While many open source TCP/IP implementations are available via standard operating system distributions, some applications require changes and customization to TCP/IP. Hence, the requirement to track best practices and the current status of the protocol’s evolution. What has changed? A lot, really! …

Info Security recently published an article about the Payment Card Industry's final push to force the adoption of TLS 1.1 or higher. This article provides a good summary of the evolution of SSL/TLS, the pitfalls of earlier versions, and advantages of the most recent standards …

Open source advocates have long proclaimed the intrinsic quality and security of open source code. They argue that because the code is open it is inspected by many eyes and tested by many hands. I dispute that argument. Code will become better through more inspection, and improved testing, no matter whether that code is "open", "free", or "proprietary" …

IWL today announced a new addition to its family of network test suites: the IWL MQTT Test Suite. Cloud platform providers using MQTT can enhance their solutions to help clients test their apps before launching. IoT implementers can test their apps and devices with a high quality, commercial test suite in their lab or in the cloud …

The cost of computer security breaches is no longer hypothetical. According to the Cisco 2018 Annual Cybersecurity Report (page 46), more than half (53 percent) of all attacks resulted in financial damages of more than US$500,000 (for each organization), including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs. Interestingly, about 19% of the attacks resulted in financial damages of more than US$2.5 Million per organization! …

In 2013, Google announced a new transport protocol, the QUIC protocol (Quick UDP Internet Connections). QUIC’s original goal was to reduce transport latency, particularly with users of web apps (that use HTTP over TCP). The goal was later expanded to provide a reliable, connection-oriented, low-latency, fully encrypted transport layer. Approximately 0.9% of all websites use QUIC …

Newcomers to IT network operations are often confounded by the complexity of managing, controlling, monitoring, diagnosing and repairing their networks. As we are all inclined to select the simplest tool, to a networking newcomer, the simplest tool for staying on top of network operations would be an event report …

About a year ago we begin switching our various websites to use content management systems (CMS) that did not require SQL databases, or any database for that matter. We looked at GRAV and Hugo. The latter is highly portable and very fast, but for our more dynamic websites we decided to use GRAV.

In general we have been quite happy with GRAV, but recently we encountered a problem in which users began to see "Gateway Timeout" errors …

The Washington Post recently published an article: "SpaceX wants to beam the Internet down to Earth. Here's How it will Start." IWL believes the article doesn't give the whole story. SpaceX is not proposing anything that is particularly new …

Fuzz testing is a form of brute-force testing - every possibility is thrown at the target in hopes that eventually something bad will happen and a flaw revealed. Fuzz testing is a plausible technique if the number of variations is small enough that all the possibilities can be tried in the time before the target product becomes obsolete. But with some modern network protocols the time to test all the combinations could run into years - or, in many cases, eons …

All of the IWL staff has worked long and hard on perfecting a TLS Test Suite. Our clients — DevSecOps engineers — need to find bugs and security vulnerabilities in apps and devices before deployment. Once they’ve identified these problems, the problems are corrected and retested prior to deployment …

Women who work in automotive technology met at the British Bankers Club in Menlo Park last night for a lively discussion. The women represented many facets of the industry — research scientists at the major automotive companies, new infotainment and VR startups, regulatory and compliance lawyers, venture capitalists, and, of course, automotive test solution suppliers, like IWL …