Nota Bene

Hi folks!

My April journeying continues. It’s already seen me visit such charming cities as Hanover, Baku and Dubai (reports thereon coming soon). Next stop – Singapore. The garden city, the island wonder – one of my fave cities on the planet, if not the fave. But oh it’s hot. And, oh, it’s humid. But it still remains the city of the future. Maybe that’s why I like it so much?…

First, a few ok pics (mine), and some really good pics (not mine; I still need practice) of this wonder-city – by day, by night, of the ships waiting in line for access to the port:

So why was I here (as if I needed a reason)? Because the annual Security Analyst Summit was being held here – the eleventh! And it was… hmmm – I’ll get to that in a bit…

First – how does one go about gauging the success of a SAS? How do you measure it? Was it totally awesome, or just so-so, or something else? Well, IMHO, you can tell if it was totally awesome if, afterward, you have a strange, somewhat paradoxical feeling: on the one hand you have nothing but positive emotions – a euphoric aftershock that just won’t go away. On the other – you’re already aware that something’s sadly lacking in your life, and will stay lacking for another year – the buzz of a SAS! And on the other – third?! – hand, you feel a little… afraid – when you wonder just how on earth next year’s event will be made even better than this year’s! But then you remember how every year after a SAS you think the same thing – and the following year’s event does turn out even better, and you start to feel better again. All these psychological symptoms together should really be called ‘post-event syndrome’. Must remember that term for next time…

Oops. I’ve digressed. Let me get back to ‘was it good?’. It was, as I hope the previous paragraph indicates. But also – have a look at all the comments, links, likes…

If you’re a new reader here, and maybe SAS is new to you too, briefly, SAS is: an annual event bringing together experts (and the press, bloggers) from all over the world to basically talk to each other, in an informal setting, all about cybersecurity. Announcements, presentations, achievements, challenges, industrial CTF, etc., etc. For a bit more on the SAS template, go here.

Next up: where, why, how, who, from where…

SAS-2019 brought on a ferocious bout of post-event syndrome, whose intensity was all the more acute due to fears that some folks might pull out due to geopolitical reasons. But in the cybersecurity industry folks think with their heads and aren’t swayed by sensational headlines. After all, battling the cyber-baddies is only effective when done together, exchanging information, and telling each other about our victories over the computer underground. Cybercriminals know no borders. And the cyber-goodies shouldn’t be limited by them either. And I’m so glad that our colleagues and competitors in the industry feel the same way.

So, there we were fearing no-shows, but in the end not only did everyone turn up but even more did than we expected! But that figures really – for who doesn’t want to get better acquainted with the company that’s being targeted because it takes a principled stand on protecting users from any cyber-vermin, no matter who may be responsible for it and no matter how much it roils certain very powerful cyberwar-mongers. SAS-2019 broke all its own records: 500+ guests, 100+ contributors, 34 countries represented, ~70 presentations, ~10 workshops and training sessions, and more coverage on social media and in the press than ever before.

Right, where did it all start this year. Ah yes, like every year – it all starts actually months in advance when a countdown clock starts showing the number of days, hours and minutes there are left until the event. Fast forward to the morning of the first day, and those clocks have just minutes left, and the anticipation is hitting fever pitch… All the kit and chairs are in place, microphones fully charged, lighting and visual effects all set up, cameras ready (prepare to flash)…

One minute left…

And we’re off!

After a short welcoming speech, I was pinged to get up on the stage. Of course I obliged, gave a very warm warm-up speech, and also took some pics of the audience from the stage. Why should the audience have all the happy-snapping fun, eh? )

After me it was expert after expert sharing their stories – each one fascinating…

This year the number of presentations was the highest it’s been, as mentioned above, but the diversity of types of presentations was real wide too: some were very technical; others were more business-oriented; there were special training sessions on reverse engineering and other methods for pursuing the cyber-swine; a mini-exhibition; an open presentation room for rooky specialists, and a new feature called SAS Unplugged… As to the best of the best content – that will be coming up shortly in a separate cyber-news-from-the-dark-side post.

This year’s SAS brought us for the first time the following:

• Separate cybersecurity white-hat hacking streams;
• A small exhibition of participating companies;
• Industrial topics;
• Lots of other stuff, but I can’t quite remember it all.

Come the evening, though everyone was no doubt tired trying to take in all the new information of the day, we all headed to a super seafood restaurant I always visit when in town. Yeh! Yum!

And that was that – almost. Time left only for the final few mega-presentations that are traditionally saved till last. They really were something. If interested – have a search for them on the internet.

Then it was my turn again up on stage. ‘Thank you all for coming’, and the obligatory back-at-you pic:

PS: A big thank-you to Roman Rudakov. His ‘masterpiece button’ provided most of the photos in this post.

PPS: Briefly about where we held this year’s SAS – the Swissotel Stamford, where I’d stayed before, and which I only had negative recollections of. Not that I’m fussy when it comes to hotels. I’m comfortable up a mountainside in the cold and spending the night in a tent, but if a hotel says it’s a 5* hotel on the tin, I expect that’s what’s inside it too. Here, back in 2017 that wasn’t the case. However, this year I was very pleased with the place. Everything seemed to be in fully working order, everything seems to have been renovated, with everything shiny and new somehow. The one thing that they haven’t gotten round to is providing decent Wi-Fi, but that’s all:

Yes, I know – I still use Far Manager! I’m used to it, that’s all ).

