This dumb password rule is from GameFly.

Password is 6-12 characters with no other restrictions. You can easily do 6 numbers, 6 lowercase letters, etc.

https://dumbpasswordrules.com/sites/gamefly/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Securvita BKK.

Your password can not exceed a length of 30 characters. However, they don't tell you this: If you try to set a longer password, they instead shame *you* for not including at least one uppercase letter, one lowercase letter, one digit and one symbol – *even if you did*.

The error message translat...

https://dumbpasswordrules.com/sites/securvita-bkk/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from T-Mobile.

We prefer to not tell you which characters you can use up front.

https://dumbpasswordrules.com/sites/t-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

So…who hates those Google log-in pop-ups that are seemingly everywhere now? Wanna make them go away?

1. Get uBlock Origin (which you should have already been using):
https://ublockorigin.com/

2. Open the plugin and click the settings button.

3. Click on the “my filters” tab and paste this into the input:
||accounts.google.com/gsi/*$xhr,script,3p

That’s it! Worked flawlessly for me.

#Google #Privacy #Security #PopUps #InfoSec #BadGoogle

Alt...

Screenshot of a pop-up window with the title “sign in with google” followed by other information and a button with the label “continue.”

Alt...

Two screenshots of the ublock origin interface. The first one shows where the settings button is. The second shows where the filters input is on the view behind the tab with the label “my filters.”

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I DID IT!

Dewey invented the Dewey Decimal System, Morse invented the Morse Code, Plato invented the plate. I, influenced by what I saw at a #CyberSecurity conference I have designed and dedicated to the Public Domain the penultimate way to get removed from #infosec sales offerings.

I present to you the "No Purchasing Authority" seal. Put it on a button, wear it as a sticker, respond to emails with it. Regardless, this helps you and the sales person understand that this relationship is going nowhere.

Alt...

White on black "No Purchasing Authority" with the symbols for dollar (green), euro (blue), yen (red) with a circle and line through symbolizing "no" Underneath, a dedication to the Public Domain CC0 1.0 Universal.

This dumb password rule is from Netflix.

[The help page](https://help.netflix.com/de/node/54078)
and the [password reset page](https://www.netflix.com/password) say:

Ihr Passwort muss zwischen 4 und 60 Zeichen lang sein und darf keine Tilde (~) enthalten.

https://dumbpasswordrules.com/sites/netflix/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🎉 Defguard 1.5 alpha - finally Mobile Wireguard with Multi-Factor Authentication

📱Help us test Multi-Factor Authentication on mobile devices: https://docs.defguard.net/help/mobile-client

🔑 Multi-Factor Authentication with External OIDC/SSO - now you can configure on each location separately which OIDC secures the MFA process: internal (with MFA configured in the user profile) or external like Google/Okta/Microsoft: https://docs.defguard.net/admin-and-features/wireguard/create-your-vpn-network#multi-factor-authentication-with-external-oidc-sso-google-microsoft-okta

#vpn #selfhosted #wireguard #OpenSource #security #homeLab #floss #InfoSec

This dumb password rule is from Movistar.

Min 7 and max 8 characters for password! Also to be different than the
username: the user name is automatically generated and is based on the
surname of the user with some characters replaced by digits :)
Has been that way for more than 10 years.

https://dumbpasswordrules.com/sites/movistar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@nixCraft

Thus the fix is simple; don't use large language models LLM that you do not control 100% from server to client

#LLM #InfoSec #Source

Security? Oh, you mean those mythical beasts we tell tales about around the digital campfire. Meanwhile, in the real world, someone's "secure" password vault is a Excel Sheet named "Passwords_FINAL_REALLY_FINAL.xlsx" being emailed around like a halloween candy. Forget your fancy backend architecture and battle-hardened sysadmins and firewalls. The true corporate security strategy is apparently hope and a prayer emoji.

#security #IT #infosec

Don't trust cloud services with your creative work.

#enshittification #privacy #infosec #security #cybersecurity #writing #art

Alt...

Tumblr post by maerossi. screenshot - "Google Sheets We're sorry. You can’t access this item because it is in violation of our Terms of Service." Everyone: Please please please don't write your books in Google Docs. Frankly don't use Google Drive for personal stuff. Their terms of service say they take down stuff like content related to terrorism and trafficking, but this Google Sheet was literally a list of movies I'd watched this year and books I'd read. 23 Jul Holy smokes, guys. It's way worse than | thought. Google actually took away access to every single file of fiction writing I'd made on that account. BUT | backed it all up on Scrivener yesterday by coincidence. So | haven't lost my work, but I could have just lost the 12,000 words I've written this month after a year of really intense writer's block. I honestly don't know what that would have done to my psyche. Please be careful out there, folks! <3

This dumb password rule is from Safeway.

Passwords limited to 8-12 characters.

https://dumbpasswordrules.com/sites/safeway/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Maybe we should change the spelling of "vulnerabilities" to read "Microsoft?" It's hard to pin the worst offenders. There are others, so many more.

Kaspersky: ToolShell: a story of five vulnerabilities in Microsoft SharePoint https://securelist.com/toolshell-explained/117045/ @Kaspersky #Microsoft #cybersecurity #infosec #SharePoint

So my first evil genius robot honeypot, the word frequency one, seems to be getting hit by a distributed botnet.

It started around 2-3 requests per second but seems to be ramping up.

