Nota Bene

I haven’t seen the sixth Mission Impossible movie – and I don’t think I will. I sat through the fifth – in suitably zombified state (returning home on a long-haul flight after a tough week’s business) – but only because one scene in it was shot in our shiny new modern London office. And that was one Mission Impossible installment too many really. Nope – not for me. Slap, bang, smash, crash, pow, wow. Oof. Nah, I prefer something a little more challenging, thought-provoking and just plain interesting. After all, I have precious little time as it is!

I really am giving Tom Cruise and Co. a major dissing here, aren’t I? But hold on. I have to give them their due for at least one scene done really rather well (i.e., thought provoking and plain interesting!). It’s the one where the good guys need to get a bad guy to rat on his bad-guy colleagues, or something like that. So they set up a fake environment in a ‘hospital’ with ‘CNN’ on the ‘TV’ and have ‘CNN’ broadcast a news report about atomic Armageddon. Suitably satisfied his apocalyptic manifesto had been broadcast to the world, the baddie gives up his pals (or was it a login code?) in the deal arranged with his interrogators. Oops. Here’s the clip.

Why do I like this scene so much? Because, actually, it demonstrates really well one of the methods of detecting… unseen-before cyberattacks! There are in fact many such methods – they vary depending on area of application, effectiveness, resource use, and other parameters (I write about them regularly here) – but there is one that always seems to stand out: emulation (about which I’ve also written plenty here before).

Like in the film, the emulator launches the object being investigated in an isolated, artificial environment, which encourages it to reveal its maliciousness.

But there’s one serious downside to such an approach – the very fact that the environment is artificial. The emulator does its best to make that artificial environment as close to a real environment of an operating system, but ever-increasingly smart malware still manages to differentiate it from the real thing, and the emulator observes how the malware has recognized it, so then has to regroup and improve its ’emulation’, and on and on in a never-ending cycle, which regularly opens the window of vulnerability on a protected computer. The fundamental problem is that the functionality of the emulator tries its best to look like a real OS, but never quite does it perfectly to be the spitting image of a real OS.

On the other hand, there’s another solution to the task of behavioral analysis of suspicious objects – analysis… on a real operating system – one on a virtual machine! Well why not? If the emulator never quite fully cracks it, let a real – albeit virtual – machine have a go. It would be the ideal ‘interrogation’ – conducted in a real environment, not an artificial one, but with no real negative consequences.

Read on…

The next northern Kuril Island on our expedition was Paramushir. If you look southwest from Kamchatka you can’t miss it – dwarfing, and just to the left of, tiny Atlasova where we were the previous day. It’s more than 100km in length and up to 30km across. The whole of the island’s surface is covered in volcanism both old and new – and very active, with its main volcano having erupted as recently as in 2016. That volcano was Ebeko – whence came the towers of smoke and ash we saw back in 2018 over on Kamchatka while walking along the shore of the Sea of Okhotsk.

To climb up Ebeko on a clear day had been a dream of mine ever since we made it to the top in 2014 in horrendous conditions: cold, wet, windswept, and visibility down to next-to-nothing. But this year – just the opposite: warm, dry, windless, and visibility up to scores of kilometers. Hurray!

First – a bit of factual background on Ebeko. It’s a stratovolcano of a multi-faceted structure with several craters at the very top. In fact, the topology of the volcanic activity is so complex that one of the craters was found to be a separate, independent volcano. Not that that really matters. The main thing was that it was a clear sunny day; that meant one thing – we were off up Ebeko and it was going to be a heavenly experience!

This is where we were headed:

Read on…

Hi folks!

A quick time-out from my Kuril expedition tales, this post is from Malaysia from where I’ve just returned. We were in the country’s new planned city of Putrajaya, which is already the seat of the government after it was transferred there from the overcrowded Kuala Lumpur. Other important state functions are slowly but surely moving over to the new city too.

So what can I say? Two things spring to mind: this place is both very interesting and rather unique. It was founded only in 1995 on a green-field site between Kuala Lumpur and Kuala Lumpur International Airport. The Prime Minister’s office is already here; however, the Parliament, King’s residence and some ministries are still back in Kuala Lumpur.

