NOTA BENE

Notes, comment and buzz from Eugene Kaspersky – Official Blog

February 19, 2015

The biggest device in the world – part three.

First, a brief summary of the previous two parts…

On the Swiss-French border, near Geneva, there’s a place called CERN. Within its various buildings, modern-day alchemists scientists conCERN themselves with the fundamental structure of the universe. They disperse protons and other particles at near light speed and have them smash against one another, which creates various kinds of quark-gluon plasma and other mysterious physical phenomena. Then they apply titanic brainpower (math, physics, nuclear physics, quantum mechanics… all that), engineering capacity, and computing power to track the results of collisions of these fundamental particles.

We were there the other week and given a good long guided tour. Took lots of pics too…

The first accelerator we saw is called LEIR (the Low Energy Ion Ring). In it, lead ions are pooled. First the ions come from the LINAC-3 linear accelerator to LEIR, then they pass through to a PS ring, and then into a complex of big hoops, including the Large Hadron Collider (LHC).

cern-math-1

Read on: who does what at CERN…

February 12, 2015

In sports news… A 125:50 victory for our man!

Amid all the neutron-proton-electron collision topics of late on these here cyber-pages – a bit of a breather. Time for some sports news…

Some of you – especially those who follow our blogs – will know how we’re fairly well into the sponsorship thing: supporting sporting teams (and individuals – see later) around the globe, sometimes in the most unlikely of places. Here’s a quick overview for those who’ve not been watching carefully…

Down under, our logo has been worn on the fetching kits of a Sydney rugby club for some years now, while down the coast in Melbourne it adorns the shirts of a team of Australian rules football.

kaspersky-sport-1Source

Read on: Chess and billiards…

February 10, 2015

The biggest device in the world – part two. 

Bonjour mes amis!

All righty. You’ve had the soup for starters; now let’s move on to the main course…, rather, into the main course – i.e., inside the proverbial pie served up as main course, and check out the filling – the proverbial steak and kidney, as it were… (but I digest).

Put simpler – let’s find out what goes on within the walls of these plain buildings on the Swiss-French border where nuclear-physicists study the very nature of… nature – at it’s very deepest level.

CERN

CERN

CERN

Read on: So what happens inside the Large Hadron Collider?…

February 9, 2015

The biggest device in the world – part one.

It’s not just the biggest, it’s also the most expensive, most innovative device in the world. Naturally, that means it’s highly computerized. I wonder what AV it’s got :).

What we’ve got here is a modern-day wonder. Research at the cutting edge of both theoretical and practical knowledge into particle physics  the study of what makes up matter. Other groundbreaking stuff has been going on here since the 1950s too, including the small matter of, in 1989, the invention of… the World Wide Web!

CERN

Yes folks, this is CERN. An international team that prods the microcosmic world with various kinds of prodders to try and learn what’s going on down there. Here they make particles ‘collide’ at the speed of light to find out how they interact and to get clues to the fundamental laws of nature. Pretty cool, no?

Read on: unassuming contraption winning the Nobel prize…

February 2, 2015

SAS-2015: cyber-savvy and cyber-sassy.

February 15-18, 2015 is fast approaching…

Over those four days we’ll be having our annual (seventh) conference on information security, whose main topic will be modern-day cyberattacks and protecting against them besides a whole load of other assorted cyberthreat themes. The winter summit in warmer climes, this year in Cancun, Mexico: the Security Analyst Summit 2015 (SAS).

So, just remember, the main security industry hashtag of mid-Feb this year is this one: #TheSAS2015

(No security experts were harmed during the shooting of this video)

SAS is an exclusive, invite-only gig, with only the cream of the world’s crop of top IT security movers and shakers taking part. It’s not massive – it’s more intimate, which means it’s more meaningful and more gets done – and twice as engaging and interesting for all participants. But don’t feel left-out by this guest-list-only cliquishness. Opaque – us? :). Just about all what’s discussed we’ll be swiftly publishing as tweets and blogposts (see the hashtag above and the blog links below).

Meantime, if you want more detail about what goes on at SAS and some SAS history, have a read of this.

This year’s bash promises lots of very interesting content, including a world premiere or two plus other important announcements, as per tradition. The main themes are targeted attacks and cyber-militarization, and how to combat both. Also on the agenda are: mobile malware, vulnerabilities management, cyberattack analysis methods, intra-security-expert-industry cooperation, and more besides.

There’ll be both presentations of the ‘for all’ format, and also highly specific, specialized ones for the pros (like for example reverse engineers). And there’ll be a special bit this year on protecting critical infrastructure – which promises to be very useful due to both the timeliness and the number of top-notch experts who are going to be taking part.

Have a look for yourself: the program’s ready and online already.

January 29, 2015

Cologne Gothedral.

Another of my long-held dreams has finally come true – to check out Cologne Cathedral in the flesh. Crikey. It’s just monumental. Eerie. A huge stalagmite stabbing the low cloud up above. More gothic than the Sisters of Mercy ever were.

