Mon01222018

Last updateThu, 21 Dec 2017 2pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. Confucius Chinese philosopher & reformer (551 BC - 479 BC)

Lesson One: Who's on the Network

You have built yourself quite a neighborhood with that intranet of yours. Somewhere there is perhaps a list of all the addresses, some allocated on purpose, some snuck in to let a tech roam around while waiting for a part. When was the last time you updated that list against reality? Or worse, when was the last time you checked to see if something odd was there?

Solar Winds has a nice tool that creates a spreadsheet of this data, which also allows you to make notes and permanently allocate zones and the like.

Here is a Youtube shot of the system in action.

Read more ...

Who Else Was Hit by the RSA Attackers?

"Almost 20 percent of the current Fortune 100 companies are on this list."

"Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA."

Krebs On Security – Who Else?

The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. The subtext of the story was that if this could happen to one of the largest and most integral security firms, what hope was there for organizations that aren’t focused on security?

Read more ...

Phishing Your Employees 101

Krebs on Security describes how to find those employees who need work on their security skills:

Phishing Your Employees 101 — Krebs on Security

A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures. The software was designed to help companies test the phishing awareness of their employees, but as with most security tools, this one could be abused by miscreants to launch malicious attacks.

Read more ...

Captcha Spec Knowledge

Imagine a CAPTCHA Question: In 428-4, what requires stereo pairs for channel 13? ___ This article points to an interesting adaptation of a criminal idea – not only do you need to know the language, you need to know the culture. 

Cultural CAPTCHAs — Krebs on Security

Read more ...

SSL Breaches & Duqu; What is DCinema Interesting

More and more news articles are pointing out more and more compromised systems. The systems are not the computers of us simple folk, but rather computers just like ours that sit behind sophisticated firewalls and have sophisticated staff working to prevent problems.

They use the same words that the DCinema world uses when discussing security: Trusted Devices, digital certificates, revocation of keys, and the like. 

Read more ...

AES Suffers and Survives

Single-key AES encryption doesn't get in the news much. There was the DCI decision to put a separate keyset on the logs section of the projector, which was a clever and friendly way to handle the FIPs ultimatum.

This week there was a major announcement that are more clever ways of attacking the still noble standard. 

Check Sections 11 and 12 to understand what they aren't saying.

Read more ...

Subcategories

There are a lot of experts in security out there. What they write is often dry as a bone. But there are a few sites that stay on top of the events, and express themselves in ways that us mere mortals can comprehend.

Bruce Schneier -  He wrote the books, he writes the newsletters, he has the blog. Top of the list for a reason. The link is to his monthly CryptoGram...subscribe now.

Hagai Bar-el - Information Security Specialist whose websites focus on security engineering and on managing innovation processes. Good source for definitions. There is also a blog and RSS feed.

Handbook of Applied Cryptology - All Chapters are free for the download. Get them off the cloud now.

We are putting millions of dollars of library materials into the hands of people trained to believe that MP3s and everything else should be free. We give them all the late hours unsupervised. What is wrong with this picture?

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.
~ Helen Keller (1880 - 1968), The Open Door (1957)