepish?

-Wired_SR_AEGIS
Tymeaus Jalynsfein
QUOTE (Wired_SR_AEGIS @ Jun 25 2013, 09:59 AM) *
Incorrect. By disconnecting your ethernet capable, you have just inflicted a denial of service attack on yourself -- You've lost all networked capabilities. You've lost network shared resources, distributed computing, as well as a number of local programs that require online authentication prior to launching.

Critical Failure: You failed to secure the availability of your system.

Infact, you probably just executed that denial of service attack on yourself BETTER than a hacker could.

How does that make you feel? Sheepish?

-Wired_SR_AEGIS


That only works if you actually need the Internet to function. I have absolutely no program that NEEDS Internet connections (save Internet Explorer) to make my machine function. My system is completely available to perform the functions I consistently perform. Internet is a Choice, not a Requirement, and my machine works perfectly well without it. So well, in fact that I am no fear of Hacker/Malware attacks whatsoever. *shrug*
Draco18s
QUOTE (Tymeaus Jalynsfein @ Jun 25 2013, 11:05 AM) *
That only works if you actually need the Internet to function. I have absolutely no program that NEEDS Internet connections (save Internet Explorer) to make my machine function. My system is completely available to perform the functions I consistently perform. Internet is a Choice, not a Requirement, and my machine works perfectly well without it. So well, in fact that I am no fear of Hacker/Malware attacks whatsoever. *shrug*


*cough*
If that's the direction real world software is taking today...
Wired_SR_AEGIS
QUOTE (Tymeaus Jalynsfein @ Jun 25 2013, 04:05 PM) *
That only works if you actually need the Internet to function. I have absolutely no program that NEEDS Internet connections (save Internet Explorer) to make my machine function. My system is completely available to perform the functions I consistently perform. Internet is a Choice, not a Requirement, and my machine works perfectly well without it. So well, in fact that I am no fear of Hacker/Malware attacks whatsoever. *shrug*


Based on your dumpshock activity, I would suggest that perhaps you may need to rethink your dependency on network access as part of the routine operation of your system. ;b

-Wired_SR_AEGIS
Tymeaus Jalynsfein
QUOTE (Wired_SR_AEGIS @ Jun 25 2013, 10:08 AM) *
Based on your dumpshock activity, I would suggest that perhaps you may need to rethink your dependency on network access as part of the routine operation of your system. ;b

-Wired_SR_AEGIS


Again, Dumpshock is not a Necessity, it is a choice (and about the only online activity that I persue consistently). I have gone many months (in the past) without attaching to the Internet, and I have no programs that require it to function. And in fact have multiple PC"s at home that DO NOT RESIDE ON THE NETWORK at all. Therefore, how can you ever touch those PC's remotely? Those PC's are not denied service in any way. smile.gif
Kruger
QUOTE (Draco18s @ Jun 25 2013, 08:07 AM) *
*cough*
If that's the direction real world software is taking today...

Photoshop really isn't a very good example of a program people would be supremely worried about security on. Cloud based applications are awesome. For some things.

This is really the problem. Some people have a disconnect between the ideas of what can be done, and what would or should. Unfortunately, that group of disconnected people appear to have included all the decision makers at Catalyst too.
QUOTE (Wired_SR_AEGIS @ Jun 25 2013, 08:08 AM) *
Based on your dumpshock activity, I would suggest that perhaps you may need to rethink your dependency on network access as part of the routine operation of your system. ;b

-Wired_SR_AEGIS
I joke about people who can't imagine life without the Internet as being the ones who won't survive catastrophes, lol. wink.gif I was traveling all weekend up in the country for a wedding in a hick town, and most of the time I was offline. And yet I still managed to complete all of the stuff I was working on.

http://i131.photobucket.com/albums/p312/ke...n-Fellows-2.gif
nyahnyah.gif
Daedelus
QUOTE (Tymeaus Jalynsfein @ Jun 25 2013, 07:47 AM) *
Agreeed... Just becasue my computer is not connected to the Internet, it is not rendered useless. In fact I can do everything (except browse the Internet, which is not a necessity) on my computer without EVER having to connect to the internet at all, if I like.

You just described the whole matrix bonus concept. Without matrix you can do most of what you want, with matrix you can do a bit more. You have commented on the "stupidity" of certain concepts that I find elegant and ingenious. The hacker run you predict will not come to pass due to simple economy of actions. It will take a minimum of three passes to shut down that cyberarm. As far as bricking it...we cannot estimate that yet because we have not seen the rules. It can get really frustrating listening to those of you that equate opinion to fact.
Draco18s
QUOTE (Kruger @ Jun 25 2013, 11:20 AM) *
Photoshop really isn't a very good example of a program people would be supremely worried about security on. Cloud based applications are awesome. For some things.


I was simply pointing out an application that cannot be run without an internet connection.

And the fact that it's cloudbased is why my company will never upgrade past CS6.
Tymeaus Jalynsfein
QUOTE (Daedelus @ Jun 25 2013, 10:27 AM) *
You just described the whole matrix bonus concept. Without matrix you can do most of what you want, with matrix you can do a bit more. You have commented on the "stupidity" of certain concepts that I find elegant and ingenious. The hacker run you predict will not come to pass due to simple economy of actions. It will take a minimum of three passes to shut down that cyberarm. As far as bricking it...we cannot estimate that yet because we have not seen the rules. It can get really frustrating listening to those of you that equate opinion to fact.