Read on…

If the internet is to be believed, there are a total of 56 Kuril Islands, not including the many separately standing and/or grouped rock formations. In all I’ve walked upon 14 Kurils, which doesn’t sound much; however, I chose well – they’re among the most interesting.

As I mentioned earlier, we were going from the northernmost to the southernmost Kurils. The first, northernmost Kuril is Atlasov Island, which is basically a volcano-island, the volcano itself being called the Alaid (pronounced A-la-eed).

The Alaid is 2285 meters high, making the island not only the tallest of all the Kurils – but also of all Russian islands (didn’t know that; isn’t the internet just great?:). And since the depth of the Sea of Okhotsk around these parts is around 800 meters, the total height of the volcano from the bedrock under it is a full three kilometers. An impressively colossal construction!

But enough of statistics. The main thing about this volcano-island is how it looks. It’s just so smoothly spherical. So much so, our guides told us how many Japanese who visit say it’s even more beautiful than their sacred Mount Fuji!

I could write at length describing the stunning symmetry of Atlasov-Alaid, but, as I often say, why bother when I’ve lots of photos – plus a video (of the time-lapse variety, no less)?! Here you go ->

Read on…

Hi folks!

All righty. After a welcome time-out during our flight from Moscow to Petropavlovsk, it was over to our traditional first stop for some much-needed acclimatization – a nice little hotel in the village of Paratunka, made all the more nice by its having a piping hot spring water swimming pool! Just the ticket with nine hours of jetlag to cope with. And after a dip, time to eat like royalty (Kamchatka, being a peninsula surrounded by vast seas, sure knows how to serve up a fresh seafood spread fit for any king:). But I’ve told you about this arrival-ritual plenty of times before, so I won’t go over it all again here.

Moving on – and over to the marine theme; particularly – to the ship that was to take us around the Kurils for a month. And here she is!

Joke. Did I get you?! No, our ride sail for the month was a little more modest; familiar too: it was the Afina or Athens! Yep – the same vessel we toured the Kurils on back in 2014. Here she is, in all her glamour and splendor:

But before we embark, a brief few words about Petropavlovsk port – one of those ‘then and now’ things.

Read on…

Privet comrades!

Oh my ginormous! As I behold the full five and a half thousand (!) pics and vids (mine and others’) from our recent hundreds of nautical miles around the Kuril Isles, I begin to wonder just where I should start. But start I must. Ok, let’s do this simply and logically: I’ll just start from the beginning…

It all started with our flight from Moscow to Petropavlovsk-Kamchatsky, from where our expedition began – and finished a month later!

As you know, I’m very partial to a spot of long-hauling. You sit by the window, you get through your backlog of emails that you just never can get through fully in the office, you get through most of an interesting new novel or non-fiction book, you watch a good movie from long ago (since there are hardly any good movies made today, or so it seems to me), and sometimes you get to see some wonderful aerial scenes out of said window, which you of course take a few pics of…

This time I was snapping away right from the get-go: the weather was clement and I got in a good clear shot of the suburbs of Moscow:

Woah – and there’s our office. I’ll be seeing you, office – in more than a month’s time!

Read on…

Hi folks!

Been a while, I know. What can I say? Actually – three words: July and August :).

I’m literally just back from yet another oh-my-gripping summer expedition – this time around the Kuril Islands (the string of islands above Japan at the far-eastern end of Russia, just in case geography ain’t your strong point). Actually, I could say I’m just back from two trips along the full length of the Kurils (I’ll explain quite why later on): from Kamchatka at the northern end; right down to the southern end; over to Sakhalin; back over to the southern-most Kuril island of Kunashir; and back up to practically the northern-most Kuril island of Atlasov right next to Kamchatka again; plus – bonus track – a quick trip to the Commander Islands to the east of Kamchatka (not far Alaskan islands).

