Don't give in to these requests.

"TechCrunch found that when Perplexity requests access to a user’s Google Calendar, the browser asks for a broad swath of permissions to the user’s Google Account, including the ability to manage drafts and send emails, download your contacts, view and edit events on all of your calendars, and even the ability to take a copy of your company’s entire employee directory."

Tech Crunch: For privacy and security, think twice before granting AI access to your personal data https://techcrunch.com/2025/07/19/for-privacy-and-security-think-twice-before-granting-ai-access-to-your-personal-data/ @TechCrunch @zackwhittaker #AI #privacy #cybersecurity #infosec

This dumb password rule is from Seur.

Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.

https://dumbpasswordrules.com/sites/seur/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from SunTrust.

At least there are a variety of special characters to choose from.

https://dumbpasswordrules.com/sites/suntrust/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Alipay.

- 8-20 characters (numbers or letters)
- no special characters allowed
- in the mobile app

https://dumbpasswordrules.com/sites/alipay/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I've been a #FreeBSD developer since 1995. Within the project I've worked on many things - I'm a troublemaker. I looked after the CVS tree from '95 onwards. I'm mostly to blame for the src/contrib/* construct in FreeBSD. I did a lot of the early (pre-5.0) SMP work. I wrote large chunks of or landed the a.out->ELF move along with /boot/loader and LKM->KLD kernel module system in 3.0. I've helped with the Itanium and Alpha architecture ports. I did the CVS->SVN migration (and yes, I always assumed it was a stopgap and I'm glad the final move to git is complete). I did all of the original AMD64 port in a short period of time - boot loader->kernel->multi-user was about 2-3 weeks, and the rest of the essentials all the way up to X11 and Seamonkey/Firefox over the next few months. It is my fault that time_t was 64 bit from day 1 in FreeBSD/amd64 and why there is no lib64 - I (foolishly) assumed that 32 bit i386 would be entirely gone by now. I built the post-2012 FreeBSD developer cluster and faux-CDN.

I worked for Yahoo for 22 years. I've bred tropical fish. I'm a licensed ham radio operator. I snowboard. I fly Hang Gliders - sometimes even competitively. I'm a sucker for a decent video game like Factorio, Satisfactory etc. These days I'm also owned by a cat so I'm likely to post cat photos.

I have a strong interest in #infosec; and after having spent about five years in the Linux universe at Yahoo I've finally made my way back to #FreeBSD - it's about time.

This dumb password rule is from AmeriHealth.

Their site says "*All information is kept safe and secure.*" Just not as
secure as you'd like.

User Password must be between 6 and 14 characters and contain 1
numerical value.

https://dumbpasswordrules.com/sites/amerihealth/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

For those who have InfoSec, privacy, security, and/or related technology expertise…

Would you use Bitchat?

(Feel free to elaborate in the comments and/or boost if you’d like to see the opinion of others.)

#Bitchat #JackDorsey #InfoSec #Privacy #Security #Technology #OSS #Encryption

Exposing the Unseen: Mapping MCP Servers Across the Internet

"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."

this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, *and* how human behavior will interact with them.

#infosec #cybersecurity #genai

https://www.knostic.ai/blog/mapping-mcp-servers-study

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

In an email to staff announcing his sudden departure after thousands of university web pages had been down for weeks due to a security incident that the university will "likely never explain publicly", Indiana University's Vice President of IT Rob Lowden declared his department a "national — and indeed international — model of innovation, dedication, and excellence in higher education IT.”

https://www.ipm.org/news/2025-07-16/iu-vice-president-for-it-leaving-after-security-incident-crippled-website-for-weeks

#infosec #CyberSecurity #iu #IndianaUniversity #bloomingtonIN

These are *still* the default permissions in Google Workspace Enterprise when setting up a Google Group/Email Distribution List....

Who can see the big issue that catches literally everyone out....

#infosec

Alt...

Google Workspace Groups Permissions UI

@briankrebs everyone in #infosec too seem to quote your recent story👍🏼

Good new SaaS vendor assessment question I’ve been using…

What is your process for updating your customer facing status page in the event of an incident?

You will learn so much from this, including…

- do they even have a status page
- if they do, do they know how to work it
- if its managed by the engineering side of the house or marketing, which can give you clues as too what is important in their org culture
- how transparent they are willing to be about a topic that actually isn’t all that sensitive in the grand scheme of all the things you could ask about

#infosec

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oh, my goodness. I boosted @Em0nM4stodon’s post about this earlier. But I need to share it with some intention.

This piece she wrote on Mastodon privacy/security is intense. It’s long. SO much information. Read it anyway. Seriously.

And if y’all don’t follow Em, do yourself a solid and get on that. She’s smart af about InfoSec/privacy/security. And super friendly.

https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/

#Fediverse #Mastodon #MastoTips #Privacy #InfoSec #Security #TheFutureIsFederated

Interesting read…

𝙂𝙤𝙤𝙜𝙡𝙚 𝙞𝙨 𝙩𝙧𝙖𝙘𝙠𝙞𝙣𝙜 𝙮𝙤𝙪 (𝙚𝙫𝙚𝙣 𝙬𝙝𝙚𝙣 𝙮𝙤𝙪 𝙪𝙨𝙚 𝘿𝙪𝙘𝙠𝘿𝙪𝙘𝙠𝙂𝙤)

https://www.simpleanalytics.com/blog/google-is-tracking-you-even-when-you-use-duck-duck-go

#google #tracking #privacy #InfoSec #security #tech #technology #BigTech #BigBrother

This dumb password rule is from ING Australia.

