Ghosts of October
Hello Protocols, Packets, and Programs,
We leave the ghosts and goblins of October behind us.
And take a moment to recover from the tales of horror, madness, and danger that only a cybersecurity awareness month can bring.
In the news segment, we covered some high-level details of the OpenSSL punycode vuln. I didn’t manage to summarize it in 10 words or less, but used the opportunity to mention the sending spell from D&D that’s limited to 25 words or less. We might have to come up with a “Sending Stone” mini-segment where we describe a topic according to that spell’s restrictions – it’s hard to do so on the spot without long pauses, but it sounds like a fun challenge for a prepared segment.
We also touched on writing skills. I had forgotten to add the plainlanguage.gov site to the show notes. It’s a great resource for clear, concise writing.
Security through obscurity came up in this episode. I see the use of obscurity as an anti-pattern when it’s used to distract from or hide an underlying flaw and that flaw is otherwise left unaddressed. It relies on hoping that an attacker won’t find a flaw rather than trying to make the flaw more difficult or exploit.