Thu08132020

Last updateMon, 03 Aug 2020 9am

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the Non-Technical Manager 

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Online Managers Online Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. Confucius Chinese philosopher & reformer (551 BC - 479 BC)

[Update] iPhones and Flash – Urgent Updates

25 Feb–OSX Security Update Available…do it now.  [End Update]

Did you update your Flash at the last emergency? when was that…ah~! less than 3 weeks ago.

The emergencies never cease for this decaying corpse. It is possible to live without Flash. Standards exist and are being implemented. It does not belong on your work systems, period. Adobe, Microsoft Push Fixes For 0-Day Threats — Krebs on Security

Meanwhile, on the Apple front.

DCinema is full of encrypted data, and it was in this arena that the iPhone had a flaw. It is suspected that the Mac OS has a similar flaw. Some wonder whether this has been an intentionally placed back-door, but there is no evidence of that. There is a lesson though: Code must be tested publicly. SSL flaws have been written about for the last few years, even on an amateur site like this one.

iOS Update Quashes Dangerous SSL Bug — Krebs on Security

Basic Bubble Burst – Security Lessons

This week had several news features on the security pages, mostly to do with Windows (everything) and Adobe (Flash/Reader/Acrobat) and Oracle (Java) patching by emergency fiat instead of by well planned Patch Tuesdays. Good that they are catching up with the malware that plagued their software and clients with successful in-the-field attack vectors.

The point is always that the attackers just have to find oue hole in your system, while you have to protect not just on a linear basis – modem, firewall, VPN for example, or even a flat view of walling off everything on the field of play. You must protect a sphere, and actually a series of spheres.

Read more ...

Don't Be A Target – Do The TightenUp™

They came in through the bathroom window… [YouTube]

Life lessons come in all flavors and it seems that today's is: Don't be a Target.

Everyone knows by now that there was a data intrusion into Target's customer data, but it is only clear today how it happened…and how it can relate to you. See: Target Hackers Broke in Via HVAC Company — Krebs on Security

It seems that a service company – in this case an HVAC service company – had access to a sliver of the corporate giant's elaborate back-end, probably for the purposes of monitoring store temperatures. Many companies have this capability in their equipment where the fans and compressors and their delivery are monitored via SNMP messages.

Alas.

Read more ...

Super 3D Watermarking Article

Technicolor's Security Newsletter Issue #20 has a superb article on watermarking stereoscopic 3D. It starts slow (first the dinosaurs died and they all turned into 3D pixels), but it ramps up fast and includes tiny Greek symbols for those who are inclined to such things.

But generally it fills in a lot of details that are not often discussed outside the hallowed halls:
 Watermarking 3D Movies, Security Newsletter 20, Security Newsletters - Technicolor

It doesn't mention it directly, but it is another wake-up call for getting a picture meta-data protocol and/or standard in the film-to-post realm.

Security Alert – Firefox Users

Visit a site, find security issues and send them home to hackers.

What looks like, and acts like – and is – a legit Add-On for Firefox has been compromised to assist in the compromise of others. For more information on how the Microsoft .NET Framework Assistant does this, see: Botnet Enlists Firefox Users to Hack Web Sites — Krebs on Security

Subcategories

There are a lot of experts in security out there. What they write is often dry as a bone. But there are a few sites that stay on top of the events, and express themselves in ways that us mere mortals can comprehend.

Bruce Schneier -  He wrote the books, he writes the newsletters, he has the blog. Top of the list for a reason. The link is to his monthly CryptoGram...subscribe now.

Hagai Bar-el - Information Security Specialist whose websites focus on security engineering and on managing innovation processes. Good source for definitions. There is also a blog and RSS feed.

Handbook of Applied Cryptology - All Chapters are free for the download. Get them off the cloud now.

We are putting millions of dollars of library materials into the hands of people trained to believe that MP3s and everything else should be free. We give them all the late hours unsupervised. What is wrong with this picture?

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.
~ Helen Keller (1880 - 1968), The Open Door (1957)