Skip to content

Wowed by cloud.

Privyet everyone!

There are fascinating, beautiful sights to behold in the furthest corners of the globe, quite a few of which I tend to mention on this here blog from time to time. But sometimes spellbinding beauty can be found right on your doorstep…

Just the other day for example, towards evening the most amazing assortment of clouds appeared over the reservoir next to our Moscow HQ office. First there were pure white fluffy clouds basking in the bright sun, and then a thick thatch of dark and angry low cloud came along as if pushing the fluffy cumulus out of the way. Alas, by the time I’d fetched my camera most of the particularly unusual dark cloud had passed, but I did still manage to snap some of the proceedings…

Little Fluffy Clouds

Read on: Little Fluffy Clouds…

Cybernews from the dark side – June 24, 2014

Patent trolls – continued.

Here, alas, passions are still running high, with the occasional fit of… passion. Indeed, the issues related to patent parasites haven’t gone away; it’s just that only the most interesting – ‘loudest’ – cases ever get heard about. But if you dig deeper, you eventually hit upon stuff that is interesting, just not paid attention to. Which is what we did – and found quite a bit on patent trolls worthy of the title of this blogpost. So, he we go…

The irony’s all too much.

For this item I didn’t have to dig all that deep actually – I just checked Ars Technica. There I found some rather familiar glorification of the patent aggregator RPX – made out to be a sweet and innocent protector of orphans, the poor, and princesses (from dragons). I just couldn’t believe what I was reading: “RPX works by selling memberships to companies that feel harangued by patent trolls, including Apple and many other tech companies. RPX basically buys up patents it believes will be used by trolls. By uniting the buying power of many companies, it can get the patents for a bargain price.”  Well, maybe I could believe it… I was just so rattled at being reminded of the hypocrisy.

WHAT? RPX is some kinda anti-troll? And trolls may fly…

We first came across this so-called anti-troll in the year of its creation, and were one of the first to bite it back – successfully.

Read on: a simple arrangement…

Retro MOW for da partnero, aiii.

Now, for any Moscow drivers who were held up one recent sunny afternoon by an army of retro-mobiles slowly edging along Leningradsky Shosse and Prospect – SORRY! It was us, KL, putting on some old-school Ritz for our highly valued partners from all over Western Europe.

Kaspersky Oldtimer Rally in Moscow

The smiles are contagious…

Kaspersky Oldtimer Rally in Moscow

‘State Duma’ [Parliament]

Read on: So what was all this about?…

10 years since the first smartphone malware – to the day.

On June 15, 2004, at precisely 19:17 Moscow time something happened that started a new era in computer security. We discovered the first malware created for smartphones.

It was Cabir, which was infecting Symbian-powered Nokia devices by spreading via unsecured Bluetooth connections. With its discovery the world learned that there was now malware not just for computers – which everyone already knew too well about (save for the odd hermit or monk) – but also for smartphones. Yes, many were scratching their heads at first – “viruses infecting my phone? Yeah, pull the other leg” – but the simple truth of the matter did finally sink in sooner (= months) or later (= years a decade!) for most people (some still aren’t aware). Meantime, our analysts made it into the history books!

Why did we christen this malware Cabir? Why was a special screened secure room created at our Moscow HQ? And how did Cabir end up in the pocket of an F-Secure employee? These and other questions were recently put to Aleks Gostev, our chief security expert, in a interview for our Intranet, which I thought I’d share with you here; might as well have it from the horse’s woodpecker’s mouth…

Incidentally, the story started really running when we used these two devices to analyze the malware:

The legendary Symbian-powered Nokia phones we used to analyze Cabir

…but more about those below…

Read on: An unusual file n the inbox…

Kid KLub

Back towards the end of the 1990s was when a KLer first had a child. My toast at the baby’s head-wetting went something like this: “At last we’ve assimilated viruses ourselves – and started to multiply!”

Around 200 children of KL HQ employees came to work with their mamas and papas last week to finally find out about the place one of their parents disappears to every week day

Since then we’ve been motivating employees in various ways to have more children! The more the merrier, I say. Yes, we’re quite family-friendly here at KL – kid-friendly even more so. It’s quite funny how the KL-kiddie situation has evolved: At first, every time a KL-cub entered this world we would all get together and not just wet, but fairly drench the poor little thing’s head :). A few years later, as the frequency went up dramatically we’d just chip in for a nice prezzie for the happy new mom and dad. Then, when the new-baby frequency moved from Hz to kHz, we’d simply get to hear the news at the water cooler. Seems a shame, but what can you do? We’ve a world to save too!

