Tue01232018

Last updateThu, 21 Dec 2017 2pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. Confucius Chinese philosopher & reformer (551 BC - 479 BC)

To USB, or Not To USB...

This Wired article describes an innovative method to take over a computer: Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED. The techniques have been shown to work, but the technique is not in the wild.

 

Read more ...

[Update] iPhones and Flash – Urgent Updates

25 Feb–OSX Security Update Available…do it now.  [End Update]

Did you update your Flash at the last emergency? when was that…ah~! less than 3 weeks ago.

The emergencies never cease for this decaying corpse. It is possible to live without Flash. Standards exist and are being implemented. It does not belong on your work systems, period. Adobe, Microsoft Push Fixes For 0-Day Threats — Krebs on Security

Meanwhile, on the Apple front.

DCinema is full of encrypted data, and it was in this arena that the iPhone had a flaw. It is suspected that the Mac OS has a similar flaw. Some wonder whether this has been an intentionally placed back-door, but there is no evidence of that. There is a lesson though: Code must be tested publicly. SSL flaws have been written about for the last few years, even on an amateur site like this one.

iOS Update Quashes Dangerous SSL Bug — Krebs on Security

TrueCrypt and NSA Lessons on Updating Projector Software

Science and R&D says it will keep moving data from the mystery to the usable.

Security expertise tries to promise the same, with the same infinite number of possible failures. Fortunately there are life lessons that we can apply to our projection room and attached networked devices from the latest exposition of these failures.

From the NAB videos of John Hurst's logical pleas (posted at CineTechGeek) to Bruce Schneier's Disclosing vs. Hoarding Vulnerabilities article to the flurry of Heartbleed to the news of the well-used TrueCrypt's announcement...we should get the message: No matter the trauma, or threat of trauma, Upgrade Your Software and Firmware.

Don't Be A Target – Do The TightenUp™

They came in through the bathroom window… [YouTube]

Life lessons come in all flavors and it seems that today's is: Don't be a Target.

Everyone knows by now that there was a data intrusion into Target's customer data, but it is only clear today how it happened…and how it can relate to you. See: Target Hackers Broke in Via HVAC Company — Krebs on Security

It seems that a service company – in this case an HVAC service company – had access to a sliver of the corporate giant's elaborate back-end, probably for the purposes of monitoring store temperatures. Many companies have this capability in their equipment where the fans and compressors and their delivery are monitored via SNMP messages.

Alas.

Read more ...

Subcategories

There are a lot of experts in security out there. What they write is often dry as a bone. But there are a few sites that stay on top of the events, and express themselves in ways that us mere mortals can comprehend.

Bruce Schneier -  He wrote the books, he writes the newsletters, he has the blog. Top of the list for a reason. The link is to his monthly CryptoGram...subscribe now.

Hagai Bar-el - Information Security Specialist whose websites focus on security engineering and on managing innovation processes. Good source for definitions. There is also a blog and RSS feed.

Handbook of Applied Cryptology - All Chapters are free for the download. Get them off the cloud now.

We are putting millions of dollars of library materials into the hands of people trained to believe that MP3s and everything else should be free. We give them all the late hours unsupervised. What is wrong with this picture?

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.
~ Helen Keller (1880 - 1968), The Open Door (1957)