Cologne CathedralOh my goodness

Read on: Mysteriously magnificent & imperially intricate…

January 28, 2015

Davos takes a break from skiing for a week.

For me, there’s nothing better to invigorate the soul and get the spirits up on a winter’s morning than a brisk stroll in the icy air to the accompaniment of the cheerful, optimistic sounds of… bagpipes!

DSC05236

Actually, there is one thing that invigorates the soul better, and that’s an earthquake. I was woken up by one once in Japan. Invigorated? Yes. But getting the spirits up?…

No earthquakes here fortunately, in the small town of Davos in the Swiss Alps. But lots of icy air and, bizarrely, some bagpipes emitting their dulcet tones. Not that I was able to appreciate them for long, for I had to be off to my next meeting…

Things seem a little overly workaholic-like in Davos this year. Some events start at 7.30 in the morning! WHAT? Jeez, what a nightmare (for an evening person like myself). Oh well, if that’s when they start, that’s when they start. Will just have to comply humbly, and grumbly. But – organizers – please, kindly, get a grip and not repeat this madness next year, eh?

Curiously, Davos, for WEF week, turns itself into the weirdest skiing resort in the world.

To start off with, the environs around Davos have never been a super-mega for skiing and snowboarding. There aren’t that many routes, and they’re somewhat straight and boring, in fact hardly much fun at all – especially if you compare them with the likes of Zermatt, Sölden, Lech, the Dolomites and so on…

davos-ski-wef-1Not much fun

Read on: How to lose weight during a Swiss sojourn…

January 23, 2015

Bowled over by the White Cliffs of Dover.

Last week’s busy overseas business itinerary, this time in London, ended with the usual installment of micro-tourism.

We rented a car and drove down to the White Cliffs of Dover, the sheer façade that drops into the English Channel. I’d long dreamed of getting down to the southern coast of England, the place where d’Artagnan came ashore (seeking out the queen’s diamonds wasn’t it? Will have to re-read the book), as did William the Conqueror, and I’m sure a whole hoard of other invaders and the like did…

White Cliffs of Dover in January

Read on: Cliffs, roads, jams and floods…

January 22, 2015

‘Consumer champions’ coming after you? Show them who’s really champ by standing up to them! 

Law firms. Traditionally such a necessary and benevolent force for good throughout the world. Regulating business, following rules, enforcing rules, getting justice… That’s how many and maybe even I once viewed much of the law profession last century. But this century…

It reminds me of Animalism. Or, to be more precise, originally the seventh commandment of Animalism: ‘All animals are equal’.

We all know how it was amended, becoming ‘All animals are equal, but some animals are more equal than others’. And that phrase in particular brings to mind many law firms today. Some are fair, benign and indispensable and play by the rule-book. Others are more equal than others: unfair, malignant, superfluous and scornful of the rule-book: operating seemingly outside the law – above the law – when they’re the ones that should be upholding it! Yep ladies and gents, I’m talking about the unscrupulous law firms that manipulate laws and moral norms to extract a pretty penny from large (and sometimes not so large) companies – which have done nothing wrong!

I’ve already written plenty about patent trolls (and how we have a policy of never giving in to them). Today I’ll be telling you about a similar phenomenon we recently came up against…

So what’s all this about?

Picture the mise-en-scène:

Take a manufacturer of a consumer good. A law firm decides to uncover an alleged small flaw in that consumer good (and one can be found in any consumer good; these guys are like wizards in making them appear anywhere), and once they find the best ‘defect’ they seek out a supposedly affected and aggrieved consumer, who then files a claim against the manufacturer, but not just on his or her own behalf, also on that of a large group in a class action lawsuit claiming violation of consumer rights. A website is created and an advertising campaign is launched (no joke) calling on consumers to join their concerted effort against the ‘excesses, unfairness and incompetence’ of the alleged guilty party.

At first blush the intentions of one of these campaigns and the corresponding slogans look convincing and honorable. It can indeed seem that it’s just the small people being gallantly looked after. And from a legal standpoint it does look like all is well-intentioned, good and proper. But all you have to do is probe a little deeper, and a different– vastly different –picture then comes into view: one resembling deceit and underhandedness (to put it politely), or sham/scam (to be less polite but no less accurate)!

This particular business model first took root in the good ole U.S. of A. a long time ago, somewhere in the last century. Today, consumer class actions in America have become serious business. There are dedicated websites that keep track of all such litigation and that send emails out listing new such class actions and agreements and how to easily sign up to them with a few keystrokes on the keyboard. Ten bucks here, another ten there… a tidy sum of extra income can be earned.

Now, to large multinational companies with multimillion dollar turnovers these class actions hardly even register, like a flea-bite to an elephant. However, for not-so-big companies, like for example small software vendors, class actions add up to huge sums having to be taken out of the pot for development of new technologies; often it’s simpler to just declare bankruptcy and start the business over.

