Here's the quote from the organization's co-CEO Nicole Eagan, describing her company's product:
"It’s very much like the human body’s own immune system," says the company’s co-CEO Nicole Eagan. "As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response." - via a report from Karen Hao, writing at MIT's Technology Review
The description of this product is a nearly perfect example of Security Bloviation - and certainly ranks in the top 5% of bombast relating to a company's solution to a difficult problem.
Predicated on my understanding of this product, that is, the functionality deployed (in the effort to foil exfiltration of sensitive (and otherwise) bits), is all about 'algorithmic-based unsupervised-learning', rather than misplaced New Age conceptual witticism attaching some amorphous cognitive "innate" behavior to an agglomeration of bits.
In reality, the product probably works as advertised, regardless of the questionable description proffered by the 'co-CEO'. For me - and many of my Information Security meatspace colleagues, the question is, how long will the product work (until it-too is gamed by our miscreant adversaries) and with what definable level of efficiency?
"Congratulations for everyone who got accepted for the #BHUSA18 Arsenal. The choice was very difficult. Promise we will give priority for those rejected in the next session in London."— via @ToolsWatch
via Anton Chuvakin, Ph.D., Research VP and Distinguished Analyst at Gartner, speaks security truth to power. Pay attention folks - your organization's security and continued existence could very well depend on the action you take in your environments, based what he has to say.
Now nearly eight years old, MAC Freeware Suspicious Package, the tightly focused security tool for Apple Inc's (NasdaqGS: AAPL) OS X hit another milestone this year (in February) now at version 2.0.1.
Crafted by Mothers Ruin, Suspicious Package takes a deep view into installer packages (in the Finder). The bits utilize Quick Look to display the contents of the package, popping up a preview in the Quick Look window. A superb, single purpose security tool for your toolkit.
"Shouldn't I be suspicious of the Suspicious Package package? Yes, we're aware of the ... irony of distributing Suspicious Package as a package, but it's very awkward to distribute it any other way. If you want an alternative, though, there are instructions here. The Suspicious Package package is signed with an Apple-issued “Developer ID” certificate, and so will be recognized as valid by the Gatekeeper feature of OS X. The signer, as displayed by Suspicious Package itself, will be “Randy Saldinger,” which is the real name of the person who writes in the first person plural for Mothers Ruin Software." - via the Mothers Ruin Suspicious Package FAQ
Russ McRee's well-wrought piece published on his highly respected HolisticInfosec site, within his toolsmith column (both on his site and formerly in the ISSA Magazine) provides a tour-de-force primer on utilizing the R Development Environment. R in this case, is bent to Russ's will to accurately depict (of course) network data (in this case generated by (and in Russ's words) - "network traffic packet capture specific to malware called Win32/Sirefef or ZeroAccess that uses stealth to hide its presence on victim systems". Today's Must Read.
Physikalisch Zugriff Nicht Erforderlich
More interesting security slap and tickle at the Chaos Computer Club confab in Germany... This time, apparently the lack of physical access was not an impediment in the second well publicized defeat of Apple Inc.'s [NasdaqGS: AAPL] TouchID. Jan Krissler, holding forth at the conference has detailed the steps taken to overcome the vaunted security of TouchID via a presentation entitled 'Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] '.
'Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.' - via Emil Protalinski writing at VentureBeat