We're live!

Welcome to the inaugural hacklore project newsletter! I’m grateful to the roughly 100 security experts who joined me in calling for an end to outdated guidance for everyday people and in steering them toward advice grounded in how attacks actually happen. Many also helped refine several recommendations based on their own work with account compromises.

I was equally encouraged by how many people reached out asking how to help. I expected more resistance to the idea of updating consumer guidance, so the enthusiasm — including requests for a newsletter — was a welcome surprise.

Now the challenge is turning that energy into action. A newsletter wasn’t part of the original plan, but it is the right next step.

In these occasional updates, I’ll share developments from the hacklore front lines, and I hope you’ll share what you see too: examples of hacklore in the wild, places where outdated advice is being replaced with modern guidance, and stories that help illustrate the shift we’re trying to drive.

Some questions that are on my mind: What does success for this project look like? How do we rethink the guidance? Putting on my secure by design hat, how can we move the burden of staying cyber safe to the technology makers? I have more questions than answers, but I'm hoping you will be able to help me find the path forward.

In the news

In the first week, we were picked up by several publications! Getting the hacklore project into mainstream press is going to be a key element of success.

Cyberscoop Tim Starks was the first to publish about the hacklore campaign goal to tackle persistent security myths in favor of better advice.

The Register's Jessica Lyons also wrote about the launch, adding, "Don't believe everything you read."

The Times's Mark Sellman wrote about the effort and also noted that the US Federal Communications Commission (FCC) has taken down its page on “juice jacking”.

Risky Business made hacklore one of its "Three Reasons to Be Cheerful This Week". What an honor!

This Week in Security featured hacklore in "The Happy Corner".

Alexis Conran Radio Show (starts 02:24:55) Bob Lord joined Alexis Conran's UK radio program on Saturday Nov-29 for a short segment on hacklore. This was a serendipitous event because Alexis was one of the scam artists starring in The Real Hustle TV show. He has a keen interest in how the hacks actually happen in the wild, which is a key element of our hacklore project.

Chloe Tilley and Calum Macdonald Radio Show (starts 01:58:55) Joe Sullivan joined the "Times Radio Breakfast with Chloe Tilley and Calum Macdonald" to chat about the hacklore project.

Bugcrowd Security Flash: The HackLore Project: Co-signers Casey Ellis and Trey Ford break down the hacklore effort beautifully in just 15 minutes. Well worth a watch.

Ways to Help the hacklore project

The hacklore revolution happens through you! Already many of you have asked how to get involved. Here are concrete ways to help push this effort forward and turn that energy into real change.

1. Spread the word. If your organization has relationships with reporters or editors, consider pitching a hacklore story.
2. Review your internal cybersecurity guidance. Make sure the advice given to staff is free of hacklore and aligned with modern, evidence-based recommendations.
3. Review your customer or partner guidance. If your company publishes safety or security advice for customers or the public, update it to remove hacklore and replace it with guidance based on the modern advice on hacklore.org.
4. Write a public blog post. Share why you support retiring obsolete advice and point people toward better, modern guidance.
5. Share with us examples of obsolete or harmful security advice you’ve seen in the wild. These help fuel the next round of myth-busting.
6. Send us humorous real-world stories that show hacklore in action. These are especially helpful for media outreach.
7. When reputable organizations publish outdated advice, notify them (and us!). These examples help with targeted outreach and constructive corrections.
8. Point us toward organizations that should be part of the solution. Groups updating digital-safety guidance or consumer-protection advice can amplify this work.
9. Identify communities that would benefit from the hacklore project. Parent groups, small-business networks, library staff, medical offices, law firms, senior community centers, and school districts all need better guidance.
10. Submit talks to conferences. Share your own experience replacing antique advice with modern guidance and help bring the message into new professional circles. Better still, help the conference organizers establish dedicated tracks or themes devoted to hacklore.
11. Give out awards. Publicly praise organizations that update their guidance to be free of hacklore or who raise awareness in their sector.

If you do any of these things, please let us know, regardless of outcome.

What's coming next

We'll continue to track press articles and notable events as we come across them. And I'll continue to post on social media on this topic from time to time.

Where we go from here will be largely determined by you! I'm hoping we can use the power of this network to drive real change. Please reply to this newsletter with any news from the field, or email us at info@hacklore.org.

Feel free to follow me on these social platforms:

• LinkedIn
• Blue Sky
• Mastodon

Thank you!

-Bob