Cyber Criminals Have A New Best Friend – The University of Oregon
The views and opinions expressed in this blog do not necessarily reflect the views and opinions of SecureIQLab, but probably dovetail nicely with the views and opinions of the majority of cybersecurity professionals. This is painful to write. The monumental ignorance demonstrated by the manner in which the University of Oregon handled a recent cybersecurity […]
Blackhat 2025 – Test AI before you trust
At Blackhat, there wasn’t a space of 10 feet not festooned with overtly optimistic promises of AI curing – basically everything in security. During an AI summit here, multiple tens of would-be AI security contenders, sometimes with little else but a PhD and a burning pile of cash they’d drummed up, said they had all […]
Chatbots, AI, and PayPal
To start with, this isn’t really about PayPal, they just gave me a great example to share about how to employ AI to the least of its abilities. Due to a problem with PayPal, I had to get some support that the chatbot was less qualified to handle than a pig in a turkey bacon […]
Testing Ain’t Easy
Recently, I bought a Ring security system. I had to. My fiancé said she wouldn’t marry me if we didn’t have a security system. I call it my Wedding Ring now! Ok, everything I said, except for getting the Ring cameras, was fabricated in order to make a painful, yet illuminating joke. Testing can be […]
Exploits, Vulnerabilities and Payloads – Who Knew?
I can’t count how many times I’ve heard vulnerabilities called exploits and exploits called vulnerabilities. I’ve even heard payloads called exploits or vulnerabilities. That’s okay for an exploit if the exploit is a payload. If you already know all of this stuff, perhaps this blog will help you explain the topic to others. If you […]
Brew Your Own ALE
When we at SecureIQLab test security products, we go above and beyond reporting efficacy and cost; we also quantify operational efficiency and a metric we call ROSI: Return on Security Investment. Operational efficiency accounts for costs such as deployment and the ongoing cost of using the product. If a product requires a lot of time […]
Support Your Local Pub By Using ALE
For a time when I worked at Microsoft, in my department, the booze cart would come by every Friday afternoon for happy hour, and we’d get free alcoholic beverages. The legal department shut that down because they used ALE. Ironic that ALE ended happy hour, isn’t it? Read on, and you’ll see why ALE killed […]
WAAP Pricing Considerations
Comparing prices for Web Application and API Protection (WAAP) solutions often feels like comparing apples to oranges… to Cybertrucks. Vendors often offer public pricing for their lower-tier offerings, but enterprise-class WAAP solutions involve complex, varied pricing models that make straightforward comparisons challenging. This was evident to SecureIQLab this year in our attempts to create normalized […]
Are You Configured for Failure?
Every year, an exorbitant amount of money is spent on ensuring companies’ digital safety, yet data breaches continue to rise. Three main reasons cause this unfortunate event: First, companies often misconfigured the cloud, making the system an easy target. Second, aggressive types of ransomware attacks are on the rise. Third, companies are being too permissive […]
Spooky Action from a Distance
The first question that popped into my mind when I became aware of the global IT chaos that started this Friday and the corresponding causes that were articulated was, “How do two independent objects cause each other to react so violently that the net effect generated from such interaction causes mass disruption?” Patch failures are […]
