Data Validation, Customer Service and an Unnamed Hotel: A Cautionary Tale!

Data Validation, Customer Service and an Unnamed Hotel: A Cautionary Tale!

| | Informative
Here at SecureIQLab, we kinda like triangles. Nothing against parallelograms, but we’re triangle folk. There are two famous triangles. When the tenet of people, process, and technology is properly executed, a perfect equilateral triangle is created. When execution is abysmal, you’re looking at the Devil’s Triangle (AKA Bermuda Triangle) of ... Read More
LastPass, LostPass, or HallPass

LastPass, LostPass, or HallPass

| | Informative
I believe that all of our readers have heard about the LastPass Breach. There is a lot of seriously flawed information out there on social media. Yes, it appears to be true that customer password vaults were obtained by threat actors. But what does than mean to you? How bad ... Read More
The Myth of Password Cracking AKA Bad Analysis

The Myth of Password Cracking AKA Bad Analysis

| | Informative
Fact: The value of a great test can be negated by inaccurate, or missing analysis. Now onto the myth of password cracking.   We’ve all heard the advice to make strong passwords. The myth that the use of multiple character sets is always required to make a strong password is warrantless ... Read More
Planet of the APIs

Planet of the APIs

| | Informative
Yeah, sure I had fun making the Planet of the Apes pun, but this really is the planet of the APIs (application programming interfaces). Want to travel around the earth? You’ll go online to book your trip, and in doing so you’ll be using software that uses APIs. OK, you ... Read More
Putting Firewalls to the Test

Putting Firewalls to the Test

| | Informative
The next generation firewall (NGFW) was invented by a gentleman named Jean-Luc Picard on September 28, 1987, but it would be several years before terrestrial bound enterprises (no pun intended) would adopt the technology. But before we dive into the topic of testing let’s take a look at Palo Alto ... Read More
Gilligan's Island Theme Song

The Case Against Default Libraries

| | Informative
Windows has a sort of handy feature, but nobody has ever found it. Well, yeah, this one is ubiquitous. The “libraries.” Simple enough, a link to default folders for documents, pictures, etc. The helpful little feature is designed to minimize the amount of navigation required to open and/or save different ... Read More
Vulnerabilities, Exploits, and Payloads

Vulnerabilities, Exploits, and Payloads

| | Informative
Unless you’ve been living under a rock or have a life, you’ve heard more about Log4j2 than you might care to have. You’ve probably heard talk of Log4Shell, Log4j, exploits, vulnerabilities, CVE-2021-44228, and countless Christmas songs this month. Why did I write exploits and vulnerabilities in bold and underline them? ... Read More
Passphrases and the Passphrase Token Attack

Passphrases and the Passphrase Token Attack

| | Informative
Never say “passphrase” around a pedant. Peasants and pheasants are OK, but pedants will bring up the passphrase token attack, frequently overstate the threat, or flat out get it wrong. It isn’t that these pedants can’t do math, it’s just that it didn’t occur to them to do the math ... Read More