Tue01232018

Last updateThu, 21 Dec 2017 2pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Another New AES Attack

A new and very impressive attack against AES has just been announced.

Over the past couple of months, there have been two new cryptanalysis papers on AES. The attacks presented in the papers are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same.

This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating. It is a completely practical attack against ten-round AES-256:

[Editor Comment] Why is this information important? Certainly the fact that AES encryption is used at all points of the chain, makes it a valid area of interest.

Read more ...

Linux kernel vulnerability fixes - Update 3

The Linux developers have released kernel versions 2.6.27.30 and 2.6.30.5 which fix a critical vulnerability revealed last week. The vulnerability, which is found in all 2.4 and 2.6 series Linux kernels since 2001 and for which there is already an exploit, allows users with restricted privileges to obtain root privileges. The developers urgently recommend users update to the new versions.

Debian has already released updated kernels for the current Debian 5.0 (Lenny) and its predecessor Debian 4.0 (Etch), as has Fedora for Fedora 10 and 11. Users of these distributions can install the fixes using the package management update mechanism. Updated kernels for Ubuntu and openSUSE are not yet available.

Read more ...

Fibre-optic networks vulnerable to hacking

ITHackers can access data by tapping the fibre-optic networks used by businesses around the world, according to an IDC report.

Fibre-optic cable networks are not as secure as believed - with new technology making it easy for hackers to steal data from them, according to an IDC report.

IDC research analyst Romain Fouchereau said that the reputation of a fibre-optic cable network as more secure than copper cables wasn’t justified, and that new and inexpensive technologies have now made data theft easily possible for hackers without detection.

Organisations ... are potentially vulnerable from criminal threats, as much of the cabling is easily accessible and not well protected. ... hacks on optical networks could be achieved simply by extracting light from ultra-thin fibres.

Read more ...

Multiple Adobe security holes closed

A regular patching cycle isn’t enough for Adobe, as multiple flaws need closing in some of its popular software products.Adobe has released an out-of-cycle patch for its Flash Player, AIR, Reader and Acrobat software, closing more than 10 vulnerabilities that potentially left users open to attack.

It closes a recent vulnerability in Flash that was highlighted by Symantec and actively exploited in the wild. It also fixes 11 other flaws, including three that fixed problems in vulnerable Microsoft code (its Active Template Library (ATL)).

Read more ...

SSL-BlackHat Hacked-'Urgent'

IT Pro LogoBlack Hat: It wasn’t just the iPhone that got hacked… SSL encryption was also found to be vulnerable. So what could this mean when it comes to the sites we have been led to trust?

The biggest story that came from the recent Black Hat conference in Las Vegas was the discovery of a major iPhone security flaw that enabled hackers to take over the handset.

This has now been patched, but it has overshadowed another serious problem discovered during the conference.

Hacker Moxie Marlinspike discovered a new way to defeat SSL encryption, which could leave common web apps such as online banking vulnerable to attack.

After initial discoveries at a previous Black Hat event, Marlinspike revealed more vulnerabilities in SSL which our resident security blogger Davey Winder called “really rather worrying”.

As Winder describes in his blog post, Marlinspike revealed how man-in-the-middle attacks could fool web browsers and email clients into thinking fake sites were legitimate.

Read more ...