Now, I don’t know how many tens of thousands of lawyers earn their living feeding at this trough (Animal Farm-related pun not intended) or what the annual turnover is ($6-8 billion has been estimated), but what I do know is that it’s very widespread. And I also know for sure – they openly admit it themselves – that the main reason these lawyers go for class actions is just because the like them (fast forward to 2:11).

And it’s small wonder why they like them. Costs are minimal (they don’t even need to buy up patents!), and the courts’ default stance is to be on the side of the consumer ‘victims’ – protecting them from the ‘excesses of capitalism’. It’s also small wonder that the other victims in this sorry state of affairs – the companies that are targeted by this extortion – prefer to negotiate than fight through the courts: many don’t have the wherewithal to go to court (it’s never cheap), and for some it’s a lot simpler and economically more viable to just pay the ransom instead of having their legal department get bogged down for eons. As a result this industry flourishes as more and more lawyers pour into it after getting a whiff of the easy bucks.

Still not convinced these wholesome attorneys aren’t just wanting to line their pockets and in fact only just want to protect the rights of consumers?

Then let me give you an example…

One of our competitors (the information is public domain already, but all the same I think it’s only right not to mention any names) recently settled a class action lawsuit and paid $700,000 to the lawyers of the suer, $1.25 million to third organizations, and $9 plus three months’ free use of its product to each participating consumer! So there you have it folks: straight-up, honest looking after the poor consumer, plain and simple for all to see :).

Precisely a year ago we found out we were to be targeted by a set of these white-collar ‘consumer champions’. But they needn’t have wasted their time…

For we have a firm policy for how to deal with such unscrupulous behavior: no negotiations. Instead, we fight – to the end. It’s not the easy way out that’s for sure, or the cheapest one, but it’s worth it – especially if they go off with their tales between their legs and never come back.

So, like I say, exactly one year ago we were hit with one of these sham(eful) lawsuits, from a certain Barbara Machowicz (and her representative, the law firm Edelson). It was brought against our free Kaspersky Security Scan (KSS). They alleged “[that they were] fraudulently induced to buy [KL’s] security software through … KSS, which is purportedly designed to ‘detect unwanted malware, software vulnerabilities, and other non-malware security problems’ “ and “that KSS is essentially ‘scareware’ engineered to detect fake security threats”.

And btw, this Edelson (surely just by a coincidence) was the law firm that brought the case against our competitor mentioned above. Fancy that?! Taking another closer look (the devil’s always in the details in these matters), we found out that they’d decided to simply do a repeat of their lawsuit against our competitor: basically, the claims against KSS were mostly copied word-for-word from it. I can just see the MS Word template used for the statement of claim, with blanks left for just the name of the defendant :).

Just how we were defamed in the statement of claim with their groundless accusations… I won’t go into here; that wouldn’t be quite proper. All I’ll say is that we didn’t ignore the statement or regard it lightly. After having received it we took it seriously (despite the wholly unserious allegations) and started to analyze what’s afoot. And sure enough, soon enough, all became clear.

KSS scans a computer for malicious and suspicious programs, system and application vulnerabilities, the correctness of settings, and other particulars that could affect the security of the computer. Ms. Machowicz had KSS scan her comp, and though it didn’t find any viruses, it did find a slew of vulnerabilities, including dangerous Windows and Internet Explorer settings, USB and CD auto-runs, cookies being saved, and caching of data received via https. As a result, KSS rightly issued Ms. Machowicz its verdict: ‘Your computer could be at risk. Problems found!’

Kaspersky Security Scanner Free Antivirus

Read on: This is how the story ended up…

January 16, 2015

Encrypted communications and real-world security: finding a balance

The latest debate that followed David Cameron’s proposal to ban encrypted personal communications in the UK has raised several very important issues.

The proposal would include a ban on messaging services like WhatsApp, iMessage or Snapchat in the UK. Technically this is possible to do, however such a ban on using all encrypted communication channels is not easy to enforce.

And I doubt that it will actually bring significantly more security to offline UK.

The mandate of the security services and law enforcement agencies is to keep the general public safe from criminals, terrorists and all sort of other threats. It seems that the security services want to be able to access our communications in order to be able to stop and prevent illegal activities and, ultimately, better protect people.

Encryption is vital for cybersecurity; it’s used first and foremost to keep communications safe from hackers and cybercriminals.
Do we need to give up the protection of our our data and online communications in order to improve real-world security? I seriously doubt we should.

I think that, if implemented, a ban on the use of encryption in online communication will not tangibly increase offline security. But it will definitely damage the state of cybersecurity and ultimately expose ordinary users as well as businesses to all sorts of cyberattacks, hacks and espionage.

Governments have made attempts to compromise cybersecurity to gain intelligence. For example, we have already seen government-grade malware, such as Flame, exploiting legitimate software, such as Microsoft Update, among other things.

I don’t know the value of the intelligence they obtained during this operation, but the existence of such malware did not contribute positively to global cybersecurity.

I think the real problem here is that global leaders and security services apparently see a contradiction between security and cybersecurity; while the latter should in fact be an integral and valuable part of the former.