Blog

Read the Latest News From IWL.

Avoiding Internet Timer Synchronization

Posted by Karl Auerbach /

The internet is a complex distributed process in which computers interact with one another over pathways that introduce delays and errors. There are many feedback loops. Some of those loops are simple to identify, such as the handshaking between the end points of a TCP connection. Other loops are harder to identify, such as the interaction of timers in ARP (address resolution), DNS (domain name system), and routing protocols (such as OSPF and BGP.)

Positive feedback loops are often merely annoying. But they can also cause more severe problems, such as connectivity failures.

Read More...

Flat File Content Management Systems : A- / B+

Posted by Chris Wellens /

Websites are a bit like fashion; what you wear says a lot about you as a person, and what your website looks like says a lot about your company. You don't want your clothes to make you look out of date, and you don't want your company to look out of date, either. So when it was time for IWL to up...

Read More...

On Fuzz Testing

Posted by Karl Auerbach /

There's an old joke. It was said that English automobiles of the 1950's came equipped with a walnut inlayed toolbox containing many hammers. These ranged in size from a small jeweler's hammer up through a heavy, concrete shattering, sledge. It was said that when something in the automobile stopped working that one should begin by pounding on it with the smallest hammer. If that didn't solve the problem then one should move up to the next larger size. And so on, using ever larger hammers, until the sledge, which would reduce the automobile to a heap of shattered parts that could easily be hauled away – because the original problem was obviously insolvable.

Fuzz testing of software is somewhat like that old English automotive technique, but often without the benefit of an orderly sequence.

Read More...

Counting Bits

Posted by Karl Auerbach /

The question of “how many bits” were sent and received clearly is a matter of interest when measuring data rates or data quantities.

Mobile providers, consumer ISP's, consumers, and regulators talk a lot about their speed and (not so often) about their data caps. But rarely, if ever, are sufficient details provided:

  • You or I often can not tell which bits they are counting.
  • Nor can we tell which bits are not being counted.
  • How can we compare when we do not know what is being measured?

And it is not just a consumer issue: ISPs that exchange data with one another under contractual peering and transit arrangements need common ground when they discuss how much data each party is delivering to the other.

Read More...

Equal Pay is Not a Regulatory Burden

Posted by Chris Wellens /

The Trump Administration proposes to "pause" and review an Obama-era program designed to improve wage transparency -- so women and minorities could learn how their compensation stacked up to white men. The Trump administration argues that the government's pay data collection process is "unnecess...

Read More...

All of the IWL staff has worked long and hard on perfecting our TLS Test Suite! Our clients — DevSecOps engineers — use it to find bugs and security vulnerabilities in apps and devices before deployment. Once they’ve identified these problems, the problems are corrected and retested prior to dep...

Read More...

Anonymity, Privacy, Device Fingerprinting

Last month I received a number of fun and friendly birthday wishes on Facebook. Though this was a sweet and kind gesture by each of the well-wishers, I felt guilty. That’s because … it was not my birthday! Facebook thinks my birthday is June 22, 1910, but the day, the month, and the year are all wrong.

So you may wonder: Why would I intentionally lie about my birthday on Facebook?

Read More...

Women in Automotive (lots of us)

Posted by Lisa Patel /

Women who work in automotive technology met at the British Bankers Club in Menlo Park last night for a lively discussion. The women represented many facets of the industry — research scientists at the major automotive companies, new infotainment and VR startups, regulatory and compliance lawyers, v...

Read More...

Often when we read news stories, we find them lacking any technical substance. It would seem that the writer aborted the story before asking any interesting questions that would allow us, as technical professionals, to fully understand the story and draw our own conclusions.

Read More...

Taking Exception to the StringBleed Vulnerability

Posted by Lisa Patel /

Security researchers claim to have discovered an SNMP flaw that affects several models of Internet-connected devices. Presumably hackers could send random values in specific requests to the SNMP agent in various devices and the authentication mechanism would be bypassed.

Read More...

Is it Okay to Make IPv4 Act Like IPv6?

Posted by Lisa Patel /

Despite what one might read in certain techno-marketing publications, IPv4 is very much alive; it has not by any stretch yet been replaced by IPv6.

So it remains important that vendors of networking products do IPv4 and do it correctly.

But some vendors appear to be getting lazy.

In particular one of the largest vendors seems to be taking a shortcut that could leave users unable to communicate even though those users have otherwise perfectly usable packet service from their network providers.

Read More...