An Open Letter from Kaspersky Lab.

This week, Kaspersky Lab filed an appeal with a U.S. federal court challenging the U.S. Department of Homeland Security’s (‘DHS’) Binding Operational Directive 17-01, which requires federal agencies and departments to remove the company’s products from federal information systems. The company did not take this action lightly, but maintains that DHS failed to provide Kaspersky Lab with adequate due process and relied primarily on subjective, non-technical public sources like uncorroborated and often anonymously sourced media reports and rumors in issuing and finalizing the Directive. DHS has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company. Therefore, it is in Kaspersky Lab’s interest to defend itself in this matter.

About Kaspersky Lab

As a global cybersecurity company founded over 20 years ago, Kaspersky Lab has proudly called the United States home to its North American headquarters in Woburn, Massachusetts, for over a decade. With nearly 300 employees in Massachusetts and throughout the country, Kaspersky Lab’s corporate mission is to protect its customers from cyberthreats, regardless of their origin or purpose. The company regularly submits its products and solutions for independent testing and assessment, consistently receiving more first place finishes and top-3 awards than any other cybersecurity vendor. Furthermore, the company collaborates with law enforcement, other IT security companies, and government organizations globally to combat cybercrime, providing technical assistance and forensic malware analysis, as well as world-renowned security research into cyber-espionage and targeted attack campaigns.

Kaspersky Lab has a clear policy concerning the detection of malware: it detects and remediates any malware attack. There is no such thing as ‘good’ or ‘bad’ malware for the company. Its research team has been actively involved in the discovery and disclosure of several malware attacks with links to nation-state and organized cybercrime entities. Over the past decade, Kaspersky Lab has published in-depth research into some of the biggest cyber-espionage and financially motivated cybercrime operations known to date. It does not matter which language a threat ‘speaks’: Russian, Chinese, Spanish, German, or English. The following list of threats, as reported by Kaspersky Lab’s Global Research and Analysis Team (‘GReAT’), shows the different languages used in each case:

Kaspersky Lab’s Good Faith Efforts to Engage DHS

Kaspersky Lab fully supports DHS’s mission and mandate to secure federal information and federal information systems, which align with its own corporate mission of protecting customers from cyber threats regardless of their origin or purpose. Given its longstanding commitment to transparency, the trustworthy development of its technologies and services, and cooperation with governments and the IT security industry worldwide, Kaspersky Lab reached out to DHS in mid-July as part of a good faith effort to address any concerns regarding the company, its operations, or its products. DHS confirmed receipt of Kaspersky Lab’s letter in mid-August, appreciating the company’s offer to provide said information and expressing interest in future communications with the company regarding this matter. Kaspersky Lab believed in good faith that DHS would take the company up on its offer to engage on these issues and hear from the company before taking any adverse action. However, there was no subsequent communication from DHS to Kaspersky Lab until the notification regarding the issuance of Binding Operational Directive 17-01 on September 13, 2017. The July and August communications are referenced below.

July 18, 2017, Kaspersky Lab Letter to DHS

“Given Kaspersky Lab’s longstanding commitment to transparency, the trustworthy development of its technologies and solutions, and cooperation with governments worldwide and the IT security industry to combat cyber threats, we write to offer any information or assistance we can provide with regard to any Department investigation regarding the company, its operations, or its products.

…The integrity and assurance of our products and technologies remain our utmost priority, and we maintain that a deeper, collaborative examination of our company and its products will assuage any concerns.

Kaspersky Lab looks forward to working with the Department and its staff and welcomes further dialogue. Please contact *************** via email or phone to discuss how we might communicate more directly with you or your staff and explore ways we might work together to make cyberspace safer.”

August 14, 2017, DHS Letter to Kaspersky Lab

Jeanette Manfra, on behalf of the (then-)Acting Secretary responded:

“Thank you for your letter of July 18, 2017 addressed to then-Secretary of Homeland Security John F. Kelly. The Acting Secretary has asked me to respond on her behalf.

We appreciate your offer to provide information to the Department about your company and its operations and products as well as to communicate with the Department about making cyberspace safer. We look forward to communicating with you further on this matter and receiving such information from you, and we appreciate your patience as we work through timing and logistical issues.

We will be in touch again shortly. Thank you again for your letter.”

