Tasmania – the video collection.

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Yes, I know: I wrote how yesterday’s post was the last on Tasmania. But I’d forgotten about all the video material my travel companion, OA, had taken along the way! Plenty of it too – two hours worth, all shot on his smartphone. So, herewith, an opportunity to get the popcorn in, dim the lights, and go over the whole trip once more enjoy a video version of the very ‘greatest hits’ of our Tasmanian road/walk/chopper tour!…

Oh those Tasmanian hairpin bends!

Read on…

Tasmania in a chopper.

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Tasmania – done, at least in terms or a road trip therearound, plus much trekking along its peninsulas. The only thing still not done – chopper ride!…

First up – Tasmanian forest. You can see here how a swathe had been cut down, then replanted. I bet this is something to do with the very active logging that goes on on the island – done wisely: cut down, then plant some more in their place.

Read on…

Sudoku… for bored, locked-down boffins.

What? Bored? Surely not! Surely you’re reading those novels you kept putting off, that autobiography; fixing that faucet, finally getting round to that long-overdue spring clean, no?!

Ok, let’s say you’ve done all such things (or not). And now it’s back to ‘bored’. Well here’s something a bit different to end that boredom – at least for… a few days: a particularly tricky spot of Sudoku!

Now, before the knee-jerk groaning and eye-rolling, just let me explain. This isn’t your usual easy Sudoku you get in those Sudoku magazines. Oh no. This one was sent to me with the comment: ‘The most difficult Sudoku there is!’. Fine by me – the harder the better!

Thing is, I’d never done a Sudoku before. Talk about ‘in at the deep end’! Still, I had plenty of time to focus on it, and only it – on my long-haul flight from Australia in March after the Tasmanian tour. And I seemed to pick it up fairly quickly. Well, relatively: as I was an absolute beginner it actually took me… around the whole flight; i.e., about a day! So, be warned – this isn’t something you’ll get done in minutes, even hours. And for the beginners among you, I recommend reading up on the rules first, and then to do some simpler ones first to get some practice in and get up to speed.

Meanwhile, for you pros out there, here you go; knock yourself out! ->

Enter your email address to subscribe to this blog
(Required)

Ahoy, Cape Hauy!

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Onward we stroll, on the last day of our trek along Three Capes Track on the Tasman Peninsula. On today’s menu – getting to Cape Hauy. Over there… ->

At first it was the usual sturdy path with super views, but a bit later we entered a really strange wood…

Read on…

Unsecure ATMs should be quarantined too!

Each year, accompanied by travel companions, I tend to take more than a hundred flights all around the world. And practically everywhere these days we always pay by card or phone, and mostly contactless like Apple or Google Pay. In China you can even pay via WeChat when you’re at the market buying fruit and veg from grannies. And the sadly famous biovirus makes the use of virtual money more popular even still.

At the other end of the spectrum, you get the odd surprise: in Hong Kong, of all places, you need to pay cash for a taxi – always! In Frankfurt, of all places, last year in two separate restaurants they only took cash too. EH?!! We had to go on a long search for an ATM and withdraw euros instead of enjoying our post-dinner brandy. The inhumanity! :) Anyway, all this goes to prove that, despite there being progressive payment systems in place all around the globe, there still appears to be a need for the good old ATM everywhere too, and it looks like that need won’t be going away any time soon.

So what am I driving at here? Of course, cybersecurity!…

ATMs = money ⇒ they’ve been hacked, they’re getting hacked, and they’ll continue to be hacked – all the more. Indeed, their hacking is only getting worse: research shows how from 2017-2019 the number of ATMs attacked by malware more than doubled (by a factor of ~2.5).

Question: can the inside and outside of an ATM be constantly monitored? Surely yes, may well have been your answer. Actually, not so…

There are still plenty of ATMs in streets, in stores, in underpasses, in subway/metro stations with a very slow connection. They barely have enough broadband for managing transactions; they hardly get round to keeping watch of what’s going on around them too.

So, given this lack of monitoring because of the network connection, we stepped in to fill the gap and raise the security level of ATMs. We applied the best practices of optimization (which we’re masters of – with 25 years of experience), and also radically brought down the amount of traffic needed by our dedicated ‘inoculation jab’ against ATM threats – Kaspersky Embedded Systems Security, or KESS.

