Month: February 2018

Stratolaunch Systems Corp.

The oh-so-massive Stratolaunch aircraft seems to be getting a little bit closer to taking flight. Last year, Vulcan Aerospace began ground-based tests of the 72.5-meter-long airplane, which culminated in December with runway tests that saw the vehicle roll at speeds of up to 28mph in Mojave, California.

Now, the Stratolaunch has pushed those ground-based cruising speeds even faster. According to the company's founder, Paul Allen, the Stratolaunch aircraft reached a top taxi speed of 46mph this weekend, "with all flight surfaces in place." These tests are part of a regimen to certify the aircraft's ability to steer and stop. The company also released new photos of the plane taken during these tests that further demonstrate its incredible scale.

Enlarge / Russia couldn't compete under its own flag at PyeongChang, and US officials suggest, they used a "false flag" malware attack to disrupt them. (credit: Getty Images)

The cyber-attack that disrupted some networks and servers at the opening of the Winter Olympics in PyeongChang left a number of conflicting forensic clues about its source. The attack used a blend of techniques, tools, and practices that blended the fingerprints of threat groups connected to North Korea, China, and Russia.

But according to a report by Ellen Nakashima of the Washington Post, US intelligence officials have determined with some confidence that the attack was in fact a "false flag" operation staged by individuals working on behalf of a Russian intelligence agency—an attack that went as far as to route traffic through IP addresses associated with North Korea to mask the attack's origin.

In the wake of the February 9 attack, which affected web servers and network routers connected to the Winter Games organizing committee—including the press center's network, public Wi-Fi networks, and Web servers associated with ticket sales for the Games' events—several security firms rapidly assessed malware connected to the attack. Initial evaluation of the malware showed some commonalities in techniques with NotPetya, the "wiper" malware attributed to Russia by UK and US intelligence. Cisco's Talos Labs later revised its report, originally published on February 12, after discovering that the malware samples actually used credential-stealing tools to obtain logins and passwords and then wrote those credentials into the code used to spread the infection across the network.

Enlarge (credit: Getty Images | ljhimages)

AT&T's years-long quest to avoid punishment for throttling unlimited data plans suffered a blow today when a court said that AT&T cannot escape the jurisdiction of the Federal Trade Commission.

The FTC sued AT&T in October 2014 in US District Court in Northern California, alleging that AT&T promised unlimited data to wireless customers and then throttled its speeds by as much as 90 percent. To escape punishment, AT&T claimed that the FTC has no jurisdiction over the company because the FTC is barred from regulating common carriers.

There have now been three court decisions on AT&T's claim. But the latest and most important decision was released today and sided with the FTC. US law does prevent the FTC from regulating common carriers, but the immunity from FTC regulation applies "only to the extent that a common carrier was engaging in common-carrier services," according to today's ruling from an en banc session of the US Court of Appeals for the 9th Circuit.

Enlarge / Apple's iCloud Drive web interface in Safari. (credit: Samuel Axon)

Apple has updated its publicly available iOS security documentation to disclose that personal data associated with the company’s iCloud service is stored in cloud servers operated by Google—specifically, the Google Cloud service.

Apple didn’t specify exactly what iCloud data is stored on Google’s servers. But the new document does explain a little bit about how the data is encrypted. Here is the entire iCloud section entry that includes the Google Cloud reference, from the document in question:

iCloud stores a user’s contacts, calendars, photos, documents, and more and keeps the information up to date across all of their devices, automatically. iCloud can also be used by third-party apps to store and sync documents as well as key values for app data as defined by the developer. Users set up iCloud by signing in with an Apple ID and choosing which services they would like to use. iCloud features, including My Photo Stream, iCloud Drive, and iCloud Backup, can be disabled by IT administrators via MDM configuration profiles. The service is agnostic about what is being stored and handles all file content the same way, as a collection of bytes.

Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.

S3 is part of Amazon Web Services (AWS). Previously, the document mentioned S3 and Microsoft’s Azure cloud computing service. There is no longer any reference to Azure in the document, but the language does not necessarily preclude continued use of that service. The update to the document came in January; the most recent update before then was in March of 2017.

Enlarge / In this photo illustration, the Coinbase cryptocurrency exchange application is seen on the screen of an iPhone on February 12, 2018 in Paris, France. (credit: Chesnot / Getty Images)

After over a year of legal wrangling, Coinbase has now formally notified its customers that it will be complying with a court order and handing over the user data for about 13,000 of its customers to the Internal Revenue Service. The company, which is one of the world's largest Bitcoin exchanges, sent out an email to the affected users on Friday, February 23.

The case began back in November 2016 when the IRS went to a federal judge in San Francisco to enforce an initial order that would have required the company to hand over the data of all users who transacted on the site between 2013 and 2015 as part of a tax evasion investigation.

Coinbase resisted the IRS’ request in court. But by November 2017, after a hearing, US Magistrate Judge Jacqueline Scott Corley narrowed the request to only cover 13,000 particular individuals.