Addressing DHS’s Binding Operating Directive 17-01

One of the foundational principles enshrined in the U.S. Constitution, which I deeply respect, is due process: the opportunity to contest any evidence and defend oneself before the government takes adverse action. Unfortunately, in the case of Binding Operational Directive 17-01, DHS did not provide Kaspersky Lab with a meaningful opportunity to be heard before the Directive’s issuance, and therefore, Kaspersky Lab’s due process rights were infringed.

In the September 19, 2017 Federal Register notice announcing the issuance of Binding Operational Directive 17-01, DHS stated that Kaspersky Lab could initiate a review of the Directive by submitting written information, which the company did on November 10, 2017. However, this ‘administrative process’ did not afford Kaspersky Lab due process under U.S. law because the company did not have the opportunity to see and contest the information relied upon by DHS before the issuance of the Directive. As I have said before, ‘genuine due process provides you with the opportunity to defend yourself and see the evidence against you before action is taken; it doesn’t ask you to respond once action is already underway.’

Furthermore, DHS primarily relies upon uncorroborated media reports to support its assertion that Kaspersky Lab products present information security risks to government networks, not evidence of any wrongdoing by the company. DHS also cites technical arguments that apply to antivirus solutions generally, including broad levels of access and privileges to the systems on which solutions operate, the use of cloud-based technologies to process malware samples and deploy detection signatures, and data collection and processing practices. These capabilities are not unique to Kaspersky Lab’s products, and if they are of concern, DHS could have taken action to address these issues holistically across the IT security industry instead of unfairly targeting a single company without any evidence of wrongdoing.

Despite the relatively small percentage of the company’s U.S. revenue attributable to active software licenses held by federal government entities, DHS’s actions have caused a disproportionate and unwarranted adverse impact on Kaspersky Lab’s consumer, commercial, and state, local, and education (‘SLED’) business interests in the United States and globally. Through Binding Operational Directive 17-01, DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community. Its presence in Russia and the CIS region, its technical knowhow, and its linguistic expertise uniquely position the company to advance the fight against malware and protect its customers from cyber threats. These assets have enabled Kaspersky Lab to share cyber threat information and vulnerability research with various U.S. government entities, including constituent agencies of DHS, involved in protecting U.S. cyberspace. Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence does not constitute a risk-based approach to cybersecurity and does little to address information security concerns related to government networks.

Conclusion

In undertaking this action, Kaspersky Lab hopes to protect its rights under the U.S. Constitution and U.S. federal law, receive adequate due process, and repair the reputational and commercial damage caused by Binding Operational Directive 17-01. The company continues to welcome constructive and collaborative engagement with the U.S. government to address any concerns about its operations or its products, as it stated in its letter to DHS five months ago. Kaspersky Lab’s Global Transparency Initiative could serve as a mechanism for such dialogue. Regardless of this action, Kaspersky Lab remains committed to continuing its mission and business of protecting customers in the United States and around the world from cyber threats by providing market-leading antivirus software, threat intelligence and analytics.

Digital 2018 – pt. 2

Hi folks!

Quite a bit of motivation is needed to solve interesting brainteasers. Thankfully I’ve never had any trouble mustering motivation. But more about that in a bit…

First up, as per the requests of many, two brainteasers that don’t require a calculator or computer – it’s quicker using a trusty old pencil and pad. All righty…

Brainteaser No. 1

There exists a really beautiful 10-digit number. The first (left-most) digit in it is the overall quantity of 0s in this number. The second digit – the quantity of 1s. The third – 2s. And so on. The last digit is the quantity of 9s. What is that digit?

It’s not as hard as it may at first seem. To solve it you need merely (i) a head, (ii) a brain inside it, and (iii) the ability to use it. So good luck!

The second riddle is a little more difficult. Even if you have a head, a brain and ability, not everyone will get it. This one’s solving is probably reserved for arithmetic geniuses – the sort that are able to multiply large numbers in their heads. Let’s see…

Brainteaserdestroyer No. 2

Does there exist a natural (whole, nonzero, positive) number that gives upon multiplication by 2018 a result that consists of a number made up of 10 1s and/or 0s? (everyone’s a programmer here: it’s all about the 0s and 1s:). In other words, is it possible to multiply 2018 by something whole and positive so that the result of the multiplication only has 0s and 1s in it – and is 10 digits long? If yes – let’s see it! If there are many – which is the smallest, and by how much? If there are none, explain the reason why.

