This dumb password rule is from Major League Baseball.

When creating a new account they enforce some password rules like: length must be
between 8 and 15 characters and there must be one upper case, one lower case letter
and one number.

https://dumbpasswordrules.com/sites/major-league-baseball/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Westpac Live Online Banking.

Password rules:
- be between 8 and 30 characters
- include at least 1 number, 1 letter and 1 special character (@#%^ etc)
- have no more than 2 repeating characters (AAB not AAA)
- not contain spaces
- not be the same as your last 3 passwords

https://dumbpasswordrules.com/sites/westpac-live-online-banking/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The UK Cyber Security and Resilience Bill is also a chance to assess and reduce the UK’s dependence on large US corporations for vital government infrastructure.

Other countries like France and the Netherlands are already debating how to do this, such as through open source software.

As we saw with the AWS outage, we need digital sovereignty to keep the UK economy switched on.

https://www.openrightsgroup.org/press-releases/org-response-to-cyber-security-bill/

#Budget2025 #budget #UKbudget #reeves #cybersecurity #ukpolitics #ukpol #digitalsovereignty

The UK government must take cybersecurity seriously to get growth.

Key to this is strong encryption for all.

They must put guarantees in the UK Cyber Security and Resilience Bill and quit trying to force a backdoor into secure systems like they did with Apple.

Otherwise we'll be open to more attacks.

#Budget2025 #budget #UKbudget #reeves #dataprotection #cybersecurity #data #ukpolitics #ukpol #e2ee #encryption

Seeing safeguards over our data as barriers to growth is folly.

The UK's new Data Act has put into question the adequacy agreement with the EU.

Losing it would impose £1-1.6 billion in legal and compliance costs on UK businesses alone, as well as threaten EU-UK trade agreements and the Windsor Framework.

https://www.openrightsgroup.org/press-releases/uk-privacy-erosion-sparks-eu-civil-society-call-to-review-adequacy-data-deal/

#Budget2025 #budget #UKbudget #reeves #dataprotection #cybersecurity #data #ukpolitics #ukpol #eu

What’s data protection law got to do with the UK budget?

Information security requirements contained within are key to growth.

Just look at how the Jaguar Land Rover cyber attack hurt the UK economy.

That’s why the data watchdog must start enforcing these rules properly.

https://www.bbc.co.uk/news/articles/cx2y1z4z70jo

#Budget2025 #budget #UKbudget #reeves #dataprotection #cybersecurity #data #ukpolitics #ukpol

This dumb password rule is from Shell Fuel Rewards.

- No less than 8 and no more than 16 characters
- Allows only specific special characters: ! @ # $ %
- Doesn't bother to tell you what characters are allowed or not. Hope you like reading JS.

https://dumbpasswordrules.com/sites/shell-fuel-rewards/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from AmeriHealth.

Their site says "*All information is kept safe and secure.*" Just not as
secure as you'd like.

User Password must be between 6 and 14 characters and contain 1
numerical value.

https://dumbpasswordrules.com/sites/amerihealth/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Targeted by hackers because of sister city relationship.
https://apnews.com/article/russia-ukraine-trump-kyiv-arctic-wolf-cyberattack-4b1c167746f2c0e7d263be94f0aa94b0
#Russia #Ukraine #UnitedStates #US #cybersecurity #cyberwar #cyberwarfare

A slap on the wrist isn't a deterrent.

The failure to investigate even the most serious data breach in UK history is the final straw.

We need a strong data regulator that will take action against the government and private sector at a time of escalating threats.

We need an inquiry into the Information Commissioner's Office if we're to have data protection laws with teeth and resilience against cyber attacks.

#dataprotection #gdpr #privacy #ICO #cybersecurity #ukpolitics #ukpol #datarights

For the last 3-4 years, the ICO has shifted away from using enforcement powers against public sector organisations except as a last resort.

Since then, the ICO's own review of this public sector approach showed “the average number of reported breaches increased by 11%” and an 8% increase in data protection complaints.

