Going into the final month of 2022, the dynamic duo graces us with their presence. It begins with discussion of DNS Attacks based on Kaminsky-style attacks spurred by research presented at DeepSec by Timo Longen of Sec Consult. Followed by a conversation straight out of Slack about considerations involving organization and technical risks, specifically how to incorporate technical risk into organizational risk ratings. Finally, everyone is moving to Mastadon, but maybe they shouldn't be. Code is open source and there have been more than one flaw already identified in the service, although AppMap also shows how to use their tool to review Mastadon's source to sink interactions.