Ok all you smart alecks, and Alexandras, thinking caps on! For the best/funniest answers – prizes!

And now a bit on how last week’s riddle was solved:

Digital 2018 – pt. 1

How to get 2018 out of the sequence 10-9-8-7-6-5-4-3-2-1 and its truncations: 9-…-1, 8-…-1 and so on?

Here’s how:

Read on…

Digital 2018 – pt. 1.

Boys and girls!

December’s here again already. Over the next few weeks there’ll be the usual Christmassy-New-Year good vibes, then there’ll be the presents, fireworks, champagne, mistletoe, more champagne, and then the clock will strike midnight and we’ll have a +1 to the eternal yearly calendar. Then, for perhaps the first few weeks of January we’ll all still be saying and writing the date as day/Jan/the year 2017; oops, 2018! We all do it! I think ).

Twenty-eighteen. It has a ring to it; yes – a nice, round number. And each numeral that makes up the date is an even number… What? You’re not sure about 1? Come on! 1 is 2 to the power of zero. Kinda :). But wait! There’s more even-ness in this number: each digit of 2018 is a power of two. But what don’t you like about zero? Well, think of an artificial number, raising it to the power of which two gives zero – what, difficult? Now think of an imaginary ‘i’, the square of which gives -1. Come on: such a sexy number as 2018 is just crying out for working a sweat up about :).

Ok, ok; agreed. We won’t spoil arithmetic with all kinds of unnecessary chimeras, to the power of which each decent two turns into an empty zero. But then, as per Chinese tradition, eight means wealth! So get ready – 2018 should be blessed with prosperity; there’s no chance of avoiding it!

Sooo. It’s time to stretch and warm up for what is bound to be an infinitely interesting – and perfectly prosperous – year. So let’s get stuck into some 2018-related arithmetic. And what comes to mind first? Yes: evenness.

2018 = 2*1009

1009 is a prime number. A bit like 2017. Last year I promised that 2017 would be a simple, straightforward year. And look how in the end it turned out! Now we need to get ready for an extra-simple/straightforward year, aka – a minus plus a minus gives a plus.

What else? The sum of all the numerals in 2018 is 11: a most photogenic number from any angle, and one that’s dear to me for technical reasons: the product of all nonzero numerals = 16, which can’t not raise the spirits of any programmer on the planet.

Ok, enough. Warm-up over. Let’s move onto our already traditional New Year arithmetic exercise. Here we go…

Given figures: 10, 9, 8, 7, 6, 5, 4, 3, 2, 1. Using only ‘+’, ‘-‘, ‘*’ and ‘/’, plus ‘(…)’, all in any quantity, and also using exclusively these figures only once and only in that order… – how do you get 2018?

For example:

((10 + 9 – 8) * 7) + (6 + 5) * (4 – 3 + 2) + 1 = 111

Here we get 111. But we need to get 2018!

Marks, get set, go! Who’ll do it first to become the champ?

10 9 8 7 6 5 4 3 2 1 = 2018

Once you solve it, you go to level two: Get 2018 from the same figures minus the 10.

9 8 7 6 5 4 3 2 1 = 2018

Got it? > Level 3…:

8 7 6 5 4 3 2 1 = 2018

I managed these without a calculator – and without peeking at last year’s brainteaser – in around 20 minutes in Shanghai waiting for my flight to Moscow. My attempt at the next one was interrupted of course by the inevitable ‘turn off your devices’ nonsense on the plane, but once the ‘seatbelts fastened’ light went off, I carried on where I’d left off:

7 6 5 4 3 2 1 = 2018

This one is impossible without a factorial. I think we could allow here powers and roots too.

6 5 4 3 2 1 = 2018

Here I needed a multifactorial.

All righty. From ten figures to six: done. We’re half way there. Next up will be the second part of the brainteaser: from five and down. But we’ll save that for next time. For now, I’ve a party to get to!…

Cheers!

 

Enter your email address to subscribe to this blog
(Required)

Non-stop country-swap; wooing in Wuzhen.

Hi folks!