Get this: the minimum speed requirement for an internet connection for our KESS is… 56 kilobits (!!!) a second. Goodness! That’s the speed my dial-up modem in 1998!

Just to compare, the average speed of 4G internet today in developed nations is from between 30,000 and 120,000 kilobits per second. And 5G promises 100 million-plus kbps (hundreds of gigabits) (that is, if they don’t destroy all the masts before then). But don’t let prehistoric internet speeds fool you: the protection provided couldn’t be better. Indeed, many an effective manager could learn a thing or two from us about optimization without loss of quality.

Read on…

Blade Runner, Tasmanian version.

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Onward we marched, along Three Capes Track. The time had come to visit Cape Pillar, from which mind-blowing views like this are to be enjoyed:

Around half of the seven kilometers to get there are walked along this elevated wooden path:

Read on…

Cyber-yesteryear – pt. 2: 1991-1992.

Herewith, I continue my tales from the cyber-old-school side. You’ve already had the first installment – about when I caught my very first fish virus, about our first antivirus utility, and about when I decided to go it alone to become a member of a profession that didn’t really exist back then (as a freelance antivirus analyst).

So, after a few weeks as a freelancer – which was basically a few weeks of doing not much at all as I couldn’t find any customers – I decided I needed to get a regular day job again with a company. So what I did was organize a ‘tender’ between three private companies that had offered me work.

One of them (KAMI) deserves a separate post of its own, so here I’ll just go over its main features. It was a rather large, and very multifaceted import-export-and-a-bit-of-everything-else company, which had a computer department that eventually broke off from KAMI to become independent. Its boss was Alexey Remizov, a great guy who believed in and helped me for many years.

But, back to the tender. Now, if two of the companies told me something like: ‘Sure, drop by next week, let’s discuss your offer’, Alexey suggested I come to his office the following morning, and the day after that he was showing me where my desk and computer were, putting some money in my hand as my first advance, deciding on a title for my ‘department’ – the ‘Anti-Virus Department’ (or something like that), and providing me with two employees.

My first work task – firing both employees! They just weren’t right. And I managed this first task ok – no hysterics, no conflicts: I think they agreed with me they weren’t the right ‘fit’.

Now, a bit more about KAMI (remember – in 1991)…

The computer department of KAMI was made up of around two dozen folks. But there was literally no money to be spent on computers! Therefore, the start-up capital came from sales of shoes imported from India, chocolate biscuits, the manufacture of a car alarm system, and systems of encoding TV signals (for paid TV). The only actual computer IT projects were my antivirus department and also a transputer department, which happened to be the most successful departments of KAMI back then.

What else can I recall from this time?

Actually, not a great deal, as I was too busy working 12-14 hours a day: I didn’t have time to take much notice of anything else, including politics. Still, let me think…

We rented our first office in… a kindergarten (!) in Strogino, a northwestern Moscow suburb. Later we moved to some premises in the Polytechnic Museum, then in Moscow State University, then a research institute, then another. We used to joke: in our early days the company went through all levels – besides high school ).

Our very first ‘office’ in Strogino

Read on…

Go easy on the traffic!

Sometimes we take it for granted, to be sure: unlimited internet access. We’re so lucky to have it. But I wonder if you remember a time when internet access was charged per-minute or per-megabyte of traffic? And when the (dial-up) speed was almost laughable by today’s standards? I mean, we’re now approaching 1GB speed in homes. Impressive…

High-speed internet really has helped out of course in the current covid situation. It’s enabled a great many (though by far not all) to be able to continue to work under lockdown. Imagine if this biological fiasco had occurred in the pre-internet era, or even in the nineties with its snail-like internet speeds. There’d be zero remote working for one thing. Imagine how much worse just that would have made things!

