Monthly Archives: November 2013

100 places to visit before you die.

Hi all!

As many of you know, I do quite a lot of traveling. So much so I have to be real careful not to go over the 183 days abroad in a year to forfeit my onshore tax status!

And since it’s quite well known I’m a bit of a Marco Polo by a lot of the people I tend to meet on my extended business trips, often one of the first things they ask me is where I’ve been lately.

So I decided to put together a list of all the really interesting places I’ve been lucky enough to visit around the world.

Once completed however, my first draft list seemed a little… underwhelming somehow, and also totaled some odd number like 57 or 73 – I can’t recall now. So I decided to add more places to it – more essential sights to be seen sooner or later, which handily brought the list total to the nice round number of 100!

So here’s that list – The Top-100 Must-See Places in the World, as compiled by me. I hope you like it, and that you’ll be able to visit as many of the places on it as possible!

Eugene Kaspersky's top 100 must-see places in the world

Bon voyage folks!

Holy Java, not holey Java.

Woo-hoo! One more torpedo released by the cyber-delinquents against Microsoft Office has been thwarted by our cunningly tenacious cyber-protection.

Recently a new but fairly common-or-garden attack was discovered: When opening Word documents malicious code was unnoticeably injected into the computer. This wouldn’t have made it into the headlines but for one circumstance: this was a zero-day attack, i.e., one that used a previously unknown vulnerability in MS Office for which there weren’t any remedying patches, and which most antiviruses let slip through their nets. You guessed it – our AV grabbed it with its tightly thatched net in one fell swoop!

What happened was our Automatic Exploit Prevention (AEP) technology detected anomalous behavior and proactively blocked the corresponding attacks. No updates, no waiting, no messing. Zapped immediately.

Zero-days represent a real serious threat these days.

They need to be tackled head on with full force. However, many AVs are fairly useless against the future risk zero-days pose, as they work based mostly on signatures, with ‘protection from future threats’ only ‘provided’ on paper/the box (albeit very pretty paper/a very glossy box:). But of course! After all, genuine – effective! – protection from future threats requires whopping doses of both brain power and development resources. Not every vendor has the former, while even if a vendor has the latter – that doesn’t always clinch it. And this is sooooo not copyable tech we’re talking here…

Unlike what Buddha and new-agers say is a good idea for individuals, we’ve always believed that in IT security you can’t live for today – in the moment. IT Security needs to constantly look to the future and foresee what will be going on in the minds of the cyber-felons – before events occur. A bit like in Minority Report. That’s why ‘proactive’ was on our agenda as far back as the early 90s – back then we cut a dash from the rest of the IT Sec crowd by, among other things, developing heuristics and our emulator. Forward thinking runs in KL blood!

Since then the tech was reinvented, fine-tuned and souped-up, and then around two and a half years ago all the features for protection from exploitation of known and unknown vulnerabilities were all brought together under the umbrella of AEP. And just in time too. For with its help we’ve been able to proactively uncover a whole hodge-podge of targeted attacks, including Red October, MiniDuke and Icefog.

Then came a sudden surge of unhealthy interest in Oracle’s Java, but AEP was ready once again: it did its stuff in combatting all the unhealthiness. Leading AEP into battle was its Java2SW module – specially designed for detecting attacks via Java.

And it’s this module I’ll be telling you about here in the rest of this post.

The software landscape inside a typical computer is a bit like a very old patchwork quilt: loads of patches and as many holes! Vulnerabilities are regularly found in software (and the more popular the product, the more are found and more frequently) and the companies that make the software need to secure them by releasing patches…

…But No. 1: Software developers don’t release patches straight away; some sit on their hands for months!

But No. 2: Most users forget, or simply don’t care, about installing patches, and continue to work with holey software.

However No. 1: The vast majority of computers in the world have antivirus software installed!

So what’s to be done? Simple: Get Java2SW onto the stage. Why? Because it kills two birds with one stone in the Java domain.

Overall, from the standpoint of security Java architecture is rather advanced. Each program is executed in an isolated environment (JVM – Java Virtual Machine), under the supervision of a Security Manager. However, alas, Java became the victim of its own popularity – no matter how well protected the system was, soon enough (in direct proportion to its popularity) vulnerabilities were found. Vulnerabilities are always found sooner or later, and every software vendor needs to be prepared for that, in particular (i) by timely developing protective technologies, (ii) by being real quick in terms of reaction times, and (iii) by informing users how important updating with patches is.

Thing is, with regard to Java, Oracle didn’t make a great job of the just-mentioned prep. In fact they did such shoddy job of it that users en masse started to delete Java from their browsers – no matter how more cumbersome it made opening certain websites.

Judge for yourself: The number of vulnerabilities found in Java in 2010 – 52; in 2011 – 59; in 2012 – 60; in 2013 – 180 (and the year isn’t over yet)! While the number of attacks via vulnerabilities in Java grew in a similarly worrisome way:

Java attacks growing fast

Read on: So what’s so great about Java2SW?…

Formula America 2013.

Formula 1 invaded Austin recently, occupying the territory for a whole two days until it made its retreat on the third. All the roads downtown were closed and turned into huge walkways for the thousands of soldiers F1 fans that came from afar. Not only were the roads closed but all the restaurants were as good as closed too – too full to take any diners who hadn’t booked weeks in advance. We passed the city’s Ugly Coyote bar and it was really getting wild in there – with punters dancing on the bar and other such boozy boogieness.

Alas, the energy and (over)drive downtown in the evenings didn’t quite spread to the racing track during the day – that is, for Ferrari. No changes to who’s leading, and the same non-red drivers up on the podium wasting the champagne. Grumble.

