Bob Lord
@boblord.bsky.social
Cautiously pessimistic, esp. about cyber things.
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
Pinned
Bob Lord
@boblord.bsky.social
· Dec 20
The Quiet HTTPS Revolution
In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…
medium.com
Reporters, this is a story worth covering. It might not be as glamorous as high-profile hacks, and it might not attract as many clicks, but it’s important. The quiet adoption of HTTPS has improved online security for billions of people, and it deserves attention.
medium.com/@boblord/the...
medium.com/@boblord/the...
Reposted by Bob Lord
"…the time to evaluate and implement passkeys is now… adoption offers not just enhanced security but also a competitive advantage in user trust…"
"…embracing passkeys isn't merely an upgrade; it's a fundamental recalibration of our approach to… security."
allsafeus.com/elevating-mfa-w...
"…embracing passkeys isn't merely an upgrade; it's a fundamental recalibration of our approach to… security."
allsafeus.com/elevating-mfa-w...
allsafeus.com
December 6, 2025 at 5:16 PM
"…the time to evaluate and implement passkeys is now… adoption offers not just enhanced security but also a competitive advantage in user trust…"
"…embracing passkeys isn't merely an upgrade; it's a fundamental recalibration of our approach to… security."
allsafeus.com/elevating-mfa-w...
"…embracing passkeys isn't merely an upgrade; it's a fundamental recalibration of our approach to… security."
allsafeus.com/elevating-mfa-w...
Reposted by Bob Lord
As a card-carrying old lady yelling at clouds on the topic of public wi-fi (and not scaring people about it), excited to see it at the top of this very good list.
As a security person, I SO appreciate great bits like this open letter around bad security advice ( www.hacklore.org/letter), especially given that it's got reputable people like @leak.bsky.social signed on.
I agree that outdated advice and half-truths are just as bad as giving wrong advice.
I agree that outdated advice and half-truths are just as bad as giving wrong advice.
The Letter — Stop Hacklore!
www.hacklore.org
December 5, 2025 at 11:04 PM
As a card-carrying old lady yelling at clouds on the topic of public wi-fi (and not scaring people about it), excited to see it at the top of this very good list.
📨 The first Hacklore newsletter is out! 📨
We are taking on outdated cybersecurity advice for everyday people and replacing it with guidance grounded in how attacks actually happen. Join the community that wants to make security common sense.
Read/subscribe here:
buttondown.com/hacklore/arc...
We are taking on outdated cybersecurity advice for everyday people and replacing it with guidance grounded in how attacks actually happen. Join the community that wants to make security common sense.
Read/subscribe here:
buttondown.com/hacklore/arc...
Launching the Hacklore Project!
We're live! Welcome to the inaugural hacklore project newsletter! I’m grateful to the roughly 100 security experts who joined me in calling for an end to...
buttondown.com
December 5, 2025 at 3:47 AM
📨 The first Hacklore newsletter is out! 📨
We are taking on outdated cybersecurity advice for everyday people and replacing it with guidance grounded in how attacks actually happen. Join the community that wants to make security common sense.
Read/subscribe here:
buttondown.com/hacklore/arc...
We are taking on outdated cybersecurity advice for everyday people and replacing it with guidance grounded in how attacks actually happen. Join the community that wants to make security common sense.
Read/subscribe here:
buttondown.com/hacklore/arc...
No surprise that Casey Ellis and Trey Ford do a great job of explaining the thinking behind the hacklore.org project in a fun and accessible manner. They also do it in just 15 minutes! Well worth your time. 🙏
Bugcrowd Security Flash: The HackLore Project
www.youtube.com/watch?v=NOfV...
Bugcrowd Security Flash: The HackLore Project
www.youtube.com/watch?v=NOfV...
Bugcrowd Security Flash: The HackLore Project
YouTube video by Bugcrowd
www.youtube.com
December 3, 2025 at 5:05 AM
No surprise that Casey Ellis and Trey Ford do a great job of explaining the thinking behind the hacklore.org project in a fun and accessible manner. They also do it in just 15 minutes! Well worth your time. 🙏
Bugcrowd Security Flash: The HackLore Project
www.youtube.com/watch?v=NOfV...
