Krenitsyna in the Kuril sun: volcanic scenes that simply can’t be outdone!

Let’s say you’re near the top of Krenitsyna Volcano in the Kurils, you’ve applied the Strategic Stratovolcano Stratagem to secure some imminent sunny weather, you have tents with you, sleeping bags and gas stoves (no firewood up there) and all the rest, which you’ve carried with you 500+ meters along the vertical and 9km on foot (7.5km to the edge of the caldera; 1.7km to the pond), you dump it all down on the grass (or put up the tents straight away if the weather’s still poor), sit on the very edge (ideal spot – very comfortable) and are ready to behold the most mind-blowingly picturesque volcanic scene on the planet…

So, what next?…

Next, you just sit and wait. Everything will work itself out. Namely, that just-mentioned most mind-blowingly picturesque volcanic scene on the planet slowly but surely comes into full view. Oh my grandiose! Then, you just stay sitting there, unable to tear your eyes away from it – as if you’d want to ).

Read on…

i-Closed-architecture and the illusion of unhackability.

The end of August brought us quite a few news headlines around the world on the cybersecurity of mobile operating systems; rather – a lack of cybersecurity of mobile operating systems.

First up there was the news that iPhones have been getting attacked for a full two years (!) via a full 14 vulnerabilities (!) in iOS-based software. To be attacked, all a user had to do was visit one of several hacked websites – nothing more – and they’d never know anything about it.

But before all you Android heads start with the ‘nah nana nah nahs’ aimed at the Apple brethren, the very same week the iScandal broke, it was reported that Android devices had been targeted by (possibly) some of the same hackers who had been attacking iPhones.

It would seem that this news is just the next in a very long line of confirmations that no matter what the OS, there may always be vulnerabilities that can be found in it that can be exploited by certain folks – be they individuals, groups of individuals, or even countries (via their secret services). But there’s more to this news: it brings about a return to the discussion of the pros and cons of closed-architecture operating systems like iOS.

Let me quote a tweet first that ideally describes the status of cybersecurity in the iEcosystem:

In this case Apple was real lucky: the attack was discovered by white-hat hackers at Google, who privately gave the iDevelopers all the details, who in turn bunged up the holes in their software, and half a year later (when most of their users had already updated their iOS) told the world about what had happened.

Question #1: How quickly would the company have been able to solve the problem if the information had gone public before the release of the patch?

Question #2: How many months – or years – earlier would these holes have been found by independent cybersecurity experts if they had been allowed access to the diagnostics of the operating system?

To be frank, what we’ve got here is a monopoly on research into iOS. Both the search for vulnerabilities and analysis of apps are made much more difficult by the excessive closed nature of the system. The result is almost complete silence on the security front in iOS. But that silence does not actually mean everything’s fine; it just means that no one actually knows what’s really going on in there – inside those very expensive shiny slabs of aluminum and glass. Even Apple itself…

This state of affairs allows Apple to continue to claim it has the most secure OS; of course it can – as no one knows what’s inside the box. Meanwhile, as time passes – yet no independent experts can meaningfully analyze what is inside the box – hundreds of millions of users are just lying in wait helpless until the next wave of attacks hits iOS. Or, put another way – in pictures…:

Now, Apple, to its credit, does put a lot of time and money into increasing security and confidentiality with regard to its products and ecosystems on the whole. Thing is, there isn’t a single company – no matter how large and powerful – can do what the whole world community of cybersecurity experts can combined. Moreover, the most bandied-about argument for iOS being closed to third-party security solutions is that any access of independent developers to the system would represent a potential vector of attack. But that it just nonsense!

Discovering vulnerabilities and flagging bad apps is possible with read-only diagnostic technologies, which can expose malicious anomalies upon analysis of system events. However, such apps are being firmly expelled from the App Store! I can’t see any good reason for this beside fear of losing the ‘iOS research monopoly’… oh, and of course the ability to continue pushing the message that iOS is the most secure mobile platform. And this is why, when iUsers ask me how they’re supposed to actually protect their iDevices, I have just one simple stock answer: all they can do is pray and hope – because the whole global cybersecurity community just ain’t around to help ).

Gobi Desert: the red rocks of Bayanzag.

Hi folks!

It was a bright, clear morning, and it was time to head further along the route of our express-journey across the Gobi Desert. Next port of call – the Flaming Cliffs, aka Bayanzag.

It’s around about here where many dinosaur bones and even whole dinosaur skeletons have been discovered. And the internet tells me it was here where the first fossilized dinosaur eggs were found. Yes, I think that’s highly likely: I’m sure they could have simply fallen out of these here red-rock cliffs that were eroded over the years to expose them. And anyway, besides their usefulness to prehistorical studies, these red rocks and cliffs are also delightfully beautiful – and very reminiscent of Utah. U.S.A.:

Read on

Enter your email address to subscribe to this blog
(Required)

Okey-dokey – let’s chopper over the Gobi.

And now for more Gobi desert.

The Gobi is a huge desert consisting of several regions. It occupies Mongolia’s southern and south-western territory and a considerable part of central northern China. We only saw a small portion of it in southern Mongolia, but that was more than enough for our first visit. I can’t stress it enough: the Gobi is absolutely magical in gentle summer weather, and I highly recommend that everyone sees it with their own eyes. There are vast, infinite spaces. I want to say it’s where the horizon goes beyond the line of horizon’!

Read on…

Our fan club is a teenager already!

