Dailydave mailing list archives
Profiles in courage: Eugene Kaspersky
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 16 Oct 2012 11:00:42 -0400
So in my talk in Ottawa <http://www.countermeasure2012.com/program.html> this month, the first section is "Profiles in Courage". One of the people profiled is Eugene Kaspersky. To put it simply, Eugene likes to poke big cats in the eyeball. That takes balls, even for a billionaire with a Russian military uniform in his closet <http://www.wired.com/dangerroom/2012/07/ff_kaspersky/6/>. As a sample illustration, let's take a quick look at yesterday, when Kaspersky came out with a big press effort announcing they had found a "miniFlame" (compare their lengthy paper <http://www.securelist.com/en/blog/763/miniFlame_aka_SPE_Elvis_and_his_friends> to Symantec's slight blurb <http://www.symantec.com/connect/blogs/w32flamerb-additional-module-discovered>). Of course, this is just one example - it's been obvious from his twitter feed that Kaspersky has taken the "nation state" threat /personally/ in some ways. True, Kaspersky Antivirus protects many of those customers in the Middle East who have been infected by Flame. But there's "Being annoyed because my commercial interests are at stake" and there's "taking it personally" and if I had to guess which one Eugene was doing, it would be the latter. Because knowing, as he does in great detail, how casually the authors of Stuxnet could "deny/degrade/distrupt/destroy" Kaspersky (say, by using the Kaspersky AV code signing key for the next version of Flame, which would be hugely amusing), he still appears to make quite a point of calling them out whenever possible. But this brings us to today, when Eugene announced on his personal blog <http://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-system-we-confirm-the-rumors-and-end-the-speculation/> that Kaspersky was creating a system to run industrial control systems (ICS) - but run them securely! Frankly, I think the whole ICS security excitement is slightly overblown (there are many gateways to creating "interesting effects" from cyberspace and ICS is just one of them - and not, in my personal opinion, the best one) but building a whole new OS is definitely an interesting path to take. It goes without saying that there won't be any Kaspersky-OS installs on critical infrastructure in the United States (or her allies), but the courage of creating such a thing, and installing it on important Russian critical infrastructure, is to say that Eugene thinks that his company is capable of defeating the team that built Stuxnet - and defeat them on their own turf. It's that kind of extreme (and frankly admirable) hutzpa that wins Eugene a spot in the talk. :> -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Profiles in courage: Eugene Kaspersky Dave Aitel (Oct 16)
- <Possible follow-ups>
- Profiles in courage: Eugene Kaspersky Dave Aitel (Oct 16)