Bugcrowd Security Flash: The HackLore Project
www.youtube.com/watch?v=NOfV...
Reposted by Bob Lord
Just imagining how much better it would be if ALL news stories about vaccine-preventable illnesses were illustrated with pictures of people with the disease, not pictures of needle injections. If you must show something that people will find scary & unpleasant, make it the disease, not the cure.
I'm so tired of measles.
I'm also tired of people using needle shots on stories like this.
Show what measles looks like.
I'm also tired of people using needle shots on stories like this.
Show what measles looks like.
Gallatin Co. reports 2nd measles case, warns of exposure sites nbcmontana.com/news/local/g...
December 2, 2025 at 4:40 AM
Just imagining how much better it would be if ALL news stories about vaccine-preventable illnesses were illustrated with pictures of people with the disease, not pictures of needle injections. If you must show something that people will find scary & unpleasant, make it the disease, not the cure.
Looking forward to the family's annual viewing of the two best Christmas movies: Three Days of the Condor, and The Conversation. 🕵️🎄
December 2, 2025 at 12:53 AM
Looking forward to the family's annual viewing of the two best Christmas movies: Three Days of the Condor, and The Conversation. 🕵️🎄
Thanks for the #hacklore shoutout!!
My latest this.weekinsecurity.com newsletter is out, with stories on: A prolific hacker outed as Jordanian teen; Gainsight downplays its data breach; Shai-Halud worm hacks thousands of devs; FCC warns hackers are hijacking emergency alert systems; a Mixpanel breach hits OpenAI, and much more. (1/2)
this week in security — november 30 2025 edition
Prolific hacker outed as Jordanian teen, Shai-Halud worm hacks thousands of devs, FCC warns of emergency alert hijacks, Mixpanel breach hits OpenAI, and more.
this.weekinsecurity.com
November 30, 2025 at 5:23 PM
Thanks for the #hacklore shoutout!!
Guess who is dressing up tonight‽
And it would not be complete without a Hacklore.org QR code. (Be sure to scan on public WiFi!)
And it would not be complete without a Hacklore.org QR code. (Be sure to scan on public WiFi!)
November 29, 2025 at 9:31 PM
Guess who is dressing up tonight‽
And it would not be complete without a Hacklore.org QR code. (Be sure to scan on public WiFi!)
And it would not be complete without a Hacklore.org QR code. (Be sure to scan on public WiFi!)
All I want for Xmas is for Signal to run on my ARM based Chromebook. 🎅 💪💻🙏
November 29, 2025 at 6:24 PM
All I want for Xmas is for Signal to run on my ARM based Chromebook. 🎅 💪💻🙏
Reposted by Bob Lord
November 29, 2025 at 2:22 PM
🎅 ✈️ 🚃 🚗 How can friends and family can keep their online accounts secure during the holiday and travel season? This article does an outstanding job of explaining what really keeps accounts safe vs hacklore. 🙏
www.thetimes.com/article/cfd5...
More info: www.hacklore.org 🔐
📢 Spread the word! 📢
www.thetimes.com/article/cfd5...
More info: www.hacklore.org 🔐
📢 Spread the word! 📢
Stop Hacklore!
www.hacklore.org
November 28, 2025 at 3:02 PM
🎅 ✈️ 🚃 🚗 How can friends and family can keep their online accounts secure during the holiday and travel season? This article does an outstanding job of explaining what really keeps accounts safe vs hacklore. 🙏
www.thetimes.com/article/cfd5...
More info: www.hacklore.org 🔐
📢 Spread the word! 📢
www.thetimes.com/article/cfd5...
More info: www.hacklore.org 🔐
📢 Spread the word! 📢
Very excited that the Risky Business podcast has a shout-out to the Hacklore project! Here's a link to that segment:
www.youtube.com/watch?v=3YC5...
Thank you @patrick.risky.biz and @metlstorm.risky.biz! 🙏
www.hacklore.org
www.youtube.com/watch?v=3YC5...
