These are usually dumb terminals (although sometimes you see IBM compatibles) set up in fi-braries as electronic card catalogs. They have names like MS and GEAC. These systems allow h-brary patrons to search for materials (books, magazines, videos) by various search restrictions; to see the current status of materials (On the shelf? Charged out? Overdue? Missing?); place holds on items; get library news, and other library-related functions. Often dial-in lines are available, especially at university libraries.
The challenge to the hacker is this: He knows there is a secret side to every library computer. How can he get into it?
Every library computer system is divided into two parts. There is the publiclyaccessible catalog, and the private stuff. The private stuff (the secret side) includes procedures to discharge materials, get confidential patron information, add or alter fines, block library cards, etc. These private func-tions, used by library staff, must rely on the same database of information as is found on the PATs. (If the librarian checks out a book to somebody, the fact that the book is not present in the library must be shown on the public terminals.) Therefore, the functions that are available to the public are a sub-set of the entire library program. That is, the pro-gram the public uses to make inquiries on books is part of a larger program which includes higher managerial functions.
The two program parts are obviously separated, otherwise anyone could walk into the library and erase all the fines off their library card, or put $100 worth of lost items on an enemy's card. So, how is the public side separated from the private side? Take a guess.
Yup, a password.
Actually, it's usually a combination of two things: first, a hidden menu command, and then the password to authorize usage. Go to the main or earliest menu on the library system and try various commands like BYE, END, EXIT, X, XXX, SYS, SYSTEM, LATER, and OFF. Usually this kind of system will accept either threecharacter corn-mands or single-character commands, but of course things vary widely as you go from one system to another, so vary your tactics accordingly. If some-thing like BYE works, and you are exited from the public portion of the system, you will probably be asked to supply a password. Well, you know how to get passwords! On the other hand, it may not ask for a password at all...
Several library systems use bar code identifica-tion to detern-dne who gets to go backstage. If your library card has a bar code on it, then it is possible - but not certain - that achieving system operator status relies not on uncovering a password, but finding out some sequence of little black stripes. I have a story about this.
