Thames Path – pt. 5.

Having just completed a vacation-till-you-drop tour of the Caribbean and Bahamas – up early every morning, late to bed every night, daily flights between the islands, sore index finger from all the snapping – it was time for a complete change: of continent. But the island theme, arguably, continued, for we were headed to London, capital of the UK – another island nation.

I find myself in the British capital frequently – our European HQ is here, so there’s always plenty of business needs seeing to. And seeing as though I’m here often, and have been known to enjoy a lengthy, brisk stroll if I can fit one into my working schedule, I decided a few years back to walk different sections of the Thames Path at different times, whenever I can. You can’t do the whole Path in one go as it’s just too long – nearly 300km! Well, I’d done four sections to date, with the last one taking me as far as Richmond Lock. Now, it was time for the fifth installment…

So, setting off from above-mentioned lock, the first things we come to are two bridges:

Conveniently, practically all bridges along the route have paths or tunnels going under them beside the river, meaning you don’t have to climb up from the Thames to get past them.

Read on…

Bahamama Mia!

Get ready folks – this post is full of extremely bright colors. I recommend wearing sunglasses (and a Panama hat) so you don’t get blinded (and sunburned:). For this post is dedicated to the 365 Bahaman islands – cays – of Exuma, one of the most beautiful places in the world…

As often occurs on these here blogpages when I encounter off-the-scale natural beauty, there’ll be few words today and, you guessed it, lots of pics…

Read on:

Features you’d normally never hear about (ver. 2018): KFP – Keeps your Funds Preserved!

When it comes to choosing an item of clothing – the only thing that’s important for me is functionality. Nice packaging, a designer brand, status level and other stuff don’t matter to me one bit. Same with cars really: if one gets you from A to B in good time, safely, and in reasonable comfort (so, maybe with a/c.) that’s all that really matters.

The same ‘ignore the unimportant stuff’ principle should be applied when it comes to one’s choice of cybersecurity product too. One really should – though many don’t – make sure one doesn’t fall for the ‘other stuff’ (= marketing waffle) that has no relation to actual protection. For it turns out that in thorough independent testing, new glamorous ‘next-generation antivirus’ products are shown to contain under their hoods fake artificial intelligence, adopted AV detection, and ‘protection’ full of holes. Put another way: they’re placebos, nothing more. So, in order not to become a victim of shiny marketing based on unsound security, you need to lift the hood yourself to have a look at how things work.

Of course, not everyone has the time and patience and technical knowledge to be able to plough through technical documentation of a cybersecurity product and understand it. But even if someone did, there’s still a chance the developer is mostly spinning a yarn throughout all that techy jargon.

With us, on the other hand, it’s just the opposite: we’re proud of our technologies, openly publish their technical details (without the yarns) and consider that anyone can understand them if explained appropriately. Ultimately we’re the most transparent cybersecurity company around – even to the extent that we’re ready to share our source code for inspection.

But to add to the clarity and accessibility of some of our tech, seven years ago, I started a series of regular posts on this here blog with the technology tag, in which all the main points of our more complex tech features are explained in simple language (complex tech features ‘you’d normally never hear about’, much less – read about in the regular, for-geeks-only technical notes). These are the largely invisible – under-the-hood – features, but they’re the ones that happen to be the real nuts-and-bolts of our cyberprotection.

Ok. Intro over. Today’s post is about how banks recognize a hack into your bank account.

Let’s say that one day you get a message from your bank that goes along the lines of: ‘Suspicious activity has been detected on your account…’. The first thing you do is go over the last few days trying to recall everywhere you’ve been, where you withdrew cash and how much, what you bought in shops/cafes, etc. and/or online, and so on.

In my case, it may look like this: (i) withdrew Norwegian kroner from an ATM in Longyearbyen, Svalbard, Norway; (ii) bought a steak and a beer salad and a mineral water in Oslo Airport, Norway; (iii) bought the missus a present in Schiphol Airport in Amsterdam, Holland – plus another salad and mineral water for lucky me; (iv) somewhere in the vicinity of the Azores bought some airplane internet access time; (v) withdrew some balboas in Tocumen Airport in Panama; and (vi) paid for dinner for a large party in a village not far from Panama City. And that was all in just one day!

Now, of course, to a bank, that string of transactions with a credit card – registered in none of the countries mentioned – sure could look suspicious. Quite who starts the day in the northernmost town in the world, buys an expensive duty free item a while later in a European capital, and ends up in Panama in the evening and forks out for a banquet, but has never taken such an unusual route before ever?

Sure. But let’s face it, banks can’t keep track of their millions of clients. How many employees would they need to do so? No, instead, the bank has a smart automated system (like Kaspersky Fraud Prevention (KFP)) that recognizes fraud automatically and with a high degree of accuracy. Ok, let’s have a look under KFP’s hood and see how it protects your money.

Each client of a bank has a model of behavior: a mathematical graph that contains the devices (computers, smartphones, tablets) and accounts of the user, bank services used (e.g., internet banking), and also rules for interaction among all the just mentioned. The model is built on the basis of collected anonymized data about specific activity of the client on the internet and using mobile bank. Crucially, the system isn’t interested in concrete transactions, sums involved, invoice details, names and so on – banking secrecy remains banking secrecy. Threats are calculated based solely on technical metadata and analysis of anonymized actions.