In all, around a dozen islands were visited (some of them – twice), walked upon, and snapped aplenty with my trusty Sony. Approximately seven volcanoes were observed up close (again – some twice), but alas Tyatya we didn’t manage to inspect due to poor weather. In all, the intensity of the impressions: off the scale. Back here in Moscow, I’m still swaying on my feet occasionally, for we were a full month living on a small ship out at sea – and that includes every night bar a few (in Yuzhno-Sakhalinsk and on Kunashir and Onekotan). The number of photos and videos shot from the ground and up in the air (using drones) – oh my: countless. Accordingly, I’ll be uploading portions thereof gradually as I get through them, accompanied by my traditional tales from the road ship, volcano, and other wild places of interest less-visited…

For now, as a taster-teaser – a few highlights:

Read on…

Guten tag folks!

As promised earlier, herewith, a bit lot more detail on some of the presentations at this year’s Starmus in Zurich. The main theme here: the first moon landing.

Quick (relevant) digression: it was our traditional all-day-and-night birthday bash the other week, and since it’s just a few days since the 50^th anniversary of the Neil Armstrong’s giant leap for mankind, we thought we’d add a sprinkling of cosmonautical space dust to the proceedings: we invited along two very experienced and very highly-respected astronauts: Oleg Kotov and Sergey Krikalyov. (And let me tell you that both of them have no doubts whatsoever that the Americans really did land on the moon!)

But back to the Starmus highlights. Let me go through some of the best few presentations:

Gerry Griffin was one of the managing directors of the Apollo Program. He was one of the heroes who managed to get the stricken Apollo 13 back to earth safely. A very interesting story – dramatized many times, most notably in the 1995 movie Apollo 13 starring Tom Hanks.

Read on…

So, what else did we get up to in Zurich, besides beer-and-bathe by/in the river? We got ourselves to perhaps my fave annual festival – STARMUS, which – oh my galaxy! – is already in its fifth year! Space, universes, stars, black holes; man’s space projects; plus assorted other jaw-dropping reports on scientific research from all over the planet and beyond; plus a traditional mega-music concert of impressive caliber (alas, which we traditionally miss).

Check out some of the speakers at this year’s event:

• ‘Moonwalker’ Buzz Aldrin (yep – second man on the moon (on Apollo 11);
• Charles Duke (Apollo 16); and
• Harrison Schmidt (Apollo 17).

Read on…

Last year I told you how, as part of our Global Transparency Initiative, we had plans to undergo an independent audit to receive SOC 2 certification. Well, finally, we can announce that we did undergo this third party audit… and passed! Hurray! And it wasn’t easy: it took a lot of work by a great many of our K-folks. But now that’s all behind us, and I’m very proud that we’ve done it!

So what does this mysterious SOC abbreviation stand for, and (whatever it may be) why is it needed?

Ok. The abbreviation stands for Service Organization Controls, and SOC 2 is a report based on the ‘Trust Services principles and criteria’ of the American Institute of CPAs (AICPA) [CPA: Certified Public Accountants], which evaluates an organization’s information systems relevant to security, availability, processing integrity, and confidentiality/privacy. Put another way, this is a (worldwide recognized) standard for audits of information risk control systems. Its main aim is to provide information on how effective a company’s control mechanisms are (so other companies can assess any risks associated with working therewith).

We decided to seek SOC 2 to be able to confirm the reliability of our products and prove to our customers and partners that our internal processes correspond to the highest of international standards and that we’ve nothing to hide. The audit for us was conducted by one of the Big Four accounting firms (I can’t tell you which as per the respective contract’s terms and conditions, in case you were wondering). Over the past year different K-departments have been working closely with the auditors sharing with them all the information they’ve needed, and that includes R&D, IT, Information Security, and our internal audit team.

The final report, which we received this week, confirms the soundness of the internal control mechanisms used for our automatic AV database updates, and also that the process of developing and launching our antivirus databases is protected against unauthorized access. Hurray!

And if you’re a customer, partner or state regulator, please get in touch if you’d like to see a copy of the report.

That’s all for today folks, but I’ll be back tomorrow with a quick rewind back to STARMUS and some more detail of the presentations thereat.

Meanwhile, privyet, from…