Of course, one could say imagine (wildy) how, if, say, Shakespeare, Boccaccio, Pushkin, and Newton had lived in times of quarantine + high-speed internet (Pushkin, curiously, actually was under quarantine, sitting out the cholera epidemic in Russia in 1830-1831; Boccaccio’s Decameron is about folks in lockdown avoiding the Black Death, but that’s beside the point; my point: no unlimited internet back then!), they’d never have given us Macbeth, the Decameron, Evgeny Onegin, or the Law of Universal Gravitation – as they’d have been too busy with their day jobs working from home! But I digress…

So, of course, we’re all happy as Larry that we have unlimited internet access – as consumers. For business, however – especially big business – internal corporate ‘unlimited’ causes budgets to be exceeded and profits to fall. This is due to the fact that, to provide the sufficient technical capacity for fast, stable and unlimited connectivity with high flows of traffic, a lot of kit is needed: network equipment, cables, ventilation; then there’s the servicing, electricity, etc. And so as to keep the cost of such kit as low as possible, a good system administrator constantly monitors traffic, forecasts peak loads, creates reserve channels, and a lot more besides. This is all in order to make sure the business has guaranteed provision of all the necessary network niceties it needs to keep that business running optimally, smoothly, with nothing getting overloaded or jammed, and with minimal lags.

Sounds impossible. Actually, well, let me explain how it’s possible…

Source

One of the chief headaches for IT folks in large organizations with vast networks is updating: software distribution and patching – and sometimes involving huge files being transferred to every endpoint. Meanwhile, most vendors of software today really don’t give a hoot how big their updates are. So when you’ve gigabytes trying to be sent to thousands of PCs in an organization all together – that’s going to be a strain on the system > fragmentation > collapse.

Of course, the system administrators don’t permit such an ‘all-at-once’ scenario. There are many methods of optimization of the process; for example, scheduled updates (at night) or installation of specialized servers.

But this is still a bit risky, since occasionally there will be a need to update super quickly due to this or that crisis, and there’d be a collapse then. And when it comes to cybersecurity, every second update is a crisis-driven super-quick one – and there are sometimes dozens of updates a day.

Since the mid-2000s, when we started to enter the enterprise market, we needed a serious rethink of our traffic optimization for large organizations: how could we keep the network load down given the inevitably increasing sizes of our updates? // Ideally the load would be zero; better – less then zero ).

So rethink we did – and pulled off the impossible!…

What it took were: good brains, a keyboard and TCP/IP :). And we killed two birds with one stone…

After trying out various proposed solutions to the issue, we opted for… a system and method for determining and forming a list of update agents. Ok, what does this system do?

Our security solutions for business all employ Kaspersky Security Center (KSC) for management functions (btw: it was recently updated, with pleasant new features (including support for KasperskyOS)). Among the many other things you can do with KSC is remotely install and tweak our products on other network nodes, and also manage updating.

First KSC determines the topology of the network with the help of broadcast dispatches. Oops: that was a bit jargony; let me put it better: KSC first gets an overall picture of the characteristics of the network – how many nodes, what kind they are, where they are, their configuration, the channels between them, and so on. The process is somewhat like… the scanning for alien life in Prometheus!

This way, system administrators (i) can choose the most suitable nodes for the local rolling out of the updates, and (ii) conduct segmentation of the corporate network – to have a look at which computers work in one and the same segments. Let’s look in more detail at these two points…

Read on…

Security analysts of the world – united (remotely)!

The world seems to be slowly opening back up – at least a little, at least in some places. Some countries are even opening up their borders. Who’d have thought it?

Of course, some sectors will open up slower than others, like large-scale events, concerts and conferences (offline ones – where folks turn up to a hotel/conference center). Regarding the latter, our conferences too have been affected by the virus from hell. These have gone from offline to online, and that includes our mega project the Security Analyst Summit (SAS).

This year’s SAS should have taken place this April in one of our favorite (for other K-events) host cities, Barcelona. Every year – apart from this one – it takes place somewhere cool (actually, normally quite hot:); for example, it was in Singapore in 2019, and Cancun, Mexico, in 2018. We’d never put on a SAS in Barcelona though, as we thought it might not be ‘fun’ or ‘exotic’ enough. But given that folks just kept on suggesting the Catalonian city as a venue, well, we finally gave in. Bit today, in May, we still haven’t had a SAS in Barcelona, as of course the offline, planned one there had to be postponed. But in its place we still had our April SAS – only on everyone’s sofa at home online! Extraordinary measures for extraordinary times. Extraordinarily great the event turned out to be too!

But we’re still planning on putting on the offline SAS in Barcelona – only later on, covid permitting. But I’m forever the optimist: I’m sure it will go ahead as planned.

