Articles by Richard Stiennon On Security Trends


May 13, 2015

By Richard Stiennon

The greatest fear of anyone running a virtual machine especially in a shared hosting environment is that an attack against one VM could jump the wall and impact the other VMs on the same machine; a so called guest escape.

CrowdStrike, a vendor of host-based security solutions, announced today that one of its Senior Security Researchers, Jason Geffner, has discovered a vulnerability, dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), in the open source hypervisor software QEMU.


April 14, 2015

By Richard Stiennon

In 1995 a small security reseller in Southfield, Michigan, introduced possibly the first “cloud” based firewall: Check Point FW1 running on Sun Netra boxes in their small data center. Netrex would configure T1 connections from their customers’ routers to their data center and manage all of the firewall policies for them.

As they developed their management interface they pivoted away from providing these  “clean pipes” to what is now the traditional MSSP service of remotely managing customer devices on premise.


December 19, 2014

By Richard Stiennon

If the first indication that you have been hacked is your screens going blank or displaying an attacker’s message you are in real trouble. Another indicator that your organization does not understand cyber security is a call from the FBI to inform you that you are the source of a massive credit card theft. Both cases are becoming all too common.


October 10, 2014

By Richard Stiennon

The current flurry of breakups in the tech sector is gratifying to watch. The only conglomerate strategy I have ever seen work effectively is Alfred P. Sloan’s revolutionary “centralized decentralization" which allowed General Motors to become the dominant car manufacturer for decades. Roger Smith, the epitome green-visor accounting executive, destroyed that company by re-centralizing the divisions.


September 30, 2014

By Richard Stiennon

Today at the COSAC 21st International Computer Security Symposium and SABSA World Congress in Naas, Ireland, a researcher demonstrated a protocol he had devised that automates the transfer of data from any display to devices like smart phones.


September 25, 2014

By Richard Stiennon

By now you have heard about a new bug in one of the most popular Unix shell programs, the Bourne Shell, or bash.  If you run Mac OSX you probably have used bash, it is the default terminal app. Shellshock is a “bug” in the way Heartbleed is a “bug.” A mistake in implementing code. Shellshock allows anyone (or anything) that has shell access to execute arbitrary code. 


September 2, 2014

By Richard Stiennon

As summer is drawing to an end many IT security professionals are returning to their desks after vacations and trips to drop freshmen off at their new schools. A quick check of emails, Twitter, Facebook, and news sites will reveal that insecurity never sleeps nor vacations.


August 26, 2014

By Richard Stiennon

This is so different I had to write about it. Fortinet has had a very successful business in the distributed enterprise space with its line of UTM (Unified Threat Management) devices for a decade.


August 26, 2014

By Richard Stiennon

Michael Daniel, the White House Cyber Policy Coordinator,  created a disturbance in the force last week when he was quoted as saying: "Being too down in the weeds at the technical level could actually be a little bit of a distraction." 


August 18, 2014

By Richard Stiennon

In the wake of the high watermark breach that occurred at Target, there is more pressure on boards and senior executives to understand the threats they face on the cyber front. CEOs cannot help but ask “could we too suffer such a breach?”  In addition to that all-important question here are eight more questions that should be posed to the CISO.


Page 1 of 10 : First   1 2 3 4 5 6 7 8 9 10 Last

About securitycurrent | Privacy Policy | Subscribe to our newsletter