Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

Krack'd WPA2...and now, ROCA

KRACK Wifi bug logoWPA2 is the most common protocol used for protecting WiFi signals from being used by nefarious people for horrible things. As of 16 October, WPA – and all  its variants of WPA1, WPA2, personal and enterprise, including with TKIP, AES and GCMP – is officially broken. Until repairs are made to all equipment involved in a WiFi network – that means, equipment providing the signal and equipment using the signal – it is no longer a valuable security tool. The force is called KRACK = Key Reinstallation Attacks

The above video shows how a Man in the Middle attack is easily mounted against a user connected to the system, intercepting the data flow as if it weren't encrypted. Although a properly set up website with https (SSL) encryption will still hide a users data, an improperly set up site will not protect the user.

It is possible that a user will go to a site, see that it is protected by the classic lock symbol appearing on the URL line of the browser, then get hacked while thinking they are securely passing credit cards, email addresses, password and other information. The video shows Match.co.uk being broken.

The discoverer of the attack says in his paper that the problem is a weakness in the WiFi standard itself, not any particular product. See: Breaking WPA2 by forcing nonce reuse

Updates will be required on all devices; routers, phones, portable computers, whether Android or Apple or Samsung or Cisco or Belkin or Linksys or Debian or Ubuntu or any of the suppliers of chips like Broadcom or ...well, everyone. There is a site tracking information on these companies: https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

Other articles:

https://www.wordfence.com/blog/2017/10/krack-and-roca/?utm_source=list&utm_medium=email&utm_campaign=101617

https://www.schneier.com/blog/archives/2017/10/new_krack_attac.html

What is the good news? First, trusting a wifi network has always been hit or miss. A poorly set up system would allow me to break into your computer on the other side of the room...or at least have a chance of it. So, now more people will be wary.

Another good point is that equipment which does not get patches out quickly – I'm thinking 3rd party Android phones from smaller suppliers for example, they are going to be known for the bad actors that they are. 

Finally, I suppose it will get more of us onto VPN, where a good tunnel still works. Yahoo! more things to know...

=-=-=

There is another crack that just hit the public as well, this one called ROCA. It has to do with a horror for the many who have used a particular bed of generator numbers to fulfill the promise of randomness when generating public keys.

We all know public key encryption, yes? The attack is on public key encryption. Too detailed to make a simple summary article. But it is a condemnation of keeping things hidden as a method for security – what's called "Security Through Obsurity".  When it is open and public, we can all see if there are hooks for the bad guys or the government (redundant?), or just plain errors a lot sooner. Here's is the detailed Technica article about it:

Millions of high-security crypto keys crippled by newly discovered flaw