It's using IP addresses from all over the world - could be hacked personal devices? - and a wide range of plausible-looking User Agent strings.

My server is fine for now - 95% idle CPU.

Are there people for whom any of the IP or agent data might be useful? Botnet detectorists?

#botnet #ddos #cybersec #infosec

This dumb password rule is from KPMG Talent Community.

While stating otherwise, the site actually *accepts a backslash* in the password
and displays a forward slash as the example of the disallowed backslash
Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter
- Must contain at least 1 spec...

https://dumbpasswordrules.com/sites/kpmg-talent-community/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Estheticon.

- At least 8 characters but limited to 20 characters at max
- At least 1 digit
- At least one letter (just a letter in general, no specific casing required)
- No special characters at all

https://dumbpasswordrules.com/sites/estheticon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@jwildeboer wow #copilot #ai you are using as a corporate #microsoft user is running in a #jupyter notebook container. These #infosec researchers hacked it to find out what's what and so on. Interesting read.
#linux and #python rule for sure
Explanation on jupyter here: https://docs.jupyter.org/en/latest/what_is_jupyter.html

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from GoDaddy SFTP.

Max 14 characters for the most important password in your shared hosting environment.

https://dumbpasswordrules.com/sites/godaddy-sftp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oh I see the absurdly, negligently insecure Tea app is now getting the "hackers hacked" treatment, so that it can comfortably deflect blame to some unspecified scary hackers?

Cool, cool.

*takes out a bullhorn*

📢 Tea kept drivers license photos of thousands of women in an unprotected Google Firebase storage bucket.

📢 Centering "hackers" means helping let those responsible for the horrendous negligence at Tea off the hook.

👏 There is no "hack", only other people's negligence.

#InfoSec #Tea

Alt...

Screenshot of NBC News article headline and lede: Hackers leak 13,000 user photos and IDs from the Tea app, designed as a women's safe space The viral app requires new users to take selfies, which it says it deletes after review.

This dumb password rule is from CAF (French Family Allowance Fund).

You have to enter your 8-digit password using this Frenchy keypad.

https://dumbpasswordrules.com/sites/caf-french-family-allowance-fund/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ING a dutch bank in almost 50 countries.

Max 20 characters, must have one number, one upper case character and one lower case character.
You can only use certain special characters.
When i asked about it they answer that it's really hard to change it.
When i asked if the password is saved as a hash or just plain they send the answer to ...

https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Google Spoofed Via DKIM Replay Attack: A Technical Breakdown

https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/

#security #infosec #email #google

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bendigo Bank.

**Exactly** eight characters.

https://dumbpasswordrules.com/sites/bendigo-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from HM Revenue & Customs (UK Tax).

We store basically all of your data, but we can't store your password.

https://dumbpasswordrules.com/sites/hm-revenue-and-customs-uk-tax/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from AT&T.

The only special characters allowed are underscores and hyphens.

https://dumbpasswordrules.com/sites/at-andt/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Walmart.

Your password must include the following:
- 8-100 characters
- Upper & lowercase letters
- At least one number or special character

https://dumbpasswordrules.com/sites/walmart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bendigo Bank.

**Exactly** eight characters.

https://dumbpasswordrules.com/sites/bendigo-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I believe I may have come up with a new analogy today, that I am very proud of. So, if I didn’t and someone else already did it, then I’m sorry but I checked the internets and couldn’t find any record of it..also…this is potentially a terrible analogy.

Anyway, someone was getting a self signed certificate warning from a dev version of a webpage. So they sent me a screenshot and said, “so when I see this, what exactly is the risk? Should I trust it or not?”

So, what I said was. “Would you trust a doctor who prescribed themselves medication to look after you? Sure, sometimes it’s probably ok and innocent, but what if it means that they couldn’t get another doctor to sign off on it? That’s the risk you’re taking with a self signed certificate.”

#infosec

This dumb password rule is from Virgin Mobile.

You can only use PIN as your password.

https://dumbpasswordrules.com/sites/virgin-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

One weak password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work in UK. This is why you need a strong password along with 2FA and all other cybersecurity practices that can be maintained by good IT staff, including verified backups.

https://www.bbc.com/news/articles/cx2gx28815wo

#cybersecurity #infosec #IT

This dumb password rule is from Air Miles.

- Exactly 4 numbers.

https://dumbpasswordrules.com/sites/air-miles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Battle.net.

8 to 16 characters, at least one number and one letter and last but not least NO special characters, and can't have a password that looks like your username too. Oh, and passwords are NOT case sensitive.
A real time travel adventure through the password rules of 2005!

https://dumbpasswordrules.com/sites/battle-net/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Citi.

* Password is case-insensitive
* Can't use ANY special characters (although, adding special characters increases the "password strength" meter?!)
* Allows for a minimum password length of 6 characters
* No runs of more than two identical characters (eg. "aaa" is not allowed.)
* Does not allow you...

https://dumbpasswordrules.com/sites/citi/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Inria.

This is the account for those who work at [Inria](https://www.inria.fr/)
"the French national research institute for
the digital sciences".

You have to wonder what's wrong with these special characters but not
the other ones.
- Password expiration once a year
- Your password must contain at leas...

https://dumbpasswordrules.com/sites/inria/

#password #passwords #infosec #cybersecurity #dumbpasswordrules