Scuderia have all their hopes pinned on their new mega-super racing car that’ll be used next season, which, combined with the world’s best drivers, is expected to tear up the competition. So we wait for next year. Patiently. Grrr!

A few pix from the event:

Formula 1 US GP 2013

Read on: I’m off to Ugly Coyote…

SQ22: The world’s longest flight. For a few more days…

Hurray! One of my long held dreams has come true! To fly Singapore to New York – the longest commercial flight route in the world (almost), and probably the all-time longest in the history of commercial civil aviation. The flight takes from around 18 to more than 20 hours (depending on the wind). No stops, one fuel tank, 16,000 kilometers. Strewth!

SQ22 - the longest flight in the worldJFK EWR – thank goodness

// I wrote ‘(almost)’ above… Actually, the longest flight route in the world is the one that goes in the opposite direction – from New York to Singapore. It’s 15 minutes longer, as the wind tends to be kinder in that direction.

Read on: So what on earth to do during all that time?…

Cybercriminals beware: CYBERPOL is coming…

Who are these folks? Maybe the color of (most of) the ties should give you a clue…

INTERPOL - Global Center for InnovationAnd I was trying to blend in…

…For most of you they’ll never have anything to do with you, and you’ll have nothing to do with them. You hope.

But for those who make up the Internet minority who steal money from online banks, clog up e-mail with spam, hack websites, produce credit cards with stolen numbers, etc. – maybe they should take note of this modest crowd. Because these here suits and ties have a particular, burning… obsessive professional interest in that same Internet minority.

Read on: so, who are these people?…

Canberra: not your usual capital.

I think Canberra has to be the most unusual capital in the world.

Capitals are normally grand old cities (well, besides Washington, Brasilia, and a few other such exceptions to the rule), with pompous historical centers, town halls, royal residences, mayor’s offices, large central squares, bronze horsemen, pigeons galore, paving stones galore; crowds of locals plus plenty of tourists with their cameras a-clicking. Plus the central railroad station. Plus traffic jams.

In Canberra it’s all just the opposite. It’s a small city of nearly 370,000. Very cozy, very green. In the middle instead of a square there’s a lake. It’s also a very young city – just 100 years old or thereabouts. There are no traffic jams! At all! Ever! From parliament to any ministry it’s just a five or ten minute drive. Parking space-wise there are also no probs at all. There are never that many folks about, civil servants are rarely to be seen on the streets in the center (in the university district it’s a little more lively – pubs and cafes, but not that many). Up above of course there’s the bright, hot Oz sun.

canberra_australia_1Rush hour

Read on: finally 404!…

Abu-DhaBull.

How time flies. Though we sponsor Ferrari’s F1 team, I haven’t made it to a single Grand Prix race this year – and it’s November already! 2013? Where did that go?…

Anyway, better late than never – here we are, at the 17th 2013 Grand Prix in Abu Dhabi, capital of the United Arab Emirates.

Sooo, Abu Dhabi… what can I say? One word – a surname – sums it up best: Vettel. This man is just…irrepressible. An exceptionally skillful driver. A skillfully exceptional car. They must add Red Bull to the gas or something… But no – the real secret weapon car-wise is this unassuming fella. Jeeez, what a fearsome combo… these two on energy drinks. So fearsome of late that the red meat isn’t letting anyone else have a look in. Black horses in yellow fields included.

Alonso for the umpteenth time already started from somewhere in the middle, but then incredibly forced his way through to up near the front. This time he was fifth to pass the checkered flag. His leaving the second pitstop – have a watch on YouTube; clearly more than a little vexed was he…

F1 Grand Prix Abu DhabiQualifying – the view from the garage

Read on: fitting-up, start, fight!…

Silicon Island.

From time to time I tend to share some geo-politico-economic observations from my travels. Here’s one of those times…

There’s this island in the Atlantic – an island called Ireland. There aren’t a lot of useful things to extract out of the ground there, the climate’s nothing to write home about, and its location is quite a bit out of the way – let’s say… Euro-peripheral. And every now and again it suffers from a serious alien financial crisis.

So what’s a country with hardly the best physique in the gym to do? Think – that’s what!

And that’s just what they did…

They thought about – and followed through with – making the country as attractive as possible to foreign investors and companies by creating the most comfortable business environment possible. They even created a special governmental agency for this purpose – IDA Ireland, made up of an army of enthusiastic civil servants whose sole task is to promote their country. And they’ve done rather well so far: there are around a thousand foreign companies located here, and that includes many IT ones. Google’s here, Microsoft, IBM, Apple, and many others. In fact everyone’s here! Now Facebook too – lured here by Bono (just don’t mention ‘philanthropy’ and ‘offshore tax residency’ in the same sentence:).

The keen-as-mustard Ireland promotion agency reminds me of a similar agency in Singapore, which has helped enormously the country’s strategy of industrialization and modernization to develop the economy. Btw, Ireland’s Ryanair is the second largest airline in Europe (after Lufthansa) – just another example of this country’s low-key powerhouse status. There’s more to Ireland than long-pour Guinness meets the eye.

So what was I doing in Ireland? I was here for a local IT posse get-together – this time an exhibition-conference called Web Summit: more than 600 (!) startups of varying caliber and nationality, all in a small and tightly packed exhibition center. The startups show themselves off and get acquainted with neighbors and investors, while big companies have a gander at all the fresh innovative ideas. All good, exciting, interesting, worthwhile and proper!

Web Summit 2013

Read more: more silicon island…