If ever I mention while chatting with someone that Kaspersky has a fan club, I immediately get asked: Why? How come an antivirus company has a fan club? Here are the why’s: because it’s been a long time since we just made antivirus protection; because our company is always actively doing fun and interesting stuff; and because people want to participate in what Kaspersky does even if they’re not employees. And, well, it’s just cool to have one.

All this tomfoolery began, it’s scary to recall, 13 years ago, back when we cranked out version 6, which was praised throughout the computer security industry. Almost daily we posted new builds on the forum, where dozens of volunteers would immediately grab this raw but very promising code, install it, and test how well it worked. I think the main motivator for them to participate was the feeling that the developers (the entire team, without exception, followed the forum) instantly incorporated any feedback from bug reports and feature wish-lists. Users liked that they could have a say in the look, behavior, and fate of a popular software product.

Users still have this power to shape our products even today. Every year, our R&D division tests new versions of our products, which have now become numerous and very diverse — there’s even a dozen mobile apps — and the volunteers from our fan club still participate in this testing process. Fans are interested in tinkering with the latest builds, testing new features, and catching bugs. That’s why they participate in these types of closed beta tests. Well, it’s also cool to have the chance to use new products a few months earlier than the rest of the world! Not that we settle for thanking our friends with mere pats on the back … but more on that below.

Read on…

The King of Volcanos: Krenitsyn volcano, Kuril Islands.

Now we’re done with the northernmost Kuril islands, and it’s time to head south. On the right hand side, we see two islands Antsiferov and Makanrushi. I’ve not heard anything interesting about these two, which is why we pass them by without calling in; perhaps there is something worth seeing that I don’t know about. If anybody knows of something worth seeing on those islands, let me know and I’ll try and visit them next time I’m around this way.

Next on our Kurils route comes sunny Onekotan, a truly remarkable and delightful place! What makes it so special is the Krenitsyn volcano, the most beautiful volcano in the world, positioned at the island’s southern tip. No words or comments can match its beauty… This is the king of all volcanos! A stunning creation. Oh… and there I was trying to steer clear of “words or comments”. Even just looking at these pictures, it takes your breath away… Wow!

Read on…

Cyber-news: nuclear crypto mining.

Hi folks!

The i-news section is back with a bang after the summer holidays. Straightaway there’s some hot industrial cybersecurity news.

In case anybody missed my posts about how I spent this summer, here you go. Meanwhile, how some of the personnel at the South Ukraine Nuclear Power Plant spent their summer was reported in recent crime-related news. Ukraine’s Security Service (SBU) recently terminated cryptocurrency mining at the power plant’s restricted access facilities. This, erm, extra-curricular activity resulted in the leak of top-secret information about the power plant’s physical security. This is not only pretty depressing but also downright scary.

source

According to expert forecasts, the ICS market is set to reach $7 billion by 2024. Attacks on critical infrastructure are increasingly hitting the headlines. The recent Venezuela blackout, for example, immediately looked suspicious to me, and just a couple of days later it was announced that it was caused by a cyberattack.

This July, in collaboration with ARC Advisory Group, we published a lengthy report on the state of things in the industrial cybersecurity sphere. It’s a good read, with lots of interesting stuff in there. Here is a number for you to ponder on: in 2018, 52% of industrial cybersecurity incidents were caused by staff errors, or, in other words, because of the notorious human factor. Behind this number is a whole host of problems, including a shortage of professionals to fill key jobs, a lack of technical awareness among employees, and insufficient cybersecurity budgets. Go ahead and read the report – it’s free :)

Attention all those interested in industrial cybersecurity: you still have a few days (till August 30) to sign up for our annual Kaspersky Industrial Cybersecurity Conference 2019. This year, it’s being held from September 18-20 in Sochi, Russia. There’ll be presentations by over 30 international ICS experts, including yours truly. So, see you soon in sunny Sochi to talk about some serious problems and ways to deal with them!

Full-on Gobi experience!

My summer schedule has whirled into a frantic tornado. It’s only likely to ease up … at the end of October :) It was only 16 days ago that I returned from my trip to the Kurils, Sakhalin, Komandorski and Kamchatka, and since then I’ve been on a round trip to Malaysia, Mongolia and Kazakhstan. And now my suitcase is packed and I’m ready to fly again…

There are still about 5,000 photos “in the pipeline”. It’s scary to think when that backlog may get cleared up, especially considering the very interesting places in my upcoming world travel plans. They’re the kind of places that leave a lingering imprint in your memory – and photos on the internet. However, it’s now time to catch up on some old stuff.

There was one place on the planet that I had long been dreaming of visiting – the Gobi Desert in Mongolia. I’ll add some stories later. For now, I just want to post a selection of some of the very best photos. Here you go!

Endless wilderness…

Read on…

Sunny Severo-Kurilsk.

And here we are again on the northern Kuril island of Paramushir. Most of our group of intrepid tourists spent this sunny summer morning climbing the slopes of the Ebeko volcano in search of adventure and an adrenaline rush, while the others stayed in the town of Severo-Kurilsk at the base of the volcano. Actually, most of those who stayed behind had already jogged struggled to the top last time in the pouring rain. You can also follow that link to read my impressions of the northern Kuril weather and climate. Anyway, for the smaller part of our group that wet and windy climb five years ago was still fresh in the memory, and we decided to stay and enjoy the creature comforts of town life. Here I’ll be sharing their photos, especially as this remarkable town is likely to be too difficult and too expensive to visit for many.

And here you have sunny Severo-Kurilsk:

Read on…