4 numeric digits.
"Added security" by randomising the positions on the keypad. Must be clicked.

https://dumbpasswordrules.com/sites/ing-australia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

https://dumbpasswordrules.com/sites/banca-intesa-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This is an incredible story to wake up to about the very real impacts to people of a data breach: https://www.bbc.com/news/articles/cvg8zy78787o

#infosec

Just a quickie from one of our @DomainTools researchers today that I know @cR0w will enjoy.

Malware in DNS - specifically, malware seen being assembled from DNS TXT records.

Not a "zomg new thing!" so much as a neat example in the wild.

#infosec #cybersecurity #DNS

https://dti.domaintools.com/malware-in-dns/

This dumb password rule is from Estheticon.

- At least 8 characters but limited to 20 characters at max
- At least 1 digit
- At least one letter (just a letter in general, no specific casing required)
- No special characters at all

https://dumbpasswordrules.com/sites/estheticon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Seven day embargo limit for #curl: https://git.hardenedbsd.org/shawn.webb/curl/-/commit/af81e8fe5f45276877489d49e00cee874d4cd7bc

It can take the #HardenedBSD project a full month to rebuild its package repos. And since we've built this software monoculture against libcurl, this will be FUN!

#infosec #libcurl

This dumb password rule is from IKEA.

Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then
it won't allow you to even use name in password.

Password must contain:
- 8-20 characters
- **No more than 2 identical characters in a row**
- A lowercase letter (a-z)
-...

https://dumbpasswordrules.com/sites/ikea/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Gigabyte RMA system.

Your password must contain:
Between 8-12 characters
An upper case letter (A, B, C, etc.)
a lower case letter (a, b, c, etc.)
A number (1, 2, 3, etc.)
A symbol (-, ~, !, #, $, %, &, (, ), +, =, .)

https://dumbpasswordrules.com/sites/gigabyte-rma-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Thames Water.

Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.

https://dumbpasswordrules.com/sites/thames-water/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Sometimes y’all, there is the perfect meme.

(Sorry, I’ll add alt txt when I can get to a keyboard, my app won’t l scan the text or let me see the whole image.)

#witchy #infosec #darkarts #updates #funny

https://www.securityweek.com/esim-hack-allows-for-cloning-spying/

Old Java Card vulnerabilities resurface in eSIMs

#esim #java #infosec

This dumb password rule is from Blackrock.

They force you to enter a password that has 8, 9, or 10 characters, then
they lecture you on how to create a strong password.

https://dumbpasswordrules.com/sites/blackrock/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IBM TSO/E Logon terminal.

It might not be a web site, but that does not make it less dumb.
Since many don't know about IBM mainframes, it seems they don't think you need to up the policies.

Default old password policy is: 6-8 characters long, A-Z, 0-9

Over the last few years they have updated their policies a bit, but d...

https://dumbpasswordrules.com/sites/ibm-tso-e-logon-terminal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Enjoying the idea that leaving my current job means I'm allowed to talk publicly about security again without going through annoying approvals. I could be doing all sorts of conference talks! The problem? I don't wanna. 😂

Looking forwards to making it past the burnout stage of this job, seriously.

#infosec #life

This dumb password rule is from Turkish Airlines.

- Your password must consist of 6 digits
- Make sure that your password does not contain your date of birth or three consecutive digits...
- but two is OK, for sure.
- ... and that the same number is not repeated three or more times.
- but two times is probs OK

https://dumbpasswordrules.com/sites/turkish-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Reminder that my collection of short stories based on real world #infosec adventures, InfoSec Diaries (https://infosecdiaries.com), should not be confused with the place that has InfoSec themed dairy products, InfoSec Dairies (infosecdairies.com).

This dumb password rule is from Vélib’ Métropole.

Your password must be at least 10 characters, with at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character (only from this list: @, $, €, #, %, *, ., ;, !, ?).

You're not allowed to paste passwords.

https://dumbpasswordrules.com/sites/velib-metropole/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Request for #recommendations:

I want to find a new #domain #registrar.

For my domains with no active site on them (at the moment), meant to forward to main site (using registrar later for active sites).

I seek a domain registrar able to:

1) do domain privacy
2) do redirects (301 & 302)
3) be less expensive than godaddy for registration & privacy
4) reliable

5) perhaps in EU since I'm critical of US admin & want to be harder to censor.

#infosec #recommendation

@briankrebs i've seen some IR figures get squirrely about the name. some argue Scattered Spider is a loose confederation, others an attack methodology. i don't have a strong opinion on that but i've seen the absolute bedlam these crews drop everywhere they go. #infosec #scatteredSpider

This dumb password rule is from MKB NetBankár.

It only accepts lowercase letters, uppercase letters and numbers (any
other character counts as forbidden character).
Also, if your password contains any invalid character, it will get
marked as "Identical to the former 10 passwords".

To make it more fun, during the registration, it allows to se...

https://dumbpasswordrules.com/sites/mkb-netbankar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Easybank (Austrian direct bank).

- At least 8 and at most 16 (!) characters
- **Must start with 5 digits (do we really want to know what's going on there?)**
- At least one uppercase and one lowercase letter
- (Some) special characters are permitted, most are not
- "Simple" patterns are prohibited
- PINs are case sensitive (at l...

https://dumbpasswordrules.com/sites/easybank-austrian-direct-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from URSSAF (French employers tax collection service).

When setting a new password:
Password must be exactly 8 characters, at least 1 letter, at least 1 number, but no special characters.

https://dumbpasswordrules.com/sites/urssaf-french-employers-tax-collection-service/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Does anyone know of a table of data which shows PKI CA root certs and which devices/clients they are compatible with? (i.e. which devices/clients include each root cert in their default trust store)

I think I have asked about this in the past. It'd be incredibly useful.

#PKI #TLS #InfoSec #WebDev