What does it mean for a device to be hardwired?

Recently while reading about security cameras in Shadowrun 5e, I came across a forum post where someone suggested that if you don’t want a decker to be able to disable your security cameras, you can hardwire them. From what I understand this means that they are not connected to the matrix, but what is less clear is whether that’s all, which leads me to my question: What does it mean for a device to be hardwired in Shadowrun 5e?

(How) Can a Rogue use the Use Magic Device feature to cast spells from Spell Scrolls?

Thief rogues get the Use Magic Device feature at 13th level, which lets them ignore all class, race, and level requirements on the use of magic items.

Spell scrolls are an unintelligible cipher if the spell isn’t on your class’s spell list. If using a spell scroll to cast a spell higher than you’re normally capable of, you need to make an ability check using your spellcasting ability against a DC equal to 10 + spell level.

Since the Thief rogue ignores all class and level requirements on the use of magic items, does this mean they may use spell scrolls without an ability check regardless of their level (essentially allowing them to be able to fake being a high-level caster for any class as the situation warrants)?

Or does the ability just let them attempt to use the scroll, but because the spell’s not on their spell list (because they don’t have a spell list), they need to make the ability check? If so, what ability would they use to make the spellcasting ability check?

Is there a legitimate reason for a USB-ethernet hardware device to have been connected to my laptop?

There was an unknown network adapter in my device manager. I found out it was for a USB-RJ45 ethernet device, which I have never even seen before. This device was not present when I bought the machine. As far as I have researched, it is not installed by any software or devices I use.

I’m concerned because there is a known vulnerability in Windows that’s exploited using these devices. A malicious person with access to the device could have stolen my credentials and logged in. (Google Usb-ethernet windows vulnerability if you don’t believe me.)

I believe the police or another malicious party exploited that vulnerability, and they used it to install a keylogger and acquire my hardware info. Is the presence of this device suspicious enough, from an information security standpoint, to support my belief? What would you do if you discovered the same on an enterprise machine?

Security assessment of a legacy SSL/TLS implementtaion on an IoT device

I am doing a security aseesmment on communication security of a legacy IoT Device. So basically objective is to assess and find security gaps in curreny design/implementation. The mode of assessment is manual, primarily with the reference of existing design and code. This is only client side at device; while server is a cloud based server. The device is using a GSM module (SIMCom SIM900) and makes HTTPS communication to server over internet using GSM AT commands.

Based on my understanding on SSL/TLS, I am considering below parameters or criterias for this assessment:

a. TLS portocol version

b. Cipher suites used

c. certificate and key management

d. Root CAs installed on device

e. Embedded PKI aspect for device identity management

f. Hardware crypto aspect (SHE/TPM)

Am I doing it in a right way? Though I think above list of parameters are not specific to Device HW/SW platform; rather generic. but I guess that’s how it should be! I mean parameter list will be pretty much same; however actual assessment on these will depend on security requirements and other aspects like device footprint & its platform etc.

Is the assessment parameter list I am considering is good and adequate? I would appreciate your inputs to validate/correct my approach.

OAuth device code grant – JWT

I am looking at implementing an API Gateway for a system using WS02 as the IdP. Users will be signing in using OAuth via federated SSO with social providers (initially Google). The users will also need to pass access to a device with limited input, so I was looking to implement the OAuth device_code grant (WS02 is the only open source IdP that supports this grant, as far as I can see, please correct me if you know I am wrong). This will pass a JWT to the device which it should be able to use to access the API Gateway.

  1. Is it acceptable for a JWT to be used by a device in this way? I have been reading that using ‘opaque tokens’ is preferable but I don’t know how these could be assigned to a device using open standards. What are the risks of this approach and how can they be mitigated?
  2. The JWT would pass from ‘client device’ -> ‘API Gateway’ -> ‘service’. Is this delegation accpetable – is the Gateway impersonating the client?
  3. There will also be some JavaScript (React) web apps to use in browser, could these use the JWT also? Again what are the risks and how could they be mitigated?

How secure is the apple cross device copy and paste feature?

I can copy and paste between my iPhone and MacBook Pro it’s a great feature that I find myself using frequently. I am frequently copy and pasting from my password manager to log in to different sites. a few questions about the security of the cross device cut and paste.

  • Does apple get access to the clipboard?
  • How is apple securing this cross device copy and paste?
  • Can this feature be turned off?
  • Should I turn off this feature to improve my security?

Are there any examples of “level requirements” that can be ignored with Use Magic Device?

The Thief Rogue’s 13th level feature allows them to ignore requirements on the use of magic items:

Use Magic Device. By 13th level, you have learned enough about the workings of magic that you can improvise the use of items even when they are not intended for you. You ignore all class, race, and level requirements on the use of magic items.

I’ve found examples of items that have class requirements (e.g. a Rod of the Pact Keeper) and of items that have race requirements (e.g. a Moonblade). However, I couldn’t find any examples of items that have level-based requirements on their use.

Are there any, or is this a redundant (/future-proofing) clause in the feature?

Items from any published 5th edition material would be welcome as answers; if the only examples are in UA that would be useful information as well.

What are the specific mechanics of a rogue’s use magic device ability?

Imagine a homebrew weapon, for example, a dagger that behaves like a normal +1 dagger to everyone except elves, who are conferred an additional bonus as well other abilities or effects.

When a rogue uses any given magic device, how does this work? Is the rogue effectively "emulating" a certain combination of race/class/level, in order to coax magic out of the device? Or is the rogue simply ignoring or bypassing restrictions to use a magic device?

In the specific case of the above dagger, the weapon has no requirements that prevent anyone from using it. However, if the rogue is effectively presenting itself as an elf to the weapon, it might expect to get the bonus. Given that the description of UMD doesn’t really address this specifically, how does this rule?