Tisma.net

When I first read this topic name I didn’t want to touch it with a ten foot pole! After all what the heck is dvd player software? My dvd player doesn’t have any place to put floppy disks or cd-ROMs and I have never seen that advertised in the store or on TV (And for me if it aint on TV it aint real). So I was about to write it off… … and then I remembered that sometimes I do watch DVDs on my laptop when I am on a trip or feel like watching a movie in bed and my laptop does have the capability to add software, so maybe this is something that I ought to look into because it might be real after all.

If you think about it the dvd player that you have is more of a computer than you may think and so every dvd player has dvd player software programmed onto it or it wouldn’t be able to read the digital material on the DVD and transform it into meaningful images and sounds. However this wouldn’t matter to us at all because we will never need and could never use new software for these dvd players—it is permanently with that player.

Computers on the other hand that have a dvd compatible drive also must have dvd software to play the dvd. The differences among these dvd player software packages has been most clear to me when I have plugged in a movie after a long day of work. I am ready for no more headaches and then the software that is programmed on the disk usually messes everything up. You see often they have some sort of autoplay so that the software that comes with the DVD will automatically start playing the movie.  However this software has either never been very compatible with my computer or just sucks all the way around because it never works right.

I always have better results when I stop the integral dvd player software and use the software that I have either downloaded onto my computer or that came in the software package in the new computer. This DVD software usually performs as flawlessly as you would want after a long hard day on the job as a new and used video games salesman. Which makes me wonder, “ is there a software package for playing DVD’s that will make my movie watching experience better than flawless.” I will be searching and I will keep you posted.

The increase in the number of spyware that infects your computer is directly proportional to the number of anti-spyware available on the market and internet. This means an internet user looking for a program to protect his computer is faced with a wide array of spyware removal programs and downloads. Choosing the right download for his system becomes extremely difficult for him. Therefore, he should download an anti-spyware software only from a reputable website to avoid ending up with more spyware while downloading. The important thing is to check the authenticity of a software or program before downloading it on to your system. I would suggest that you read the license agreement carefully before clicking on the download button. It is also advisable to download more than one program as one may not suffice to combat the multitude of invisible spyware that may infect the computer.

An effective spyware removal download will purge your system of any spyware and if it comes with a spyware program, will prevent any further spyware activity on your computer while it is connected to the internet.  Some of the reputed software download sites for anti-spyware include McAfee, spywareinfo.com, all-internet-security.com and tucows.com. To download spy removers from pop-up prompts will be as good as paying for spyware as most of these pop-ups are from spyware developers themselves. Even if it does cleanse your system once, there is every chance that you may be infected with it again and again.

Updates of anti-spyware programs are inevitable due to the ever developing nature of spyware and adware. And there are some programs that can be downloaded for free, but charge for their updates. If you don’t want to pay for spyware removal at any point in time, you would have to choose a program that is reliable as well as free.

Downloading spyware removal programs are simple enough as they follow the same procedure as any other internet download. After choosing the program, you just have to click the download link and follow the instructions.

Linux operating system uses a permissions schema to define user rights for each file. These permissions establish:

-who can read the file. If the file is a directory, read means list the contents of the directory.
-who can write/modify the file. If the file is a directory, this permission defines if you can make any changes to the directory contents, for example create or delete files.
-who can execute the file. If the file is a directory, this permission defines if you can enter the directory and access its contents, for example run a search in the directory or execute a program in it.

Permissions are assigned to the file owner, to the file owner group, and to all users. For example, you can set a document to be readable and writable by the owner only, and just readable by everybody else.

When you issue an ls –l command, to list all contents of a directory, you will see file permissions like this next to each file:

-rwxrwxrwx

This means this file can be read, written and executed by anybody. The first dash means this file is not a directory. For directories, there will be a d letter instead of a dash.

The first set of “rwx” refers to the file owner. The second set, to the owner group. The last set, to all other users. Let’s look at some examples:

-rwxr – - r – -
This file can be read, written and executed by its owner. It can only be read by other users. When a permission is not set, you see a dash in its place.

-rw-rw-r- -
This file can be read and written by its owner and the owner group. It can only be read by other users.

You can set these permissions using the chmod command. For example, this command:

chmod ugo=rwx filename

assigns read, write and execute permissions to file owner user(u), group(g) and others (o). This other example:

chmod ug=rw,o=r filename

assigns read and write permissions to user and group, and only read permission to others.

Permissions can also be expressed and set using the octal numeric system. Each permission is associated to a number:

Read = 4
Write = 2
Execute = 1

You need to come up with a number for the file owner, another number for the group and a last one for the other users. If you want to assign read, write and execute permissions to file owner, you add up the three values, thus getting a 7. If you want to assign same permissions to group and others, you come up with three sevens. You can set these permissions like this:

chmod 777 filename

If you set permissions for a file with the following command:

chmod 764 filename

then you’re establishing these permissions: read, write and execute for file owner (4+2+1=7), read and write for group (4+2=6) and only read for others (4).

The following commands are equivalent:

chmod ug=rw,o=r filename
chmod 664 filename

The file permissions schema lets you implement security policies. It is not a good idea to set file permissions high (e.g.: 777) for all files. It is important to think about it and assign the right permissions to the files, so users can do their job, and we are sure each file is accessed only by the right people.

Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.

Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance.  There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.