Tag Archives: security

Ongoing Sec – More Exploited Vulnerabilities Patched

Security Logo

12 November – Every freakin’ month (2nd Tuesday) there is a new set of Microsoft vulnerabilities, so much so that we have ignored reporting them.

But this month there is yet another set of Critical vulnerabilities that is being exploited in the field – read about it here at Krebs:

Zero-Days Rule November’s Patch Tuesday — Krebs on Security. This explains new Flash updates. [Your editor has eliminated Flash from his system…not worth the bother.]

But note: This does not cure the zero-day exploit that is capable of ruining your whole week~!~!~!

11 June – Another round for Adobe and Microsoft, explained by Krebs:

Adobe, Microsoft Patch Flash, Windows

14 May – Microsoft and Adobe today each released updates to fix critical security holes in their software. Microsoft’s patch batch tackles at least 33 vulnerabilities in Windows and other products, including a fix for a zero-day vulnerability in Internet Explorer 8 that attackers have been exploiting. Separately, Adobe pushed security updates for Flash Player, Adobe Reader, Acrobat and Adobe AIR.

So says Krebs On Security today. Get all the info: Microsoft, Adobe Push Critical Security Updates

6 May – Zero Day Exploit is not only in the open for IE8, but it is published for all hackers to study from.


If you must use a Windows computer, please change over to Firefox immediately (if you haven’t already.) Then read this:

Krebs On Security – Zero-Day Exploit Published for IE8

12 Feb – The normal tuesday repairs to the normallly insecure programs –

Fat Patch Tuesday — Krebs on Security

7 February – Critical Flash Player Update Fixes 2 Zero-Days — Krebs on Security |

These stories never end…not even interesting reading anymore. Just do the upgrades.

Updates are available for Windows, Mac, Linux and Android users. The latest Windows and Mac version is v. 11.5.502.149, and is available from this link. Those who prefer a direct link to the OS-specific downloads can grab them here. To find out if you have Flash installed and what version your browser may be running, check out this page.

16 Jan – Days after the critical Java fix, Kreb’s On Security announces that a new exploit not patch in the version 11 release is being sold on the black-hat black market. First, learn how-to and do turn-off Java until this is patch AND even then, only if you need it.
How to Unplug Java from the Browser — Krebs on Security

Second, read more about the sordid details here: New Java Exploit Fetches $5,000 Per Buyer — Krebs on Security

Security experts on Java: Fixing zero-day exploit could take ‘two years’ | ZDNet

Third: Point others to this site to learn “What Is Java” and how to use it if you absolutely must: What You Need to Know About the Java Exploit — Krebs on Security




13 Jan – Now it is Java wih the critical warnings…Read Kreb’s for the data, but one thing I noticed is that his link for the mac update was wrong and the auto-update that the Mac Java program points to gives an error. So here is the correct link for all OSs: Download Free Java Software, which should point to the right place. Here is where I got a successful Java for Mac download:
Oracle Ships Critical Security Update for Java — Krebs on Security Download Java for Mac OS X
Oracle Ships Critical Security Update for Java — Krebs on Security


8 January – Like the Australians needing new colors on their temperature maps as Ultra Hot turns to Double Extra Super Hot, Microsoft and Adobe are going to need new degrees above Critical and above Vulnerable. In this case, Microsoft should say, “Ultra Vulnerable Even After the Update”, As Krebs on Security explains: “… these vulnerabilities could be exploited to fully compromise vulnerable Windows systems without any help from users. …”

Read the entire piece since it has all the links for the Adobe Reader Flash Player plugin…and AIR and Acrobat…for both Windows and Mac OS.

Don’t delay…here is the link again: Adobe, Microsoft Ship Critical Security Updates — Krebs on Security

Australia adds new colour to temperature maps as heat soars | Environment | The Guardian


Continue reading Ongoing Sec – More Exploited Vulnerabilities Patched

Update Everything Month~! Software Vulnerability Records

October 2010 has had record numbers of updates in core programs from Windows to OSX, in Adobe Products and in Java (now owned and managed by Oracle.) Firefox, Opera, RealPlayer, you name it, Security Vulnerabilities is the new black…now white.

