I think I am going to rename this blog “Stuff that doesn’t fit into 140 chars” (stolen from Chris Anderson). I am mainly posting on Twitter these days, you can follow me here www.twitter.com/curphey . I am not sure how I missed this absolute gem of a blog post but I did. It’s a great [...]
Archive for the ‘Security Bullshit’ category
Gem of a Security Post
June 15, 2009S = ƒ ( ___ )
April 24, 2009S = ƒ(°WFF) Degrees of Warm Fuzzy Feeling S=f(p,d)+Rn (Prayer, Denial) + Number of Days till Retirement S=f(n) Where n is the number of security guys you know S=f(1/n) Where n is the number of security standards documents you have read S = ƒ(#B*#FCA) Number of people you can blame multiplied by the number of [...]
Is More Bullshit Being Called Out? Great Posts
February 17, 2008Is more bullshit being called out? Great Post. As is this on the same topic.
Now That’s a Novel Way to Kill the FUD
February 17, 2008Static Analysis Tools Exposition (SATE). If these guys would do this on other tool classes I think we could breakdown some more security religion and get back to creating pragmatic solutions to real problems. Wow, the first two rants ever on my blog each within a few minutes, strange day.
Security Marketing Spinning Further Out of Control
February 7, 2008In the UK we have the Advertising Standards Authority. If someone makes a claim in an advert, they need to be able to back it up. If you say Fish Fingers are rich in Omega 3 then be prepared to prove it. If you have a magic face wand that removes wrinkles then make sure [...]
Bring Back Security Bullshit?
January 30, 2008Last year I had some cartoons calling out BS where BS prevailed. The cartoons are still up although I let the domain expire. There were quite a few “that’s hilarious” “or spot on” and quite a few “You’re an ass (from people who were probably uncomfortably close to the topic). A few people are asking [...]
Why Risk Management is Like Eating Lettuce
January 30, 2008On Sundays it’s a British tradition to wake up with a hangover, get a copy of the Sunday Times and watch the morning politics shows on the beeb. This Sunday past was traditional for me. Data breaches and privacy are hot political topics in the UK after the national fiasco overseen by Alistair Darling. I [...]
O’McAfee, Where Art Thou
January 19, 2008Some friends on the “inside” were horrified when McAfee bought ScanAlert. It’s ironic that McAfee are now busted with basic web vulns on their own sites. Curphey’s Law: When you create (or participate in) a security market based on low cost, expect (or deliver) low quality. This is the same argument I have against PCI [...]
Dear Idiot, Your New UK Security Tools Law Sucks!
January 18, 2008Dear Idiot (Tom Harris – Labour MP for Glasgow), The world has gone mad and I am boarding the next commercial flight on Virgin Galactic in search of a world where numnuts and numties no longer rule. It was my birthday last Thursday and very peasant it was too. I got back from a week [...]

Farewell Security Buddha – Hello Curphey 2.0
March 5, 2010I openly admit I had a mis-spent youth. I was expelled from school and then went on a rampage of sex, drugs, booze and rock and roll for the best part of a decade. I lived hand to mouth and did everything from stacking yogurts in a yogurt factory (working nights), selling houses, working behind [...]
Categories: Beautiful Security, Careers, Getting Things Done, Long Tail Security, Microsoft, OWASP, Productivity, Security Blogs, Security Book Reviews, Security Bullshit, Security Industry, Software Development, Software Security, Speaking, Technology Commentary, Travel, UX, Working at Microsoft, information security, open source
Comments: 9 Comments