Such an approach allows to automatically detect many different kinds of cyber-fraud.

Example 1: Citizen X uses his internet banking application on his home computer. To authenticate his identity he uses the USB token given him by the bank. But since for protection he’s installed a next-generation antivirus based on a ‘cutting-edge AI system’, one day a malicious Trojan gets through. That Trojan – assisted by the token being forgotten about and left in the USB port – starts to transfer money on the quiet from Citizen X’s account. But it’s not ‘on the quiet’ for the banking anti-fraud system, which detects the anomalous behavior quickly, blocks the operation and informs the bank’s security department.

KFP control panel

Read on…

Montserrat: half-paradise, half-ghost-isle.

Hi folks!

Next up, Montserrat, aka, the Emerald Isle of the Caribbean.

Brief main info: This is another British Overseas Territory. Population: ~5000. Again, the locals don’t live too high on the hog; however, the island has a pleasant climate and outward appearance, which makes it a hit with foreigners who live very high on the hog and who like to visit, as can be seen from all the very nice houses and villas (from a helicopter).

Read on…

Lesser Antilles No. 2: Saint Vincent and the Grenadines.

Hi folks!

As promised, herewith, the next islands of the Lesser Antilles. Next up: Saint Vincent and the Grenadines.

This is another sovereign state, made up of Saint Vincent and – surprise, surprise – the Grenadines. The former is relatively large, covering some 300+km²; the latter is made up of dozens of small and tiny islands, all of which are extraordinarily beautiful – one of them being Mustique.

Read on…

The mystique of Mustique.

You really should not believe all you read on the internet. But surely we all know that, right?

But, then, at the same time, there are some resources on the net that can be trusted. For example, there’s Wikipedia, which I often refer to in my blogposts. However, even it needs to be read with the occasional pinch of salt added to taste – as I have mentioned occasionally here on this blog.

The issue is basically differences between the information given on different language versions of one and the same Wikipedia subject.

Example: On Wikipedia’s English-language page on Stuxnet – the first known cyberweapon ever to be deployed (the infamous worm which in 2010 physically damaged the Iranian atomic program), it used to state (it’s since been corrected) that Stuxnet was discovered by KL. But it wasn’t. It was first discovered by the Belorussian company VirusBlokAda, and later first ‘cut open and dissected’ by America’s Symantec. Back then we were a little slow and missed the first train. The expert at VirusBlokAda who did first find it, Sergey Ulasen, did soon after come and work for us, but that doesn’t mean we found Stuxnet! Still – there it was, on the English Wikipedia page on Stuxnet. While the Russian-language Stuxnet page told the story correctly.

Such discrepancies I see sometimes on Wikipedia between the Russian and English pages as I like to check both (often out of curiosity to find such discrepancies!). However, who’s to say there aren’t the same – or completely different – discrepancies among some or all the different language versions of any given Wikipedia subject? I haven’t checked, nor can be expected to, as I don’t know dozens of languages. But… just sayin’ and all. It just makes you wonder. In fact, it made me wonder if anyone has a studied this issue in depth. But I digress…

Aaaaaannnnyyyyway, it turns out there’s a discrepancy between certain info on the Russian and English Wiki pages for the Caribbean island of Mustique. In Russian it states that ~ ‘the only means of transportation on the island is the golf cart’. But that just ain’t true. The island has regular cars that travel on regular roads. Meanwhile, over at the English-language page, there’s no mention of golf carts!

Of course, maybe things have changed since when the page was written. But if they have, well… the pages need updating!

Read on…

Panama: ooh la la.

Since the construction of the Panama Canal was deemed: “One of the largest and most difficult engineering projects ever undertaken” (– Wikipedia), I decided it just had to be included in my Top-100 Must-See Places in the World. It was one of those Top-100s I hadn’t visited, but my recent few days in Panama gave me a +1 to my actually-visited Top-100s, and, boy, am I glad: it’s a unique feat of human thought, design and construction, and still the monopolist for marine-bisecting the Americas. And it’s so in-demand that they don’t sell ‘tickets’ for a ship to get through the canal as per some kinda price list; no, they auction them instead – with prices paid sometimes reaching hundreds of thousands of dollars!

It’s also got plenty of fascinating tales to tell regarding its construction. The first attempt to build it – in the 19th century by the French – was eventually called off as money ran out after it overran its completion targets, but not before thousands of workers died during the doomed construction project from yellow fever, malaria and other tropical diseases. The death rate was at one time higher than 200 per month! Oh my ghoulish. (And if my memory serves me well, I do believe it was here that it was first realized that such diseases were in fact spread by mosquitoes.) After work was abandoned (after 22,000 had died) corruption scandals – regarded to be the largest of the 19th century! – ensued. Then the Americans took things over. Later, the Panamanians wanted to seize it over for themselves, and on and on a checkered history of revolutions and other political upheavals.

But let me get away from the politics and back to the hydro-technical engineering…

You can sit and watch the canal’s locks opening and closing, the raising or lowering of the tankers, and their slow movement along the canal forever. Mind-blowing and hypnotic. But if you want more on the history of the place there’s a nice museum too (plus a restaurant with the perfect birds-eye view of the canal’s comings and goings).

Read on…