Well that’s it for today folks, but I’ll be back with more tomorrow…

All the pics form SAS-2109 are here.

As you’ll know by now, I’m a big fan of walkies – be they industrial walkies, cultural walkies, extreme walkies… in fact – just about any walkies, but preferably ones involving anything must-see. And I’m of course not alone with my fandom of all things walkies – therefore they are always accompanied by lots of photos and lots of travelogue-y words. Just like in this post – on a place in Bosnia, 30km (60km by road) from Sarajevo – Tito’s bunker!

Read on…

The Masada fortress – oh my Great Herod! What a checkered history. The uprising of the Jews against the Romans. The seizing of Jerusalem, the remains of the rebels locked inside the walls of the fortification on the flat top of this inaccessible mountain with vertical cliff faces all around it.

A siege of three (3!) years. The Romans constructed a ramp and eventually entered the fortress – but so as not to end up as prisoners, slaves – or dead – the defenders of the fortress (around a thousand inhabitants, including women and children) committed mass suicide. A ghastly tale – from the first century BC.

I’d already been to Masada. I didn’t write all that much about the place back then, but I do recall plenty of emotions during my visit. Places like this need returning to – so I returned…

Read on…

Ladies and gents, boys and girls!

If you wake up one morning in a hotel room and open the drapes to see this here scene – don’t rush with the cheerfulness. Appearances can be deceiving…

So, what’s not right in that pic? First: the beach – it’s empty, as in – no folks. Second: not a single human head to be seen bobbing about on that there sea. Third: those palms are looking more than a little distressed with their leaves flapping about frantically in the wind.

So yes, this is not a day for the beach. But not to worry – that means it’s a day… for a helicopter excursion!

Read on

Having recently been in Maranello to see the unveiling of the new Ferrari F1 racing car, I want to return to the automotive theme for this post. Because coming up there’s a new chapter in the ~250-year history of the automobile. It’s a biggie in itself, but there’s a security aspect of this new chapter that’s even bigger. But I’m getting ahead of myself. Time to engage reverse, and go over this biggie first…

Of late, the headlines have been pretty interesting regarding the modern automobile– plus what one will look like in a few years to come. Examples: California will legalize the testing of self-driving cars on public roads, Swedish gravel trucks will load up, drive for miles and unload with no driver at the wheel, and KAMAZ has come up with a driver-less electric mini-bus. Google, Yandex, Baidu, and who knows how many other companies from different spheres and countries are developing driverless projects. Of course, some of the headlines go against the grain, but these are mere exceptions it seems.

And just recently I was at the food processing plant of Barilla (our client, btw) in Italy, and saw more automation than you can shake a spatula at: the automated conveyor delivers up tons of spaghetti; robots take it, package it, and place it into boxes; and driverless electric cars take it to and load it into trucks – which aren’t yet automated but soon will be…

So, self-controlled/self-driving vehicles – they’re here already, in some places. Tomorrow, they’ll be everywhere. And without a trace of sarcasm, let me tell you that this is just awesome. Why? Because a transportation system based on self-driving vehicles that operate strictly to a set of rules, has a little chance of degradation of productivity. Therefore, cars won’t only travel within the prescribed speed limits, they’ll do so faster, safely, comfortably, and of course – automatically. At first there’ll be special roads only for driverless vehicles, later – whole cities, then countries will be driverless. Can you imagine the prospects for the upgrade market for old driver-driven cars?

That out the way, now comes the interesting bit – the reason for so many words in this here blogpost. Let’s go!…

Read on…

Guten tag, boys and girls!

Something very serious has happened in my life…

For most of it – my life, that is – whenever I’d watch a football (soccer) match in a stadium, the home team I’d (nominally) be supporting (I’ve never really chosen any particular team to support more than any other)… would always lose! Even when I’d watch a match on the box – ‘our’ team would lose! It’s a bit like how I’d turn up to a Grand Prix – and Ferrari would lose.

Anyway, it looks like, finally, the spell has been broken. For the other day I was in the stands watching a home match of Eintracht Frankfurt – and they won! Hurray – for Eintracht, and for me: now I can watch some footy and enjoy it like everyone else with no fear of jinxing the result!

Read on…

Hi folks!

The other day I was strolling about the photogenic small city of Fribourg in Switzerland. It was so photogenic my camera seemed to take pics of its own accord! Anyway, you’ll see pics my Sony auto-took a bit later in this post; but for now – a lengthy digression!…

I hadn’t been to Fribourg before, so this was a +1 to the number of towns and cities I’ve visited. And this +1 closely coincided with a question I was asked just recently on the KL Fan Club: ‘How many towns/cities have you visited?’ Well, having visited a full 91 countries, it was clear that totting up the number of towns and cities wouldn’t be all that easy: first, I’d need to recall each one; second – er, but what exactly is a ‘town‘, and what exactly is a ‘city‘?

