Back in April 2014, researchers released a warning that sent ripples throughout both the business world and the internet community. That warning was the announcement of the discovery of what was called the Heartbleed bug, a vulnerability that had existed for years but had long gone undetected. This defect was estimated to have affected up to two-thirds of internet servers, allowing cyber criminals to go around transport security layer (TLS) protections and grabbing confidential information found in computers or servers that had OpenSSL-powered software. The fact that the bug had existed for so long without being discovered caused a great deal of consternation for those in the technology world, and while the bug was later fixed, worries over network security persisted. Discoveries of other security threats like the POODLE attack, BEAST, and the gotofail flaw only increased anxiety levels. As a response to the growing fears over internet security, Google released a new network security tool in November called nogotofail, the goal being a safer internet for everyone.
When it comes to internet security, the main concern usually surrounds TLS and the secure socket layer (SSL). These two protocols are used to help encrypt the internet, web communications like email, and a variety of internet traffic. The idea is to make it so any information passing between two parties, like an online shopper buying a gift from Amazon, can’t be read by anyone that happens to be monitoring the transaction. This is usually seen through HTTPS protections, most often signified in the address bar of a web browser with the picture of a padlock. Vulnerabilities like Heartbleed and POODLE went around these protections, prompting the development of the nogotofail tool.
The main purpose behind Google’s nogotofail network security tool is to find those applications and programs that are most vulnerable to SSL/TLS attacks. The tool is also meant to identify any encryption issues an application or website might have. This is done primarily by running known attacks on the application. In this manner, any weak spots that would have otherwise gone unnoticed can be pinpointed and patched up. When done in a safe, controlled environment with an approved security tool, developers can ensure that a website is truly protected with encryption and that HTTPS sites are fully secure.
Part of the strength of nogotofail is its versatility. Nogotofail has been designed with more than just a small selection of applications of platforms in mind. In fact, nogotofail can be deployed in a large variety of situations with a large selection of operating systems. For example, if developers want to check for vulnerabilities on a router or VPN server, they can do so. If there’s a device that runs Linux, nogotofail can examine it for weaknesses. The same holds true if the device runs on OS X, Chrome, or Android. Essentially, if the device connects to the internet in some fashion, nogotofail can be used to see if there are any vulnerabilities that need to be addressed and solved before being used.
Another strength of the nogotofail tool is the fact that it is open source. Google touted this characteristic when it first announced the tool, and it’s easy to see why. With open source code, the tool is available to anyone who wants to use it. Beyond that, developers can also contribute any new features they feel would be beneficial for everyone to have. Those who may not be as familiar with security code may also get support from a strong open source community. By allowing contributions from a large host of experts, the goal of improving internet security will proceed more easily. In other words, collaboration may be key in making sure nogotofail is used to its fullest extent.
The development of nogotofail represents a step in the right direction in the journey toward a safer internet. People want to make sure their personal information is secure, and businesses shudder at the thought of a hacker inside their systems, which is why nogotofail is potentially a game changer. Nogotofail shouldn’t be looked at as the final word on internet security, but as a tool, it can prove to be incredibly useful. As more organizations and developers use and understand it, others can have more confidence that their transactions and communications stay out of the hands of unwanted visitors.