Herewith, more on my time-warping theme, and on assorted tourisms – or their absence.

Sometimes I forget just how much city-hopping on planes I do in a month. It’s only when I look back over the month – usually by going through the photos I’ve taken during it – that I realize the actual numbers of cities visited are in double figures…

So, November 2017 for me went like this:

Like? I didn’t really. That was a tough November. I changed country (admittedly, twice three times – Germany, the UK and Russia) 11 times. I think that might be a record for a month – unless December beats it!…

Next up this month: Wuzhen, China.

Read on: City hop till drop; Wuzhen fusion…

Remember, remember, a hectic November.

Sometimes it seems such a shame there are just 24 hours in a day here on planet earth – normally. But it is possible to have less (why would anyone want that?), or – hurray! – to have more, if you’re careful with your choice of globetrotting-by-plane or certain-national-border-hopping-on-the-ground, that is…

But there are also occasions when you can lose a whole day, as in – a certain day you never see at all, it just passes you by or just never exists for you, and not because of a sleep-athon or coma or some such… I wonder – does that make you a day older? Younger? Hmmm.

So, how can you have a day just never occur for you? Well, here’s an example:

You board a plane, let’s say on August 28 and 14:30 in Santiago de Chile, and 14 hours later, with no night falling during that time, you land in Sydney de Australia. The local time at the destination: 17:30. But the day? August 30! WHAT? Where’d the full 24 hours of August 29 go? It disappeared down a black hole of time, aka the International Date Line. But if the IDL is imaginary… so, that means the day disappeared because of something only imagined and not real? Ok, I’ll stop there before your brain fries more than mine…

To help soothe your frazzled brains, herewith, a few entirely unrelated pics for your viewing pleasure, just when you need them most:

On the other hand, I’ve often had days that never seem to end.

For example, I’ve been woken up at around 2am by my alarm clock (hate that) in Thailand after a partner conference so as to get to the airport in time for my flight departing at 6am – to Tokyo (a timing/route mercifully since closed). Next up – a connection to San Francisco, California. All that in ONE calendar day (kinda), which ends up lasting something like 35-40 hours. Of course, one’s mental state upon arrival at the final destination is a cross between that of a vegetable and a zombie: red eyes, one side of the face lower than the other, perma-frown, very grumpy, etc., etc.: not a pretty sight. But what can you do? Duty calls.

So that’s how regular long-haulers lose or gain hours to their lives up in the air. Meanwhile, down on the ground you get a similar thing, only on a much smaller scale. You can’t go anywhere near as fast as a plane, so the most you can add or take off a day is an hour or two, possibly three at a stretch; more – only if there are two hours’ difference on a border and daylight saving time affects things.

So where can you get spookily-vanishing or magically-appearing hours of a day on the ground?

Read on: MMMM: Must-see Magnificent Maritime Museum!…

12 reasons volcanoes are way better than mere mountains.

The first inklings of a theory of volcanic superiority over lava-free mountains first came into existence 10 years ago when I first visited Kamchatka and climbed up my first volcano. It was during that ascent when I started to understand the reasons why I’m so attracted to volcanoes and not to inert mountains. And ever since then ideas of volcanic superiority have been developing into a near-complete theory, which I want to tell you about in this here blogpost.

Quick caveat: straight away I want to apologize to readers who are mountaineers, mountain walkers, or just plain mountain lovers, and also to those whose job it is to organize mountain expeditions. This text is in no way an attack on all things mountains; it’s just a collection of my own observations – possibly including mistaken ones.

I’ll start with a simple question:

How many countries have volcanoes as national symbols? Armenia, Tanzania, Japan… And how many have mountains as national symbols? Hmmm – can’t think of any except for Slovakia. Can you?

I suppose I could have ended this post here: the proof of the pudding volcanic supremacy is in the eating number of national symbols. But no, just to convince any of you doubters (including those who’ve already looked up Kriváň mountain:), I’ll continue. And I’ll begin with the simplest and most obvious preeminence: beauty.

Reason 1: Beauty. In my whole touristic career I’ve been to 24 volcanoes, and I do think you have to visit plenty of volcanoes to be able to boldly state they’re a better species of natural phenomenon than mountains. Well that’s that box ticked for me.

