Word is now saving ALL of your files to Microsoft's cloud environments (unless you disable it from the settings). Even your local files are copied there so that Microsoft can analyze the file contents with their AI systems.

Instructions on how to disable that from the Word settings: https://techcommunity.microsoft.com/blog/microsoft365insiderblog/save-new-files-automatically-to-the-cloud-in-word-for-windows/4445216

#infosec #Microsoft #security

Freeradical.zone is a Mastodon server about infosec, privacy, technology, leftward politics, cats and dogs.

This server has been online since 2017.

https://freeradical.zone

You can find out more at https://freeradical.zone/about or contact the admin @tek

#FeaturedServer #InfoSec #Privacy #Technology #Mastodon #Fediverse #FreeFediverse

#INFOSEC

Alt...

Angry chihuahua: INFOSEC industry talking about preventing evil. Happy chihuahua: INFOSEC industry when actual evil does something evil.

This dumb password rule is from MTS Serbia.

MTS is a national mobile and internet provider in Serbia and they have bad password rules.
Translation: The password must have more than 6 character, less than 17 characters and one
of the following combinations: upper case or lower case letter and a number, upper case or
lower case letter and a ...

https://dumbpasswordrules.com/sites/mts-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Moose Mobile.

Moose mobile is an Australian mobile service provider that imposes poor password requirements.
"The password must be of minimum 4 and maximum 15 characters. The Confirm Password field may only contain alpha-numeric characters."

https://dumbpasswordrules.com/sites/moose-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

the salesloft thing is a good reminder that there are worse ways to spend your time than auditing which third party apps have been granted access to your SaaS stack.

Google Workspace for example - you can search user by user and if you don’t have it locked down you’ll be amazed at how much shit people have given access to their corporate accounts.

#infosec

le sigh. “ai pentesting security-audit tool”, “looks only at public IP’s and domains”, “finds the things auditors find”.

congrats, you have just listed out everything a pen test is not.

#infosec

Alt...

Hello there Mike - we’ve just launched an AI pen-testing security-audit tool called xxxx It looks only at the assets you put on the internet, your public IPs and domains, finds the issues auditors flag, and hands you a compliance-ready report in about 15 minutes. Want a complimentary snapshot for up to 3 IPs (P.S. no card needed)?

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Blue Cross Blue Shield Massachusetts.

16 maximum and no special characters. Protecting your US healthcare
information.

https://dumbpasswordrules.com/sites/blue-cross-blue-shield-massachusetts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Vietnam Airlines.

`[[:alnum:]]{6,8}`

https://dumbpasswordrules.com/sites/vietnam-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Did you know Signal automatically strips EXIF metadata from every image you send? A quick way to "sanitize" a photo before posting it publicly is to forward the picture to your own "note to self" chat—Signal will strip the metadata and give you a clean copy.

How do you use "note to self"? Share your favorite tricks!

#signal #privacy #exif #infosec

This dumb password rule is from BDO.

Please nominate a password which contains UPPERCASE, lowercase, numbers and symbols.
Password should not be the same as the user ID.
Avoid using consecutive characters such (ex. abc, DEF, 678) and invalid characters such as [!#$%^&';"].

https://dumbpasswordrules.com/sites/bdo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Saturn.

Passwords need to be between 8 and 15 characters.

https://dumbpasswordrules.com/sites/saturn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx #AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js #javascript #webdev #DPRK #LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

This dumb password rule is from Sky Ticket.

Sky is a german pay-TV provider with over 23 million subscribed users worldwide. They also have an online streaming service called "Sky Ticket".

You can only set a **4 digit long PIN** with no option for two-factor authentication or any additional security mechanisms.

https://dumbpasswordrules.com/sites/sky-ticket/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Https://socket.dev/blog/nx-packages-compromised

Fascinating #infosec supply chain attack from a couple days ago.

Popular "Nx" package was trojan'ed. If you installed latest on Aug 26, better check those IoCs.

After setup, the package silently used installed #LLM tools to hide its use of processes for recon, gathering credentials files, then ex-filled the results via a public GitHub repo.

🔮 Pondering my ORB - A look at PolarEdge Adjacent Infrastructure

https://censys.com/blog/pondering-my-orb-a-look-at-polaredge-adjacent-infrastructure

#infosec #security

This dumb password rule is from Wells Fargo.

Your password must be between 8-32 characters long and inexplicably doesn't accept `-` but does seemingly accept other special characters.

https://dumbpasswordrules.com/sites/wells-fargo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Moose Mobile.

Moose mobile is an Australian mobile service provider that imposes poor password requirements.
"The password must be of minimum 4 and maximum 15 characters. The Confirm Password field may only contain alpha-numeric characters."

https://dumbpasswordrules.com/sites/moose-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Jitterbit.

While not the dumbest password rule, still dumb.

