IWL's Expert Insights on Network Emulation and Protocol Testing
Log4j Vulnerability
IWL Products are NOT Affected by Log4j Vulnerability, disclosed by Apache. Log4j allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control …
Open Source Does Not Equal Better Quality or Greater Security
Open source advocates have long proclaimed the intrinsic quality and security of open source code. They argue that because the code is open it is inspected by many eyes and tested by many hands. I dispute that argument. Code will become better through more inspection, and improved testing, no matter whether that code is "open", "free", or "proprietary" …
Test Results for libssh Bug on KMAX, Mini Maxwell, and Maxwell Pro
IWL Engineering has completed its investigation of the CVE-2018-10933 security flaw (libssh bug) and found that this bug is not present in our products. Based on testing conducted by IWL engineers, there is no indication that either Mini Maxwell or KMAX is subject to the libssh flaw. For the Maxwell Pro products, based on RedHat Fedora, RedHat has stated that its systems are not vulnerable; our testing is consistent with that …
On Fuzz Testing
Fuzz testing is a form of brute-force testing - every possibility is thrown at the target in hopes that eventually something bad will happen and a flaw revealed. Fuzz testing is a plausible technique if the number of variations is small enough that all the possibilities can be tried in the time before the target product becomes obsolete. But with some modern network protocols the time to test all the combinations could run into years - or, in many cases, eons …
Why I Use a Fake Birthday on Facebook
Last month I received a number of fun and friendly birthday wishes on Facebook. Though this was a sweet and kind gesture by each of the well-wishers, I felt guilty. That’s because … it was not my birthday! Facebook thinks my birthday is June 22, 1910, but the day, the month, and the year are all wrong.
So you may wonder: Why would I intentionally lie about my birthday on Facebook? …
Gnu TLS Cryptographic Bug
IWL used our Maxwell Pro TLS Test Suite to test one version of the GnuTLS library. It failed 39 out of 116 of our tests! …
Avoiding the Next Heartbleed Bug
The general public is now aware of something that we network plumbers have known for years: in many respects, the Internet is robust, but security is fragile. The Heartbleed SSL problem is estimated to cost millions of dollars. No one knows for sure when the next serious bug will show up and its ultimate price …