Ghosts of October

Hello Protocols, Packets, and Programs,

We leave the ghosts and goblins of October behind us.

And take a moment to recover from the tales of horror, madness, and danger that only a cybersecurity awareness month can bring.

In the news segment, we covered some high-level details of the OpenSSL punycode vuln. I didn’t manage to summarize it in 10 words or less, but used the opportunity to mention the sending spell from D&D that’s limited to 25 words or less. We might have to come up with a “Sending Stone” mini-segment where we describe a topic according to that spell’s restrictions – it’s hard to do so on the spot without long pauses, but it sounds like a fun challenge for a prepared segment.

We also touched on writing skills. I had forgotten to add the site to the show notes. It’s a great resource for clear, concise writing.

Security through obscurity came up in this episode. I see the use of obscurity as an anti-pattern when it’s used to distract from or hide an underlying flaw and that flaw is otherwise left unaddressed. It relies on hoping that an attacker won’t find a flaw rather than trying to make the flaw more difficult or exploit.

Be sure to check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.