Check out the show notes for links to articles we covered.

Ghosts of October

Hello Protocols, Packets, and Programs,

We leave the ghosts and goblins of October behind us.

And take a moment to recover from the tales of horror, madness, and danger that only a cybersecurity awareness month can bring.

In the news segment, we covered some high-level details of the OpenSSL punycode vuln. I didn’t manage to summarize it in 10 words or less, but used the opportunity to mention the sending spell from D&D that’s limited to 25 words or less. We might have to come up with a “Sending Stone” mini-segment where we describe a topic according to that spell’s restrictions – it’s hard to do so on the spot without long pauses, but it sounds like a fun challenge for a prepared segment.

We also touched on writing skills. I had forgotten to add the plainlanguage.gov site to the show notes. It’s a great resource for clear, concise writing.

Security through obscurity came up in this episode. I see the use of obscurity as an anti-pattern when it’s used to distract from or hide an underlying flaw and that flaw is otherwise left unaddressed. It relies on hoping that an attacker won’t find a flaw rather than trying to make the flaw more difficult or exploit.