Press Releases

NEW TECHNOLOGY FINDS NEW FLAWS IN WIDELY-USED INTERNET SERVICES

Codenomicon DEFENSICS Demonstrates Improved Testing Efficiency

Codenomicon Ltd, a leading vendor of automated security testing tools, announced today that its new testing platform, DEFENSICS 3.0, has helped identify and fix numerous critical flaws in widely-used Internet services. The security flaws were discovered in two widely-used open source implementations of the TLS protocol, OpenSSL and GnuTLS.

The TLS security protocol is the current Internet standard for encrypting and authenticating application traffic. TLS is used by millions of people every day in online banking, e-commerce, email, and Voice-over-IP applications. The OpenSSL and GnuTLS implementations of TLS are employed in standard operating systems, web browsers, email clients, and network devices ranging from ?WiFi access points and DSL modems to industrial-strength core routers.

"We set out to produce the best black-box testing platform in existence, and this is clear proof of our success", said Rauli Kaksonen, Codenomicon Fellow and lead developer of the DEFENSICS 3.0 platform.

DEFENSICS 3.0 builds upon the established success of Codenomicon's award-winning DEFENSICS test platform, used by leading equipment manufacturers, operators and banks around the world, including such companies as Cisco, Alcatel-Lucent, Nortel, and T-Systems, to ensure the availability and reliability of their products and services.

DEFENSICS 3.0 provides a major update to Codenomicon's existing protocol and file format tests, especially focusing in improved test efficiency, usability and user productivity. DEFENSICS 3.0 also features new protocols and application areas, such as tests for WiMAX network infrastructure and XML-based interfaces.

The flaws were discovered by Codenomicon researchers during the development of new TLS tests, and reported to the affected vendors via the vulnerability coordination service provided by CERT-FI. Codenomicon would like to thank CERT-FI for their excellent and prompt service in handling these vulnerabilities, and the GnuTLS and OpenSSL teams for their efforts in fixing the flaws and releasing new versions.

Codenomicon DEFENSICS 3.0, including full support and test suites for TLS/SSL client and server implementations as well as over 140 other protocols and file formats, is available now. For more information and inquiries, see www.codenomicon.com.

For more information on GnuTLS, see www.gnutls.org. For more information on OpenSSL, see www.openssl.org. For more information on CERT-FI, including their advisories on the found issues, see www.cert.fi.