Thank you @patrick.risky.biz and @metlstorm.risky.biz! 🙏
www.hacklore.org
Risky Business Weekly (816): Copilot Actions for Windows is extremely dicey
YouTube video by Risky Business Media
www.youtube.com
November 26, 2025 at 8:34 PM
Very excited that the Risky Business podcast has a shout-out to the Hacklore project! Here's a link to that segment:
www.youtube.com/watch?v=3YC5...
Thank you @patrick.risky.biz and @metlstorm.risky.biz! 🙏
www.hacklore.org
www.youtube.com/watch?v=3YC5...
Thank you @patrick.risky.biz and @metlstorm.risky.biz! 🙏
www.hacklore.org
🎉 The FCC took down its page on juice-jacking! 🎉
www.fcc.gov/juice-jackin...
Let's continue to call out how these scare-stories distract from real systemic risks, and the simple things people can do to dramatically reduce the chance of compromise. 🔐
More info: www.hacklore.org/letter
www.fcc.gov/juice-jackin...
Let's continue to call out how these scare-stories distract from real systemic risks, and the simple things people can do to dramatically reduce the chance of compromise. 🔐
More info: www.hacklore.org/letter
November 26, 2025 at 5:23 PM
🎉 The FCC took down its page on juice-jacking! 🎉
www.fcc.gov/juice-jackin...
Let's continue to call out how these scare-stories distract from real systemic risks, and the simple things people can do to dramatically reduce the chance of compromise. 🔐
More info: www.hacklore.org/letter
www.fcc.gov/juice-jackin...
Let's continue to call out how these scare-stories distract from real systemic risks, and the simple things people can do to dramatically reduce the chance of compromise. 🔐
More info: www.hacklore.org/letter
If juice-jacking were real, we would see exploitation.
If exploitation were happening, we would see victims.
Where are these victims‽
Are reporters even asking phone makers for comment‽
How many cases have ever led to prosecution‽
www.fox2detroit.com/news/what-is...
Real talk: hacklore.org
If exploitation were happening, we would see victims.
Where are these victims‽
Are reporters even asking phone makers for comment‽
How many cases have ever led to prosecution‽
www.fox2detroit.com/news/what-is...
Real talk: hacklore.org
What is Juice Jacking?
Another day, another effort by scammers trying to use your own devices against you. The latest method the federal government is warning about is a tactic called ‘Juice Jacking.’
www.fox2detroit.com
November 26, 2025 at 4:41 PM
If juice-jacking were real, we would see exploitation.
If exploitation were happening, we would see victims.
Where are these victims‽
Are reporters even asking phone makers for comment‽
How many cases have ever led to prosecution‽
www.fox2detroit.com/news/what-is...
Real talk: hacklore.org
If exploitation were happening, we would see victims.
Where are these victims‽
Are reporters even asking phone makers for comment‽
How many cases have ever led to prosecution‽
www.fox2detroit.com/news/what-is...
Real talk: hacklore.org
This. News. Report. Has EVERYTHING!
Criminals juice-jacking in airports!
Booby-trapped public-wifi!
And just when you thought you heard it all: Knock knock! Who's there? Use a personal VPN!
(Actual expert advice: www.hacklore.org)
www.youtube.com/watch?v=Wn9q...
Criminals juice-jacking in airports!
Booby-trapped public-wifi!
And just when you thought you heard it all: Knock knock! Who's there? Use a personal VPN!
(Actual expert advice: www.hacklore.org)
www.youtube.com/watch?v=Wn9q...
November 26, 2025 at 12:58 AM
This. News. Report. Has EVERYTHING!
Criminals juice-jacking in airports!
Booby-trapped public-wifi!
And just when you thought you heard it all: Knock knock! Who's there? Use a personal VPN!
(Actual expert advice: www.hacklore.org)
www.youtube.com/watch?v=Wn9q...
Criminals juice-jacking in airports!
Booby-trapped public-wifi!
And just when you thought you heard it all: Knock knock! Who's there? Use a personal VPN!
(Actual expert advice: www.hacklore.org)
www.youtube.com/watch?v=Wn9q...
Reposted by Bob Lord
For tried and tested cybersecurity tips tailored for your concerns and devices, you can of course always check out SecurityPlanner.org and some of the other resources on the Hacklore site.
