Bob Lord
@boblord.bsky.social
Cautiously pessimistic, esp. about cyber things.
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
The owls are not what they seem.
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼♀️ 👍🏻
Also: 🔐🔑🔒
Pinned
Bob Lord
@boblord.bsky.social
· Dec 20
The Quiet HTTPS Revolution
In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…
medium.com
Reporters, this is a story worth covering. It might not be as glamorous as high-profile hacks, and it might not attract as many clicks, but it’s important. The quiet adoption of HTTPS has improved online security for billions of people, and it deserves attention.
medium.com/@boblord/the...
medium.com/@boblord/the...
Gmail's spam filters seem to be off for me, and every email has the suspicious banner at the top. Anyone else having this problem?
January 24, 2026 at 5:33 PM
Gmail's spam filters seem to be off for me, and every email has the suspicious banner at the top. Anyone else having this problem?
Reposted by Bob Lord
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/g...
Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states | TechCrunch
The Norwegian hacker talks about her new venture aimed at protecting journalists and critics from powerful adversaries.
techcrunch.com
January 23, 2026 at 11:37 AM
I started Granitt in 2022 to help journalists and other groups of at-risk people continue to do their work safely and securely. Please get in touch if you’re looking for an assessment, policy and process development, training, or presentation. techcrunch.com/2022/07/15/g...
Reposted by Bob Lord
The home of Hannah Natanson, a Washington Post reporter, was searched by the FBI. Her devices were seized. I spoke to @columjournreview.bsky.social about the potential damage and what news organizations need to know. www.cjr.org/news/hannah-...
The home of Hannah Natanson, a Washington Post reporter, was searched by the FBI. Her devices were seized. Runa Sandvik, whose life’s work is protecting journalists’ digital security, assesses the dam...
The home of Hannah Natanson, a Washington Post reporter, was searched by the FBI. Her devices were seized. Runa Sandvik, whose life’s work is protecting journalists’ digital security, assesses the dam...
www.cjr.org
January 14, 2026 at 11:01 PM
The home of Hannah Natanson, a Washington Post reporter, was searched by the FBI. Her devices were seized. I spoke to @columjournreview.bsky.social about the potential damage and what news organizations need to know. www.cjr.org/news/hannah-...
🦹♂️ There is an entire industry of "security" products designed to distract you from deploying phishing-resistant MFA. Organizations that eliminate classic credential theft scams (I don’t like the term “phishing”) can then refactor internal processes, and even eliminate the need for some products. 🔐
January 14, 2026 at 3:54 PM
🦹♂️ There is an entire industry of "security" products designed to distract you from deploying phishing-resistant MFA. Organizations that eliminate classic credential theft scams (I don’t like the term “phishing”) can then refactor internal processes, and even eliminate the need for some products. 🔐
Reposted by Bob Lord
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
arstechnica.com
January 13, 2026 at 4:42 PM
Moxie Marlinspike—the engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
arstechnica.com/security/202...
arstechnica.com/security/202...
Reposted by Bob Lord
It's so hard for us humans to accept we got something wrong & unwind actions we took / opinions we formed. It feels like it's going to be so painful. And so we tend to stubbornly double down.
These days, life often remind me that, in fact, if you own the change w/ humility, it's easy & uplifting.
These days, life often remind me that, in fact, if you own the change w/ humility, it's easy & uplifting.
January 11, 2026 at 4:06 PM
It's so hard for us humans to accept we got something wrong & unwind actions we took / opinions we formed. It feels like it's going to be so painful. And so we tend to stubbornly double down.
These days, life often remind me that, in fact, if you own the change w/ humility, it's easy & uplifting.
These days, life often remind me that, in fact, if you own the change w/ humility, it's easy & uplifting.
Reposted by Bob Lord
Passkeys provide an easier, faster and more secure way to log into online accounts than passwords.🗝️
Read more about how the NCSC is keeping pace with evolving technology⬇️
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology
Read more about how the NCSC is keeping pace with evolving technology⬇️
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology
January 10, 2026 at 3:43 PM
Passkeys provide an easier, faster and more secure way to log into online accounts than passwords.🗝️
Read more about how the NCSC is keeping pace with evolving technology⬇️
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology
Read more about how the NCSC is keeping pace with evolving technology⬇️
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-03-keeping-pace-with-evolving-technology
🎅 🛷 🎆 ✈️ Our holiday travel hacklore newsletter is out!
