[Dailydave] Late Friday thoughts on the Kevin Mandia RSAC keynote.

Richard Bejtlich taosecurity at gmail.com
Mon Mar 24 18:15:08 EDT 2014


...and this is why I don't usually respond here.

It's time for me to leave the list.

Good luck,

Richard

On Mon, Mar 24, 2014 at 5:28 PM, security curmudgeon
<jericho at attrition.org> wrote:
>
> On Mon, 24 Mar 2014, Richard Bejtlich wrote:
>
> : I'm glad you thought it worthwhile to analyze whatever you analyzed, but
> : after our report was public, the heads of the House and Senate Intel
> : Committees, NSA, and others I won't name, said Mandiant got the
> : attribution correct.
>
> Because the government, also using closed sources and voodoo, is always
> 100% accurate? Please.
>
> J. Oquendo shows his methodology using your data, which doesn't match
> your conclusions. How about you answer his sincere question with a real
> answer, not who you rub dicks with?
>
>
> : > With all due respect to your researchers, colleagues, etc,
> : > I took your APT1 data, ran it through all sorts of analysis'
> : > all sorts of recon and I could not for the life of my come
> : > to the same conclusions that you guys did.
> : >
> : > All your data run through Sentinel Analysis
> : > http://www.infiltrated.net/aptredux/
> : >
> : > There is no voodoo, dirty tricks there, its all recorded
> : > for all to see. Here is a mind map of all of Mandiant's
> : > data:
> : >
> : > http://infiltrated.net/straggler-f211596a8ac0cac13983ad2b98a71108/straggler-mapped.html
> : >
> : > 70% plus, were mapped to one industry, not CN government.
> : > Did you guys (Mandiant) omit some secret sauce, because I
> : > still have a difficult time piecing together how - outside
> : > of an IP address, and one name (UglyGorilla) - you guys
> : > can even attribute this to CN gov.


More information about the Dailydave mailing list