mailing list archives
Re: Late Friday thoughts on the Kevin Mandia RSAC keynote.
From: security curmudgeon <jericho () attrition org>
Date: Mon, 24 Mar 2014 16:28:40 -0500 (CDT)
On Mon, 24 Mar 2014, Richard Bejtlich wrote:
: I'm glad you thought it worthwhile to analyze whatever you analyzed, but
: after our report was public, the heads of the House and Senate Intel
: Committees, NSA, and others I won't name, said Mandiant got the
: attribution correct.
Because the government, also using closed sources and voodoo, is always
100% accurate? Please.
J. Oquendo shows his methodology using your data, which doesn't match
your conclusions. How about you answer his sincere question with a real
answer, not who you rub dicks with?
: > With all due respect to your researchers, colleagues, etc,
: > I took your APT1 data, ran it through all sorts of analysis'
: > all sorts of recon and I could not for the life of my come
: > to the same conclusions that you guys did.
: > All your data run through Sentinel Analysis
: > http://www.infiltrated.net/aptredux/
: > There is no voodoo, dirty tricks there, its all recorded
: > for all to see. Here is a mind map of all of Mandiant's
: > data:
: > http://infiltrated.net/straggler-f211596a8ac0cac13983ad2b98a71108/straggler-mapped.html
: > 70% plus, were mapped to one industry, not CN government.
: > Did you guys (Mandiant) omit some secret sauce, because I
: > still have a difficult time piecing together how - outside
: > of an IP address, and one name (UglyGorilla) - you guys
: > can even attribute this to CN gov.
Dailydave mailing list
Dailydave () lists immunityinc com
Re: Late Friday thoughts on the Kevin Mandia RSAC keynote. Halvar Flake (Mar 26)