Tag Archives: Schneier

Buzzword Compliance at SMPTE/NAB/CinemaCon

The fundamentals of Digital Cinema are built upon Open Source tools, in particular Motion-JPEG (instead of the license troubled MPEG world) and AES-128 encryption (instead of any number of private systems) as well as PCM Wave coding for audio. The combined reasoning of avoiding license fees and allowing the technology to flow by inhibiting the restrictions that proprietary tools bring makes sense.

Now, an adjunct technology iis being held under the same scrutiny and one suspects that the reason is Marketing. Clever marketing, since this is a confused market, but marketing nonetheless. One of the first thing that one learns about standards is that they can be inhibiting and destructive in many circumstances.

The exhibitors want two things. They want to differentiate themselves by keep giving perks and higher quality in special circumstances. This means that they will buy innovation.

But they also want some security that the equipment that they buy won’t turn out to be something that they can’t use in a few years. To many the later translates into “Come On Guys, Can’t You Work Together?” Hey~! Open Source.

Whether Open Source is something the industry wants in its secondary products needs some scrutiny and education. There also has to be some recognition of the enormous amounts of investment that goes into hardware designs and accommodating capabilities not yet dreamed of. 

What is being heard now is Open Something. Open Source is bandied about, then licensing is tied to usage to become something else. 

=-=-=This will be updated as the players find ways to answer to their stockholders…or find another way to announce their firstiness.

Buzzword Compliance at SMPTE/NAB/CinemaCon

The fundamentals of Digital Cinema are built upon Open Source tools, in particular Motion-JPEG (instead of the license troubled MPEG world) and AES-128 encryption (instead of any number of private systems) as well as PCM Wave coding for audio. The combined reasoning of avoiding license fees and allowing the technology to flow by inhibiting the restrictions that proprietary tools bring makes sense.

Now, an adjunct technology iis being held under the same scrutiny and one suspects that the reason is Marketing. Clever marketing, since this is a confused market, but marketing nonetheless. One of the first thing that one learns about standards is that they can be inhibiting and destructive in many circumstances.

The exhibitors want two things. They want to differentiate themselves by keep giving perks and higher quality in special circumstances. This means that they will buy innovation.

But they also want some security that the equipment that they buy won’t turn out to be something that they can’t use in a few years. To many the later translates into “Come On Guys, Can’t You Work Together?” Hey~! Open Source.

Whether Open Source is something the industry wants in its secondary products needs some scrutiny and education. There also has to be some recognition of the enormous amounts of investment that goes into hardware designs and accommodating capabilities not yet dreamed of. 

What is being heard now is Open Something. Open Source is bandied about, then licensing is tied to usage to become something else. 

=-=-=This will be updated as the players find ways to answer to their stockholders…or find another way to announce their firstiness.

SSL Breaches & Duqu; What is DCinema Interesting

This is not something to panic about. This is just a topic to learn about. We typically attach our common work machines to the same network as the machines that control projectors and ticket systems. The lesson of StuxNet is that a breach of one is a breach of all. The lesson of the US Department of Defense is that employees must learn the basics of how systems can be infected and how to stop those infections. A simple USB stick allowed an infection that later allowed people to download secure documents from other countries through the US defence department systems.

Now Duqu, which appears to be targetting machine control systems in much more clever ways than Stuxnet and capable of many future variations. Let’s not forget that Digital Cinema Systems are machine control systems. The nature of the infection is to wildly scatter then wait for the new slaves to start chattering back where someone then checks to see what kind of fish has been caught. Then they put a list up on the ‘black hat’ web sites announcing Systems With Access Holes and trade your life for a few hundred dollars.


 

Here are some of the more recent articles. Make certain that there is someone in your organization who learns to stay on top of these things. Don’t pass it off to an outside group without also having employee training. This is a quality control issue. Put someone in charge.

Good News:

DuquDetector released to forensically detect pest – The H Security: News and Features

Not so good News

How much similar? Remotely Opening Prison Doors Schneier on Security

Cyber Intrusion Blamed for Hardware Failure at Water Utility — Krebs on Security

Stolen government certificate signed malware – The H Security: News and Features

Compromised certificates: Revocations alone are insufficient – The H Security: News and Features

Malware Signed With a Governmental Signing Key – F-Secure Weblog : News from the Lab

Old but relevent news:

Autopsy of RSA Attack

More Military Systems Hacked

Stuxnet and SCADA – New News

New Siemens SCADA Vulnerabilities Kept Secret

SCADA systems — computer systems that control industrial processes — are one of the ways a computer hack can directly affect the real world. Here, the fears multiply. It’s not bad guys deleting your files, or getting your personal information and taking out credit cards in your name; it’s bad guys spewing chemicals into the atmosphere and dumping raw sewage into waterways. It’s Stuxnet: centrifuges spinning out of control and destroying themselves. Never mind how realistic the threat is, it’s scarier.

Last week, a researcher was successfully pressured by the Department of Homeland Security not to disclose details “before Siemens could patch the vulnerabilities.”

Read the entire article and some cogent comments at: 
    Schneier on Security: New Siemens SCADA Vulnerabilities Kept Secret

The Threat of Cyberwar Has Been Grossly Exaggerated

Threat of ‘cyberwar’ has been hugely hyped
By Bruce Schneier, Special to CNN 
July 7, 2010 — Updated 1206 GMT (2006 HKT)


(CNN) — There’s a power struggle going on in the U.S. government right now.

It’s about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top.

“The United States is fighting a cyberwar today, and we are losing,”said former NSA director — and current cyberwar contractor — Mike McConnell. “Cyber 9/11 has happened over the last ten years, but it happened slowly so we don’t see it,” said former National Cyber Security Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote an entire book hyping the threat of cyberwar.

General Keith Alexander, the current commander of the U.S. Cyber Command, hypes it every chance he gets. This isn’t just rhetoric of a few over-eager government officials and headline writers; the entire national debate on cyberwar is plagued with exaggerations and hyperbole.

At Schneier’s site—Schneier On Security, he makes a list of those exaggerations and hyperbole, and the comments are worth your morning coffee time.