Google today introduced a new tool for testing network traffic
security called Nogotofail. The company has released it as an open
source project available on GitHub, meaning anyone can use it,
contribute new features, provide support for more platforms, and do
anything else with the end goal of helping to improve the security of
the Internet.

The tool’s main purpose is to test whether the devices or
applications you are using are safe against known TLS/SSL
vulnerabilities and misconfigurations (it includes testing for common
SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL
and STARTTLS stripping issues, cleartext issues, and so on). Nogotofail
works on Android, iOS, Linux, Windows, Chrome OS, OSX, and “in fact any
device you use to connect to the Internet.”
“Google is committed to increasing the use of TLS/SSL in
all applications and services. But ‘HTTPS everywhere’ is not enough; it
also needs to be used correctly,” Brubaker wrote in a blog post.
“Most platforms and devices have secure defaults, but some applications
and libraries override the defaults for the worse, and in some instances
we’ve seen platforms make mistakes as well. As applications get more
complex, connect to more services, and use more third party libraries,
it becomes easier to introduce these types of mistakes.”
Google believes that, by making an open source solution, the
community will be able to proactively protect against future
vulnerabilities as they are uncovered, in part through the work of the
Core Infrastructure Initiative, the Linux Foundation managed
organisation set up in the wake of the Heartbleed bug to monitor and fix
security protocols.
0 komentar:
Posting Komentar