🔐 Wi-Fi public, codes QR, juice jacking, Bluetooth, cookies, rotation de mots de passe — on croit encore à ces mythes de cybersécurité?
Nouvel épisode avec @g sur le projet Hacklore : pourquoi ces conseils périmés nuisent à notre crédibilité, et ce qu'on devrait dire à la place.
🎧 Web: https://polysecure.ca/posts/episode-0x710.html#7d774309
🎧 Spotify: https://open.spotify.com/episode/2bxJV6bM7AOFuARqbKMEc5?si=Wu6VxeAyR1uz2JC29Kk4tg
🎧 YouTube: https://youtu.be/SzXVZPlkCvA
An excellent follow-up article from Bob to the #hacklore interview. I particularly like the focus on #SecureByDesign and questioning the need for bolt-on, aftermarket solutions to product failures.
https://medium.com/@boblord/why-hacklore-persists-and-how-we-replace-it-985ac1065a98
Cyber threats have evolved over time. If the calculated risk of a particular threat decreases, then our list of top to-do items should reflect the changing landscape. Today @boblord argues that some old advice should be retired as #Hacklore.
https://podcast.firewallsdontstopdragons.com/2026/02/02/debunking-hacklore/
Tune in Monday when I'll be debating the efficacy and wisdom of some oft-repeated security tips with cybersecurity guru @boblord - something he calls #Hacklore.
Subscribe here:
https://firewallsdontstopdragons.com/podcast/
I have a weekly podcast called Firewalls Don't Stop Dragons. The show is a mix of cybersecurity news and interviews of prominent people in the industry. But like the book, the shows are targeted squarely at everyday, non-technical people - covering the info that everyone needs to know in a way that's accessible and practical.
🎁 🎄 🎅 All I want for Christmas is…
links to the #hacklore you keep seeing 👀
You know the advice. Everyone repeats it. No one questions it.
Send it my way, and spread the word: https://www.hacklore.org 🙏
I really do like the "Stop #Hacklore!" recommendations from https://www.hacklore.org/
However, in my opinion, they do ignore the gigantic #tracking threat on #privacy by the #Bluetooth tracker industry and the Multi-Billion-Dollar-Business of #DataBrokers sharing this data when they say that "turning off Bluetooth and NFC" is an "outdated advice".
For NFC I can not tell.
Unfortunately, most retail chains are using Bluetooth tracking and share their tracking with basically all others.
So my recommendation is: turn off at least Bluetooth any time you're not actively using it! Furthermore, I'd recommend people to randomize their #WiFi MAC address for unknown networks as well in their settings.
Modern Android has a neat feature to turn off Bluetooth when you're not using it for xx seconds/minutes. Use that and be aware that if you're walking through streets or shopping areas with your active BT headphones, you're being tracked all the time.
"By replacing fear with facts, we can make digital safety advice more accurate, actionable, and effective for everyone."
I feel like this is worth sharing:
https://www.hacklore.org/letter
I slightly disagree on Point 4 (Bluetooth), though. While it's true that an attack would require physical proximity:
a) #bluetooth is a very complex protocol
b) AFAIK most implementations of the Bluetooth stack are closed source, making them hard to review/investigate
c) I've yet to see evidence that vendors properly patch bugs/vulnerabilities in their Bluetooth implementations.
d) There have been a number of attacks on the encryption of data transferred via Bluetooth transfers.
So, personally, I have very little trust in the #security of Bluetooth as a protocol or any particular implementation.
Nonetheless, I guess for most users the risk of getting attacked this way is very low.
I tapped my home network to see how much of my traffic was unencrypted… You’ll never believe the results! 😱 #Cybersecurity #Hacklore
https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853
PolySécure NLF
Firewalls Don't Stop Dragons
Bob Lord 🔐 
Karl Voit 
N-gated Hacker News
Jari Pirhonen
OOTS