Search results for tag #cybersecurity
![[?]](https://assets.chaos.social/accounts/avatars/107/337/810/347/378/392/original/99871131971744b1.jpeg)
Endlich erschienen: Meine Geschichte über mein Evil Bit und wie es dazu beigetragen hat, dass ich ein Atomkraftwerk gehackt (und Barack Obamas Sicherheitsberater eine Spearphishing-E-Mail geschickt) habe.
🎁 Geschenk-Link 🎁
#Cybersecurity
https://www.zeit.de/digital/datenschutz/2025-07/cybersecurity-konferenz-europa-cyberattacken-russland-chris-kubecka?freebie=8cae0fa7
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/113/419/993/741/057/192/original/d76a60b51a4bc03a.png)
This dumb password rule is from Estheticon.
- At least 8 characters but limited to 20 characters at max
- At least 1 digit
- At least one letter (just a letter in general, no specific casing required)
- No special characters at all
https://dumbpasswordrules.com/sites/estheticon/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from IKEA.
Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then
it won't allow you to even use name in password.
Password must contain:
- 8-20 characters
- **No more than 2 identical characters in a row**
- A lowercase letter (a-z)
-...
https://dumbpasswordrules.com/sites/ikea/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Sprint.
Sprint "upgraded" their security and disallow special characters.
https://dumbpasswordrules.com/sites/sprint/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Gigabyte RMA system.
Your password must contain:
Between 8-12 characters
An upper case letter (A, B, C, etc.)
a lower case letter (a, b, c, etc.)
A number (1, 2, 3, etc.)
A symbol (-, ~, !, #, $, %, &, (, ), +, =, .)
https://dumbpasswordrules.com/sites/gigabyte-rma-system/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Thames Water.
Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.
https://dumbpasswordrules.com/sites/thames-water/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Blackrock.
They force you to enter a password that has 8, 9, or 10 characters, then
they lecture you on how to create a strong password.
https://dumbpasswordrules.com/sites/blackrock/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from IBM TSO/E Logon terminal.
It might not be a web site, but that does not make it less dumb.
Since many don't know about IBM mainframes, it seems they don't think you need to up the policies.
Default old password policy is: 6-8 characters long, A-Z, 0-9
Over the last few years they have updated their policies a bit, but d...
https://dumbpasswordrules.com/sites/ibm-tso-e-logon-terminal/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Turkish Airlines.
- Your password must consist of 6 digits
- Make sure that your password does not contain your date of birth or three consecutive digits...
- but two is OK, for sure.
- ... and that the same number is not repeated three or more times.
- but two times is probs OK
https://dumbpasswordrules.com/sites/turkish-airlines/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/581/189/138/915/857/original/dce4579d1cca5c22.jpeg)
#bsidespgh is today! they are halfway through opening remarks and i'm almost there #bsides #cybersecurity #conference #pittsburgh
This dumb password rule is from Vélib’ Métropole.
Your password must be at least 10 characters, with at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character (only from this list: @, $, €, #, %, *, ., ;, !, ?).
You're not allowed to paste passwords.
https://dumbpasswordrules.com/sites/velib-metropole/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from MKB NetBankár.
It only accepts lowercase letters, uppercase letters and numbers (any
other character counts as forbidden character).
Also, if your password contains any invalid character, it will get
marked as "Identical to the former 10 passwords".
To make it more fun, during the registration, it allows to se...
https://dumbpasswordrules.com/sites/mkb-netbankar/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Easybank (Austrian direct bank).
- At least 8 and at most 16 (!) characters
- **Must start with 5 digits (do we really want to know what's going on there?)**
- At least one uppercase and one lowercase letter
- (Some) special characters are permitted, most are not
- "Simple" patterns are prohibited
- PINs are case sensitive (at l...
https://dumbpasswordrules.com/sites/easybank-austrian-direct-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://media2.ai6yr.org/accounts/avatars/109/321/592/360/914/018/original/f918064fa4350d36.jpg)
How's that AI coding going for you? Ah... I see.
Wired: McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’
"... Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers...."
https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/
This dumb password rule is from URSSAF (French employers tax collection service).
When setting a new password:
Password must be exactly 8 characters, at least 1 letter, at least 1 number, but no special characters.
https://dumbpasswordrules.com/sites/urssaf-french-employers-tax-collection-service/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Keimyung University.
Okay, doesn't looks that hard... But wait, there are hidden rules!
Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.
https://dumbpasswordrules.com/sites/keimyung-university/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://mastodon.thenewoil.org/system/accounts/avatars/111/434/264/745/920/273/original/52ff85db085a2a1d.jpg)
#JackDorsey launches a #WhatsApp messaging rival built on #Bluetooth
https://www.cnbc.com/2025/07/07/jack-dorsey-whatsapp-bluetooth.html
This dumb password rule is from LepidaID.
Password must:
- be 8 to 16 characters in length
- contain at least 1 upper-case character
- contain at least 1 lower-case character
- contain at least 1 number
- contain at least 1 non-alphanumeric character
- not contain more than 2 of the same consecutive characters
- not contain any public da...
https://dumbpasswordrules.com/sites/lepidaid/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Copart.
Copart: "The security of our members is extremely important to us."
