Episode 3

Hmm, red hackers?
For anyone who doesn't know, rouge is french for red.

The way English speaking people pronounce GENRE annoys me

Hoping there's more shootouts and car chases in episode 2.

Seeing how this is posted on the front page...I'm taking my coments from the coffee house post and put it here.

Good to see the code room hasn't been cancelled like I thought it had last week. Dude Joe Stagner's in this episode.....he's one of the best security guys I know. Check out his digital black belt series from last year. From the episode.... "3 million dollars" in a black duffel bag...and that's the level of excitement?!?!? Developers sure are bad actors....but we already knew that. From the episode..... Casino manager...."I'm concerned:.....wait you just lost 3 million dollars and your just "concerned"?!?! wow.....poor acting strikes again. Best line from the whole episode: "can you toss me the cookie" Lastly....it's called the code room....in this episode I saw very little actual code....actually was this a java app, or a .NET app? I don't even know what Microsoft technologies were profiled, if any? I hope this isn't a troubling trend for future episodes.

damn hackers , lol

zeo, that .net app btw

ummmm..
how was this a code room?  cause they happened to be gathered in a hotel room?  and no real description of tools or anything.
this was weak.  if i wanted cop drama, i'd turn on the t.v.

Duh, guys. I think the video was about the concepts and the details don't matter.

The funny thing for me was the style of production. It was done like the kind of 'educational' clips you might see on early morning TV, like at 3 AM, LOL. Hilarious and difficult to take seriously unless you know about the reality of what they were trying to convey.

toast wrote:

The funny thing for me was the style of production. It was done like the kind of 'educational' clips you might see on early morning TV, like at 3 AM, LOL. Hilarious and difficult to take seriously unless you know about the reality of what they were trying to convey.

EXACTLY!!! We did this show this way because talking about security is like talking about 'diet and exercise',  nobody wants to hear about it. If we can make it a little more fun then hopefully more people will get the message and want to begin to learn more about writing more secure software.

i think the second one was the best.

the acting in this one was bad but why is there acting anyway? i thought the code room was more reality based. it was better when you put dev's in a room and gave them a task.

First, I thought it was very well done, and interesting. But, where's the code? That's what I'd like to see. I realize that the subject matter is too broad to do that in this case, but the first 2 epsiodes focussed on that a bit.

boys, you are missing the point entirely (well maybe not Toast).  Okay, so the show is called The Code Room, and you didn't see a lot of coding in the episode.  But the whole point of the episode is that WEB DEVELOPERS (you know, the folks who WRITE CODE) need to design their applications to defend against these kinds of attacks before they happen.  In this viewer's opinion, the episode wasn't designed to be a 30 minute How To Code Secure Web Applications lesson but to show what web devs are up against - SQL Injection, session hijacking, etc regardless of whose technology solutions they are using.  I suspect the goal was to motivate web devs (and the people who manage them, and the people who care about protecting their data) to go learn more about how to defend against these attack techniques. 

Sure, the screenplay won't win an emmy award.  But it was definitely edutainment.  And wouldn't you have been more annoyed if they'd used a bunch of know-nothing actors who can't tell a program from a process?  

just enjoy the ride.

~Elphie

I just went to order the Security resource kit, but it's only available for US people only

The link on the page for Australia has absolutely not mention of this kit anywhere.

Can we poor backward folk from DownUnder order a copy, or are we going to be left to hassle our australian MS contacts ?

slaneyrw wrote:

I just went to order the Security resource kit, but it's only available for US people only

The link on the page for Australia has absolutely not mention of this kit anywhere.

Can we poor backward folk from DownUnder order a copy, or are we going to be left to hassle our australian MS contacts ?

I'll check into this. I was working with the MS Australia team on this and thought we had it available there.

Sorry for the troubles.

I thought it was very good. Gave me some info that I will watch for in my code. It's too easy to have a script-kiddie coder come in and right a quick web site for a cheap price. One of the first things I was told when I started asking questions was 'Parameterized Queries'!!!

I think when it comes to demos for code, string queries SHOULD BE BANNED. I've seen to many demos where they drop in a SQL string, tie it to an adapter and some controls... and there's the page. I know they are trying to demo how the controls work, but I think security should be part of every demo, even if it's not mentioned. Don't show SQL strings in code, show your demos using parameters.

I haven't looked at the stuff on Channel9 for a while now due to me being buried in work, but I found this show and I think that all three episodes have been great.

Yes, the acting was hardly Oscar-winning, but I totally agree that acting is not the point of that episode and highlighting security risks is the point.

I find it amazing how weak the security can be in some big corporations, especially considering the wealth of resources that are out there to help improve the situation. I feel sorry for those companies who have to go through entire system rewrites and not just bug-fixes like the ones in episode 3.

By the way, Jessi Knapp is really attractive!

Hi,

That was really good I want to see some more videos like that!

Greetings All,

I thought this Episode of The Code Room was very good. I can't say I was at all worried about the acting but all in all, it's the content that matters and in reality, this scenario is real and unfotunately monetary-fueled crime is common nowadays so, in terms of true-to-life concepts, I couldn't have thought of a better plot myself.I thought the addition of Joel Scambray in this Episode was excellent, he is an excellent Security Evangelist, Speaker and Co-Author of many a book on system Security and it was enjoyable to see his expertise being put to work.

I would have appreciated detailed explainations of the techniques being used but overall, I think the Episode is easy to understand and follow regardless of whether you're interested in Security or not, it's user-friendly and if we want to help others and educate
others about Security, then video-based scenarios are ideal.



Alternatively allow them to read "Secrets & Lies" by Bruce Schneier and tell you with a straight face that they are not at all worried about the Security of their home computer. It's an excellent book; I fully recommend it.

Regards,

Scott Sutton

I too want to raise my hand in support of this show - I thought it was a great episode and even though some of it is teaching us how to suck eggs; it really is critical stuff that every developer should know.

Bravo for the style and presentation.

Hi,
This episode was good in terms of what its trying to teach to the developer community in terms of security concerns. They have made it quite interesting by taking in picture a real life scenario.

But, second episode was the best one as it also focussed on the team work, some small mistakes they were making while coding...so in all it was giving an actual feel of The Code Room, people in pressure, making mistakes, team behaviour in pressure etc...

and hey, are you able to access thecoderoom.com?? ...me not :(

Just for curiositys sake when are you guys going to produce new episodes i rather enjoy the show.

Travis

I'm curious as well... are there any new episodes coming?

Where is episode 4?  Are you continuing production of this show?  I really enjoyed the first three episodes.  They were a great way of learning something new without sitting through the standard webcast (still interesting, just not as fun)  I would really like to see more episodes like the first where you can see the thought process the developers go through to get to the final result.  The first episode felt like they were challanged and thinking for themselves, not just reading a script.

AdmSteck wrote:

Where is episode 4?  Are you continuing production of this show?  I really enjoyed the first three episodes.  They were a great way of learning something new without sitting through the standard webcast (still interesting, just not as fun)  I would really like to see more episodes like the first where you can see the thought process the developers go through to get to the final result.  The first episode felt like they were challanged and thinking for themselves, not just reading a script.

I ask the same question "Where is episode 4?"

Great Show, dying to see more.

Its nice to see a informational video with decent quality and set out nice and easy.

When I go to http://www.thecoderoom.com/ I get the error message "This IP address cannot be used for browsing."

Why is it restricted? and to who?

lerch wrote:



and to whom?

Fixed that for you.