This dumb password rule is from HSA Bank.

- Must be minimum 12 characters
- Must not be one of user's past 5 passwords
- Must contain uppercase and lowercase letters
- Must contain a number
- Must not be the same as user's account number or login/username

But also...
- Cannot be longer than 20 characters

https://dumbpasswordrules.com/sites/hsa-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from University of Western Australia (Pheme).

Passwords:
1. Must contain at least 8 characters;
2. Must contain at least 3 out of 4 types of characters
(uppercase letters, lowercase letters, digits, special characters);
and
3. Must not contain
"the user's account name or parts of the user's full name
that exceed two consecutive characters".
...

https://dumbpasswordrules.com/sites/university-of-western-australia-pheme/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IBM TSO/E Logon terminal.

It might not be a web site, but that does not make it less dumb.
Since many don't know about IBM mainframes, it seems they don't think you need to up the policies.

Default old password policy is: 6-8 characters long, A-Z, 0-9

Over the last few years they have updated their policies a bit, but d...

https://dumbpasswordrules.com/sites/ibm-tso-e-logon-terminal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Western Sydney University is having a very bad no good security day, with not just hijacked emails, but two!

The first one is a scam email telling students their qualifications have been revoked, while the second airs a series of scathing allegations against the uni's conduct when it comes to cyber security.

Both emails have been referred to the police.

#cybersecurity

https://www.cyberdaily.au/security/12728-western-sydney-university-warns-of-scam-emails-revoking-degrees

This dumb password rule is from Microsoft (work accounts).

What doesn't seem to be a problem for personal accounts, is for work
accounts from Microsoft (e.g. Office 365 etc.).

Maximum 16 characters. So forget about using your new fancy diceware
password here - or really any secure passwords in general.

Oh - and besides that, please don't use any "exoti...

https://dumbpasswordrules.com/sites/microsoft-work-accounts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

AI has found 50 bugs in cURL. "AI-native SASTs work well"

https://etn.se/72494

#HackerNews #AI #cURL #bugs #SAST #cybersecurity #technology

Ellen Mok closes Orangecon with a look at digital sovereignty, why independence matters and how we can get there.
Rewatch here: https://youtu.be/QgV7tVLNATw?si=VqdbI3i5Hug9GoPm

#Orangecon #Cybersecurity #DigitalSovereignty

This dumb password rule is from Virgin Mobile.

You can only use PIN as your password.

https://dumbpasswordrules.com/sites/virgin-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Honoured to partner with Thales for WICCON 2025. Their involvement will help us deliver a magical event!

#WICCON #womenintech #cybersecurity #infosec

This dumb password rule is from Red Hat.

Symbols. You keep using that word. I don't think it means what you think
it means.

https://dumbpasswordrules.com/sites/red-hat/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🇬🇧 UK govt demands access to British Apple users' data, reigniting its privacy dispute with Apple 🔐

Apple pulled Advanced Data Protection from UK iCloud, calling the move "gravely disappointing" ⚠️

Critics warn secret orders threaten global security 🕵️

🧑‍⚖️ Legal hearing set for Jan 2026

🔗 https://www.bbc.com/news/articles/c740r0m4mzjo

#TechNews #Privacy #Apple #UK #DataRights #Encryption #CyberSecurity #Surveillance #CivilLiberties #HumanRights #TechPolicy #iCloud #DataProtection #EndToEndEncryption #Security

This dumb password rule is from Boligøen (Danish resident renting bureau).

Red text: "Your password has to be at least 6 characters, but NOT over 20 characters."

https://dumbpasswordrules.com/sites/boligoen-danish-resident-renting-bureau/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

So age determination is not a security risk ? It is and it will be more for future. The latest Discord incident might be an eye opener for some.

#ageverification #cybersecurity #leak

🔗 https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

Alt...

The unauthorized party also gained access to a small number of government-ID images (e.g., driver’s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive.

This dumb password rule is from T-Mobile.

We prefer to not tell you which characters you can use up front.

https://dumbpasswordrules.com/sites/t-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from University of California San Diego.

Passwords must be between 8 and **11** characters long!

https://dumbpasswordrules.com/sites/university-of-california-san-diego/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Broadcom has stopped delivering automated updates to #VMware Fusion and Workstation. All updates have to be downloaded and installed manually from the Broadcom Support Portal (as a side note: This portal is one of the worst corporate "support" websites I've seen in the last decade).

This is terrible. It will lead to tens of thousands of VMware installations remaining vulnerable to trivially exploitable flaws, for example, local privilege escalation via CVE-2025-41244 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

BTW, Please note that to fix CVE-2025-41244 you must now manually download the correct VMware Tools package from the support portal, unpack the zip, mount the ISO image, and then execute the setup.exe from the mounted ISO image. There is currently no VMware releases that include the fixed VMware Tools, so if you create any new VMs you MUST install the update manually to each new VM. Did I already mention this is terrible?

