Brighton Street Culture

Posted October 17, 2008 by mcurphey
Categories: Brighton, Humor

I love living in Brighton. Every time you walk around you are reminded of what a brilliant place it is to live. Today we were with the kids when we heard a drummer playing “In the Air Tonight” by Genesis Phil Collins. When we turned the corner there was a guy sat in a Gorilla suit. Hilarious.

 

005

(the very pregnant wife in front (terrible photo of her and she doesn’t want it on the web)

For those that don’t know here is the advert that inspired the scene.

On a related note I heard a hilarious thing on a program earlier. The discussion was about how women put on weight when they get married. The first caller (female) rang in and suggested it was because they are in love and feel comfortable. A second caller (male) rang in and said that’s that was rubbish as his wife couldn’t stand him and she’s as big as a bus.

Comments: 3 Comments

SecurityNow

Posted October 17, 2008 by mcurphey
Categories: Information Security Economics, Long Tail Security, Microsoft, Platforms, Security Platforms

clip_image002

We have just posted the first of a series of articles about a proof of concept called SecurityNow that we built at work.

http://blogs.msdn.com/cisg/

 

Comments: Be the first to comment

Michael Smiths Penetration Testing Blogs

Posted October 16, 2008 by mcurphey
Categories: Information Security Economics

A no-real value add post from me (sorry) but Michael Smiths articles on the Evolution of Penetration Testing (Part 1 and Part 2) are a pretty accurate assessment of the industry IMHO and well worth a read.

I particular like the conclusion;

However, as might be expected, it is bad news for IT security in general since all networks live in the same security ecosystem.   Market drivers that encourage poor security practices hurt us all.

PS we used to call them the “Scan Now boyz” !

Comments: 1 Comment

Is Spam Porn for the Security Industry?

Posted October 16, 2008 by mcurphey
Categories: Information Security Economics

We have all heard stories (urban myths?) about how the porn industry has driven technology from early DVD’s to streaming distribution on the grid. Could “spam” be a new driver helping artificial intelligence get smarter to solve complex low level security problems? Technology (an MIT Review site) has just published a story   about how spam is being used to drive smarter AI algorithms used to solve the email spam problems. I wonder if the sheer volume of shitty code floating in the ether will ever be feed into an AI engine to drive better code review tools?

Comments: Be the first to comment

Microsoft Joins OWASP

Posted October 12, 2008 by mcurphey
Categories: Microsoft, OWASP

If you navigate over to the OWASP members page you will see a new logo

Microsoft-logo_bL_150x50

It’s an interesting full circle for me having started OWASP back in 2001 and now having had a hand in one of the biggest technology companies in the world (my current employer) joining. Someone sent me a mail on Friday asking “What’s in it for Microsoft?”. My reply “It’s just the right thing to do.”

Comments: 3 Comments

SAFECode Releases "Fundamental Practices for Secure Software Development" Document

Posted October 8, 2008 by mcurphey
Categories: Software Development, Software Security

Info on Mike Howards blog here.

Comments: Be the first to comment

Are Business Risk and Technical Security Part of a Natural Fourier Series?

Posted October 8, 2008 by mcurphey
Categories: Certification, Compliance, Information Security Economics, Long Tail Security, Regulation, Security Industry

Decade after decade politics moves from regulated economies to de-regulated economies. Changes are usually are triggered by “unpredictable events” (in political speak). We are almost certainly about to go onto a period of heavy government regulation of the financial services industry where “unpredictable events” or “failure” in plain English is blamed on inadequate of regulation.

Internet cycles are of course generally shorter than political cycles yet at the same time closely tied. Over the last decade or so I have watched corporate security teams (and the information security industry as a whole) cycle through waves where governance, regulation and compliance was the short order of the day and waves where technical security was served up as the predominant answer. It’s hard to argue with risk management, it makes sense in the context of business conversations. It’s hard to argue with technical security, it makes equal sense in the context of technology discussions.

It seems to me the failures occur because there is a lack of connection between the two approaches. My issues with PCI are not about the intent, but about the implementation. We can all see how easy it is to have a PCI compliant application (some might say appropriately managed risk, and complying with regulations) that is wholly insecure.

I speculate that what’s actually at play in the big picture is a giant human Fourier series where convergence will only occur when technical security and business security connect.

scan0001

(Graphic when I have time)

Comments: 2 Comments

New US Dollar Bill Design for 2009

Posted October 7, 2008 by mcurphey
Categories: Humor

New US Dollar Bill

Comments: 1 Comment

Brilliant UK Laptop Repair Service

Posted October 7, 2008 by mcurphey
Categories: information security

It’s rare these days you get service so good you feel like writing to people about it. This morning (still sweaty from my morning run) I took the kids Vaio laptop (used for educational games and Internet TV (Windows Media Center of course)) to get a broken key repaired at PC World. After 15 mins in a queue I was told they couldn’t do it but told me to go to a place down the road called the Laptop Hut. I am always skeptical of small “expert computer repair folks” having spent countless hours repairing family and friends PC’s from so called “expert software repairs” in the past.

The friendly staff immediately took it, explained what was needed, did the repair right there in front of me and cleaned it off to boot. Al within 5 mins. No waiting, no fuss, just great service. When I went to pay I was told it was so small it was a courtesy. Its rare you find such great service these days and even rarer companies prepared to earn your long term business. I think companies like this need supporting and there needs to be more of them so if you are in the UK and have a laptop that needs repairing I highly recommend sending it to them. The Lap Top Hut.

Funny side story: On their buzzer was McAfee. Turns out some of the guys from SafeBoot acquisition work in the same office. Small world ;-)

Comments: Be the first to comment

MI6 Terror Suspects Pictures Found on eBay Camera

Posted September 30, 2008 by mcurphey
Categories: Information Security Economics, Security Industry, Spies, Spying

The types of data breaches in the UK never seize to amaze me. If you ever need proof that security is a People, Process and Technology problem then stories like this serve as a good reminder.

http://www.thisislondon.co.uk/standard/article-23561908-details/’MI6’s+t/error+snaps%27+on+eBay+camera/article.do

Thanks to Daniel for posting on a list……

Comments: Be the first to comment

« Previous Entries
Next Entries »