Thursday, April 1, 2021

Check Point Research Leak - Universe Is A Simulation


According to unpublished documents, Check Point Research a.k.a CP<R> division stumbled upon unequivocal proof that we are living in a digital simulation

One of researches, Uval Kerby, has decided to blow the whistle on an accidental discovery of that fact. He reached out to me the last week, and I have no other option but to publish what he told me. To make it simple, I am just posting the transcript of my phone call with Uval. Here we go (and you do want to sit down before continuing):

Author: Uval, hi. How are you doing?

Uval: Thanks, I am doing fine. I have only about 10 minutes, so let's just go to the main subject.

Author: Sure, although, I have to admit, I have a hard time with the whole idea. Your email said, you have proof the world is a simulation, right? So what, are we all living in Matrix, like in the movie?

Uval: No, no like in the movie. Matrix means there is a physical world outside of the simulation, and one can exit from the artificial construct into reality. That is not our case. We are all trapped in the simulation, and the boundaries are impenetrable for us. 

Author: Right... In your email, you have mentioned the work of Nick Bostrom, where he basically debunks the simulation theory, saying even if it is true, we do not have any practical means to prove it. Then, how come?

Uval: Bostrom is good, and the work you are quoting is quite compelling. Before him, by the way, the same idea was contemplated by Mayans, Antique Greeks and even Rene Descartes. To prove you are in the simulation, you have to step out of that simulation. Like any character in your favourite computer game, you cannot do that, ever. But there is a catch. Bostrom, and any other philosophers are/were not coders. 

Author: How does that make a difference? I do not understand.

Uval: Yes, it is only simple when you already know the answer and look at whole idea in retrospect. Let me put it in this way. Even if you cannot step out of the simulation, you still can hack it. Or could, as in our case. We hacked the universe.

Author: Hacked?! What does even mean?

Uval: Well, maybe not exactly hacked, but we managed to turn on some kind of "debug mode" in it, more than once.

Author: Can you elaborate?

Uval: I can try. In short, there are quite a few tell-tale signs all around us. My own revelation happened when I learned about Chronon, the quantum of time. The idea is about one century old. Robert Lévi came up with that theory in 1927, and since then it gained weight. Piero Caldirola is the author of compelling theory. For scholars, that is a way to simplify description of the observed results in quantum decoherence. For a coder it is something completely different. Why would time be discrete? It only makes sense if you are using a program which is calculating certain iterations. It looks like computational cycles, don't you think?

Author: Maybe... But there is a huge difference between any aspects of quantum theories and your original claim. Can we stay on topic, please? Tell me what happened.

Uval: Sure. As part of my freelance, I am doing digital quantum calculus for CERN. There was an issue with interpretation of one of the experiments. The program worked, and the experiments show consistent results, but if we would run real time digital analysis an experiment, the outcome was odd. The particle chamber would go to a weird state, where the interacting particles would suddenly "freeze" for a moment. It looked like time in the chamber would freeze, while outside of it time was still ticking. 

Author: How did CP<R> come into the picture?

Uval: That's the best part. I wanted Check Point researches to look into any problem with the code we run, to make sure it is not compromised. CERN suffered multiple hacking attempts (some of them partially successful) over the last ten  years. We wanted to be sure nobody plays us for a fool. I called Oded Vanunu, and his team helped us. This is where we found what we found.

Author:... not sure I understand.

Uval: Our code was okay. But then cyber security researches found a way to freeze time without that particle chamber. In fact, we have discovered a combination of events leading to a relatively short time freeze in a certain portion of space. There is also way to define, how big this bubble of frozen time is, and how to manipulate it. Time is not just freezing, you can move it forward and back at will, within certain limits. It looks like certain chain of events "breaks" the simulation, and it goes to a limited debug mode of sorts, before recovering.

Author: I am still trying to comprehend. Anyhow, why was not it published? Why the secrecy? Too dangerous? Military implications? Political pressure? Too crazy?

Uval: Potentially, it could be all of the above, but... don't laugh... I think the main reason is that "debug mode" vulnerability in the universe is now patched. We cannot reproduce the effect anymore. Whoever runs the simulation, they detected our experiments and blocked us for good. We are now back to square one...


Monday, April 1, 2019

Urgent - malware can affect humans!

CP alert, 01.04.2019 

Check Point Research Team is about to release an article concerning new and somewhat terrifying development in the world of malware. Apparently, they have discovered a strain of malware affecting not only computers and mobile devices but also humans.

Similar to what has been described in Neal Stephenson's Snow Crash novel, a computer virus sends some seemingly random sets of digits to GPU causing it to show short timed "garbage" images between the regular frames.

This is believed to be a side effect of GPU crypto-jacking attempts.

Normally those images are not registered by human mind, but if one's screen refresh rate is set to 60 frames per second, there is a risk of exposure.

