Difference between revisions of "DyKnow"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Mutantmonkey
(Redirect link to Gobblerpedia)
imported>Pew
 
(15 intermediate revisions by 4 users not shown)
Line 1: Line 1:
'''DyKnow Vision''' is proprietary classroom software made by Dynamic Knowledge Transfer, LLC and used by the [[College of Engineering]] at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with [[Mono]]. Attempts to run it under [[w:Wine (software)|Wine]] have been unsuccessful. DyKnow Monitor, which comes bundled with DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens.
+
'''DyKnow Vision''' is proprietary classroom software made by Dynamic Knowledge Transfer, LLC and used by the [[College of Engineering]] at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with [[Mono]]. Attempts to run it under [[w:Wine (software)|Wine]] have been unsuccessful. Both DyKnow Vision and DyKnow Monitor are known to contain malware-style features allowing for remote screen capture and forced full-screen.  
  
=Malware Features=
+
==Malware Features==
Occasionally, professors have enabled the malware features of DyKnow products in class, forcing full-screen mode and spying on students. More specific information regarding this would be informative. In earlier versions of DyKnow, certain key combinations could easily break the forced full-screen mode. Unless students give consent to have their privacy invaded by merely showing up to class and running required software, the malware functionality breaks the [http://www.vt.edu/about/acceptable-use.html Virginia Tech Acceptable Use Policy], but to date, this hasn't seem to have garnered any attention.
+
DyKnow Monitor, which comes bundled in some versions of DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens.<ref>[http://www.dyknow.com/wp-content/uploads/2011/05/monitor54.pdf]</ref> DyKnow Monitor can be prevented from installing by editing the MSI to set a DONT_INSTALL_MONITOR flag. In the current version of DyKnow provided by Virginia Tech, the DONT_INSTALL_MONITOR flag is set by default. However, DyKnow Vision retains many malware features, such as forced full-screen mode and remote screen-capture.
  
=Running the Proprietary Software=
+
Occasionally, professors have enabled the malware features of DyKnow Vision in class, forcing full-screen mode and spying on students through the remote screen-capture functionality. In earlier versions of DyKnow, certain key combinations could easily break this forced full-screen mode. More specific information regarding this would be informative.
==Virtual Machines==
+
 
 +
Unless students give consent to have their privacy invaded by merely showing up to class and running required software, the malware functionality breaks the [http://www.vt.edu/about/acceptable-use.html Virginia Tech Acceptable Use Policy], but to date, this hasn't seem to have garnered any attention.
 +
 
 +
==Running the Proprietary Software==
 +
===Virtual Machines===
 
DyKnow runs fine in virtualized environments such as [[w:VirtualBox|VirtualBox]]. Using a virtual machine is a nice way to soften the effects of its malware capabilities.
 
DyKnow runs fine in virtualized environments such as [[w:VirtualBox|VirtualBox]]. Using a virtual machine is a nice way to soften the effects of its malware capabilities.
  
==Making the Installer Skip Dependencies==
+
===Making the Installer Skip Dependencies===
 
The web-based dependency installer is broken under wine, but if you trick it into skipping dependencies, you can at least get DyKnow Vision installed. To do so, you'll need to run the DyKnow installer with Wine then delete the dependency entries from a temporary folder in <code>c:\windows</code>.
 
The web-based dependency installer is broken under wine, but if you trick it into skipping dependencies, you can at least get DyKnow Vision installed. To do so, you'll need to run the DyKnow installer with Wine then delete the dependency entries from a temporary folder in <code>c:\windows</code>.
  
=Security=
+
==Security==
In the spring of 2009, the [http://www.security.vt.edu/ IT Security Office] and DyKnow were alerted that the login process was unsafe. Passwords are sent by DyKnow over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]] and symmetrically encrypted with [[w:Advanced Encryption Standar|AES]]. While the salted MD5 hash is invulnerable to standard [[w:Rainbow table|precomputation attacks]], the symmetric encryption was performed with key information shared between all clients, allowing for simple decryption if the traffic can be intercepted. Within a month of notification, the issue was worked around at Virginia Tech. Users were instructed to enable SSL for transactions and unencrypted access to the server was shut off. No response from DyKnow on this issue is known of.
+
In the spring of 2009, the [[gp:IT Security Office|IT Security Office]] and DyKnow were alerted that the login process was unsafe. Passwords are sent by DyKnow over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]] and symmetrically encrypted with [[w:Advanced Encryption Standar|AES]]. While the salted MD5 hash is invulnerable to standard [[w:Rainbow table|precomputation attacks]], the symmetric encryption was performed with key information shared between all clients, allowing for simple decryption if the traffic can be intercepted. Within a month of notification, the issue was worked around at Virginia Tech. Users were instructed to enable SSL for transactions and unencrypted access to the server was shut off. No response from DyKnow on this issue is known of.
  
 
If it is preferable for the traffic to remain unencrypted for some time, using [[socat]] as a [[Socat#Cleartext_to_SSL_Tunnel_for_DyKnow|plaintext-to-SSL proxy]] allows the final end of the connection to be encrypted but the initial segment to remain unencrypted.
 
If it is preferable for the traffic to remain unencrypted for some time, using [[socat]] as a [[Socat#Cleartext_to_SSL_Tunnel_for_DyKnow|plaintext-to-SSL proxy]] allows the final end of the connection to be encrypted but the initial segment to remain unencrypted.
  