Read on…

Hi folks!

After our excursion around the Galapagos Islands, it was time to return to the mainland and to Ecuador‘s capital – Quito for a proper look round. We’d flown over it a few times already, and stayed in a few hotels en route to or from the airport but not investigated the place on the ground.

Maybe there are parts of the city that are well-designed, well-built built, with lots of greenery and leafiness and overall pleasantness; however, we only saw such a place once – the city’s central square.

The rest of the city – at least those parts we saw – leave a lot to be desired. Untidy, ungroomed, seemingly no plan for town-planning ever, and traffic worse that Moscow’s – and that’s saying something. The old town looks much better and there are some neighborhoods that are interesting (for example, where our hotel was located), but even those – I’d hardly call them charming. Alas, the city is lagging behind other Latin American capitals I know of.

One aggravating factor the city’s huge population all crammed into one relatively small area. To compare, Quito covers nine times less area than Moscow, but its population is just 5.8 times less. But Moscow is a city of practically nothing but high-rise buildings; Quito rarely gets much above two floors across the whole city.

Here are some tourists lapping up Quito’s suburban sprawl. It’s not quite a favela, but it’s getting there. There are some places where the houses are better, but they still seem to be made of non-standard materials and hardly ever painted.

I have a simple rule when visiting a new city: the best way to get a proper feel for it is by taking a stroll through it. First decide on a route, then follow it. Here in Quito it went from the Virgin of Quito monument back to our hotel. Alas, I didn’t get a pic of said monument; you’ll have to make do with one I found on the internet:

Read on…

Since Ecuador itself and also its Galapagos Islands are both crammed with snowy-peaked volcanism, you might have expected that, after a full two-week expedition there, we’d have been to the top of at least some volcanoes. Well, I guess I would have expected the same too. However, we were on a take-it-easy, contemplative/meditative trip – not a high-octane, stamina-stretching, intense, head-down, onward-and-upward marching one. And one other not unimportant reason – actually, more important than the one just given – is the fact that the snow-capped peaks here are all almost stratospheric – clocking in mostly above five, and sometimes even six thousand meters high. And as any keen volcanist knows – that means acclimatization needs taking very seriously and lots of specialized kit is required; but, like I said – we were in chill-mode throughout the whole expedition, not serious-mode.

However, we did get one teenie-weenie bit of volcanism in – up the ‘easy’ volcano that shrouds Quito: Pichincha. Here are some pics therefrom:

Read on…

Hola, amigos!

Toward the end of last year we opened our first Transparency Center and a Data Center in Zurich, Switzerland, dedicated to processing data for our customers in Europe. Though that’s just short of five months ago, it’s become clear that this large-scale project reflects perfectly the current concerns regarding the cybersecurity industry in today’s geopolitical climate.

Both the business community and government agencies are reeeaaaal keen on one thing at the moment: crystal clear transparency. And no wonder! In times when any company can be accused at the highest official level of whatever digressions can be thought up – with zero evidence (are you following the Huawei saga?) – both business and state regulators all over the world are left with no other option than to conduct their own analysis and seek out the actual facts (and also use something that is alarming lacking of late: common sense).

It was for this reason that our first Transparency Center has turned out to be both very timely and very useful: it’s visited regularly by our partners and European officials. And I’m very pleased that we’ve become pioneers in the cybersecurity industry with our global openness initiative.

And on the back of the early successes of our Zurich centers, to continue the meet the needs of the market we’re opening another Transparency Center – in Madrid. Hola, amigos! Besides, by the end of the year we’ll open yet another – in Asia.

The function of the new centers will be the same: accessing both our source code and updates. And in Spain colleagues will be on hand to tell visitors about the finer details of our technologies, products and services – in the showroom there.

So, soon, expect to see the pics from the grand opening – right here on this blog. Stay tuned!

Kaspersky Lab’s Data Center in Zurich

And just in, some more news on the theme of ‘demolishing myths’…

We’re publishing some research findings of a respected independent expert on Russian legal matters – Prof. Dr. Kaj Hobér of Uppsala University, Sweden. The professor has been studying the intricacies of the Russian legal system now for more than 30 years. He started this back when Russia was still in the Soviet Union, having lived for several years in Moscow. And he’s been an arbiter in over 400 arbitration cases. In short, a very impressive CV and a very impressive individual, whose utmost professionalism it’d be hard to doubt.

His research concerns three Russian laws relating to the processing and storage of data. Now, some ‘experts’ and journalists often make reference to these laws when they write about KL. But doing so is just soooo off the mark! This independent analysis proves how we (KL) aren’t bound by any of the three laws – for one simple reason: we aren’t an internet service provider or mobile phone company! For it’s only internet providers and mobile operators that are bound by the three laws. We aren’t. And that’s that! So, let’s take, say, the Yarovaya law: it’s not our headache at all, as it doesn’t affect us at all!

So please, dear experts and journalists and bloggers, please base your judgements on facts, logic, and now independent irrefutable expert analysis – not on the country a company may hail from or on the sensationalist false allegations serving the current geopolitical agenda.