By removing the deterrence of regulatory sanctions, this approach has worsen the status quo.

#dataprotection #gdpr #privacy #ICO #cybersecurity #ukpolitics #ukpol #datarights

The ICO refused to investigate the UK Ministry of Defence for the most serious data breach in UK history – the leaking of data on 19,000 Afghans fleeing the Taliban.

They said it was a one-off.

But what about the 49 data breaches at the MoD over the last 4 years?

https://www.bbc.co.uk/news/articles/cp8950pyy1vo

#dataprotection #gdpr #privacy #ICO #cybersecurity #ukpolitics #ukpol #datarights

No bark. No bite.

The Information Commissioner's Office (UK) has shied away from enforcing data protection laws one too many times.

Yesterday over 70 groups and experts joined ORG's demand for an inquiry into the regulator.

Evidence shows that when enforcement goes down, breaches go up. We say enough.

https://www.openrightsgroup.org/press-releases/70-organisations-and-experts-demand-action-over-failing-ico/

#dataprotection #gdpr #privacy #ICO #cybersecurity #ukpolitics #ukpol #datarights

This dumb password rule is from State Bank of India (Foreign Travel Card).

State Bank of India is the largest government operated bank in India.
They offer "travel" prepaid cards for foreign currencies, this is for
their portal for the prepaid card users to manage their account.

Your password must:
- Be between 8 and 9 characters long
- Contain at least 1 lowercase c...

https://dumbpasswordrules.com/sites/state-bank-of-india-foreign-travel-card/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Major breach of an emergency notification provider (CodeRed/Onsolve), which is a very bad thing.

“Dear Valued Customer,

Further to our previous communications, we’d like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond.

We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.

It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.”

https://dcsheriff.net/important-nationwide-codered-outage-data-breach-update/

#cybersecurity #breach #codered #onsolve

The final straw – the Information Commissioner's Office has decided NOT to investigate the Afghan data leak.

It's time to investigate them!

Over 70 organisations and experts back ORG's call for an inquiry into the regulator's chronic failure to enforce UK data laws.

Read more ⬇️

https://www.theguardian.com/technology/2025/nov/24/civil-liberties-groups-call-for-inquiry-into-uk-data-protection-watchdog

#ICO #dataprotection #privacy #databreach #ukpolitics #ukpol #gdpr #data #cybersecurity

This dumb password rule is from Fidelity.

No more than 20 characters and leave out characters commonly used by
programmers. We don't want you to hack the mainframe.

https://dumbpasswordrules.com/sites/fidelity/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dell.

Okay at least 6, that's alright I guess.

Oh at least one number and one letter, bit dumb but hey not that dumb.

But hiding the fact that it has a max of 20, now THAT is dumb!

https://dumbpasswordrules.com/sites/dell/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from AirAsia.

- Between 8 and 16 characters
- Must contain a number, a lowercase letter, and an uppercase letter
- Special characters allowed, but not periods, commas, tildes, or angle brackets

https://dumbpasswordrules.com/sites/airasia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Entwickler.de.

Your password must be 12-20 characters.

https://dumbpasswordrules.com/sites/entwickler-de/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oops. Cryptographers cancel election results after losing decryption key.

https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/

#cybersecurity #cryptography #cryptology #IACR

This dumb password rule is from Crédit Agricole Centre-Est.

You have to enter your 6-digit password using this Frenchy keypad.

https://dumbpasswordrules.com/sites/credit-agricole-centre-est/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@hacks4pancakes Strange how in a country with so many tech experts they couldn't find women speakers.

Recently I attended #Kawaiicon2025 a #Cybersecurity / #InfoSec conference in Aotearoa New Zealnd, a country with just over 5Million people living here. They found an assortment credible and interesting speakers who were men or women or nonbinary (NB). Same with panels. And organisers which helps. The participating audience was still more Men than Women or NB but anyone attending would have found peers.
https://kawaiicon.org/talks/

A fully sponsored Girl Geek Dinner pre-con welcoming event was also held.
https://kawaiicon.org/con-events/#girl-geek-dinner

Calling out manels (all male panels) is brave work and it's helpful when men do the "Do Better" call.

