Google releases ‘nogotofail’ A Network Traffic Security Testing Tool

Google has released Nogotofail as an
open source project available on GitHub, meaning anyone can use it,
contribute new features, provide support for more platforms, and do
anything else with the end goal of helping to improve the security of
the Internet.
Called ‘nogotofail’ and apparently
named in honour of the ‘goto fail’ bug that affected Mac and iOS
systems earlier this year, the tool offers a way to confirm that
internet-connected devices and applications aren’t vulnerable to
transport layer security (TLS) and secure sockets layer (SSL)
encryption issues, such as known bugs or misconfigurations.
Nogotofail tests for common SSL
certificate verification issues, HTTPS and TLS/SSL library bugs, SSL
and STARTTLS stripping issues, and cleartext issues. The tool can be
deployed on a router, a Linux machine, or a VPN server and works for
Android, Chrome OS, iOS, Linux, OS X, and Windows — basically any
device used to connect to the internet.

Following is the official release of Google:
“Google is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere”
is not enough; it also needs to be used correctly. Most platforms and
devices have secure defaults, but some applications and libraries
override the defaults for the worse, and in some instances we’ve seen
platforms make mistakes as well. As applications get more complex,
connect to more services, and use more third party libraries, it becomes
easier to introduce these types of mistakes.

The Android Security Team has built a tool, called nogotofail,
that provides an easy way to confirm that the devices or applications
you are using are safe against known TLS/SSL vulnerabilities and
misconfigurations. Nogotofail works for Android, iOS, Linux, Windows,
Chrome OS, OSX, in fact any device you use to connect to the Internet.
There’s an easy-to-use client to configure the settings and get
notifications on Android and Linux, as well as the attack engine itself
which can be deployed as a router, VPN server, or proxy.

We’ve been using this tool ourselves for some time and have worked with
many developers to improve the security of their apps. But we want the
use of TLS/SSL to advance as quickly as possible. Today, we’re releasing
it as an open source project,
so anyone can test their applications, contribute new features, provide
support for more platforms, and help improve the security of the
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...