It turns out there are quite few upsides to having a conference online. You don’t have to fly anywhere, and you can view the proceedings all while… in bed if you really want to! The time saved and money saved are really quite significant. I myself watched everything from a quiet corner of the flat (after donning my event t-shirt to get into SAS mode!). There were skeptics, however: an important element of any conference – especially such a friendly, anti-format one like SAS – is the live, human, face-to-face interaction, which will never be replaced by video conferencing.

I was really impressed with how things went. Kicking it off we had more than 3000 folks registered, out of which more than a thousand were actually watching it any one time over the three days – peaking sometimes above 2000. Of course most would have picked and chosen their segments to watch instead of watching it non-stop. The newly introduced training sessions, too, were well attended: around 700 for all of them – a good indicator folks found them interesting.

And for SAS@Home a special program had been prepared – and all in just two weeks! Why? Well, the heart of our conference is hardboiled, hardcore geekfest techy stuff: very detailed investigations and reports from the world’s top cybersecurity experts. But for SAS@Home the audience was to be bigger in number, and broader in audience profile – not just tech-heads; so we experimented – we placed an emphasis on a learning program, not in place of the detailed investigations and reports, but in addition to them.

And we seemed to have gotten the balance just right. There was the story of the Android Trojan PhantomLance in Google Play, which for several years attacked Vietnamese Android users. There were presentations on network security and zero-day vulnerabilities. On the second day there was the extraordinarily curious talk by our GReAT boss, Costin Raiu, about YARA rules, with a mini-investigation about chess as a bonus!

After that there was Denis Makrushkin on bug-hunting and web applications. And on the third day things got really unusual. It’s not every cybersecurity conference where you can hear about nuances of body language; or where – straight after that comes selecting methods of statistical binary analysis! But at SAS – par for the course ).

As per tradition, a huge thanks to everyone who helped put on the show: all the speakers, the organizers, the partners from SecurityWeek, the viewers, the online chatters, and the tweeters. And let’s not forget the flashmob we launched during SAS – quarantunities – dedicated to what folks have been getting up to during lockdown at home, including someone starting to cook every day, someone learning French, and someone else switching from life in the metropolis to that in the countryside.

In all, a great success. Unexpected format, but one that worked, and then some. Now, you’ll no doubt be tiring a little of all the positivity-talk of late about using the crisis and lockdown to one’s advantage. Thing is, in this instance, I can’t do anything but be positive, as it went so unbelievably well! Another thing: ‘We’ve had a meeting, and I’ve decided’ (!) that this online format is here to stay – even after covid!

Finally, one last bit of positivism (really – the last one, honest :). As our experts David Jacoby and Maria Namestnikova both pointed out during the final session, there are other positive things that have come out of quarantining at home: more folks are finding the time to stay fit with home exercise routines; there’s an emphasis being put on physical health generally (less rushing about and grabbing sandwiches and takeaways, etc.); folks are helping each other more; and levels of creativity are on the rise. Indeed, I’ve noticed all those things myself too. Nice. Positive. Eek ).

That’s all from me for today folks. And that’s all from SAS until we finally get to sunny Barcelona. Oh, and don’t forget…: another one for your diary for next year: SAS@home-2021!

PS: Make sure to subscribe – and click the bell for notifications!! – to our YouTube channel: we’ll be putting up there recordings of all sessions gradually. Yesterday the first one was published!…

Tasmanian nights – with views to delight.

NB: with this post – about a place I visited before the lockdown – I want to bring you some positivism, beauty, and reassurance that we’ll all get a chance to see great different places again. Meanwhile, I encourage you not to violate the stay-at-home regime. Instead, I hope you’re using this time for catching up on what you never seemed to find the time to do… ‘before’ :).

Up at dawn, and into day two of our walk along Three Capes Track

Just the other day, not far away, we were walking around blatantly sedimentary rocky landscapes, around about Remarkable Cave and Tessellated Pavement, while today’s rocky landscapes were blatantly of volcanic origin. These columns are the result of emissions of huge quantities of lava (of geologically ‘correct’ consistency), which gradually cool from up top, and form into a mosaic of cracks, which then extend below with further cooling – right through the full thickness of the material. Benard Cells they’re called, which used continuum mechanics to form. And the result today looks like this:

Read on…