Take Control Of Your Network Security

Internet November 28, 2014

Unless you have been up on an mountaintop searching for lost treasure, you had to have heard something about the issues with SSL3.0. As you know, Secure Sockets Layer 3.0 was supposed to fix a lot of latent issues with its predecessor SSL 2.0. However, unfortunately to the dismay of many, SSL3.0 arrived with its own vulnerability, namely the so-called POODLE bug. But understand, this is not the first such issue with SSL. No, if you can remember, there was the Heartbleed bug in Open SSL as well as the gotofail bug with Apple.

Ugh! Fed up with this and wanting to offer up a solution, the team at Google put together an innovative tool. This tool is named Nogotofail and is readily available right now on GitHub. The tool is specifically engineered to that anyone can test out their applications as well as help improve the overall security of the Internet.

According to Android security engineer, Mr. Chad Brubaker, the focus of Nogotofail is all about transport layer security (TSL)and secure sockets layer (SSL)security. More specifically, its about making sure that interconnected devices across the Net are no longer vulnerable to threats due to TLS or SSL encryption issues.

The Nogotofail tool is at its heart a network security testing tool. It tests for such things as SSL certification and verification issues, HTTPS, TSL and SSL library vulnerabilities as well as possible misconfiguration of these libraries.

Brubaker also went on record to explain Google’s position. He said” “Google is committed to increasing the use of TSL and SSL in all applications and services. But HTTPS everywhere is not enough, it also needs to be used correctly.”

Google spokespersons readily admit that Nogotofail had been used internally for some time. After working with developers to ensure Nogotofail functioned as planned, it was released for public use. Brubaker reiterated his point that Google sees the importance of advancing the use of TSL and SSL as quickly as possible.

Well there you have it. Straight from the horse’s mouthy so to speak. That is to say that not only should developers and network engineers employ TSL and SSL wherever and whenever possible but it also has to be setup and configured correctly. To that end, Google made sure there is a way to make this easy and straightforward. Hence the release of Nogotofail.


comments powered by Disqus