Of course there do exist beautiful mountains, but volcanoes resemble perfect pyramids a lot more often than do mountains. And should a mountain ever have similar characteristics shape-wise, then it’ll inevitably be referred to as ‘as beautiful as a volcano’.

Read on…

LCY – AMS: Quicker flight than the taxi ride to the airport.

Sometimes, trying to save time sees you spending even more of it…

Every now and then you hear a frustrated business traveler complaining about it taking longer to get to the airport than to fly to their destination. Well, this time that business traveler is me, for I’ve just set myself a record: a recent drive to an airport took twice as long as the flight itself! It was in London, but the airport wasn’t Heathrow or Gatwick or Luton, it was London City Airport – just 18 kilometers from our hotel near Hyde Park: a lot nearer. But we were driving for a whole 90 minutes! Oh my grrrr.

// And before you wonder why we didn’t take the Tube, let me just explain that we had with us fat and heavy suitcases to see us through a whole week of business traveling across four countries. Tried it before; the only conclusion: never again! The Underground is far too cramped for comfort with big suitcases.

Read on…

The glamorous final Grand Prix – where else but in Abu Dhabi.

Oh my G-force. The Formula 1 season’s over! Where did that go?

What can I say? Well done to Mercedes, is what. Unrestrainable and uncontainable they are. I mean, the Merc racing cars are pretty much the same as the Ferrari ones, but as a team they make less mistakes. The fearless Finn and the blazing Brit together make a fearsome twosome – a more level-headed and self-possessed one than Ferrari’s German-Finn combo, it turned out. In Baku Seb… forgot his age and national character traits, while in Singapore… no – let’s not even mention it. All the same – staying positive – we are at least one point up in the Constructors’ Championship.

So what about Sunday’s race? Well, of course it was on the Yas Marina Circuit, so it was never going to be a ton of fun. Our F1 fanatics always complain about how dull it is: boring turns, a lack of overtaking possibilities, and so on. But, as they say in Russia, to a bad taxi driver a round steering wheel will always be square :). The Benz boys won fair and square – at least to non-insider spectators. There were all sorts of rumors about behind-the-scenes pressure on the new owners of Formula One, but I don’t know the details and so can’t comment on them.

But now about the race.

The best bits of any race are of course the start, the tactical controversies throughout the race, the overtaking, and the pit stops. I think the pit stops are best of all: so long as you don’t blink! Three seconds and they’re done!

Read on: Pics from the pits…

Bunker in Berlin. Funst with Kunst.

Guten tag folks!

After a practically horizontal weekend (intense recuperation after the previous weeks’ long slog) and a day-and-a-half in the office in Moscow, before you could say das ist fantastisch, I was heading back to Deutschland. On the agenda: two days, two cities (Frankfurt and Berlin), four speeches, dozens of interviews, an event for partners. Then home again for another horizontal weekend to sufficiently recharge the batteries for yet another busy schedule the following week.

So. Frankfurt. What can I say? Well first here’s what I can show:

Read on: Pull up to the Bunker baby…

Tourism: Chinese. +4 must-sees.

In my Top-100 Must-See Places in the World, there’s a special section on China. So why does this single country get a section all of its own (as Russia does) unlike most other countries? Simple: it’s packed full of touristic wonders; it’s only they’re hardly known about outside the country. China is in many ways a self-sufficient country, and that includes in terms of its domestic tourism. China has no real need for foreign tourists: it has plenty to be getting on with from inside the country ).

Anyway, I regularly (but quietly) add new places to the China sub-list of my Top-100 list, based on my travels around the country. So here’s my latest update adding new data and recommendations to the list…

1. The Longyou Caves.

The Longyou Caves – meaning Dragon Caves – were discovered in 1992 when some locals were pumping water from a pond. You can image their surprise when they came across this lot! It turned out to be ancient man-made caverns – ‘secret’ (unrecorded) ones at that; MASSIVE ones at that (they scooped out a whopping MILLION cubic meters of bedrock to make them!). I mean, how do you (rather, you and, say, an army of laborers) keep that undertaking (which clearly lasted decades) quiet so no one at all knows about it/writes about it? All a mystery. And, accordingly – very must-see!

Here’s some detail on the caves; here too (photos are from here).

Read on: Longyou Caves, Dunhuang, and Lugu and Kanas Lakes…