Last updateThu, 21 Dec 2017 2pm


Introducing – Tools for Cinema Quality Assurance


Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

More SSL Flaws Found by MS

Users of Internet Information Services (IIS) < 6.0 in default mode are not affected by potential man-in-the-middle attack...kinda...must use workarounds...Microsoft advises not to use their workarounds though. In fairness to MS, this is old SSL exploit news that they are acknowledging affects all their current OSs. 

Read the ars technica report...and read a newspaper instead of using wifi at the coffeeshop, or at your clients...or on the trian.

Microsoft warns of TLS/SSL flaw in Windows

By Emil Protalinski | Last updated February 9, 2010 4:12 PM

Microsoft has issued Security Advisory (977377) to address a publicly disclosed vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The TLS and SSL protocols are implemented in several Microsoft products, both client and server. Currently Microsoft has concluded that it affects all supported versions of Windows: Windows 2000 SP4, Windows XP (32-bit and 64-bit), Windows Server 2003 (32-bit and 64-bit), Windows Vista (32-bit and 64-bit), Windows Server 2008 (32-bit and 64-bit), Windows 7 (32-bit and 64-bit), and Windows Server 2008 R2. Microsoft says it will update the advisory as the investigation progresses.

FIPS 140-2 Level 2 Certified USB Memory Stick Cracked

Encrypting USB Flash memory from Kingston, SanDisk and Verbatim. Kingston, SanDisk and Verbatim all sell quite similar USB Flash drives with AES 256-bit hardware encryption that supposedly meet the highest security standards. This is emphasised by the FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST), which validates the USB drives for use with sensitive government data. Security firm SySS, however, has found that despite this it is relatively easy to access the unencrypted data, even without the required password.

Read more ...

Sure: Resort to OverSieving...RSA 768 Modulus Fail

In a paper that is suprisingly readable and glib, 13 computer scientists at 6 facilities report on the factorization of the 768-bit number RSA-768 by the number field sieve factoring method. They speculate that RSA-1024 would take a thousand times harder and another 10 years (it has been 10 years since RSA-512 was deflowered) - recommending that people shift from 1024 over the next 3 years.

Of course, Digital Cinema keys are already RSA-2048, and time out after short intervals, so no kerfluffle here.

Use the link below to get the document; for an interesting article:

Read more ...

Flash Cookies | Your Privacy

Flash cookies, or Local Shared Objects, generally serve the same tracking function as HTTP cookies, but with some significant differences. First, they can hold a lot more data, up to 100 Kilobytes, where a standard HTTP cookie is only 4 Kilobytes. They have no default expiration date. They are stored in different locations on your machine so even if you go hunting for files with the .SOL extension, which Flash cookies use, you may have a hard time find them all. And last, the security settings on your computer have no effect on them. - Bill Detwiler/TR Dojo; click here to see an excellent video.

Read more ...

Nuclear Plants Cautiously Phase Out Dial-Up Modems

acoustic couplerThe modem technology currently employed to transmit ERDS data from power reactor sites to NRC HQ is obsolete. - NRC

The Nuclear Regulatory Commission is asking the operators of America’s 66 nuclear power plants to voluntarily upgrade the on-site monitoring systems that report plant conditions to the government.

That upgrade to the 16-year-old Emergency Response Data System? Replacing telephone dial-up modems with VPN appliances.

The Emergency Response Data System probably doesn't use acoustic couplers.

Read more ...