Google develops tool to test SSL implementations




Security Researchers from Google have introduced an open source tool that allows users to test their software is vulnerable to known security vulnerabilities in SSL implementations. The tool does require some knowledge to be installed.

The tool tries to man in the middle attacks on connections. Users must install the tool on a server and have the device that they want to test configure to use the tool as a vpn, router or proxy. If the device is vulnerable to known security vulnerabilities in SSL implementations, tool stores the alarm.

Google has called the tool “nogotofail ‘, a reference to a serious security vulnerability in OS X and iOS that early this year came to light. In addition, it was possible to determine the content of https traffic, if an attacker could intercept network traffic. The vulnerability was caused by the text ‘goto fail’ was twice placed where it had been due only once. This made a server where the code should have the alarm, yet familiar.

The tool also attempts to serve ssl certificates other than the visited domain. Domains Software that does not conduct or served ssl certificate or belongs to a particular domain, the error here. That is something that include ING happened : an old version of mobile banking app that bank does not, checked the certificate allowing an attacker could present its own certificate to his victim.

Who wants to install the tool, the code Github pick . The tool works best on Linux, and users will themselves have ssl certificates arrange to enable the tool to generate fake SSL certificates. Users of the tool will also need to be familiar with the command-line on Linux.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »