Wednesday, November 5, 2014

Google Releases Tool For Finding TLS/SSL Vulnerabilities and Misconfigurations

Google has released a new network traffic security testing tool that can be used to check if devices and applications are impacted by Transport Layer Security/ Secure Sockets Layer (TLS/SSL) vulnerabilities and if the cryptographic protocols are configured correctly.

The tool, dubbed Nogotofail, has been used internally by the Android Security Team for some time. However, on Tuesday, it was released as an open source project to allow anyone to test their applications and contribute to making the tool better.

"Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy," Android Security Engineer Chad Brubaker, one of the tool's developers, wrote in a post on the Google Online Security blog.