Been living in @Vivaldi full-time for a little over 2 years now, and I still don’t miss Chrome, Edge, or Firefox. As a Vivaldi ambassador and a security nerd, the built-in tracker/ad blocking plus per-site controls are exactly the kind of “privacy by default” I want in a browser.

I wrote up how I set up Vivaldi’s blocklists when moving people over from the big browsers: mapping common uBlock/AdGuard setups, choosing the right sources, and keeping sites usable without turning protection off globally.

🔗 https://www.kylereddoch.me/blog/moving-from-chrome-edge-or-firefox-to-vivaldis-built-in-blocklists/

#Vivaldi #Privacy #Infosec #BrowserSecurity #FediTech

This dumb password rule is from Craigslist.

No minimum character limit meaning you can go as low as 5 characters for a password

https://dumbpasswordrules.com/sites/craigslist/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dwr Cymru (Welsh Water).

Limits password length to a maximum of 16 characters

https://dumbpasswordrules.com/sites/dwr-cymru-welsh-water/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Ran into a problem in prod?
Just generate a fake cloudflare error page and blame it on them - gives you time to fix.

https://github.com/donlon/cloudflare-error-page

#foss #devops #cloudflare #infosec

Alt...

Editor to generate a fake internal server error page complete with You, Cloud, Server in red and green

This dumb password rule is from Fundatec.

Must be exactly 6 alphanumeric characters, does not show special characters are not allowed, username is your social security number (easily searchable) and the form is sent over plain HTTP. Did I mention this company applies college entrance exams for **Computer Science** nationwide in Brazil?

https://dumbpasswordrules.com/sites/fundatec/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from University of Western Australia (Pheme).

Passwords:
1. Must contain at least 8 characters;
2. Must contain at least 3 out of 4 types of characters
(uppercase letters, lowercase letters, digits, special characters);
and
3. Must not contain
"the user's account name or parts of the user's full name
that exceed two consecutive characters".
...

https://dumbpasswordrules.com/sites/university-of-western-australia-pheme/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from GameFly.

Password is 6-12 characters with no other restrictions. You can easily do 6 numbers, 6 lowercase letters, etc.

https://dumbpasswordrules.com/sites/gamefly/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

IT security in the 90s ...

#infosec

Alt...

A photograph of a locked transparent case of beige 3.5 inch floppy disks

Here are the four paragraphs of conclusion from that clickbaity piece ("Is Signal safe?") by @protonprivacy about @signalapp that is doing rounds.

1. "Signal remains widely regarded as the gold standard for secure private messaging for very good reasons. The Signal Protocol is extremely secure, and unlike most other apps that use the Signal Protocol, Signal collects almost no metadata from the Signal app."

1/🧵

#Signal #Privacy #InfoSec

This dumb password rule is from Telekom/T-Systems MyWorkplace.

Telekom's MyWorkplace is a Single Sign On / login hub for their
Open Telekom Cloud which is basically an Amazon AWS clone. It's
rather new and especially for business customers. Especially
because it is for business customers, there's absolutely no reason
to limit a password to 16 characters. Eve...

https://dumbpasswordrules.com/sites/telekomt-systems-myworkplace/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Minnesota Unemployment Insurance.

Locked to *exactly* 6 chars, alphanumeric only, not special chars.

https://dumbpasswordrules.com/sites/minnesota-unemployment-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Copart.

Copart: "The security of our members is extremely important to us."
Also Copart: "We're gonna need you to keep your password between 5-10 characters."

https://dumbpasswordrules.com/sites/copart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I view passkeys as an exciting opportunity to find new ways to lock myself out of my own accounts.
#infosec

My previous intro post was a few years old, so behold, new intro post:

Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).

I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.

I also have a company of my own, Secure Being (https://securebeing.com), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.

I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world #infosec things. Check out https://infosecdiaries.com and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.

I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.

I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. https://acarsdrama.com has all the details.

I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, https://operationanxiety.com - the music is on all the normal places.

Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.

So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.

#infosec #dfir #pentesting #acars #vdlm2 #sdr #rf #f1 #seattle #introduction

This dumb password rule is from Bank of America.

20 character max and lots of special character restrictions.
Bank of America - keeping your money safe.

Also: If you paste a password greater than 20 characters,
the form truncates it without telling you or giving an
error.

https://dumbpasswordrules.com/sites/bank-of-america/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#InfoSec #CyberSecurity

Alt...

questionairre asking "Are access controls in place for third-party vendors?" with response "Yes" and justfication "I mean even Swiss cheese is cheese"

This dumb password rule is from PagoMisCuentas.

Password must be between 8 and 15 alphanumeric characters, and have
at least one uppercase and one lowercase letter.

https://dumbpasswordrules.com/sites/pagomiscuentas/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I've had admin powers at 5+ companies' Google Workspace/G Suite over the past decade or so. Every single one had groups which were misconfigured, often so anyone in the whole company could join without approval or see the message history at https://groups.google.com without being a member at all.

This is because for any sensible configuration of Google Groups when using it for email groups you have to use the "Custom" permissions mode. The default Public mode doesn't allow external people to email the group, but does allow the whole company to see all the messages. The default Team mode, has the same problem of everyone being able to see all the messages.

Also let's not forget that dangerous little "Anyone in the organisation can join" toggle at the bottom which is on by default. So any random new starter can join your confidential company directors group and get all the emails sent to it.

Giving Google the benefit of the doubt here, I think the reasoning might be that Google Groups is intended as a kind of company forum, not for private email groups. However that isn't how anyone uses it in my experience...

#security #infosec #google #googleworkspace

Alt...

Screenshot of the default Google Group settings for team mode

Alt...

Screenshot of the default Google Group settings for public mode