Google Releases Tool To Test Apps, Devices For Ssl/tls Weaknesses – Techworld.com

It is the kind of threat that the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols are meant to protect against. In practice, however, encrypted SSL/TLS connections can often be vulnerable to MitM attacks due to bad client configurations or unpatched vulnerabilities in libraries that are used by software developers to implement these protocols in their applications. Related Articles on Techworld Google offers Web Summit startups $20m to use on its cloud http://www.androidsentral.com/tag/aplikasi-android platform “Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well,” said Chad Brubaker, an Android security engineer at Google, in a blog post . “As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.” The tool created and released by Google is called nogotofail and has been used internally by the company’s engineers to find SSL/TLS implementation errors in applications for some time. It was released on GitHub Tuesday as an open source project. Nogotofail can be deployed as a router, VPN server or proxy on a network to simulate MitM attacks against devices that establish SSL/TLS connections to the Internet. It uses deep packet inspection to discover all SSL/TLS traffic instead of just monitoring ports typically associated with the two protocols, such as port 443. The tool includes a client component for Android and Linux systems that tells the MitM component what specific tests to run. The client is also important for tracking which applications that run on the tested systems opened certain SSL/TLS connections, something that can be hard to determine just from the MitM side.
Source: http://news.techworld.com/security/3584401/google-releases-tool-to-test-apps-devices-for-ssl-tls-weaknesses/?olo=rss

Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s