Our source claims that at least one of key researches has been affected.

Symptoms can include nausea, headaches, seizures, and blackouts. In a long term, malware can lead to psychic and personality changes, causing anti-social behaviour, addiction to loud rock and rap music, desire to ware baseball caps, grow a beard, or to ride a heavy motorcycle at high speed.

If you experience any of these symptoms, contact the author of this blog for further investigation. Do not panic, damage can be reversed, but requires immediate attention.

Thursday, July 26, 2018

Future of this blog

To all my readers, subscribers, colleagues and friends,

In July this year, I have re-joined Check Point Software Technologies as a Cyber Security Evangelist. My new role is about developing and running CheckMates communities and live events in Europe and Asia.

I have started this blog as a convenient working notes format, and then with your support and assistance it became much more than that. I have dome my best to share my expertise, knowledge and understanding of security practices in general and Check Point approach in addressing them in particular. I have met with some of you on my workshops, seminars, training events and also on CPUG and CPX events.

Now it is time to take it to the next level.

I am running several Check Point related groups on LinkedIn. In my new role, I have also assumed admin role at CheckMates. I will be going around to meet some of you during CheckMates User Group regional events. I am already having some dates booked for this year around Europe, and there will be more.

However, it is no longer practical to run this particular blog as an independent discussion board. I will keep it alive, of course. But if you want to stay in touch, please follow me on LinkedIn and CheckMates, please.

Thanks a lot for your support and trust, that means a lot.

Thursday, June 7, 2018

Malwaretec vs FBI - all shades of grey

There is a new development in the FBI vs Marcus Hutchins case. The young fellow is now facing another charge, about lying to FBI.

Marcus's arrest and detention in USA the last year was widely publicized, and his campaign to raise money for his defence is quite successful.

I do appreciate his lawyer's vigour. There is a huge outcry now about how FBI has no case and keeps adding charges to the case. This is a reasonable strategy, however if we want to see the the real picture, it is also good to hear the other part of the story.

There is of course, FBI's indictment papers, but it is not a fun read, and a very long one. Instead I suggest you reading quite compelling research Krebs did on Marcus the last year. If FBI is half as good as Krebs, I would be concerned about the actual outcome of this case. It seems to me there is no back in white in this specific situation, but lots of grey in too many shades.

Friday, April 20, 2018

GuardiCore scores 5 awards on RSA conference

I am happy to share with you that GuardiCore has received 5 (five!) prizes at RSA conference recently. Here is the short list:

InfoSec Magazine Awards:
Cloud Security - Best Product
Microsegmentation - Most Innovative

InfoSecurity Global Excellence Awards:
Innovative Company of the Year (Security)
Cloud Security
Deception Based Security

Proud to be a guardicorean!

Friday, March 30, 2018

Cloud security concerns and ways to address them

It is common today for cloud services to be compromised for months without detection. Remember that Tesla cloud case, where hackers were able to mine moneros for at least a month before being detected? Similar things may happen to others.

Today MyFitnessPal has sent a notification to its users that their accounts are compromised. The hack as discovered five days ago, but the actual hack happened at least a month ago. 150 million accounts are affected.

In light of GDPR coming into effect in May this year, I would expect many companies to review and eventually report personal data breaches more often.

Let's face it: cloud requires elaborate and agile security tools. It is not enough to through an expensive FW on the perimeter anymore to feel safe. If at least one VM or container is compromised, the whole environment is pretty much a goner, unless you have ability to detect and mitigate penetration on time.

Cloud security solution should combine elasticity, effective micro- and nano-segmentation abilities, application integrity control and effective breach detection that would help to avoid a situation when hackers are sitting at your cloud for weeks and months without being detected.

GuardiCore Centra is probably the only one solution today that combines dynamic deception, deputation based detection, effective segmentation technology and unprecedented visibility for virtualised and cloud based data center environment.

Feel free to contact me if you want to learn more.

Saturday, February 10, 2018

UserCenter battle continues as Check Point account services are still failing to do their job properly

In my previous post I have already mentioned that my old account came back online. I have also received several notifications from CP account services.

The first one was hilarious. They have asked me to update my email with Pearson VUE before transferring my certifications that are already granted. After asking them if this is a joke, they reported that they have transferred certification history. Well, I had to check. Guess what...

Two out of 14 certificates were lost in the process. Every time account services answer, they are also closing the open case. I have had to reopen it twice already.

So far nobody picked up a challenge about email address change. Too bad, as all this hustle would be avoided completely, would I be able to change that bloody email myself.

However, I would like to ask one more question. What is wrong with account services and Check Point? Why are they failing to perform a simple task?

Update: The issue is finally resolved. 6 days and two escalations. For a simple email change. Fantastic job, Check Point, really well done