#enshittification #infosec #cybersecurity

Alt...

VMWare Tools vulnerable to CVE-2025-41244 installed.

This dumb password rule is from Suncorp.

To "improve security" and "be password savvy", passwords must:
- be six to eight characters long
- Contain both numbers and letters
- Include upper and lowercase letters

https://dumbpasswordrules.com/sites/suncorp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

If this isn't the wake up call that we need to take #cybersecurity more seriously, I don't know what is. Cyber attacks are now affecting #beer production: https://bbc.com/news/articles/c0r0y14ly5ro

This dumb password rule is from BinckBank.

Between 10 and 16 letters and/or digits. No special characters are allowed.
Must be renewed at least every 180 days, but you can configure to let the password expire sooner.
When changing the password, the new password cannot be too similar to the existing password.

https://dumbpasswordrules.com/sites/binckbank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I see some people with high expectations for the EU CRA regulation, thinking the number of vulnerable or compromised devices will go down.

That’s just a pipe dream, like expecting the DSA to shut down every social network spreading hate speech.

#cra #cybersecurity #vulnerability

The new VPN from Tor is pretty interesting.

Still in beta so it may not actually be production ready yet, but its got some very exciting features.

Each app gets its own separate tor circuit, or can be excluded from the VPN.

https://play.google.com/store/apps/details?id=org.torproject.vpn

@torproject

#Android #VPN #Tor #privacy #cybersecurity

This dumb password rule is from Pam360.

"Enterprise privileged access management has never been easier."

- Must be 8 to 16 characters in length
- Must have mixed case alphabets
- Must have at least 1 upper and 1 lower case character(s)
- Must have at least 1 number(s)
- Must have at least 1 special character(s)
- Must star...

https://dumbpasswordrules.com/sites/pam360/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Oh yeah, that's smart... sell all your phone calls for AI training. Account numbers, personal info, everything /s

https://www.engadget.com/apps/viral-app-neon-vows-to-return-to-sell-more-of-your-phone-calls-to-ai-companies-150233035.html?

#ai #privacy #cybersecurity

"Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.).

Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware malware strains establish persistent access to compromised Android devices and exfiltrate data.

"Neither app containing the spyware was available in official app stores; both required manual installation from third-party websites posing as legitimate services," ESET researcher Lukáš Štefanko said. Notably, one of the websites distributing the ToSpy malware family mimicked the Samsung Galaxy Store, luring users into manually downloading and installing a malicious version of the ToTok app."

The ProSpy campaign, discovered in June 2025, is believed to have been ongoing since 2024, leveraging deceptive websites masquerading as Signal and ToTok to host booby-trapped APK files that claim to be upgrades to the respective apps, namely Signal Encryption Plugin and ToTok Pro."

https://thehackernews.com/2025/10/warning-beware-of-android-spyware.html

#CyberSecurity #Android #UAE #Signal #Spyware #Malware

This dumb password rule is from Mobility.

The username is the customer number, which is sequential and cannot be changed, currently 7 digits long for new customers.
The password has to be exactly 6 digits long, only numbers allowed.

https://dumbpasswordrules.com/sites/mobility/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

October is Cybersecurity Awareness Month!

Celibrate below by posting your mother's maiden name!

#CyberSecurity #CyberSecurityAwareness #CyberSecurityAwarenessMonth

Thinking of this classic* @smbccomics during Cybersecurity Awareness Month

*From 2012 (!?)

https://www.smbc-comics.com/?id=2526

#cybersecurity

Alt...

Top panel: Movie hacking... Man sitting at a PC says "If I can just overclock the unix django, I can basic the DDoS root. Damn. No Nice. But wait... if I disencrypt their kilobytes with a backdoor handshake then... jackpot" Bottom panel: Real hacking... Left: A man on the phone at a computer says "Hi, this is Robert Hackerman. I'm the county password inspector." Right: The man he's calling, who seems to be working in an office, responds "Hi bob! How can I help you today?"

Might as well try this - anyone looking for a fully remote role that would suit a Senior DevOps/DevSecOps/Platform/Cybersecurity Engineer in the UK who’s great at problem solving and has real golden retriever energy? #getfedihired #cybersecurity #devops

This dumb password rule is from E-Redes.

Portuguese power distribution company, which requires short passwords (10 to 15 characters), no repetition of the same character, not using the username, the word "PASS" or the word "SAP" in the password, and limiting which special characters can be used.

https://dumbpasswordrules.com/sites/e-redes/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Rushmore Loan Management Services.

