Data Validation, Customer Service and an Unnamed Hotel: A Cautionary Tale!
Here at SecureIQLab, we kinda like triangles. Nothing against parallelograms, but we’re triangle folk. There are two famous triangles. When the tenet of people, process, and technology is properly executed, a perfect equilateral triangle is created. When execution is abysmal, you’re looking at the Devil’s Triangle (AKA Bermuda Triangle) of ... Read More
LastPass, LostPass, or HallPass
I believe that all of our readers have heard about the LastPass Breach. There is a lot of seriously flawed information out there on social media. Yes, it appears to be true that customer password vaults were obtained by threat actors. But what does than mean to you? How bad ... Read More
The Myth of Password Cracking AKA Bad Analysis
Fact: The value of a great test can be negated by inaccurate, or missing analysis. Now onto the myth of password cracking. We’ve all heard the advice to make strong passwords. The myth that the use of multiple character sets is always required to make a strong password is warrantless ... Read More
Planet of the APIs
Yeah, sure I had fun making the Planet of the Apes pun, but this really is the planet of the APIs (application programming interfaces). Want to travel around the earth? You’ll go online to book your trip, and in doing so you’ll be using software that uses APIs. OK, you ... Read More
Putting Firewalls to the Test
The next generation firewall (NGFW) was invented by a gentleman named Jean-Luc Picard on September 28, 1987, but it would be several years before terrestrial bound enterprises (no pun intended) would adopt the technology. But before we dive into the topic of testing let’s take a look at Palo Alto ... Read More
The Case Against Default Libraries
Windows has a sort of handy feature, but nobody has ever found it. Well, yeah, this one is ubiquitous. The “libraries.” Simple enough, a link to default folders for documents, pictures, etc. The helpful little feature is designed to minimize the amount of navigation required to open and/or save different ... Read More
Vulnerabilities, Exploits, and Payloads
Unless you’ve been living under a rock or have a life, you’ve heard more about Log4j2 than you might care to have. You’ve probably heard talk of Log4Shell, Log4j, exploits, vulnerabilities, CVE-2021-44228, and countless Christmas songs this month. Why did I write exploits and vulnerabilities in bold and underline them? ... Read More
Passphrases and the Passphrase Token Attack
Never say “passphrase” around a pedant. Peasants and pheasants are OK, but pedants will bring up the passphrase token attack, frequently overstate the threat, or flat out get it wrong. It isn’t that these pedants can’t do math, it’s just that it didn’t occur to them to do the math ... Read More