Security

GoGo in-flight WiFi creates man-in-the-middle diddle

Join the mile-high club by getting screwed with fake certs


In-flight wifi service GoGo, once accused of facilitating excessive interception access for US law enforcement, has now been spotted using fake Google SSL certificates to spy on net traffic and prevent passengers from accessing video streaming services.

Google engineer Adrienne Porter Felt (@__apf__) noticed the fake SSL certificate which masqueraded as orginating from her employer and publicly called on the company to explain its actions.

Chief technology officer Anand Chari said only that it used the certificates to block streaming services while it upgraded network capacity and did not collect user data.

"Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don't support various streaming video sites and utilise several techniques to limit or block video streaming," Chari said in a statement.

"One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it.

"Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic."

But there were as Felt said "better ways to do it" other than creating a man-in-the-middle attack against users.

The company's willingness to exceed the mandatory requirements for the provision of telecommunications interception discovered by American Civil Liberties Union technologist Chris Soghoian and detailed by Wired extended the concerns beyond a debate on the legitimate use of bogus SSL certficates.


In September last year the company revealed in a letter (pdf) submitted to the Federal Communications Commission that it exceeded the requirements of the Communications Assistance for Law Enforcement (CALEA)

Gogo said at the time that an additional capability seemingly the use of CAPTCHA to prevent remote access was an apparent lone function that was not related to traffic monitoring.

The news should serve as a warning to onboard users wishing to keep their data out of government hands. ®

Send us news
9 Comments
Get our Security newsletter

Jensen Huang's kitchen gets another viewing as Nvidia teases Arm-powered supercomputing chip Grace

Also another data processing unit, system-on-a-chip for self-driving cars

GTC Nvidia says it has designed an Arm-based general-purpose processor named Grace for training massive neural networks and powering supercomputers, and plans to ship it in 2023.

The news shouldn’t come as too much of a surprise. Nvidia has, for instance, its family of Arm-based system-on-chips dubbed the Tegra family, which are aimed at embedded electronics and the Internet of Things. It also hinted it wanted to build its own more powerful processors when it put in a $40bn bid to snap up British chip designer Arm last year.

Continue reading

It is 60 years since the first cosmonaut reached orbit and 40 years since the Shuttle first left the launchpad

Double anniversary means doubles all round, are we right?

Join us in raising a toast in celebration of both the 60th anniversary of Yuri Gagarin's orbit of the Earth and 40 years since the first Space Shuttle left the pad.

Gagarin's flight, on 12 April 1961, marked the first of a human into orbit. The mission, aboard the Vostok 3KA spacecraft, lasted less than two hours from lift-off until Gagarin reached the ground, via parachute, but has continued to resonate through the decades since.

Continue reading

Microsoft digs deep for chatty AI specialist Nuance, bids $19.7bn to bolster healthcare chops

Hello? Is this thing on?

Microsoft is to buy Nuance Communications for $19.7bn in a bid to bolster its healthcare product line with AI conversational smarts.

The deal, which will see Microsoft purchase Nuance for $56 per share (a 23 per cent premium on Friday's closing price), includes Nuance's net debt.

The move is not entirely surprising. The companies announced a partnership in the healthcare space in 2019 and Microsoft plans to plug Nuance's tech into the Microsoft Cloud for Healthcare which, Microsoft reckons, will double its Total Addressable Market to almost $500bn.

Continue reading

Oracle founder Larry Ellison lands on another lily pad, this time an $80m Florida mansion he intends to tear down

To complement his $300m Bond villain base in Hawaii

After Oracle announced plans to relocate its headquarters from California to Texas, CTO and founder Larry Ellison said he would not be coming along as he's happy in Hawaii.

But he has picked a spot a little closer to the Lone Star State, buying a place in Florida.

Yes, if reports are anything to go by, the man of many v-neck sweaters has added to his sizeable property portfolio with the purchase of an $80m Palm Beach mansion overlooking the ocean in the gated Seminole Landing neighborhood.

Continue reading

Nvidia shrinks GPUs to help squeeze AI into your data center, make its VMware friendship work

Creates two new mini models because it’s assumed you won’t build silos to host huge hot monsters

GTC Nvidia has created a pair of small data-center-friendly GPUs because it doesn’t think customers will get into AI acceleration unless they can use the servers they already operate.

The new models – the A10 and A30 – require one and two full-height full-length PCIe slots, respectively. Both employ the Ampere architecture Nvidia uses on its other graphics processors. But both are rather smaller than the company’s other GPUs, and that matters in the context of the recently launched AI Enterprise bundle that Nvidia packages exclusively on VMware’s vSphere.