📖 Read it here: buttondown.com/hacklore/arc...
✉️ Subscribe: buttondown.com/hacklore/
🕸️ Spread the word to your networks!
📖 Read it here: buttondown.com/hacklore/arc...
✉️ Subscribe: buttondown.com/hacklore/
🕸️ Spread the word to your networks!
Holiday Travel Hacklore Update 🧑🎄🛷🎆✈️
Quick hits Here is a summary of this newsletter: We have over 500 newsletter subscribers across media, government, security teams, and regular people. Thank...
buttondown.com
January 10, 2026 at 9:39 PM
🎅 🛷 🎆 ✈️ Our holiday travel hacklore newsletter is out!
📖 Read it here: buttondown.com/hacklore/arc...
✉️ Subscribe: buttondown.com/hacklore/
🕸️ Spread the word to your networks!
📖 Read it here: buttondown.com/hacklore/arc...
✉️ Subscribe: buttondown.com/hacklore/
🕸️ Spread the word to your networks!
📢 CVE users: The CVE Program is entering an era of quality. A new proposal aims to normalize date and time fields across CVE records. If you are a CNA or ingest CVE data programmatically, please review.
www.cve.org/Media/News/i...
www.cve.org/Media/News/i...
www.cve.org
January 8, 2026 at 3:25 PM
📢 CVE users: The CVE Program is entering an era of quality. A new proposal aims to normalize date and time fields across CVE records. If you are a CNA or ingest CVE data programmatically, please review.
www.cve.org/Media/News/i...
www.cve.org/Media/News/i...
I’m working on the next hacklore newsletter, and the holiday season delivered a fresh wave of peak hacklore! 🎁 😜
📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: www.hacklore.org/about
📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: www.hacklore.org/about
About — Stop Hacklore!
📨 New! Join the newsletter here.📨
www.hacklore.org
January 5, 2026 at 8:11 PM
I’m working on the next hacklore newsletter, and the holiday season delivered a fresh wave of peak hacklore! 🎁 😜
📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: www.hacklore.org/about
📬 If you want fewer security myths and more reality-based advice for everyday people (including ways for you to help!), subscribe here: www.hacklore.org/about
Reposted by Bob Lord
Happy New Year!
May it be all that you hope for.
May it be all that you hope for.
January 1, 2026 at 8:06 PM
Happy New Year!
May it be all that you hope for.
May it be all that you hope for.
Reposted by Bob Lord
Reposted by Bob Lord
Here’s to 2026
December 27, 2025 at 11:34 AM
Here’s to 2026
Reposted by Bob Lord
Reposted by Bob Lord
I don't make many predictions, but I think here is a slow pitch directly over the plate...
As more companies turn to using AI generated code, criminal hackers and digital incident responders will be overwhelmed with work. #infosecmemes #dfirmemes
As more companies turn to using AI generated code, criminal hackers and digital incident responders will be overwhelmed with work. #infosecmemes #dfirmemes
December 26, 2025 at 3:00 PM
I don't make many predictions, but I think here is a slow pitch directly over the plate...
As more companies turn to using AI generated code, criminal hackers and digital incident responders will be overwhelmed with work. #infosecmemes #dfirmemes
As more companies turn to using AI generated code, criminal hackers and digital incident responders will be overwhelmed with work. #infosecmemes #dfirmemes
Reposted by Bob Lord
Cursor CEO Michael Truell warns that “vibe coding” advanced projects may create “shaky foundations” and eventually “things start to kind of crumble” fortune.com/2025/12/25/c...
December 26, 2025 at 4:10 PM
Cursor CEO Michael Truell warns that “vibe coding” advanced projects may create “shaky foundations” and eventually “things start to kind of crumble” fortune.com/2025/12/25/c...
Please tell me QR codes and juice jackers are on the list!
December 23, 2025 at 3:20 AM
Please tell me QR codes and juice jackers are on the list!
🎁 🎄 🎅 All I want for Christmas is…
links to the #hacklore you keep seeing 👀
You know the advice. Everyone repeats it. No one questions it.
