Thu08132020

Last updateMon, 03 Aug 2020 9am

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the Non-Technical Manager 

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Online Managers Online Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. Confucius Chinese philosopher & reformer (551 BC - 479 BC)

!!! Browser Auto-Complete–All Vulnerable

This article takes a while to say that all browsers, except possibly Internet Explorer 8, are vulnerable to a simple attack that will cough up any data you have in your auto-complete file. That is, names, password, credit data? (who keeps credit card data in auto-complete? Have you checked your auto-complete file recently?)

Read the article: Auto-complete: browsers disclose private data - Update

Comments on original proof of concept site says some Mac OSX systems are giving the data, yet some not, even with Auto-Complete turned on.

Advice: Turn off Auto-Complete in all browsers until this is solved...regardless of what a pain in the ass this is. Oh, and don't go to those hacker sites.

Social Engineering Preview

Social Engineering LogoSocial Engineering (SE) is both incredibly complex and amazingly simple.

What really is social engineering? Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim."

Read more ...

Security: Connect the Dots–Ongoing

The twin stars around which digital cinema revolves are quality and security. The first allows some leniency; for example, 3D cinema movie quality is only close to the specification required of 2D movies. But security is meant to be multi-layered and well beyond 'good enough'. From lens to lens, the expectation is that each player will do their part to contribute to a secure whole.

Fortunately, such security is part of a general industry effort that constantly looks for and responds to problems. Unfortunately, there is a lot of nuance that require a professional eye to spot trends. In a field full of artists on very tight schedules and increasingly tight budgets, the art of security can take a lower priority if the ramifications are not known. 

Read more ...

Hackers For Charity - MetaSploit Unleashed

Mastering the Framework is the chant behind this marvelous idea - put together a great set of test programs, put together the technical data that teaches on how to use it, and ask for a 4$ contribution to help feed people.

Offensive Security is a white hat group who teaches people to think like blackhats, so that they can better protect their environment. Find someone in your organization who can take advantage of this now, and make it a part of your procedures.

Your Own Penetration Test

Paul Ruben's The Do-It-Yourself Security Audit

If someone in your organization is interested in getting more hip to IT security issues, one of the goals should be that they are able to take a professional approach to the network, including trying to breach it with the tools that professionals (and hackers) use. There is no better overview than this document. Following are some samples of its scope.

Read more ...

Ex-Army man cracks popular security chip

Hardware hacker Christopher Tarnovsky just wanted to break Microsoft's grip on peripherals for its Xbox 360 game console. In the process, he cracked one of the most heavily fortified chips ever put into a consumer device.

The attack by the former US Army computer-security specialist is notable because it goes where no hacker has gone before: into the widely used Infineon SLE 66PE, a microcontroller that carries the TPM, or Trusted Platform Module designation of security. The hack means he can access sensitive data and algorithms locked away in the chip's digital vault and even make counterfeit clones that could fool the many devices that rely on it.

Read more ...

Subcategories

There are a lot of experts in security out there. What they write is often dry as a bone. But there are a few sites that stay on top of the events, and express themselves in ways that us mere mortals can comprehend.

Bruce Schneier -  He wrote the books, he writes the newsletters, he has the blog. Top of the list for a reason. The link is to his monthly CryptoGram...subscribe now.

Hagai Bar-el - Information Security Specialist whose websites focus on security engineering and on managing innovation processes. Good source for definitions. There is also a blog and RSS feed.

Handbook of Applied Cryptology - All Chapters are free for the download. Get them off the cloud now.

We are putting millions of dollars of library materials into the hands of people trained to believe that MP3s and everything else should be free. We give them all the late hours unsupervised. What is wrong with this picture?

Security issues should always be taken seriously. Then again, so should consistent exercise and taking regular breaks from madness. Notwithstanding, here's the recent news in the field of security.

Security is mostly a superstition. It does not exist in nature.... Life is either a daring adventure or nothing.
~ Helen Keller (1880 - 1968), The Open Door (1957)