Look at this talk and tell me what it's about:
|What is this about? ANYTHING?|
Anyways, I had low expectations based on the abstract. But the talk itself was great in the way all great talks are. It was a stampede through his life, which was fascinating and involved negotiations with Afghan warlords and other tide turners. And one thing he highlighted was the continual massive amount of continuity bias he saw everywhere he went, even when obviously things were changing about as fast as they possibly could.
This is nowhere more true than in every defense talk where they go on and on about how the attacker only has to find one hole, but the defender has to patch them all.
|Yes, looks like they are doing REAL well at maintaining invisibility, eh?|
Look, here's the thing. I read every incident response report that MS and FireEye and Crowdstrike and Endgame and everyone else puts out. PLATINUM looks like a no-holds barred good team. It's not a team that got caught from a leak. They got caught from a commercial, reasonably priced, incident response technology. What if network defense technology is starting to work?
What I'm saying is that it would be a massive mistake for US Strategic Policy to assume that Microsoft or QiHoo360 can't built a security fabric that stops exploitation even on buggy systems with nation-state 0day and techniques. We need to be careful when we design things like the VEP that we don't castrate our strategic intelligence needs.