I don’t know how many KL-juniors we’ve got here now, but it’ll be a lot. With this in mind, as well as international child protection day in Russia (and many other countries) coming in early June, we organized a big children’s party at the office! Around 200 kids of our employees came to work with their mamas and papas to finally find out about the place one of their parents disappears to every week day, and to play, paint, eat, trampoline, and lots more besides.

KL Kid KLub

Read on: chess, ice cream and viruses…

For your reading, viewing and listening pleasure…

Summer. A bit of free time – more than usual. So here you are, something for the weekend, sirs and madams…

1. My book recommendation

I’m always hearing funny – not ha-ha – comments about modern-day China, including those related to the incredibly strong rise of its economy, or about how many bowls of rice the worker of modern China is prepared to work for. But Wikipedia is good on China, as are plenty of textbooks, plus this, this and this are interesting too (on per capita GDP China comes 121st in the world – between Tunisia and the Dominican Republic).

But for those REALLY interested in China, I REALLY recommend reading this fat book on China by none other than Henry Kissinger.

In it you’ll learn all sorts of new-to-you knowledge and curiosities about the country’s ancient history, its economy and more. There’s the estimation that the GDP of medieaval China was something like a third of world GDP, there’s all the treachery of the opium wars, there’s the communist past, and the country’s renaissance. As I say, I strongly recommend it. But here’s a warning: there’s a TON of detail in there. Some pages I just scanned. All the same, on the 25th anniversary of Tiananmen Square, it feels like the right time to give it a read.

2. My film recommendation

Check it out if you haven’t already, or watch it again: You Only Live Twice – Sean strutting his stuff as Bond, James Bond; shaken, not stirred.

Turns out GoPro appeared 47 years ago (see the pic below)!! You see, I’m going through the whole series of Bond films – from Dr. No to Skyfall. I’ve got them all in my laptop which I watch while on the treadmill in the gym. Amazing how enjoyable running on the spot can be :).

James "GoPro" Bond

3. My music recommendation

No words needed. It’s music. To be heard and felt, not talked about. Enjoy!

That’s all folks. Hope you’re enjoying your summer. Godspeed!…

Cybernews from the dark side – June 4, 2014.

True to my word, herewith, the second installment of my new weekly (or so) series, ‘dark news from the cyber-side’, or something like that…

Today the main topic will be about the security of critical infrastructure; in particular, about the problems and dangers to be on the watch for regarding it. Things like attacks on manufacturing & nuclear installations, transportation, power grid and other industrial control systems (ICS).

Actually, it’s not quite ‘news’ here, just kinda news – from last week: fortunately critical infrastructure security issues don’t crop up on a weekly basis – at least, not the really juicy bits worthy of a mention. But then, the reason for that is that probably that most issues are kept secret (understandable, but worrying all the same) or simply no one is aware of them (attacks can be carried out on the quiet – even more worrying).

So, below, a collection of curious facts to demonstrate the current situation and trends as regards critical infrastructure security issues, and pointers to what needs to be done in face of the corresponding threats.

Turns out there are plenty of reasons to be bowled over by critical infrastructure issues…

If ICS is connected to the Internet, it comes with an almost 100% guarantee of its being hacked on the first day

The motto of engineers who make and install ICS  is ‘ensure stable, constant operation, and leave the heck alone!’ So if a vulnerability in the controller is found through which a hacker can seize control of the system, or the system is connected to the Internet, or the password is actually, really, seriously… 12345678 – they don’t care! They only care about the system still running constantly and smoothly and at the same temperature!

After all, patching or some other interference can and does cause systems to stop working for a time, and this is just anathema to ICS engineers. Yep, that’s still today just the way it is with critical infrastructure – no seeing the gray between the black and the white. Or is it having heads firmly stuck in the sand?

In September last year we set up a honeypot, which we connected to the Internet and pretended was an industrial system on duty. The result? In one month it was successfully breached 422 times, and several times the cyber-baddies got as far as the Programmable Logical Controllers (PLC) inside, with one bright spark even reprogramming them (like Stuxnet). What our honeypot experiment showed was that if ICS is connected to the Internet, that comes with an almost 100% guarantee of its being hacked on the first day. And what can be done with hacked ICS… yes, it’s fairly OMG. Like a Hollywood action movie script. And ICS comes in many different shapes and sizes. For example, the following:

Nuclear malware

Read on: absence of light will only be the result of burned out bulbs and nothing else…

Muted Monaco.

Passion, speed, and the revving of motors

Well, that’s at least what you’d expect from Formula-1. But watching a Grand Prix live?… I have to tell you that, frankly, there’s little point.

The racing cars shoot past so fast you can easily miss them if you blink at the wrong moment. It makes more sense to watch it all on the box – there you get the advantage of multi-camera filming of the action non-stop. But then of course you can watch the telly anywhere on the planet. It’s much better when you have the best of both worlds: to watch the race on a TV placed a few meters from the racetrack.