Send it my way, and spread the word: www.hacklore.org 🙏
links to the #hacklore you keep seeing 👀
You know the advice. Everyone repeats it. No one questions it.
Send it my way, and spread the word: www.hacklore.org 🙏
Stop Hacklore!
Hacklore is a blend of hacking and folklore—modern urban legends about digital safety. Hacklore spreads quickly and confidently, passed from person to person as if it were hard-earned wisdom. But…
www.hacklore.org
December 22, 2025 at 11:28 PM
🎁 🎄 🎅 All I want for Christmas is…
links to the #hacklore you keep seeing 👀
You know the advice. Everyone repeats it. No one questions it.
Send it my way, and spread the word: www.hacklore.org 🙏
links to the #hacklore you keep seeing 👀
You know the advice. Everyone repeats it. No one questions it.
Send it my way, and spread the word: www.hacklore.org 🙏
☕ Here's your morning cup of hacklore! ☕ 😂
www.pcworld.com/article/3014...
Learn what really works against the most common attacks, and sign up for the newsletter!
www.hacklore.org
www.pcworld.com/article/3014...
Learn what really works against the most common attacks, and sign up for the newsletter!
www.hacklore.org
Leaving your phone's Wi-Fi on all the time is a huge risk, experts warn
Whenever you're in public, you should be turning off your phone's Wi-Fi and Bluetooth features. Don't underestimate the security risks!
www.pcworld.com
December 19, 2025 at 5:39 PM
☕ Here's your morning cup of hacklore! ☕ 😂
www.pcworld.com/article/3014...
Learn what really works against the most common attacks, and sign up for the newsletter!
www.hacklore.org
www.pcworld.com/article/3014...
Learn what really works against the most common attacks, and sign up for the newsletter!
www.hacklore.org
Reposted by Bob Lord
I also want to say thank you to the person who introduced me to the French word 'beaucoup' this year. It means a lot.
December 19, 2025 at 1:32 PM
I also want to say thank you to the person who introduced me to the French word 'beaucoup' this year. It means a lot.
🚨🧰 Small businesses, this one’s for you.
I made a few small updates to my cyber guidance for small businesses, based on recent conversations. Feedback is very welcome.
medium.com/@boblord/cyb...
I made a few small updates to my cyber guidance for small businesses, based on recent conversations. Feedback is very welcome.
medium.com/@boblord/cyb...
December 19, 2025 at 3:09 AM
🚨🧰 Small businesses, this one’s for you.
I made a few small updates to my cyber guidance for small businesses, based on recent conversations. Feedback is very welcome.
medium.com/@boblord/cyb...
I made a few small updates to my cyber guidance for small businesses, based on recent conversations. Feedback is very welcome.
medium.com/@boblord/cyb...
I wrote CISA’s Cyber Guidance for Small Businesses at the start of 2023. I’m biased, but I still think it’s one of the best starting points for organizations that aren’t sure how to begin a cybersecurity program. But if you could change one thing, what would it be?
www.cisa.gov/cyber-guidan...
www.cisa.gov/cyber-guidan...
Cyber Guidance for Small Businesses | CISA
Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs…
www.cisa.gov
December 17, 2025 at 6:00 PM
I wrote CISA’s Cyber Guidance for Small Businesses at the start of 2023. I’m biased, but I still think it’s one of the best starting points for organizations that aren’t sure how to begin a cybersecurity program. But if you could change one thing, what would it be?
www.cisa.gov/cyber-guidan...
www.cisa.gov/cyber-guidan...
MITRE has released its 2025 “CWE Top 25 Most Dangerous Software Weaknesses” study! cwe.mitre.org/top25/index....
How is the software industry doing? Here are some thoughts:
medium.com/@boblord/rec...
How is the software industry doing? Here are some thoughts:
medium.com/@boblord/rec...
December 17, 2025 at 1:09 AM
MITRE has released its 2025 “CWE Top 25 Most Dangerous Software Weaknesses” study! cwe.mitre.org/top25/index....
How is the software industry doing? Here are some thoughts:
medium.com/@boblord/rec...
How is the software industry doing? Here are some thoughts:
medium.com/@boblord/rec...
Reposted by Bob Lord
December 15, 2025 at 5:55 PM