Network Computing Dark Reading

Advertise

Application Security

Attacking Developers Using 'Shadow Containers'

Get Link to this Video

Get HTML to Embed this Video

50%

BLACK HAT USA 2017 -- Aqua Security's Sagie Dulce visits the Dark Reading News Desk to describe why developers are such attractive targets and how one of developers' favorite tools - Docker - can be exploited and used against them in sneaky, obfuscated attacks.

Watch all 45 News Desk interviews at DarkReading.com/DRNewsDesk.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

alphaa10,
User Rank: Strategist
2/1/2018 | 10:20:15 AM

Interviews Need Editing

Potential interest in every video segment. However, every interview needs editing-- video or audio-- because, without editing, it becomes a prisoner of its own format, laden with vague questions, obscure, hard to follow answers, and general tedium. With all due respect, the current video interview format rarely meets expectations.

A tighter delivery of information is accomplished with prerecorded video of text and graphics (where appropriate). Data professionals have learned to take in information at a much higher rate, and the exclusively text/graphics approach is likely to make the information flow "denser" or faster. As a prepared presentation, the information also can be more clearly focused and organized.

Another suggestion is to have the interviewer come from a background in the area under discussion. Unfocused questions like, "What are you fondest memories of the Black Hats of years past?" are innocently but agonizingly general, and serve only to open segments, as if trying to make conversation. DR should explore the utility of having veterans of the field as interviewers, with a general script to keep the line of questions integrated.

Potentially, of course, video interviews open something really fascinating, but we rarely find somebody with a good story just waiting to be interviewed, try as we might to prime interviewees with advance questions.

Let's face it-- in most situations, people have a tendency to make video resemble an exercise in filling a time slot. Truthfully, this is the first and last time I plan to watch a DR Black Hat video in the current format-- I simply don't have the time. In return for your having invested so much effort in production, not to mention actual interview time, you would serve your own cause by spendnig additional time editing the result.

You cannot afford to omit more intensive post-production, because only quality gathers an audience. Our time, like yours, is valuable-- please, make our investment even more engaging. That said, the UBM effort shows promise-- few other publishers take the trouble to cover these areas with such [potential) depth and detail.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

7 Truths About BEC Scams

Ericka Chickowski, Contributing Writer, 6/13/2019

DNS Firewalls Could Prevent Billions in Losses to Cybercrime

Curtis Franklin Jr., Senior Editor at Dark Reading, 6/13/2019

Cognitive Bias Can Hamper Security Decisions

Kelly Sheridan, Staff Editor, Dark Reading, 6/10/2019

Live Events

Webinars

WorkSpace Connect - Sept 9-11, Dallas - Register Now!

Prepare for the Future of WorkSpaces! Register Today!

Work Styles Are Evolving, Are Your IT Teams Ready?

More Informa Tech Live Events

White Papers

2019 Attacker Playbook

Why We Need Continuous Security Monitoring Platforms

2019 State of DevOps

[Checklist] Vendor Risk Management Fundamentals

EMA: Top 3 Report & Decision Guide for Security Analytics in 2019

More White Papers

Video

All Videos

Cartoon

Latest Comment: It's really difficult understanding these new startups

Cartoon Archive

Current Issue

Building and Managing an IT Security Operations Program

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-12855
PUBLISHED: 2019-06-16

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.

CVE-2013-7472
PUBLISHED: 2019-06-15

The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.

CVE-2019-12839
PUBLISHED: 2019-06-15

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.

CVE-2019-12840
PUBLISHED: 2019-06-15

In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.

CVE-2019-12835
PUBLISHED: 2019-06-15

formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.

Terms of Service
Privacy Statement
Legal Entities