Google releases open source network traffic security tool
Nogotofail aims to sniff out flaws in HTTPS
A new open source tool to help IT professionals test the security of their applications on networks has been unveiled by Google.
Nogotofail is designed to help assure Android, iOS, Linux, Windows, OS X and Chrome app developers that their offerings are secured against known flaws.
The tool should also help IT professionals guard against known threats such as Heartbleed and Poodle.
In a blog post, Android security engineer Chad Brubaker said Nogotofail would provide an "easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations".
"Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the internet," he said.
"There's an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server or proxy."
Google has released the tool as an open source project so developers can test and secure their applications and add new features.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
To this end, the Nogotofail code has been released on GitHub.
The tool's launch follows Google's drive to secure website communication through the use of SSL by default.
"Google is committed to increasing the use of TLS/SSL in all applications and services. But 'HTTPS everywhere' is not enough; it also needs to be used correctly," Brubaker continued.
"Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we've seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third-party libraries, it becomes easier to introduce these types of mistakes," he added.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.