Debunking Hacklore

We’re all busy people with busy lives. We only have so much time and energy. So when security people dole out to-do lists, we really need to focus on the tips with the most bang for the buck. Conversely, we need to avoid wasting people’s precious resources on advice that is no longer valid or worth the effort. Today, we’ll debunk several of these “Hacklore” tips with security guru Bob Lord. Interview Notes Hacklore: https://www.hacklore.org/letter  Hacklore resources: https://www.hacklore.org/resources  Elevator (un)safety analogy: https://medium.com/@boblord/psa-elevator-un-safety-7ac69a9498de  DNC Security Checklist: https://democrats.org/security/  CISA Secure by Design: https://www.cisa.gov/securebydesign  MITRE’s 2007 Unforgivable Vulnerabilities (PDF): https://cwe.mitre.org/documents/unforgivable_vulns/unforgivable.pdf  Take 9: https://pausetake9.org/  Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/  EFF security planning: https://ssd.eff.org/module/your-security-plan  Removing online data: https://firewallsdontstopdragons.com/data-diet-introduction/  Generate passphrases with d20 dice! https://d20key.com/#/  Dragon coupons: https://fdsd.me/coupons/  Rafifi (film): https://www.imdb.com/title/tt0048021/  Xkcd password strength: https://xkcd.com/936/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:00:25: Survey, promo wrap-up 0:01:30: Interview setup 0:02:22: Lingo definitions 0:02:52: What drove you to launch Hacklore? 0:07:12: Is this advice truly wrong? 0:11:51: 1) Avoid public WiFi 0:17:38: 2) Never scan QR codes 0:22:43: 3) Never charge devices from public USB ports 0:24:38: 4) Turn off Bluetooth and NFC 0:28:25: 5) Regularly clear cookies 0:32:47: 6) Regularly change passwords 0:38:19: Why do we not have web password standards? 0:44:24: Any bad tips that didn’t make the cut? 0:45:53: WIll Hacklore be regularly updated? 0:46:32: What has been the response to Hacklore? 0:48:08: So what are the actual top security tips? 0:49:56: How do we shift the onus to software makers? 0:53:14: What other resources can you recommend? 0:55:40: What’s next for you? 0:56:53: Wrap-up 1:00:40: Generating passphrases 1:02:00: Accessing show notes 1:03:08: Dragon coupons 1:03:40: Patron podcast preview 1:04:24: Looking ahead