Mandiant is Google's incident response consulting business. Having worked for many years in that field myself (though not for Mandiant), they're probably sick of going to the same old engagements where companies have been getting owned the same way over and over again for the last 15 years.
What releases like this do is give IT ops people the ammunition they need to convince their leadership to actually spend some money on fixing systemic security problems.
> Mandiant is Google's incident response consulting business
Consulting business? I was under the impression (from Google Reader) that if users aren’t in the millions, then they’ll kill the project. How could they also run a high-touch consultancy?!
> they're probably sick of going to the same old engagements
Hmm… consultancies love this type of recurring revenue - it’s easy money
> Consulting business? I was under the impression (from Google Reader) that if users aren’t in the millions, then they’ll kill the project. How could they also run a high-touch consultancy?!
Google also has the Project Zero which doesn't fit into Google business culture either. I wonder if Mandiant is paying for their payroll.
Google is a quarter million person company (if you count full time, temps, vendors and contractors).
Google Cloud is basically an entirely different company than Search or Maps. Cloud will happily sell you $10m in compute a year and a value add $400k of security consulting.
NTLM is often used for more of the underlying technologies, some more secure than others… nthash, net-ntlmv1, net-ntlmv2. There’s a little more complexity here and this is different than the stuff that was out 15 years ago
> this is different than the stuff that was out 15 years ago
This stuff was out at least 10-15 years ago. It’s different from the ancient local ntlm hash cracking everyone used to get admin in high school, yes, but it’s not a novel technique.
You're not wrong, I just want to point out this is net-lmvm1, which is different and more complex. Not functionally meaningfully more complex to an adversary with a few hundred USD (almost typed LSD) in monies. But technically larger tables. That being said I'm in agreement that this has been known problem for 10+ years, and Google is just saying the horses are so long out of the barn their grandchildren are grazing.
I’ve either been involved with or adjacent to dozens of Accenture projects at 5 companies over the last 20 years, and not a single one had a satisfactory outcome.
I’ve never heard a single story of “Accenture came in, and we got what we wanted, on time and on budget.” Cases of “we got a minimum viable solution for $100m instead of $30m, and it was four years late” seem more typical.
Just like IBM, they are big enough that no one ever got fired for buying them.
I've also found they do a good job of getting cadre of executives that float between companies hiring them when they move between companies while they get wined and dined.
It's just that they're only seeing money to build and a place to make excuses on being late.
If you hire your own people you can make them feel how well the business is doing and get features out the door tomorrow and build to the larger thing over time.
It was inevitable. I’ve learned over the last few decades that people who actually understand how the Internet works don’t exist in huge numbers in Canberra. Especially not at places like ASIC, which for U.S. readers is the equivalent of the SEC.
What releases like this do is give IT ops people the ammunition they need to convince their leadership to actually spend some money on fixing systemic security problems.
reply