Anyone out there really familiar with CybraryN?

One of our branch librarians has complained that some of her high school students have figured out a way to hack CybraryN so that they have unlimited 'net time. When she told our software people about it, they said it was impossible. Knowing how supremely hackable Windows is in general and the fact that the branch lib. is watching them do this, I don't believe our software guru. Anyone out there know how to hack CybraryN into giving you unlimited time? Basically, what the kids are doing is logging CybraryN off... which is impressive since not even the branch staff know the password. So, either our password is exceptionally easy to figure out (possible) or they have found an easy hack out of it (very likely). Any help would be welcome. Thanks. And any help on what we can do to prevent them from hacking would be even more welcome.

Comments

impossible??

I did a quickie search and didn't spot any obvious cracks, but anyone who says it's impossible to crack ANY program is dead wrong. I hope that person isn't reposnsible for anything important around there.

Typical hacks to get around windows lockdowns

I don't have any direct experience with CybraryN, but here's some standard lines of attack to get around restrictive security software.

  • Right-click on *everything* until you get a menu that lets you do something that was otherwise off-limits.
  • Bang on F8 on computer startup to get to "boot in safe mode" prompt. This may allow circumvention of Windows directory/file permissions. Move/edit CybraryN config files and reboot.
  • Use a boot-disk (or thumbdrive, or Live CD) Again, circumvention of security permissions on config files may be possible. Or a live CD/thumbdrive may have it's own Operating System, networking, web browser etc., and just be used to circumvent Windows altogether to allow net access with no restrictions at all.
  • The Open File dialog box provided by windows is sort of a mini Windows Explorer. It can be used to copy/rename/delete files, explore the local network, and can even open files into other programs via the right-click menu.
  • If directory permissions are not set correctly, config files for CybraryN may be editable.
  • Does CTRL-ALT-DEL allow access to the Task Manager? It could be used to shut down CybraryN. The Task Manager may also be accessible from right-clicking on the System Tray.
  • How does Internet Explorer/Netscape/Mozilla handle downloadable programs? Some versions of IE default to asking the user if they want to run the program when the download is finished. A downloadable registry editor or windows "tweaking" tool may allow circumvention of CybraryN security; something that lets a user check boxes to decide what programs will be run when the computer starts up.
  • How does the web browser handle unknown MIME types? Very few browsers have plugins or helper programs for *every* esoteric file format. What do you get when you try to download something in, say, Sun's .ras Raster Image file format? Most browsers default to allowing the user to pick a program to handle it. A patron might be able to find a CybraryN setup program, the Task Manager, Registry Editor, or some other powerful program already on the computer that lets them manipulate/shut down CybraryN. It doesn't matter that the program isn't actually equipped to handle that kind of file. What's important is that your web browser may be made to launch arbitrary local (or recently downloaded) programs.


  • Think like a child. Try everything.
    Those are just off the top of my head....
  • Thanks.

    Thanks Porch Geese for all the hints... Gonna be playing with CybraryN soon methinks. I'll also pass them along to the branch person to see if any of them sound familiar to her. She thinks that one of the kids figured it out and is now passing it around school.

    And Blake, thanks for looking around. We couldn't find anything either. Unfortunately, the person who said it was impossible is a member of our Software team. To be fair, they are not our CybraryN guru but knowing software like they should they should have known better than to claim impossibility. Our branch staff is going to try and have one of our software people come out and monitor the software during the peak hours for this activity. That should help solve the problem.

    Anyway, thanks for the help!!

    Re:Typical hacks to get around windows lockdowns

    Okay, so the hack was even easier than I thought. The branch person sat down at a public station, went to the start menu, opened programs, and opened IE. Boom! She was at the gov't webpage without nary a blip from CybraryN. Looks to me like the problem wasn't with CybraryN but with our Windows setup.

    passwords

    You said the problem might be that the password was easy to figure out. You might want to change the password and make sure that is not the problem.

    Re:passwords

    We run CybraryN, and yes you can right click on a certain area to bring up a list of options. Most can be protected with a password. The problem I have found is that, our desk staff tend to tape these passwords to the reference desk or the monitors of the reference desk computers. It doesn't take much to see them. Also, the another problem is that library card numbers here go up in increments of 7. So the kids have figured this out and just find a working card number then add 7 to find new card numbers.

    Syndicate content