This dumb password rule is from Seur.

Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.

https://dumbpasswordrules.com/sites/seur/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Alleged Scattered Spider members Thalha Jubair and Owen Flowers who are both charged with the TransportForLondon cyberattack, pleaded not guilty in Southwark Crown Court in London today. The judge has set a trial date of June 8, 2026 for them, and they continue to be detained on remand.

Flowers is also charged with conspiring to damage the network of SSM Health Care Corporation and attempting to do the same to Sutter Health, both U.S. healthcare entities. He pleaded not guilty to those charges, too.

Jubair also faces an additional charge of not providing his password to investigators when they seized his devices.

#ScatteredSpider #databreach #ransom #cybersecurity

This dumb password rule is from PagoMisCuentas.

Password must be between 8 and 15 alphanumeric characters, and have
at least one uppercase and one lowercase letter.

https://dumbpasswordrules.com/sites/pagomiscuentas/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

‘The devil’s in the detail’

Hear from ORG’s @JamesBaker on the intersection of the Database State and AI in #DigitalID, how Ofcom’s Magnum Opus of #OnlineSafety regulations abdicates responsibility for social problems to #BigTech, and the self sabotage of trying to break #encryption.

But in the end, ‘opposition creates innovation’ ✊

Listen now ⬇️

https://vpetersson.com/podcast/S02E20.html

#onlinesafetyact #ukpol #ofcom #privacy #cybersecurity #tech #ukpolitics

This dumb password rule is from Standard Chartered Bank.

- Between 8 to 16 characters
- Only letters and/or numbers

https://dumbpasswordrules.com/sites/standard-chartered-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oooh, it's my time to leap into cybersecurity.

"Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models"

"...Abstract

We present evidence that adversarial poetry functions as a universal single-turn jailbreak technique for large language models (LLMs). Across 25 frontier proprietary and open-weight models, curated poetic prompts yielded high attack-success rates (ASR), with some providers exceeding 90%. Mapping prompts to MLCommons and EU CoP risk taxonomies shows that poetic attacks transfer across CBRN, manipulation, cyber-offence, and loss-of-control domains. Converting 1,200 MLCommons harmful prompts into verse via a standardized meta-prompt produced ASRs up to 18 times higher than their prose baselines. ..."

https://arxiv.org/html/2511.15304v1

#poetry #cybersecurity #LLMs

This is a fascinating use of a #sidechannel timing attack against calls to an #AI model.

By capturing encrypted TLS traffic and measuring timing, they can very accurately determine which streams corresponded to an LLM conversation about a pre-selected topic.

TLS is intact. So their ability to recover the conversation is limited to their ability to break TLS. But they can, with high confidence, sift out all the TLS traffic for the only conversations that reference the thing they care about. They don't have to worry about spending resources breaking TLS on traffic that is unrelated. Neat #security research from #Microsoft.

#cybersecurity #infosec #LLM

This dumb password rule is from Lloyds Bank.

Max 15 characters, min 8. You cannot use **ANY** special characters -
alpha-numerics only. This amazingly terrible password policy combines
with a known phrase (The "Memorable Information") of which you will be
asked for a random 3 characters of if you get your password right.
This phrase has sim...

https://dumbpasswordrules.com/sites/lloyds-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Best Buy.

You can enter whatever password you like! But you probably don't want to
make it too long, because you'll break us and you'll never be able to
login again.

https://dumbpasswordrules.com/sites/best-buy/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from AmiAmi.

Your password needs to be between 6 and 12 characters long, must contain only letters and numbers.

https://dumbpasswordrules.com/sites/amiami/

#password #passwords #infosec #cybersecurity #dumbpasswordrules