=Patents=
+
DyKnow 5.7 installed a hardcoded root certificate on student computers, allowing traffic to be intercepted in attacks similar to the Superfish vulnerability. SWAT has provided a [https://swat.eng.vt.edu/expanded-information-regarding-dyknow-57-vulnerability remediation tool] to remove the certificate and proxy features of DyKnow.
 +
 
 +
==File Format==
 +
The .dyz file format is a gzipped XML file. After decompressing the file, it can easily be parsed using any standard XML library; pen strokes are stored as base64-encoded binary strings that are provided by the Microsoft Ink library. The DyKnow format also has support for storing complete file history, including erased, resized, and moved pen strokes as well as other deleted or changed elements.<ref>[https://code.google.com/p/dyknow-panel-extractor/wiki/DPXReader]</ref>
 +
 
 +
==Patents==
 
DyKnow has been granted three [[w:Software patent|software patents]].
 
DyKnow has been granted three [[w:Software patent|software patents]].
 
* [http://www.google.com/patents/about?id=yY94AAAAEBAJ US 7003728]
 
* [http://www.google.com/patents/about?id=yY94AAAAEBAJ US 7003728]
Line 22: Line 31:
 
* [http://www.google.com/patents/about?id=0AC6AAAAEBAJ US 7508354]
 
* [http://www.google.com/patents/about?id=0AC6AAAAEBAJ US 7508354]
  
=External Links=
+
==References==
 +
<references/>
 +
 
 +
==External Links==
 
* [http://schoolcomputing.wikia.com/wiki/DyKnow DyKnow entry on the School Computing wiki]
 
* [http://schoolcomputing.wikia.com/wiki/DyKnow DyKnow entry on the School Computing wiki]
 
* [[gp:Learning Technologies#Online Course Systems|Online Course Systems]] [http://www.edtech.vt.edu/ocs/dyknow/index.shtml DyKnow support page]
 
* [[gp:Learning Technologies#Online Course Systems|Online Course Systems]] [http://www.edtech.vt.edu/ocs/dyknow/index.shtml DyKnow support page]
 +
* [http://www.dyknow.com/wp-content/uploads/2011/05/DyKnow-Step-by-Step-Guide-Full.pdf DyKnow Step-by-Step Guide]
 +
* [https://code.google.com/p/dyknow-panel-extractor/ dyknow-panel-extractor utility]
  
[[Category:Proprietary course software]]
+
[[Category:Software]]
[[Category:Campus bugs]]
 
[[Category:Move to Uniluug]]
 

Latest revision as of 17:07, 3 January 2018

DyKnow Vision is proprietary classroom software made by Dynamic Knowledge Transfer, LLC and used by the College of Engineering at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with Mono. Attempts to run it under Wine have been unsuccessful. Both DyKnow Vision and DyKnow Monitor are known to contain malware-style features allowing for remote screen capture and forced full-screen.

Malware Features

DyKnow Monitor, which comes bundled in some versions of DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens.[1] DyKnow Monitor can be prevented from installing by editing the MSI to set a DONT_INSTALL_MONITOR flag. In the current version of DyKnow provided by Virginia Tech, the DONT_INSTALL_MONITOR flag is set by default. However, DyKnow Vision retains many malware features, such as forced full-screen mode and remote screen-capture.

Occasionally, professors have enabled the malware features of DyKnow Vision in class, forcing full-screen mode and spying on students through the remote screen-capture functionality. In earlier versions of DyKnow, certain key combinations could easily break this forced full-screen mode. More specific information regarding this would be informative.

Unless students give consent to have their privacy invaded by merely showing up to class and running required software, the malware functionality breaks the Virginia Tech Acceptable Use Policy, but to date, this hasn't seem to have garnered any attention.

Running the Proprietary Software

Virtual Machines

DyKnow runs fine in virtualized environments such as VirtualBox. Using a virtual machine is a nice way to soften the effects of its malware capabilities.

Making the Installer Skip Dependencies

The web-based dependency installer is broken under wine, but if you trick it into skipping dependencies, you can at least get DyKnow Vision installed. To do so, you'll need to run the DyKnow installer with Wine then delete the dependency entries from a temporary folder in c:\windows.

Security

In the spring of 2009, the IT Security Office and DyKnow were alerted that the login process was unsafe. Passwords are sent by DyKnow over the wire as an MD5 hash with a static salt and symmetrically encrypted with AES. While the salted MD5 hash is invulnerable to standard precomputation attacks, the symmetric encryption was performed with key information shared between all clients, allowing for simple decryption if the traffic can be intercepted. Within a month of notification, the issue was worked around at Virginia Tech. Users were instructed to enable SSL for transactions and unencrypted access to the server was shut off. No response from DyKnow on this issue is known of.

If it is preferable for the traffic to remain unencrypted for some time, using socat as a plaintext-to-SSL proxy allows the final end of the connection to be encrypted but the initial segment to remain unencrypted.

DyKnow 5.7 installed a hardcoded root certificate on student computers, allowing traffic to be intercepted in attacks similar to the Superfish vulnerability. SWAT has provided a remediation tool to remove the certificate and proxy features of DyKnow.

File Format

The .dyz file format is a gzipped XML file. After decompressing the file, it can easily be parsed using any standard XML library; pen strokes are stored as base64-encoded binary strings that are provided by the Microsoft Ink library. The DyKnow format also has support for storing complete file history, including erased, resized, and moved pen strokes as well as other deleted or changed elements.[2]

Patents

DyKnow has been granted three software patents.

References

External Links