Google launches ‘nogotofail’ code to help developers

5 Nov 2014

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Internet search giant Google has built a tool to provide an easy way to confirm that devices or applications are safe from vulnerabilities and misconfigurations.

Google’s Android security team developed ‘nogotofail’ to work on Android, iOS, Linux, Windows, Chrome OS, OSX, “in fact any device you use to connect to the internet”.

In a not-so-subtle nod to Apple’s ‘gotofail’ issues from earlier this year, Google’s latest creation is a client to configure settings and get notifications on Android and Linux – as well as the attack engine itself, which can be deployed as a router, VPN server, or proxy.

“We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps,” explains Chad Brubaker, Android security engineer at Google.

“But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open-source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the internet.”

Gordon Hunt is senior communications and context executive at NDRC. He previously worked as a journalist with Silicon Republic.

editorial@siliconrepublic.com