Blog
Read the Latest News From IWL.

Microsoft and Google disagree about the mechanics, reporting, and resolution of bug disclosures. They are not the only ones with this disagreement. According to Ars Technica, the security community has two schools of thought on this issue:

(1) Coordinated Vulnerability Disclosure (CVD)

Flaws a...

Read More...

PCI Compliance = Poor Security

Posted by Lisa Patel /

Wired‘s recent article on “The 10 Biggest Bank Card Hacks” discussed the role of PCI Compliance. PCI is the Payment Card Industry security standard introduced in 2005. Even though the companies involved in these breaches were “certified PCI compliant”, multiple times, the breaches still occ...

Read More...

IWL Quarterly Update: Spring 2014

Posted by Lisa Patel /

Dear Friend of IWL,

Here’s your latest updates from IWL:

New Echo Server for Maxwell Pro TCP Test Environment

Instrument a TCP or UDP stack so that it responds to input streams in minutes, not hours. The new Echo Server provides support for Windows, OS X, Linux, and BSD systems.

The latest C...

Read More...

IWL Quarterly Update: Fall 2014

Posted by Lisa Patel /

Revision 19 of Mini Maxwell and Maxwell G is now in BETA

Read More...

Stop Using SSL! Here’s Why …

Posted by Lisa Patel /

The revelation of the POODLE vulnerability demonstrated that SSL 3.0 should be disabled and removed from any products that still contain it. Companies taking this step include Twitter, Apple, EBay, Mozilla Firefox, Google, and PayPal.

When will others make the change to TLS 1.2?

Should they be...

Read More...

Do We Need A U.S. Department Of Code?

Posted by Lisa Patel /

Since the Heartbleed bug was exposed in April, one thing has become apparent: the underlying infrastructure of the Internet—and the applications and services that rely on open source projects like SSL and TLS to operate—are extremely vulnerable. And now, many network professionals believe that t...

Read More...

Some Thoughts About Networking For Game Developers

Posted by Lisa Patel /

An early draft of this blog post was inadvertently posted to Reddit; it was not appropriate for that site. However, since this occurred, we have taken the opportunity to revise the post for a wider audience and to clarify misunderstandings and correct errors from that draft version.

Joost van Dong...

Read More...

Right now an increasing number of developers are deploying their applications via the cloud. In fact, Gartner predicts that the world-wide public cloud services market will reach an astonishing $287 billion by 2017.

Unfortunately, many application developers are jumping head first into the cloud...

Read More...

A new method of web browser fingerprinting hit the press today: Meet the Online Tracking Device That is Virtually Impossible to Block.

We’ve been thinking how one might create a countermeasure to this kind of web canvas based browser fingerprinting.

The canvas fingerprinting code that we’ve...

Read More...

Should You Make Your Own TCP/IP Test Suite?

Posted by Lisa Patel /

First time buyers are often startled by the price of complete turnkey protocol test suite products. They often wonder if it would be more cost efficient to make their own testing solution. Here are some things to consider when deciding whether or not to make your own TCP/IP Test Suite:

Read More...

IWL Quarterly Update: Summer 2014

Posted by Lisa Patel /

Do you know how SilverCreek compares against other SNMP Agent Test Tools?

Find out what the expert learned using five of the available SNMP agent test tools. Not all of them found bugs! One reported false positives!

Read More...