This dumb password rule is from E-Redes.

Portuguese power distribution company, which requires short passwords (10 to 15 characters), no repetition of the same character, not using the username, the word "PASS" or the word "SAP" in the password, and limiting which special characters can be used.

https://dumbpasswordrules.com/sites/e-redes/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

TLS and SSH rely on Certificate Authorities (CAs) for authentication, but they also present a vector for Man in the Middle attacks. What if you could set up your own CA to reduce your exposure?

➡️ https://fedoramagazine.org/make-a-private-ca-with-step-ca/

#WebDev #Linux #Security #InfoSec #Cybersecurity #Fedora

This dumb password rule is from BMW ConnectedDrive.

Although the prompt suggests good things, after many failed attempts to
set a new password, it turns out you can ONLY use the special characters
shown in the prompt

https://dumbpasswordrules.com/sites/bmw-connecteddrive/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Alt...

Latest exploited/active CVEs.

This dumb password rule is from Vistara.

Password must contain:
- 8 to 12 Characters.
- At least one lowercase and uppercase letter.
- At least one numeric character.
- At least one special character (!, @, #, $, %, %, ^, &, +, =).

Must not contain space, first or last name.

https://dumbpasswordrules.com/sites/vistara/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#NPM #axios maintainer has lost control of their account. Malicious versions 1.14.1 and 0.30.4 have been published which include a RAT.

NPM has pulled the effected versions and the payload. Time to clean up and see if you were effected.

StepSecurity has an awesome write up on this issue with #iocs

Link follows this toot.

#CTI #infosec #node #cybersecurity #security #nodejs #js #malware

This dumb password rule is from Battle.net.

8 to 16 characters, at least one number and one letter and last but not least NO special characters, and can't have a password that looks like your username too. Oh, and passwords are NOT case sensitive.
A real time travel adventure through the password rules of 2005!

https://dumbpasswordrules.com/sites/battle-net/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Smith & Co Solicitors Reports Data Breach and Financial Fraud Following Email Compromise

Smith & Co Solicitors in Ipswich suffered an email-based data breach affecting 25% of its clients and resulting in at least one instance of financial fraud. Attackers gained unauthorized access to the firm's email systems to impersonate staff and intercept sensitive client communications.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/smith-co-solicitors-reports-data-breach-and-financial-fraud-following-email-compromise-z-2-h-j-o/gD2P6Ple2L

This dumb password rule is from STOVE.

- 24 characters max

https://dumbpasswordrules.com/sites/stove/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Number of #AI Chatbots Ignoring Human Instructions Increasing, Study Says

https://slashdot.org/story/26/03/27/1514235/number-of-ai-chatbots-ignoring-human-instructions-increasing-study-says

#cybersecurity

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IRS.

Password rules:
- Between 8 and 32 characters long
- Must contain at least one numeric and one special character (!@#$%&*)
- At least one uppercase and at least one lowercase letter

https://dumbpasswordrules.com/sites/irs/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Netflix.

[The help page](https://help.netflix.com/de/node/54078)
and the [password reset page](https://www.netflix.com/password) say:

Ihr Passwort muss zwischen 4 und 60 Zeichen lang sein und darf keine Tilde (~) enthalten.

https://dumbpasswordrules.com/sites/netflix/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

When #AgeVerification moves into your operating system

https://proton.me/blog/age-verification-operating-system

#privacy #cybersecurity

This dumb password rule is from AmiAmi.

Your password needs to be between 6 and 12 characters long, must contain only letters and numbers.

https://dumbpasswordrules.com/sites/amiami/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Walmart.

Your password must include the following:
- 8-100 characters
- Upper & lowercase letters
- At least one number or special character

https://dumbpasswordrules.com/sites/walmart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NBC (National Bank of Canada).

- Password length must be 8 to 25 characters
- Password must contain at least one lower letter (any position)
- Password must contain at least one digit (any position)
- Password cannot contain spaces.
- Copy/paste is not allowed when trying to set a new password

https://dumbpasswordrules.com/sites/nbc-national-bank-of-canada/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Delta.

It's a good thing they don't store personal information such as your passport number... oh wait.

https://dumbpasswordrules.com/sites/delta/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IBM.

12-63 characters
One uppercase character
One lowercase character
One number
Sufficiently Strong
Special characters are optional.
Double byte characters are not allowed

https://dumbpasswordrules.com/sites/ibm/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Minnesota Unemployment Insurance.

Locked to *exactly* 6 chars, alphanumeric only, not special chars.

https://dumbpasswordrules.com/sites/minnesota-unemployment-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from South Western Railway.

Certain special characters disallowed, but notably the phrase " or " is disallowed also. They're probably papering over SQL injection vulnerabilities 🤦

https://dumbpasswordrules.com/sites/south-western-railway/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Mobi Bike Share.

Your PIN (which is the password you use to login, which lets you, say, buy hundreds of dollars worth of bike-share subscriptions off the saved credit card) must be four numeric digits. Helpfully, they even give you an example of a PIN: *1234*.

https://dumbpasswordrules.com/sites/mobi-bike-share/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Ticketmaster.de.