You watch the TV, go and check the reality, come back to the TV, and continue back and forth like that. That way you get involved in what’s going on. Coolest of all though is watching the race from the garage, where the support teams sit and the pit stops get done in no time at all (again – no blinking!).

But you can watch a Grand Prix from the garage in one of just two cases.

The first is if you’re one of those who change the tires in three seconds; that is, you’re a very niche bio-robot who’s spent most of his adult life training for those occasional three seconds. These pit stop tech teams usually sit on foldable chairs and watch the race on TVs waiting for commands from the manager. Anyway, that’s the first option.

The second option: watching the race – on the TV – from the same garage, but as one of the lucky few bystanders allowed to stand against the wall of the garage (out of the way of the folks in the overalls). But 90 minutes stood by a wall watching the TV… also not so great.

Ultimately, best of all is when you can mix it all up a bit: combining the whoosh-reality on the track with the detailed story on TV, and also walking about the garages, around the pit stop area, being by the starting grid for the start, and also being by the podium for the champions’ champagne blow-out. Yes, that’s the way to do it. For sure :). And yes, I guess I have been lucky.

One thing you can’t do without is an experienced F1 buff to explain to the debutantes what’s actually happening on the track. Why and how is this car going faster? How does a super-speedy pit stop get performed?

Sooo. There we were, right next to the race, by the TV, under the wing of an expert: all set…

Now we can turn on the speed passion!

Formula1 Monaco Grand Prix 2014

Read on: F1 on the road and in the sea…

How I missed my plane.

I’m a mathematician.

So, based on the numbers alone – with my constant frequent flying – I’m hardly surprised: sooner or later it had to happen – I missed my plane!

It’s happened just once before – back in May 2010, towards the end of one of my customarily lengthy round-the-world tours. I’d… let my hair down a wee bit too low at a conference in Cyprus, got ’20:00′ and ’02:00′ – or something like that – mixed up, and that was that – late. Flight missed. That was in Limassol, heading for Tokyo. In the end I managed to get a flight the next day.

So, now I’ve notched up two missed flights. Still, that’s pretty good considering I fly hundreds of times a year!

This time I was late for my plane leaving London for Nice in France. So how did I manage it?

Well, due to some bizarre oversight, I looked at the wrong place on the piece of paper that had my flight details on it, and instead of having my taxi take me to Terminal 5, I asked the cockney driver to head for Terminal 4! Once I realized the mix-up upon arrival, I got onto the Heathrow Express to get to T5 – but then that took 40 (!) minutes (I’d have been better taking a taxi, darn it!).

This was after the journey from downtown to the airport, which took 80 minutes (London + Saturday = traffic jams). Should have taken the Tube! The following Monday was a bank holiday (national day-off), so maybe that was why there was even more traffic than usual. And we’d left the hotel with loads of time to spare! All the same, the terminal mix-up decided my fate that day. Late. Flight missed. :-/.

But – oh what joy! Turned out that an hour later a second plane would be taking off to Nice “for those who’d missed the first one” ( :%) ). I really needed to race to make that one – and I don’t mean a steady jog but a sprint. But I rushed in vain. The plane stood for another hour on the ground since Heathrow too was suffering from bad traffic (also due to the bank holiday?). An airport traffic jam. In short, it wasn’t my day. The following day thankfully made up for that…

Heathrow traffic jams

Heathrow traffic jams

See you tomorrow… Au revoir!

Cybernews from the dark side – May 26, 2014

Greetings droogs!

It seems ages since I’ve touched upon a cyber-maliciousness topic on these here pages – what’s hot and what’s not, what’s in and out, and all that… You might even think we’re twiddling our thumbs here seeing as I stay shtum on topics relating to our raison d’être…

Well just let me reassure you that we are on top of EVERYTHING going on in the cyber-jungle; it’s just that we publish all the detailed information we have on dedicated techy news resources.

The only problem with that is very few folks actually read them! Maybe that’s understandable: the detail can get tiresome – especially to non-tech-heads. Not that that’s a reason not to publish it – far from it. However here on this blog, I don’t bog the reader down with too much tech. I just give you the most oddly curious, amusing and entertaining morsels of cybernews from around the world.

Sooo, what was curiously odd, entertaining and bizarre last week?…

 

“He hit me!” “He started it!”

The sparring between the USA and China about cyber-espionage has taken a new turn…

This time the Americans took their swipe with photographs and names of ‘guilty’ individuals: five Chinese military specialists have ended up on the latest classic Wild West-inspired FBI ‘Wanted’ poster for allegedly breaking into networks of US companies and stealing secrets.

Cyber security news of the week

Read on: An example of some seriously perplexing cyber-alchemy…