Hmmm.. why are they afraid of double and single quotes in my passwords?

https://dumbpasswordrules.com/sites/rushmore-loan-management-services/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Happy Cybersecurity Awareness Month everyone. 💀

According to the FT, the UK Home Office issued a new order to Apple in early September to create a backdoor into its cloud storage service, this time focused on UK users... (£)

https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265?accessToken=zwAGQBl4pP6YkdPRAf1iFPlPUdO-_-pB6HlCZQ.MEYCIQDqJlwcbpQ4rrKlgeSJtbcTgqpW4uTX3yGMCHf2gdS0fQIhAMtU15LHqeHwAXTZ3wWJLDzI72kjsauSKc8OEDpim1Gx&sharetype=gift&token=3767767d-fe68-4911-a97e-c067715e061e

#cybersecurity #privacy

Schools are swotting up on security yet still flunk recovery when cyberattacks strike

Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students' coursework being permanently lost in some cases.

New figures from the Office of Qualifications and Examinations Regulation (Ofqual), which regulates school qualifications, examinations, and assessments in England, reveal a troubling trend: more teachers are receiving cybersecurity training, yet institutions struck by attacks are increasingly struggling to recover.

Me, for The Reg

https://www.theregister.com/2025/10/01/school_cyberattack_recovery/

#cybersecurity

This dumb password rule is from Parnassus Investments.

A site responsible for protecting your investments limiting you to a
four character range with a bunch of other stupid rules? Shocking.

https://dumbpasswordrules.com/sites/parnassus-investments/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bank Millennium.

Passwords limited to 8 digits.

https://dumbpasswordrules.com/sites/bank-millennium/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Cyber criminals have gone too far now.

https://www.theregister.com/2025/09/29/asahi_hacking_outage/

#cybersecurity

This dumb password rule is from Aetna Health Insurance.

- Password cannot be longer than 20 characters
- Password cannot have spaces and more 2 characters repeated in a row
- Password cannot have user's first name, last name or username

https://dumbpasswordrules.com/sites/aetna-health-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Westpac Live Online Banking.

Password rules:
- be between 8 and 30 characters
- include at least 1 number, 1 letter and 1 special character (@#%^ etc)
- have no more than 2 repeating characters (AAB not AAA)
- not contain spaces
- not be the same as your last 3 passwords

https://dumbpasswordrules.com/sites/westpac-live-online-banking/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NordVPN.

- Password cannot be longer than 48 characters.

https://dumbpasswordrules.com/sites/nordvpn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Wells Fargo Identity Theft Protection.

Your password on an Identity Theft Protection service is limited to
between 8 and 20 characters. Your username is allowed to be longer than
your password.

https://dumbpasswordrules.com/sites/wells-fargo-identity-theft-protection/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

From 2020, but this is hilarious (someone who hacked a coffee maker and replaced it with their own firmware)

https://www.gendigital.com/blog/insights/research/the-fresh-smell-of-ransomed-coffee-0

#hacked #coffee #cybersecurity

This dumb password rule is from Thames Water.

Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.

https://dumbpasswordrules.com/sites/thames-water/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NVV (Nordhessische VerkehrsVerbund).

Password length must be 4 to 10 characters with only a few special characters allowed.

https://dumbpasswordrules.com/sites/nvv-nordhessische-verkehrsverbund/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Major League Baseball.

When creating a new account they enforce some password rules like: length must be
between 8 and 15 characters and there must be one upper case, one lower case letter
and one number.

https://dumbpasswordrules.com/sites/major-league-baseball/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Apple.

Can't contain 3 or more consecutive identical characters, nor can it be more than 32 characters long.

https://dumbpasswordrules.com/sites/apple/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from AmiAmi.

Your password needs to be between 6 and 12 characters long, must contain only letters and numbers.

https://dumbpasswordrules.com/sites/amiami/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Just got my first #spam via someone tagging me along with hundreds of others in a series of #GitHub pull requests. Fraudulent #cryptocurrency scam, of course.

Reported and blocked.

Remember how insecure “formmail” CGI scripts became open email relays in the 1990s? This is the same exploit, only now GitHub has done the legwork of verifying the recipients already.

#Codeberg and other #Forgejo services are probably also vulnerable.

/cc @github @Codeberg @forgejo

#infosec #CyberSecurity

This guide provides a step-by-step walk-through for integrating a uTrust FIDO2 security key (Identiv uTrust) with Fedora 42 to secure:

* LUKS2 full disk encryption (FDE)
* Graphical login (LightDM + Cinnamon)
* Sudo elevation

Learn more: https://fedoramagazine.org/integrating-utrust-fido2-security-key-for-disk-encryption-login-and-sudo-access-for-fedora-42/

#Fedora #Security #Cybersecurity #InfoSec #Linux #OpenSource