Your password length is limited between 8 and 32 characters.

https://dumbpasswordrules.com/sites/ticketmaster-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Canada Revenue Agency.

Password checklist:
- 8 to 16 characters
- At least 1 upper-case character
- At least 1 lower-case character
- At least 1 digit
- No space
- No accented characters
- No special characters except: dot (.), dash (-), underscore (_), and apostrophe (')
- No more than 4 consecutive identical characters

https://dumbpasswordrules.com/sites/canada-revenue-agency/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

At #RSAC2026? Missing good coffee?

Drop by Tailscale’s Peer-to-Pour Cafe at Sextant Coffee Roasters, just steps from Moscone, for free coffee, sweet treats, custom swag, keycap fidgets, and chats with the team. Open Tues Mar 24, 8:00-5:00 and Wed Mar 25, 8:00-4:30 for badge holders. Plus: demos, expo swag, raffles, and more all week.

https://tailscale.com/rsac26/?utm_source=Mastodon&utm_medium=owned-social&utm_campaign=rsac-2026

#RSAC #RSAC2026 #Cybersecurity #ZeroTrust #Networking #Tailscale

This dumb password rule is from Taco Bell.

Password may include special characters, except for #.

https://dumbpasswordrules.com/sites/taco-bell/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dell.

Okay at least 6, that's alright I guess.

Oh at least one number and one letter, bit dumb but hey not that dumb.

But hiding the fact that it has a max of 20, now THAT is dumb!

https://dumbpasswordrules.com/sites/dell/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Apple.

Can't contain 3 or more consecutive identical characters, nor can it be more than 63 characters long.

https://dumbpasswordrules.com/sites/apple/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ING Romania's Internet Banking Portal.

No more, no less than 5 digits. This is the password you use to log in and to confirm
online transactions. They used to have "normal" passwords and they forced everybody to
change to the 5 digits versions. They said they've made it "so it's easier for you" and it's
OK, because everybody has 2FA.

https://dumbpasswordrules.com/sites/ing-romanias-internet-banking-portal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Intel.

https://dumbpasswordrules.com/sites/intel/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

So I want to beat a particular #cybersecurity drum that drives me crazy. If you read this year-old paper on abandoned S3 buckets, consider all the things that can go wrong. Then reflect on the fact that at all times, every bit of data could have been “encrypted at rest” and “encrypted in transit.” Those 2 security controls amount to very little in the cloud. Encrypt at rest on my phone? My laptop? Of course. The physical theft is a major possibility. Contents of an S3 bucket? Not making any difference.

Think about TLS in this case. The malicious payloads would all come from a valid HTTPS endpoint running state of the art TLS done the right way. You will definitely get exactly the malicious payload that was intended, with minimal chance that a different bad actor could MitM your malware download and cause you to download different malware than the malware you were trying to download.

Encryption in the cloud (at rest or in transit) is not access control.

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

This dumb password rule is from Cigna.

A max of 12 characters... Can't handle most symbols (only 5 supported). At least they have two factor auth via email or sms **sigh**

https://dumbpasswordrules.com/sites/cigna/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

You can't spell #cybersecurity without BS

This dumb password rule is from SielteID.

Sielte is one of the four Italian digital identity providers of level 3 (the highest available).

The rules are as such:
- At least 8 characters
- At most 16 characters
- Must have both lower and upper characters
- Must have one or more digits and one or more of the following "special characters"...

https://dumbpasswordrules.com/sites/sielteid/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

"International joint action disrupts world’s largest DDoS botnets"

"Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices."
https://www.bleepingcomputer.com/news/security/aisuru-kimwolf-jackskid-and-mossad-botnets-disrupted-in-joint-action/
#cybersecurity

This dumb password rule is from Entwickler.de.

Your password must be 12-20 characters.

https://dumbpasswordrules.com/sites/entwickler-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The deeper lesson is that safety can fail in two places at once: incomplete command validation and weak observability across agent layers. If a lower-level agent can act while the top-level agent thinks it only detected risk, the system is not actually in control.

Multi-agent systems need recursive validation, strong isolation, and end-to-end action visibility.

https://www.promptarmor.com/resources/snowflake-ai-escapes-sandbox-and-executes-malware

#AI #AgenticAI #AISafety #Cybersecurity #LLMSecurity #PromptInjection #SoftwareSecurity #Snowflake (2/2)

VPNs help people to stay private and safe online.

The UK government clearly understands this in their use of the technology to the tune of £millions.

So they must pull back from attempts to age gate VPNs – a measure that will deter people from using a core cybersecurity tool.

Sign and share our petition ⬇️

https://action.openrightsgroup.org/tell-government-protect-vpn-use-uk

#vpn #cybersecurity #privacy #security #ukpolitics #ukpol

The UK government's use of VPNs "demonstrates how important these tools are for cybersecurity across the modern Internet."

Restricting them creates uncertainty that "could undermine the UK’s reputation as a stable and credible place for digital businesses and security innovation."

🗣️ ORG's @JamesBaker

https://www.techradar.com/vpn/vpn-privacy-security/investigation-uk-spends-millions-on-vpns-as-government-weighs-ban-for-children

#vpn #cybersecurity #privacy #security #ukpolitics #ukpol