Security Vulnerabilities was a code word, of course. It was a nice way of saying, “A bad guy could create an object in the code of a site that would tickle a hole in the software on your computer, and make it – your computer – do one or more things.” Continue reading Update Everything Month~! Software Vulnerability Records

Remote wiping technology Hard Disks

Toshiba has announced the launch of its wipe technology for self-encrypting hard disk drives. As a tool for DCinema, this isn’t immediately interesting, but it adds a potential tool for future security.

According to Toshiba, Wipe for Toshiba Self-Encrypting Drive allows sensitive user data to be securely erased when a system is powered-down, or when a SED hard disk drive is removed from the system. The feature can also be used to securely erase user data prior to returning a leased system, system disposal or re-purposing.

Continue reading Remote wiping technology Hard Disks

Simple Great Passwords v Cracking Dictionaries For Rent

“Passwords are the softest security target and until people and organisations start adopting strong authentication in the form of, for instance, two-factor authentication this problem won’t go away” – Jason Hart, VP Security at CRYPTOCard.

The article in IT Pro Is your password really as secure as you think it is? has some thoughts on how to create and encourage better passwords. The methods seem a bit tedious for normal computer users who have little on their computers to steal, but the logic of creating a method for all passwords and sticking to it is an important one to promote.

The overall topic is social engineering…and how the BlackHats are getting very clever at making tools to crack more elaborate passwords. 

Continue reading Simple Great Passwords v Cracking Dictionaries For Rent

Security: Connect the Dots–Ongoing

The twin stars around which digital cinema revolves are quality and security. The first allows some leniency; for example, 3D cinema movie quality is only close to the specification required of 2D movies. But security is meant to be multi-layered and well beyond ‘good enough’. From lens to lens, the expectation is that each player will do their part to contribute to a secure whole.

Fortunately, such security is part of a general industry effort that constantly looks for and responds to problems. Unfortunately, there is a lot of nuance that require a professional eye to spot trends. In a field full of artists on very tight schedules and increasingly tight budgets, the art of security can take a lower priority if the ramifications are not known. 

Continue reading Security: Connect the Dots–Ongoing

Purpose and Contact

There are many tangential groups who create and capture and manipulate the bits, from one lens at the capture point to the other at the exhibition point. There are a lot of specialty magazines and blogs and a lot of distractions in one’s own field to keep focused upon.

We feel that there is a blank spot for people who want to get the highlights of the many various and closely aligned segments that are just outside their daily purview.

Thus, Industry Online.

Our goal is to focus more on tech news and white papers than on commercial press and sales press releases. We won’t have advertising, but we will allow vendors to post special sales (when that directory and page is set up.)

The idea for this tool was formed when Marvin Hall gave a seminal SMPTE presentation at NAB 2007 which spoke to the issues that Modern Video/Film had to go through on each piece that they take in, massage and kick out. Clearly, among the pages of standards and constant deadlines, among the headlong-rush of technology in every particular sub-category, there seems to be a need for cross communication. 

Since we are all forced to be computer experts and help protect copyright interests, we’ll also attempt to keep an eye out for important security information.

And, of course, training—the field is not only fast moving, but we are requiring IT and digital expertise in places where mechanical skill was more important. The long hours of creating standards, and the benefits derived, will be for nought if they and best practices aren’t passed along.

So, we thank you for this opportunity. Your editor began in the pro-audio world in the 70’s. Since then he has sold, installed and trained people on entertainment technology equipment in film and TV studios around the world. He remembers how complicated and expensive motion tracking and 16 gig RAIDs were in the 90’s. In 2002 he was part of the installation groups who installed the first hundred digital cinema systems for the Star Wars II release. Since then, hundreds of HD-SDI cables and projectionist training hours later, he presents this journal.  


If you see something interesting, pass it along. If you want to cut out a space to broadcast a message, please feel free to use this forum. Also, we take advice well. Please make any comments, requests or complaints to:

Charles ‘C J’ Flynn

OpsCenter Technologies, Inc.  |  Cheyenne, WY
Internet Marine, SARL    |    Sophia Antipolis, FR

cjflynn @ ops center tech .com <remove spaces, of course>

This news magazine is part of the OpsCenterTechnologies online publishing empire (sic – in many ways).

DCinemaTools was introduced in June of 2009, but not live until mid-January 2010.