Consumer Reports Security Planner
Protect your privacy by answering a few simple questions to cut down on data collection,and prevent hackers from invading your devices.
SecurityPlanner.org
November 24, 2025 at 4:49 PM
For tried and tested cybersecurity tips tailored for your concerns and devices, you can of course always check out SecurityPlanner.org and some of the other resources on the Hacklore site.
Reposted by Bob Lord
This campaign aims to tackle persistent security myths in favor of better advice cyberscoop.com/hacklore-org...
This campaign aims to tackle persistent security myths in favor of better advice
Hacklore.org launches to debunk common cybersecurity myths and promote advice that actually keeps people safe online.
cyberscoop.com
November 24, 2025 at 3:06 PM
This campaign aims to tackle persistent security myths in favor of better advice cyberscoop.com/hacklore-org...
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 3:05 PM
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Reposted by Bob Lord
Open sourced Zork today opensource.microsoft.com/blog/2025/11... and ran it on a swarm of containers in the cloud 😂
Preserving code that shaped generations: Zork I, II, and III go Open Source
Microsoft’s Open Source Programs Office (OSPO), Team Xbox, and Activision are making Zork I, Zork II, and Zork III available under the MIT License.
opensource.microsoft.com
November 20, 2025 at 6:42 PM
Open sourced Zork today opensource.microsoft.com/blog/2025/11... and ran it on a swarm of containers in the cloud 😂
Dear Lazyweb: What's the current state of encrypted DNS with modern browsers/OSs? Links welcome!
(boot for reach, SVP!🙏 )
(boot for reach, SVP!🙏 )
November 18, 2025 at 2:13 AM
Dear Lazyweb: What's the current state of encrypted DNS with modern browsers/OSs? Links welcome!
(boot for reach, SVP!🙏 )
(boot for reach, SVP!🙏 )
Reposted by Bob Lord
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 5:17 PM
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
🦃 Thanksgiving is coming up in the US. 🦃 What are you thankful for in software security? I wrote about the welcome progress on memory safety defects. What other areas are moving in the right direction? #SecureByDesign
medium.com/@boblord/29-...
medium.com/@boblord/29-...
29 Years Since “Smashing the Stack”: Time to Smash Memory Unsafety Itself
This coming Saturday marks the 29th anniversary of Aleph One’s seminal Phrack Magazine article, “Smashing the Stack for Fun and Profit.”…
medium.com
November 14, 2025 at 3:03 PM
🦃 Thanksgiving is coming up in the US. 🦃 What are you thankful for in software security? I wrote about the welcome progress on memory safety defects. What other areas are moving in the right direction? #SecureByDesign
medium.com/@boblord/29-...
medium.com/@boblord/29-...
📢📢📢 The VulnCon conference has announced their call for speakers! 📢📢📢 I really enjoyed the past VulnCons and learned a ton from speakers and participants.
If you work with CVEs, please consider submitting a talk before the deadline! 🔐
www.first.org/conference/v...
If you work with CVEs, please consider submitting a talk before the deadline! 🔐
www.first.org/conference/v...
CVE Program & FIRST VulnCon 2026
Save the Date: CVE/FIRST VulnCon 2026 & Annual CNA Summit - Scottsdale (US), April 13–16, 2026
www.first.org
November 14, 2025 at 1:28 PM
📢📢📢 The VulnCon conference has announced their call for speakers! 📢📢📢 I really enjoyed the past VulnCons and learned a ton from speakers and participants.
If you work with CVEs, please consider submitting a talk before the deadline! 🔐
www.first.org/conference/v...
If you work with CVEs, please consider submitting a talk before the deadline! 🔐
www.first.org/conference/v...
If you have not seen it yet, @alilleybrinker.com posted a fantastic and thoughtful article on memory safety. 🔐
queue.acm.org/detail.cfm?i...
queue.acm.org/detail.cfm?i...
Memory Safety for Skeptics - ACM Queue
queue.acm.org
November 10, 2025 at 9:37 PM
If you have not seen it yet, @alilleybrinker.com posted a fantastic and thoughtful article on memory safety. 🔐
queue.acm.org/detail.cfm?i...
queue.acm.org/detail.cfm?i...