slideshow 1 slideshow 2 slideshow 3 slideshow 4 slideshow 5 slideshow 6 slideshow 7

Cyber Defense Consulting

Stiennon works with senior executives and boards to evaluate an organization's cyber preparedness. Gaps in technology, people, and process are identified and roadmaps created to enable an enterprise to counter highly targeted attacks.

Advisory Services

IT-Harvest works with Wall Street Analysts, Private Equity Firms, Vendors, and  Venture Capitalists to identify market movers, inflection points, and emerging technology vendors. Follow Richard Stiennon on Gerson Lehrman Group's expert network for commentary on publicly traded security vendors.


IT-Harvest tracks over 1,200 security vendors and publishes' white papers and industry reports on trends and disruptive changes in the market. See our Security Analysts at conferences worldwide or follow the Cyber Domain blog on

IT Security Industry Has a New Adversary

First appeared in securitycurrent December 30, 2013

My coverage of the NSA’s massive data gathering and attacks on fundamental security technology has been focused on the expected impact on the IT security industry. I was one of the first to publish trepidation a day after the first Snowden report (NSA Surveillance Threatens US Competitiveness, June 7, 2013) and again a week later (Crisis Of Confidence Could Spur Flight From US Tech, June 14, 2013).

Recent events appear to validate my concerns that loss of faith in US tech companies is hurting financial results, at least for the major vendors:

Cisco’s gloomy revenue forecast shows NSA effect starting to hit home

Lawsuit accuses IBM of hiding China risks amid NSA spy scandal

Qualcomm CEO Says NSA Fallout Impacting China Business

Anecdotal evidence from vendors who are being requested to attest to the lack of NSA complicity in their products and data centers indicates that dis-trust is having a wider impact than just major vendors trying to expand in China.

The Incredible Power of XKeyscore

First appeared in securitycurrent December 20, 2013

Der Spiegel makes light of an incredible tidbit they extracted from a 50-page catalog of exploit technology apparently developed by the NSA’s Tailored Access Operations (TAO).  The German newspaper describes, and dismisses as not very threatening the ability of an analyst using XKeyscore to identify a target’s machine, probably by IP address.     

Then, if that machine ever files a crash report with Microsoft (or presumably any application such as Mozilla’s Firefox) the vast store of data that the NSA has collected is investigated with XKeyscore to recover a copy of that crash report --which was captured, along with everything else, by the NSA’s taps into most network traffic.

Wait, what? Crash reports are not encrypted when sent to Microsoft or Mozilla? Apparently, not. Microsoft’s documentation states that Personally Identifiable Information (PII) is encrypted via HTTPS but not the rest of the information.

As if we needed it, here is yet another reminder that software developers can be woefully ignorant of the need for security. Crash reports often contain a snapshot of memory at the time of the crash. An attacker could use that information to understand the processes running on the target machine. Even passwords, or at least hashes of passwords, can be revealed in crash reports. This is a process vulnerability that Microsoft will have to address immediately.

It is Time for the TCG to Repudiate the NSA

First published in securitycurrent October 22, 2013

Trust is fragile and the decade long effort on the part of the NSA to compromise all security models has destroyed trust.  From its inception the coalition of industry giants who have backed the concept of hardware-based security, the Trusted Computing Group (TCG), have been at odds with the “information should be free” crowd. The problem these giants (Microsoft, Intel, AMD, IBM, HP) faced a decade ago was software and media piracy. As the biggest backer, Microsoft, was the most suspect. In recent weeks that suspicion of Microsoft has exploded into bald-face claims from the German BSI that the Trusted Platform Module, the hardware component of Trusted Computing is an NSA backdoor. And who knows what further releases of the Snowden files will unveil about the NSA’s involvement with the Trusted Computing Group?

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer