Tue09172019

Last updateSat, 25 May 2019 4pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the Non-Technical Manager 

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Online Managers Online Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

PDF – Friend? or Zero Day Future?

Security stories rarely make the front page around here, but the presumed safe PDF file is going to hit the news. Zero-Day~! is a headline that you don't want to participate in, and one is predicted for PDF files in the near future. We should therefore remind ourselves of the basics.

Security people use the term "Attack Vector" to describe a route that a presumed malicious person uses to somehow gain control of a computer. The cuddly pdf has been a vector in the past, then Adobe gave it a "sandbox" – which is yet another term of security art. In this case, imagine a place where the program can look at and manipulate the incoming code before allowing it to do something. For example, a pdf is allowed to reproduce graphic files within the text. The program – very quickly – allows that graphic to load up in the internal sandbox only, decides that it is not a secret dagger aiming at the CPU, and lets it pass to the graphics chip.

What has happened in the past is that black hats are using things like graphics files to hide malicious code, like trojan horses or viruses. The idea is that the graphic is allowed, therefore this might slip through without triggering a virus checker. You'll often hear the word 'sandbox' and Javascript, because it is often manipulations of Javascript code in a pdf that is the problem.

The news is that someone has figured a way around the sandbox. They can show themselves using a script that exploits Adobe Reader. This someone is letting other blackhats know that the code might be available for their use if they just pay up. The full story can be read here: Experts Warn of Zero-Day Exploit for Adobe Reader — Krebs on Security. That's right, the bad guys are holding a virtual auction to see who wants to spread the most havoc.

There are a few solutions to this. Get everyone on a Mac, since this exploit is targetted onto Windows users, especially those who haven't upgraded to Reader 11. Even with Reader 11, go to Preferences in all versions of Reader and turn off Reader Javascript. Most likely you won't notice. 

Next solution is: don't allow PDF files onto production equipment, at all, anymore. Period. The files, no matter who you got them from, cannot be presumed to be innocuous.

If you are creating a file that you know will be going to editors or projectionists or people who might stick it onto production equipment, save it as a PDF/A file. LibreOffice and OpenOffice and Microsoft Office '07 and '10 all support this export file version of a pdf. The PDF/A file can't hide code because it doesn't allow certain things to run in it.

Stay Aware.