Google's Android Security Team has built and for a while has been using a tool, called nogotofail, to verify that the devices or applications them and us using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for most OS' in the use today like, Android, iOS, Linux, Windows,
Chrome OS, OSX, basically any device you use today to connect to the Internet. nogotofail also comes with an easy-to-use client to configure the settings and get
notifications on Android and Linux. There is an attack engine
which can be deployed as a router, VPN server, or proxy.
To make TLS/SSL more secure and usable, Google released the tool as an open source project.OSS brings best of the industry together and makes projects like these even more versatile. Thanks to Google and the Android Security team, now anyone can test their applications, contribute new features, provide
support for more platforms, and help improve the security of the
Internet. Getting started instructions are here.
Google Online Security Blog: Introducing nogotofail—a network traffic security testing tool
No comments:
Post a Comment