Also Copart: "We're gonna need you to keep your password between 5-10 characters."
https://dumbpasswordrules.com/sites/copart/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Trade Me.
Won't allow spaces or single quotes. Maybe other characters as well -
they do not say up front - but the password they accepted contained lots
of other special characters.
https://dumbpasswordrules.com/sites/trade-me/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from CGHS.
Can't use any special characters except @ $ # ? _ * &
https://dumbpasswordrules.com/sites/cghs/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from myezyaccess.com patient portal system.
12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.
https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from BBVA.
Username is your national ID (easy to find) and your password must have up to **6** alphanumeric characters only.
For a bank account with all your money in one of the largest financial institutions in the world.
https://dumbpasswordrules.com/sites/bbva/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Pole-Emploi.
Password must contain at least one letter, one number and one character from `&-_@*%=.,;:!?` only.
It rejected passwords generated by pass, while accepting `p@ssw0rd!`...
They also block pasting on the password confirmation field,
forcing you to manually type your 32-letters-long generated passwo...
https://dumbpasswordrules.com/sites/pole-emploi/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://cdn.masto.host/urbanistssocial/accounts/avatars/109/535/000/336/856/574/original/2163d8422e98b617.jpg)
This dumb password rule is from Mes Services Étudiant.
At least 6 characters, one uppercase letter, one lowercase letter, one digit
and one "special character".
These do not count as "special characters": `` + - = | @ " ' # ( ) [ ] { } < > / \ ` ;``.
https://dumbpasswordrules.com/sites/mes-services-etudiant/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from South Western Railway.
Certain special characters disallowed, but notably the phrase " or " is disallowed also. They're probably papering over SQL injection vulnerabilities 🤦
https://dumbpasswordrules.com/sites/south-western-railway/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://tldr.nettime.org/system_nettime/accounts/avatars/109/528/493/326/851/300/original/ebc905e283d49e82.jpg)
"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.
CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.
Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."
https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/
#CyberSecurity #Encryption #ClientSideScanning #E2EE #Privacy #DataProtection #Surveillance
This dumb password rule is from American Express.
Sometimes I forget that caps-lock is on, glad it doesn't matter.
https://dumbpasswordrules.com/sites/american-express/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Sephora.
Password must be between 6 and 12 characters. No other rules
specified.
https://dumbpasswordrules.com/sites/sephora/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Parnassus Investments.
A site responsible for protecting your investments limiting you to a
four character range with a bunch of other stupid rules? Shocking.
https://dumbpasswordrules.com/sites/parnassus-investments/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
![[?]](https://files.mastodon.social/accounts/avatars/000/007/112/original/37df032a5951b96c.jpg)
🆕 blog! “How random are TOTP codes?”
I'm pretty sure that the 2FA codes generated by my bank's TOTP app have a bias towards the number 8 - because eight is an auspicious number. But is that just my stupid meaty brain noticing patterns where none exist? The TOTP algorithm uses HMAC, which in turn uses SHA-1. My aforementioned brain is not […]
👀 Read more: https://shkspr.mobi/blog/2024/07/how-random-are-totp-codes/
⸻
#algorithms #CyberSecurity #totp
This dumb password rule is from UniSuper.
Passwords need:
- a lower case letter
- a number
- a capital letter
- at least 8 characters
In the 'Change password' form,
passwords are now restricted to a `maxlength` of 18.
If your current password is longer than 18 characters,
you won't be able to change your password.
When I contacted them...
https://dumbpasswordrules.com/sites/unisuper/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Aktuelle Recherche: Es gibt eine massive Sicherheitslücke in Bluetooth-Kopfhörern. Dadurch lassen sich Gespräche abhören und - das fand ich besonders interessant - KI-Agenten missbrauchen, um Nachrichten zu verschicken, das Adressbuch auszulesen oder ähnliches (alles, was Siri & Co eben können und dürfen)
Betroffen sind auch Flagship-Modelle von Sony, JBL, Bose & Co. Achtung, die Lücke besteht aktuell!
(freier Link am Ende des 🧵 für Follower:innen)
https://www.zeit.de/digital/datenschutz/2025-06/sicherheitsluecke-software-bluetooth-kopfhoerer-spionage-daten
#cybersecurity
This dumb password rule is from University of Texas at Austin.
Because of the last two rules, which ban dictionary words and any
variants using symbol substitutions, *neither* of the passwords
presented in the [xkcd comic](https://xkcd.com/936/) are allowed.
https://dumbpasswordrules.com/sites/university-of-texas-at-austin/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from BMO Bank of Montreal.
Password requires at least one special character but disallows backtick ```, backslash `\`, vertical bar `|`, and underscore `_`.
https://dumbpasswordrules.com/sites/bmo-bank-of-montreal/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
🆕 blog! “Are Brother's Insecure Printers Illegal in the UK?”
Another day, another security disaster! This time, multiple printers from Brother have an unfixable security flaw. That's bad, obviously, but is it illegally bad?
Let's take a look at details of the vulnerability:
An unauthenticated attacker who knows the target device's serial…
👀 Read more: https://shkspr.mobi/blog/2025/07/are-brothers-insecure-printers-illegal-in-the-uk/
⸻
#CyberSecurity #IoT #law #legal #Legislation