Online does not add any functionality to my day to day life, though. It only adds enjoyment. There is a BiG Difference here. I can do ALL of what I NEED without ever touching the Internet. The problem is that they moved Basic Functionality from Need to Want, with no thought to the rationale for it.

Apparently Cyberlimbs cannot be hacked (can't remember who pointed that out). They have no online bonuses. And that is where the stupidity exists. If Limbs have no need for bonuses, why do Reaction Enhancers? They added this so that Hackers have something to do. The brutal fact, however, is that Hackers had More than Enough to do in SR4. They "Fixed" the wrong thing. And that is the complaint.
Kruger
QUOTE (Daedelus @ Jun 25 2013, 08:27 AM) *
You just described the whole matrix bonus concept. Without matrix you can do most of what you want, with matrix you can do a bit more.

It's this kind of "incomplete" thinking that got a game mechanic like that written in the first place.

What if his only need for his computer was to type up a report and print it? At no point does he require wireless connectivity to do that. What if he's just playing the campaign of Rome: Total War? Or if he's watching Norwegian Midget Porn that he downloaded several days ago? At what point would connectivity enhance any of those activities?

That's what people are getting at. There are just so many actions for which having external connectivity has no practical benefit, nor any material benefit. If I want to browse the Interwebs to get more Norwegian Midget Porn, I have to be online. If I've already got those little bastards downloaded, I'm set for a (short) while.
Tymeaus Jalynsfein
QUOTE (Kruger @ Jun 25 2013, 10:40 AM) *
It's this kind of "incomplete" thinking that got a game mechanic like that written in the first place.

What if his only need for his computer was to type up a report and print it? At no point does he require wireless connectivity to do that. What if he's just playing the campaign of Rome: Total War? Or if he's watching Norwegian Midget Porn that he downloaded several days ago? At what point would connectivity enhance any of those activities?

That's what people are getting at. There are just so many actions for which having external connectivity has no practical benefit, nor any material benefit. If I want to browse the Interwebs to get more Norwegian Midget Porn, I have to be online. If I've already got those little bastards downloaded, I'm set for a (short) while.


Norwegian Midget Porn? Is that a Thing? *shudders* smile.gif
Kruger
No idea. Probably. Rule 34 and all.
Draco18s
QUOTE (Tymeaus Jalynsfein @ Jun 25 2013, 11:43 AM) *
Norwegian Midget Porn? Is that a Thing? *shudders* smile.gif


Meh. If it isn't, it should be. I've seen just about everything else.
Ephiral
QUOTE (Mäx @ Jun 25 2013, 09:58 AM) *
Sorry but no, if i pull out the Ethernet cable out from the back of my computer it becomes 100% unhackable from afar and it still works just as well as it did before except i cant surf the net with it.


Emphasis mine. So your machine is perfectly secure over the network, and perfectly unusable over the network. It remains usable locally, and insecure locally. How does this contradict "secure systems are unusable, usable systems are insecure", exactly?
Wired_SR_AEGIS
QUOTE (Tymeaus Jalynsfein @ Jun 25 2013, 05:18 PM) *
Again, Dumpshock is not a Necessity, it is a choice (and about the only online activity that I persue consistently). I have gone many months (in the past) without attaching to the Internet, and I have no programs that require it to function. And in fact have multiple PC"s at home that DO NOT RESIDE ON THE NETWORK at all. Therefore, how can you ever touch those PC's remotely? Those PC's are not denied service in any way. smile.gif


So then you're describing a system whose dependencies do not include network activity. Therefore, a network is not a practical attack vector and the risk associated with a networked attack is minimal. It sounds like, in the context that you're describing, to perform a network attack a malicious individual would have to first inject network connectivity to your device, and then execute their network attack.

In that sort of a scenario, you're likely more concerned about physical access to your device, than networked access.

That's fine. That doesn't change the fact that your system is still vulnerable. It just has different dependencies and vulnerabilities to different threat vectors.

Personally? I find that the benefits of online connectivity outweigh the risks associated with online connectivity because I use systems where, practically speaking, online connectivity is a dependency. All of this, in no way, invalidates that usable systems are, by their nature, insecure in one way or another.

Full stop. smile.gif

-Wired_SR_AEGIS
Kruger
QUOTE (Wired_SR_AEGIS @ Jun 25 2013, 08:48 AM) *
So then you're describing a system whose dependencies do not include network activity.
Strangely enough, exactly like Wired Reflexes would be.
Daedelus
QUOTE (Kruger @ Jun 25 2013, 08:40 AM) *
It's this kind of "incomplete" thinking that got a game mechanic like that written in the first place.

What if his only need for his computer was to type up a report and print it? At no point does he require wireless connectivity to do that. What if he's just playing the campaign of Rome: Total War? Or if he's watching Norwegian Midget Porn that he downloaded several days ago? At what point would connectivity enhance any of those activities?

That's what people are getting at. There are just so many actions for which having external connectivity has no practical benefit, nor any material benefit. If I want to browse the Interwebs to get more Norwegian Midget Porn, I have to be online. If I've already got those little bastards downloaded, I'm set for a (short) while.

It sounds as if some of those items are not given bonuses. Some. that are questionable, are. We have a small sample to work from and cannot make any legitimate statistical analysis yet. I was speaking of the concept not the implementation. None of us can speak with any degree of expertise, to the implementation because we have not seen it yet. Well most of us anyway. I have not and I won't make any leap to judgment one way or the other until I have done my own homework. I'm not sure everyone here can say the same.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012