Search results for tag #infosec
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/113/419/993/741/057/192/original/d76a60b51a4bc03a.png)
This dumb password rule is from Bloomingdale's.
16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.
https://dumbpasswordrules.com/sites/bloomingdales/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from SAP Cloud Appliance Library.
Passwords between 8 and 9 characters are the best.
https://dumbpasswordrules.com/sites/sap-cloud-appliance-library/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from South Western Railway.
Certain special characters disallowed, but notably the phrase " or " is disallowed also. They're probably papering over SQL injection vulnerabilities 🤦
https://dumbpasswordrules.com/sites/south-western-railway/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Dell.
Okay at least 6, that's alright I guess.
Oh at least one number and one letter, bit dumb but hey not that dumb.
But hiding the fact that it has a max of 20, now THAT is dumb!
https://dumbpasswordrules.com/sites/dell/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Dutch Tax Authorities (Belastingdienst).
At least 8 and at most 25 characters, of which at least 3 of the characters were not used in the previous password.
No more than 3 of the same characters.
At least 1 upper case and 4 lower case characters.
No more than 3 special characters.
It's not like hashing passwords is a thing or something.
https://dumbpasswordrules.com/sites/dutch-tax-authorities-belastingdienst/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from UniSuper.
Passwords need:
- a lower case letter
- a number
- a capital letter
- at least 8 characters
In the 'Change password' form,
passwords are now restricted to a `maxlength` of 18.
If your current password is longer than 18 characters,
you won't be able to change your password.
When I contacted them...
https://dumbpasswordrules.com/sites/unisuper/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Three.
Password must be at least 7 characters long.
The maximum length is inconsistent, however: when changing password, the maximum length is 30, but when resetting password via email link, the maximum length is 12.
https://dumbpasswordrules.com/sites/three/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from University of Texas at Austin.
Because of the last two rules, which ban dictionary words and any
variants using symbol substitutions, *neither* of the passwords
presented in the [xkcd comic](https://xkcd.com/936/) are allowed.
https://dumbpasswordrules.com/sites/university-of-texas-at-austin/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Dwr Cymru (Welsh Water).
Limits password length to a maximum of 16 characters
https://dumbpasswordrules.com/sites/dwr-cymru-welsh-water/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/740/169/477/916/693/original/dfa8f1b9beefa405.png)
Just received an email from my mail server administrator. They sent me a link to change my password because it's 'insecure'.
My mail admin is so efficient...
...hey, wait a minute... I AM my mail administrator! 🤦♂️
![[?]](https://s3.masto.ai/accounts/avatars/109/303/982/217/898/173/original/84b53833e9214e09.png)
This has to be a #DOGE Easter Egg.
#IRS “improperly” [accidentally-on-purpose] disclosed #confidential #immigrant tax data to #DHS
The #tax agency only recently discovered the “mistake” & is working with other federal agencies on a response.
#law #privacy #immigration #InfoSec #Trump
https://www.washingtonpost.com/business/2026/02/11/immigrants-irs-dhs-tax-data/
![[?]](https://cablespaghetti.dev/fedi/sam/s/avatar-70d122430e7f5ba4f8d1519b1f800a17.jpeg){kind=avatar}
I've had admin powers at 5+ companies' Google Workspace/G Suite over the past decade or so. Every single one had groups which were misconfigured, often so anyone in the whole company could join without approval or see the message history at https://groups.google.com without being a member at all.
This is because for any sensible configuration of Google Groups when using it for email groups you have to use the "Custom" permissions mode. The default Public mode doesn't allow external people to email the group, but does allow the whole company to see all the messages. The default Team mode, has the same problem of everyone being able to see all the messages.
Also let's not forget that dangerous little "Anyone in the organisation can join" toggle at the bottom which is on by default. So any random new starter can join your confidential company directors group and get all the emails sent to it.
Giving Google the benefit of the doubt here, I think the reasoning might be that Google Groups is intended as a kind of company forum, not for private email groups. However that isn't how anyone uses it in my experience...
#security #infosec #google #googleworkspace
Alt...
Screenshot of the default Google Group settings for team mode
Alt...
Screenshot of the default Google Group settings for public mode