Difference between revisions of "DyKnow"
imported>Cov (Created page with ''''DyKnow Vision''' is proprietary classroom software used by the College of Engineering at Virginia Tech. It is mostly written in C# but has many native components and canno…') |
imported>Cov |
||
| Line 1: | Line 1: | ||
| − | '''DyKnow Vision''' is proprietary classroom software used by the [[College of Engineering]] at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with [[w:Mono (software)|Mono]]. Attempts to run it under [[w:Wine (software)|Wine]] have been unsuccessful. DyKnow Monitor, which comes bundled with DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens. | + | '''DyKnow Vision''' is proprietary classroom software made by Dynamic Knowledge Transfer, LLC and used by the [[College of Engineering]] at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with [[w:Mono (software)|Mono]]. Attempts to run it under [[w:Wine (software)|Wine]] have been unsuccessful. DyKnow Monitor, which comes bundled with DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens. |
=Malware Features= | =Malware Features= | ||
| Line 13: | Line 13: | ||
=Security= | =Security= | ||
In the spring of 2009, the [http://www.security.vt.edu/ IT Security Office] and DyKnow were alerted that the login process was unsafe. Passwords were being sent over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]], allowing [[w:Replay attack|replay attacks]] and [[w:Password cracking|password cracking]] (but not [[w:Rainbow table|precomputation attacks]]). Within a month, users were instructed to enable SSL for transactions and unencrypted access was shut off. | In the spring of 2009, the [http://www.security.vt.edu/ IT Security Office] and DyKnow were alerted that the login process was unsafe. Passwords were being sent over the wire as an [[w:MD5|MD5 hash]] with a static [[w:Salt (cryptography)|salt]], allowing [[w:Replay attack|replay attacks]] and [[w:Password cracking|password cracking]] (but not [[w:Rainbow table|precomputation attacks]]). Within a month, users were instructed to enable SSL for transactions and unencrypted access was shut off. | ||
| + | |||
| + | If it is preferable for the traffic to remain unencrypted for some time, using [[socat]] as a [[Socat#Cleartext_to_SSL_Tunnel_for_DyKnow|plaintext-to-SSL proxy]] allows the final end of the connection to be encrypted but the middle | ||
| + | |||
| + | =Patents= | ||
| + | DyKnow has been granted three [[w:Software patent|software patents]]. | ||
| + | * [http://www.google.com/patents/about?id=yY94AAAAEBAJ US 7003728] | ||
| + | * [http://www.google.com/patents/about?id=idh_AAAAEBAJ US 7213211] | ||
| + | *[http://www.google.com/patents/about?id=0AC6AAAAEBAJ US 7508354] | ||
Revision as of 17:39, 25 November 2009
DyKnow Vision is proprietary classroom software made by Dynamic Knowledge Transfer, LLC and used by the College of Engineering at Virginia Tech. It is mostly written in C# but has many native components and cannot be run with Mono. Attempts to run it under Wine have been unsuccessful. DyKnow Monitor, which comes bundled with DyKnow Vision, includes malware-style features such as application and URL blocking, remote opening and closing of programs and displays of student screens.
Contents
Malware Features
Occasionally, professors have enabled the malware features of DyKnow products in class, forcing full-screen mode and spying on students. More specific information regarding this would be informative. In earlier versions of DyKnow, certain key combinations could easily break the forced full-screen mode. Unless students give consent to have their privacy invaded by merely showing up to class and running required software, the malware functionality breaks the Virginia Tech Acceptable Use Policy.
Running the Proprietary Software
Virtual Machines
DyKnow runs fine in virtualized environments such as VirtualBox. Using a virtual machine is a nice way to soften the effects of its malware capabilities.
Making the Installer Skip Dependencies
The web installer is broken, but if you trick it into skipping dependencies, you can at least get DyKnow installed under Wine. To do so you'll need to run the DyKnow installer with Wine then delete the dependency entries from a temporary folder in c:\windows.
Security
In the spring of 2009, the IT Security Office and DyKnow were alerted that the login process was unsafe. Passwords were being sent over the wire as an MD5 hash with a static salt, allowing replay attacks and password cracking (but not precomputation attacks). Within a month, users were instructed to enable SSL for transactions and unencrypted access was shut off.
If it is preferable for the traffic to remain unencrypted for some time, using socat as a plaintext-to-SSL proxy allows the final end of the connection to be encrypted but the middle
Patents
DyKnow has been granted three software patents.
