Blog
Read the Latest News From IWL.

Equal Pay is Not a Regulatory Burden

Posted by Chris Wellens /

The Trump Administration proposes to "pause" and review an Obama-era program designed to improve wage transparency -- so women and minorities could learn how their compensation stacked up to white men. The Trump administration argues that the government's pay data collection process is "unnecess...

Read More...

All of the IWL staff has worked long and hard on perfecting our TLS Test Suite! Our clients — DevSecOps engineers — use it to find bugs and security vulnerabilities in apps and devices before deployment. Once they’ve identified these problems, the problems are corrected and retested prior...

Read More...

Anonymity, privacy, device fingerprinting

Last month I received a number of fun and friendly birthday wishes on Facebook. Though this was a sweet and kind gesture by each of the well-wishers, I felt guilty. That’s because … it was not my birthday! Facebook thinks my birthday is June 22, 1910, but the day, the month, and the year are all wrong.

So you may wonder: Why would I intentionally lie about my birthday on Facebook?

Read More...

Women in Automotive (lots of us)

Posted by Lisa Patel /

Women who work in automotive technology met at the British Bankers Club in Menlo Park last night for a lively discussion. The women represented many facets of the industry — research scientists at the major automotive companies, new infotainment and VR startups, regulatory and compliance lawyers,...

Read More...

Often when we read news stories, we find them lacking any technical substance. It would seem that the writer aborted the story before asking any interesting questions that would allow us, as technical professionals, to fully understand the story and draw our own conclusions.

Read More...

Taking Exception to the StringBleed Vulnerability

Posted by Lisa Patel /

Security researchers claim to have discovered an SNMP flaw that affects several models of Internet-connected devices. Presumably hackers could send random values in specific requests to the SNMP agent in various devices and the authentication mechanism would be bypassed.

Read More...

Is it Okay to Make IPv4 Act Like IPv6?

Posted by Lisa Patel /

Despite what one might read in certain techno-marketing publications, IPv4 is very much alive; it has not by any stretch yet been replaced by IPv6.

So it remains important that vendors of networking products do IPv4 and do it correctly.

But some vendors appear to be getting lazy.

In particular one of the largest vendors seems to be taking a shortcut that could leave users unable to communicate even though those users have otherwise perfectly usable packet service from their network providers.

Read More...

Have you thought about how you will test the performance of IoT apps and drones? Our new video demonstrates performance testing of an IOT application controlling the ESP8266 Microcomputer mounted on a drone! As you might expect, as the drone flies further away from the wireless base station, perform...

Read More...

Why did Waze and Google Maps fail?

Posted by Lisa Patel /

Waze, the “…world’s largest community-based traffic and navigation app” failed its users in the Santa Cruz, California area during the month of February 2017. These users who depend on Waze to find out traffic conditions and alternate routes were not able to do so. The same was true for Google Maps. For example, when traffic stalled for up to three hours, Waze and Google Maps happily reported that conditions were just fine.

Read More...

A New York City based start-up company, Confide, offers a text messaging system “with encrypted messages that self-destruct.” You can download the app at getconfide.com

Confide lets its users “discuss sensitive topics, brainstorm ideas or give unfiltered opinions without fear of the Internet’s permanent, digital record and with no copies left behind.” “Messages disappear forever after they are read once, making them as private and secure as the spoken word.”

What a description! Everyone’s dream come true, right? Certainly a perfect app for individuals wanting to communicate about classified information, military plans, or other top secret information.

Read More...

Checking for New SNMP Vulnerabilities

Posted by Lisa Patel /

Cisco Systems recently announced a patch for a vulnerability in Simple Network Management Protocol (SNMP) functions of some Cisco routers. “This vulnerability could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.” 1

Whether or not you have Cisco routers, it is important to execute all the SNMP vulnerability tests in SilverCreek to verify that your SNMP agent is not vulnerable to attacks.

Read More...