::: They don't have 20 brains, they have a country full It was just an example :-) to point out the scale of developers vs operators. Calin ---- On Wed, 20 Feb 2013 09:39:24 +0100 Warren Bailey<wbailey@satelliteintelligencegroup.com> wrote ----
They don't have 20 brains, they have a country full. I was in Beijing last year, it was eye opening to the see the state of affairs there.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: "calin.chiorean" <calin.chiorean@secdisk.net> Date: 02/20/2013 12:36 AM (GMT-08:00) To: Warren Bailey <wbailey@satelliteintelligencegroup.com> Cc: surfer@mauigateway.com,nanog@nanog.org Subject: Re: NYT covers China cyberthreat
IMO, if we stick to the document and they are organized in military style, then a person who collect information, should focus only on that particular phase. That person is an operator, he or she should not be keep busy remembering long CLI commands. The scope is to deliver ASAP.
No matter how much I like CLI and to put my fingers into text mode, I have to admit that point and click in windows is an easier and faster method to achieve the task I did mention. As Warren mention, if you have 20 "brains" it's easy to put those people port a tool from *nix to other platform and have the other 500 operators run it in windows. It's just a matter of good sense and "business" effectiveness :)
Maybe I misinterpret information, but this is how I see things.
Cheers, Calin
---- On Wed, 20 Feb 2013 09:24:10 +0100 Warren Bailey<wbailey@satelliteintelligencegroup.com> wrote ----
They are when you have a college full of programmers.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Scott Weeks <surfer@mauigateway.com> Date: 02/20/2013 12:23 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: NYT covers China cyberthreat
--- calin.chiorean@secdisk.net wrote: From: "calin.chiorean" <calin.chiorean@secdisk.net>
<snipped> :: when all tools are available for windows os, you just have to compile them. <sniped out the rest> -------------------------------------------------
They're not all available for m$.
scott
---- On Wed, 20 Feb 2013 09:02:35 +0100 Scott Weeks wrote ----
Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
I'm only part way through, but I find it hard to believe that only micro$loth computers are used as the attack OS. Maybe I haven't gotten far enough through report to find the part where they use the *nix boxes?