Before VMware got excited about private and hybrid clouds, it was all-in on server consolidation: turning your server fleet into a logical pool of resources instead of tightly coupling servers to specific applications.

Continue reading

Mike Lynch-backed Darktrace to file for London IPO in aftermath of Deliveroo flop

LSE document confirms AI infosec company's plans

British AI-powered infosec biz Darktrace is to go public in England's capital city, the company told the London Stock Exchange this morning.

Sky News reported last night that chief exec Poppy Gustafsson is expected to make around £20m from the initial public offering, with shares trading on Darktrace expected to open “at around the end of this month.”

A filing lodged with the London Stock Exchange and published on its website stated that Darktrace’s revenues were $199.1m in fiscal year 2020 with a claimed compound annual growth rate (CAGR) of 58.3 per cent between 2018 and 2020.

Continue reading

New drinking game idea: Down a shot every time Huawei blames US sanctions for the current tech industry woes

Plus: 6G is pointless, and will your next car have 'Huawei Inside'?

Those taking a shot each time Huawei uttered the phrase "US sanctions" during the opening of its 2021 Global Analyst Summit would have been sozzled as the company laid a host of ills at the doorstep of Uncle Sam's "entity list".

Eric Xu, Huawei's rotating chairman, said this morning he did not hold out much hope that things might change under the Biden administration and warned delegates that he expects the company to remain sat on the naughty step "for a very long time."

Xu also blamed US sanctions for the current chip shortage. "Because of the sanctions, we are seeing panic-stockpiling by Chinese companies," he said, telling attendees Huawei estimates that anywhere from three to six months' worth of supply had been snapped up by firms fearful of suffering the same fate as Huawei.

Continue reading

Bless you: Yep, it's IBM's new name for tech services spinoff and totally not a hayfever medicine

Hello world, meet Kyndryl

Logowatch It has been a busy couple of months for creatives toiling away in IBM's strategy boutique but the team has conjured marketing magic with a scintillating new brand name that will head up the breakaway Global Technology Services unit.

Kyndryl. Whisper it again. Kyndryl. It will be synonymous with quality tech infrastructure services, Big Blue promises. GTS will be spun out into a newly traded public entity in 2021 that until today's daring rebrand was simply known as New Co.

"Kyndryl evokes the spirit of true partnership and growth," said Martin Schroeter, CEO at Kyndryl, which is definitely not a rural family dental practice with a sense of humour.

Continue reading

FreeBSD gives ARM64 green light for production over x86 alternative's 'growth trajectory'

Unix-like operating system is hilarious – even the support is in tiers

The FreeBSD project will offer "Tier 1" support to 64-bit ARM processors in FreeBSD 13.0, expected to be released shortly. The only other Tier 1 platform is AMD64.

FreeBSD defines four tiers of platform support, with only Tier 1 fully supported for production use. Tier 1 architectures have official release images and full documentation. There is also a commitment that changes to the main tree of source code must not "knowingly break the build of a Tier 1 platform."

Tier 2 platforms are for developmental and niche architectures, or those reaching end of life. In FreeBSD 13, 32-bit x86 has been demoted to Tier 2 from Tier 1. There is a big difference: Tier 2 platforms are "not supported by the security officer, release engineering, and port management teams." Tier 3 platforms are "experimental" and Tier 4 means it is "not supported in any form." The full table of platform support is here.

Continue reading

'Chinese wall'? Who uses 'Chinese wall'? Well, IBM did, and it actually means 'firewall'

Big Blue revamps terminology

The results are in for an IBM initiative launched last June to find and replace internal outdated and biased IT terminology.

A GitHub post from Dale Davis Jones, vice president and Distinguished Engineer at IBM Global Technical Services, reveals which terms will be switched out.

The changed terms include:

Continue reading

Clearview AI accused over free trials to US police that were plausibly deniable

Plus: Another Google AI boffin resigns and AI tries to recreate music from famous musicians who died at 27

In Brief A year-long investigation into Clearview, the dodgy facial recognition startup, has revealed how its software has been used by over 1,800 public agencies in an attempt to identify over 7,000 people from 2018 to 2020.

The data collected by BuzzFeed News showed just how haphazardly the machine learning software was used. In an attempt to win customer contracts, Clearview gave out free trials to public agencies, including law enforcement and even places, like the Department of Fish and Wildlife in Washington and Minnesota’s Commerce Fraud Bureau.

Employees could apparently use the technology on whomever they wanted, whether they were trying to identify a suspect in a criminal case or students at universities. In one case that was particularly disturbing, police officers in Alameda, California continued to use Clearview's tools although the local City Council voted to ban the use of public facial recognition tools in 2019.

Continue reading