Google Brings Open Source Security Gifts


'Tis the season for giving, and search giant Google wants to give security researchers and end-users some new tools. Over the past few weeks Google has released multiple security tools and open source efforts to help end-users and organizations defend themselves from modern threats.

One of the most recent tools released by Google is called Santa (yeah, that Santa), which is a Mac OS X security tool.

"Santa is named because it keeps track of binaries that are naughty and nice," states Google's Github page on Santa.

The Santa project is still quite new and isn't yet a 1.0 release. In fact, it is not an official Google product. Rather, according to the Github page, "Santa is a project of Google's Macintosh Operations Team."

In any event, Santa monitors binary files and compares them against known good and known bad elements to help prevent malicious files from executing. From an operational perspective, Santa has two primary modes: monitor and lockdown.

"In MONITOR mode all binaries except those marked as blacklisted will be allowed to run, whilst being logged and recorded in the database," the Santa project page explains. "In LOCKDOWN mode, only whitelisted binaries are allowed to run."

Google's Firing Range

Also this month Google formally announced Firing Range, a tool for testing Web application vulnerability scanners.

"Firing Range is a Java application built on Google App Engine and contains a wide range of XSS and, to a lesser degree, other Web vulnerabilities," Claudio Criscione, security engineer at Google wrote in a blog post. "We have used Firing Range both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!)."

Google's Nogotofail

Google started November by announcing its nogotofail network traffic security testing tool.

"Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way," Google's nogotofail Github page states. "It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues and more."

SSL issues have been top of mind for many in 2014, given the Heartbleed flaw which targeted OpenSSL in April. Google helped disclose a critical SSL flaw known as POODLE, which impacts SSLv3.

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.