Google launches ‘nogotofail’ code to help developers

5 Nov 2014

Internet search giant Google has built a tool to provide an easy way to confirm that devices or applications are safe from vulnerabilities and misconfigurations.

Google’s Android security team developed ‘nogotofail’ to work on Android, iOS, Linux, Windows, Chrome OS, OSX, “in fact any device you use to connect to the internet”.

In a not-so-subtle nod to Apple’s ‘gotofail’ issues from earlier this year, Google’s latest creation is a client to configure settings and get notifications on Android and Linux – as well as the attack engine itself, which can be deployed as a router, VPN server, or proxy.

“We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps,” explains Chad Brubaker, Android security engineer at Google.

“But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open-source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the internet.”

Gordon Hunt was a journalist with Silicon Republic