According to TheRegister.com, 86 top security leaders including former CISA director Jen Easterly, Microsoft Deputy CISO Geoff Belknap, Google Chrome VP Parisa Tabriz, and ex-Uber CISO Joe Sullivan have launched Hacklore.org to combat cybersecurity myths. The effort specifically targets outdated advice like avoiding public Wi-Fi, never scanning QR codes, and not charging from public USB ports. Former CISA senior advisor Bob Lord spearheaded the initiative after growing frustrated with “antique advice” circulating online. The timing coincides with Cyber Monday and holiday travel season when bad cybersecurity advice typically surges. The group argues these myths distract from real protections like installing patches, using strong passwords, and enabling multi-factor authentication.
Why hacklore matters
Here’s the thing about cybersecurity advice – it’s often stuck in 2005. We’re still telling people to avoid public Wi-Fi like it’s 1999, when modern encryption protocols have made that largely unnecessary. And the whole “don’t charge from public USB ports” thing? They point out there aren’t any documented “juice jacking” cases in the wild. Basically, we’re fighting ghosts while real threats walk right past us.
Think about it – how many times have you heard “change your password every 90 days”? The security leaders say there’s zero evidence this makes you safer. In fact, it often leads to weaker passwords and password reuse. We’re literally training people to create bad security habits while ignoring what actually works.
What actually works
So if avoiding public Wi-Fi and USB ports doesn’t help, what does? The recommendations are surprisingly straightforward: require phishing-resistant multi-factor authentication, work toward eliminating passwords altogether, and build systems that don’t fail catastrophically when people make mistakes. They’re pushing for what they call “secure by design” software – systems that are resilient from the start rather than relying on users to navigate minefields.
And here’s a radical idea: stop blaming employees. If someone’s mistake harms the company, the system’s at fault. This is huge coming from former CISOs who’ve dealt with breaches. They’re saying we need to design systems that account for human error rather than expecting perfect human behavior.
Broader implications
This isn’t just about consumer advice – it’s about shifting how we think about security across the board. The group specifically calls out software manufacturers to publish roadmaps showing how they’ll achieve shipping software without flaws. They want modern encryption protocols, bug bounty programs, and timely CVE records for all vulnerabilities.
Look, in industrial and manufacturing settings where reliability is everything, this secure-by-design approach is even more critical. Companies that depend on robust computing systems – like those sourcing from IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs – understand that security can’t be an afterthought. When you’re running production lines or critical infrastructure, you need hardware and software that’s resilient from day one.
The bottom line? We’re wasting energy on security theater while ignoring the protections that actually matter. Maybe it’s time we listen to the people who’ve actually fought these battles.
