UPDATED 14:46 EDT / NOVEMBER 05 2014

Google Head Honcho Larry Page NEWS

Google wants to secure the Internet of Things the open-source way

Google Head Honcho Larry Page

Google Head Honcho Larry Page

Google Inc. has released the code for a tool called “nogotofail” thats its engineers have been using to check if network connections are properly encrypted to the open-source community. The move is a continuation of the search giant’s efforts to make the web safer amid the rapid growth in the variety and number of connected devices, which Gartner Inc. expects will pass the 20 billion mark by the turn of the decade.

The launch of nogotofail comes three months after Google changed its web crawling algorithms to rank websites that transmit packets over a protected protocol higher than those that don’t on its results pages. But the company’s commitment to making the digital universe more secure traces back much further than that to June of 2008, long before the Internet of Things or even Big Data hit the the industry discourse, when it launched an HTTP-based version of Google Search into public beta.

The next month, the firm introduced the option for users to extend encryption beyond their Gmail passwords to their messages, making it the first major free e-mail service to provide such extensive protection.

At the time, the industry was still firmly in the midst of a debate about the merits of using HTTP, since the combination of scrambled packets requiring additional bandwidth and the end-point needing to perform decryption created several second delays service providers wanted to avoid. The discussion came to a premature end with the release of the Firesheep traffic interception tool in October 2010, which prompted Microsoft Corp. and other top web companies to finally start enforcing encryption for their services – over two years after Google first addressed the need for better network protection.

Project details

 

Today, the search giant can boast of playing an early leadership role in shifting the use of HTTP from the exception into the norm, but its work is far from done. Encryption is not a silver bullet to keeping data protected , after all – it also has to be used correctly, which is what nogotofail is designed to ensure. Built by the Android Security Team, the tool provides a quick way of checking if a connected device is free of known misconfiguration and vulnerabilities affecting the TSL (formerly SSL) technology powering HTTP.

The project consists of an attack engine that can be deployed as a router, VPNR or proxy and set loose against any device to expose chinks in its encryption armor and a complementary client for experimenting with different settings that is only available on Android and Linux at launch. But since nogotofail is open-source, it shouldn’t take long for the ecosystem to start extending support to more devices and over time, add new features as the connected universe continues its evolution.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU