Cyber Criminals Have A New Best Friend – The University of Oregon
The views and opinions expressed in this blog do not necessarily reflect the views and opinions of SecureIQLab, but probably dovetail nicely with the views and opinions of the majority of cybersecurity professionals. This is painful to write. The monumental ignorance demonstrated by the manner in which the University of Oregon handled a recent cybersecurity […]
Chatbots, AI, and PayPal
To start with, this isn’t really about PayPal, they just gave me a great example to share about how to employ AI to the least of its abilities. Due to a problem with PayPal, I had to get some support that the chatbot was less qualified to handle than a pig in a turkey bacon […]
Testing Ain’t Easy
Recently, I bought a Ring security system. I had to. My fiancé said she wouldn’t marry me if we didn’t have a security system. I call it my Wedding Ring now! Ok, everything I said, except for getting the Ring cameras, was fabricated in order to make a painful, yet illuminating joke. Testing can be […]
Exploits, Vulnerabilities and Payloads – Who Knew?
I can’t count how many times I’ve heard vulnerabilities called exploits and exploits called vulnerabilities. I’ve even heard payloads called exploits or vulnerabilities. That’s okay for an exploit if the exploit is a payload. If you already know all of this stuff, perhaps this blog will help you explain the topic to others. If you […]
Brew Your Own ALE
When we at SecureIQLab test security products, we go above and beyond reporting efficacy and cost; we also quantify operational efficiency and a metric we call ROSI: Return on Security Investment. Operational efficiency accounts for costs such as deployment and the ongoing cost of using the product. If a product requires a lot of time […]
Support Your Local Pub By Using ALE
For a time when I worked at Microsoft, in my department, the booze cart would come by every Friday afternoon for happy hour, and we’d get free alcoholic beverages. The legal department shut that down because they used ALE. Ironic that ALE ended happy hour, isn’t it? Read on, and you’ll see why ALE killed […]
To Breach or Not to Breach
The rapid adoption of could computing was yesterday’s news 5 years ago. Today’s news is that one of the most critical cloud security technologies is woefully ineffective. In addition to efficacy, it is critical to measure operational efficiency. In other words, it doesn’t matter how effective a solution can be if you can’t manage it. […]
Data Validation, Customer Service and an Unnamed Hotel: A Cautionary Tale!
Here at SecureIQLab, we kinda like triangles. Nothing against parallelograms, but we’re triangle folk. There are two famous triangles. When the tenet of people, process, and technology is properly executed, a perfect equilateral triangle is created. When execution is abysmal, you’re looking at the Devil’s Triangle (AKA Bermuda Triangle) of customer service. At that point, […]
LastPass, LostPass, or HallPass
I believe that all of our readers have heard about the LastPass Breach. There is a lot of seriously flawed information out there on social media. Yes, it appears to be true that customer password vaults were obtained by threat actors. But what does than mean to you? How bad is it? That depends on […]
The Myth of Password Cracking AKA Bad Analysis
Fact: The value of a great test can be negated by inaccurate, or missing analysis. Now onto the myth of password cracking. We’ve all heard the advice to make strong passwords. The myth that the use of multiple character sets is always required to make a strong password is warrantless. When appropriate password length is […]
