Ghosts of October

Hello Protocols, Packets, and Programs,

We leave the ghosts and goblins of October behind us.

And take a moment to recover from the tales of horror, madness, and danger that only a cybersecurity awareness month can bring.

In the news segment, we covered some high-level details of the OpenSSL punycode vuln. I didn’t manage to summarize it in 10 words or less, but used the opportunity to mention the sending spell from D&D that’s limited to 25 words or less. We might have to come up with a “Sending Stone” mini-segment where we describe a topic according to that spell’s restrictions – it’s hard to do so on the spot without long pauses, but it sounds like a fun challenge for a prepared segment.

We also touched on writing skills. I had forgotten to add the site to the show notes. It’s a great resource for clear, concise writing.

Security through obscurity came up in this episode. I see the use of obscurity as an anti-pattern when it’s used to distract from or hide an underlying flaw and that flaw is otherwise left unaddressed. It relies on hoping that an attacker won’t find a flaw rather than trying to make the flaw more difficult or exploit.

Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.