Password must have a length of at least eight characters and contain
at least one: number, special char `!#$%-_=+<>`, capital letter,
and lowercase letter.

https://dumbpasswordrules.com/sites/jitterbit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Mindware.

You "*may use special characters*", but only some of them - and we won't
necessarily tell you which ones.

https://dumbpasswordrules.com/sites/mindware/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This week we wrapped up our 2025 State of the Internet blog series, in which we examined malicious infrastructure through a variety of lenses.

More specifically, we explored coordinated C2 takedowns, malware linked to the DPRK's fraudulent employment operations, lifespans of C2 servers and open web directories, and the use of residential network devices as proxies for malicious activity.

Take a look! I'm biased, but I think these posts make for some fun reading:

https://censys.com/blog/2025-state-of-the-internet-report-summary-and-conclusions

#security #infosec

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

https://dumbpasswordrules.com/sites/banca-intesa-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Replit.

Forces to use minimum 8 characters in the password and it must contain at least one uppercase.

https://dumbpasswordrules.com/sites/replit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I'm not sure what's worse: If German American Bank is actually promoting three different look-alike domains and thinks that's good for security or if one or two or more of these are fake and German American Bank hasn't noticed and gotten them taken down yet.

It's like they are training their customers: "If it has German American anywhere in the name and the graphics look the same, assume it's safe!" 🤦‍♂️

#infosec #security #CyberSecurity #phishing

Alt...

Screenshot of search results where germanamerican.com germanamericanonline.com and germanamericabchome.com all appear to be German American Bank.

This dumb password rule is from Bouygues Telecom.

- Password cannot be more than 20 characters long
- Password can't contain special chars other than ASCII ones (for a French website this sucks as é, à, ç and so on are rejected...)

https://dumbpasswordrules.com/sites/bouygues-telecom/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Okay fediverse, here's a fun one: what vulnerabilities have you seen in a *network interface*? An Ethernet card, a Bluetooth adapter, even a virtual network interface like the one containers or VPNs use. Bonus points for a link to a CVE.

The best I've found so far is a broad CVE about wired network adapters commonly having a bug where they copy data from main memory beyond the end of the packet and send it on the network.

#infosec #CRA

Work funded by EFTA and EC

This dumb password rule is from ING a dutch bank in almost 50 countries.

Max 20 characters, must have one number, one upper case character and one lower case character.
You can only use certain special characters.
When i asked about it they answer that it's really hard to change it.
When i asked if the password is saved as a hash or just plain they send the answer to ...

https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Ancestry.

Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter or special character
- Must not be a well known or common password

https://dumbpasswordrules.com/sites/ancestry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Runescape.

A minimum password length of 5, and maximum password length of 20.

Does not tell you that your password is NOT case sensitive.

Hidden requirements: Alphanumeric only, no symbols, no repeated characters.

https://dumbpasswordrules.com/sites/runescape/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from myezyaccess.com patient portal system.

12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.

https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

NYPL is hiring an associate director of cybersecurity

https://nypl.pinpointhq.com/postings/a63d29dc-80a1-4619-9d3a-11dbcc77f955

#NYPL #Libraries #PublicLibraries #Infosec #Security #Jobs #GetFediHired

If you're using Chrome, don't use VPN extensions like FreeVPN.One unless you don't mind it taking screenshots of every website you visit. (Use VPNs like Mullvad or Proton)

https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit

#InfoSec #VPN #VPNs #security #privacy

I too am tired of seeing this ridiculous waiting page of security theatre. it's not professional to have that load during a presentation with global teams who don't want to see catgirls — if you're going to waste our time, at least don't put your inside jokes and cutsie nonsense on the loading page — it only serves to make OSS look unprofessional and juvenile.

- https://hackaday.com/2025/08/22/this-week-in-security-anime-catgirls-illegal-adblock-and-disputed-research/

#oss #infosec

This dumb password rule is from LepidaID.

Password must:
- be 8 to 16 characters in length
- contain at least 1 upper-case character
- contain at least 1 lower-case character
- contain at least 1 number
- contain at least 1 non-alphanumeric character
- not contain more than 2 of the same consecutive characters
- not contain any public da...

https://dumbpasswordrules.com/sites/lepidaid/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Costco.com.

Due to Costco's short max password length of 16 characters, I strongly recommend using a password manager to make a random password to satisfy all of these conditions below:
* Use between 8 and 16 characters
* Include at least one lowercase (a-z) and one uppercase letter (A-Z)
* Include at least ...

https://dumbpasswordrules.com/sites/costco-com/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The BBC TV Apps folks told me today that me they've recently disabled TLS versions older than 1.2.
That means if you are using iPlayer on your TV, you're definitely using a much more secure TLS version now - so good on you for having a TV with a decent TLS library 🙌🏻.
Next up will be the web, I'll be running a time-limited experiment, probably in October which'll aim to demonstrate that we don't need TLS 1.0/1.1 any more 🤞🏻.
#InfoSec #TLS #BBC #iPlayer