Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google releases tool to test apps, devices for SSL/TLS weaknesses

Lucian Constantin | Nov. 6, 2014
Google released a tool that can be used to test whether the SSL/TLS encrypted connections opened by applications or devices are vulnerable to man-in-the-middle attacks.

The discovery of flaws in SSL/TLS libraries is not uncommon either. A critical vulnerability dubbed Heartbleed reported in April in the widely used OpenSSL library triggered an unprecedented patching effort and attracted a lot of media attention. However, other serious bugs were found in SSL libraries this year as well.

In February Apple patched a critical certificate validation vulnerability in its SSL library for iOS and Mac OS X. The bug stemmed from an extra "goto fail" line in the library's code and it's what likely inspired the name for Google's new tool.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.