This dumb password rule is from LibraryThing.

"Your password cannot be longer than 20 characters"

https://dumbpasswordrules.com/sites/librarything/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Switzerland Ends #Palantir Contract Over #Data #Sovereignty Risks - #Cybersecurity

#Switzerland’s decision to discontinue the use of Palantir is not a #technology story.

- It's a #risk management story. The platform was not rejected because it failed to perform. On the contrary, it delivered advanced data fusion and operational insight.

It was rejected because the residual sovereignty risk was considered unacceptable.

#security #BigData #insecure #surveillance #SurveillanceCapitalism

[1/2]

This dumb password rule is from Return of Reckoning.

Password must be between 6 and 100 characters.

It doesn't say on the website, but the password only works in the related game client if it is purely alphanumeric. Not even special characters like % or $ are allowed.

https://dumbpasswordrules.com/sites/return-of-reckoning/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from myezyaccess.com patient portal system.

12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.

https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🆕 blog! “FobCam '25 - All my MFA tokens on one page”

Some ideas are timeless. Back in 2004, an anonymous genius set up "FobCam". Tired of having to carry around an RSA SecurID token everywhere, our hero simply left the fob at home with an early webcam pointing at it. And then left the page open for all to see.

Security expert Bruce…

👀 Read more: https://shkspr.mobi/blog/2025/04/fobcam-25-all-my-mfa-tokens-on-one-page/
⸻
#2fa #CyberSecurity #MFA #Satire(Probably) #security

This dumb password rule is from Coventry Building Society.

Password has to be between 6 and 10 characters, can't contain any punctuation and you have to give characters from it on the phone to confirm identity.

https://dumbpasswordrules.com/sites/coventry-building-society/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#0DIN is open-sourcing #AI security and the hard-earned knowledge behind it

https://blog.mozilla.org/en/mozilla-new-products/0din-ai-security-scanner/

#cybersecurity #Mozilla #0DINScanner #FOSS

This dumb password rule is from Nelnet (student loan servicer).

8 to 15 characters and no spaces? Why no spaces? Also limited to only these 6 special characters. That could mean that there is some process somewhere that puts this as part of a command line invocation.

https://dumbpasswordrules.com/sites/nelnet-student-loan-servicer/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I don't know if I have to say this, but please do not use postmarketOS on a personal device if you are doing anything security critical or requiring high levels of data protection. Android or iOS are much better options for this. I would generally recommend a Google Pixel with GrapheneOS if you really need peace-of-mind. Heck, a random stock Android ROM from a carrier phone is probably more secure with some adb work.

#PostMarketOS #Android #iOS #CyberSecurity

Anthropic-KI Mythos: Dringende Warnung an US-Banken, BSI erwartet Umwälzungen

Anthropics neue KI Mythos sorgt für Aufregung. In den USA wurden die Chefs der systemrelevanten Banken einbestellt, hier erwartet das BSI weitreichende Folgen.

https://www.heise.de/news/Anthropic-KI-Mythos-Dringende-Warnung-an-US-Banken-BSI-erwartet-Umwaelzungen-11251450.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Anthropic #BSI #Cybersecurity #IT #KünstlicheIntelligenz #Sicherheitslücken #Wirtschaft #news

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps #GetFediHired

Please boost for reach, any job offers please DM me.

This dumb password rule is from Unicaja.

Username is your national Spanish ID (easy to find).
Your password must be 6 characters long. You can't type, only select characters from the virtual keyboard

https://dumbpasswordrules.com/sites/unicaja/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps

Please boost for reach, any job offers please DM me.

I have an all-hands-on-deck call to action today.

At what point do we stop owning the things we buy, and just rent everything?

That's the #enshittification problem that the #RightToRepair movement is trying to address.

In Colorado, where we finally (just 3 months ago!) saw the nascent first awakening of a new right to repair law come in to effect, that infant could end up smothered in its crib this week, as the Colorado senate considers a bill that would roll back the right to repair for any device considered "critical infrastructure" - and yes, it is that vague in its wording.

https://www.404media.co/data-center-tech-lobbyists-fearmonger-in-attempt-to-retroactively-roll-back-right-to-repair-law/

If you care about whether we get to control and use (to whatever purpose we see fit) the things we buy -- including commercial servers, firewalls, routers, or other electronic gear -- then please consider signing on to this petition urging the Colorado legislature to reject the fearmongering and bad-faith arguments of the tech industry, who are making a desperate attempt to protect the long term revenue stream of support contracts.

Don't get angry; Get active. We can win this one with reasoned arguments. Please ask the Colorado legislature to not give in to FUD, and embrace Coloradans' resiliency and willingness to fight the good fight.

Sign the petition here:

https://pirg.org/colorado/take-action/tell-your-senator-protect-colorados-right-to-repair-law/

#COpolitics #Boulder #cybersecurity #cybercrime

This dumb password rule is from Itaú Bank.

I know, it's in spanish, let me translate this monstrosity for you.

- Allowed characters: letters A to Z uppercase or lowercase (ñ is not allowed), number 0 to 9, #, $, %, &, +, -, . :, ;, _.
- You must use 8 characters.
- The password must contain at least one letter and at least one number.
- ...

https://dumbpasswordrules.com/sites/itau-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

If you are interested in a Free, interactive, application firewall for Linux, do take a look at opensnitch:

https://github.com/evilsocket/opensnitch

It pops up a dialogue window when it detects a connection, allowing you to control what to do with it (allow/drop traffic, do so permanently/temporarily etc.).

#Linux #FOSS #cybersecurity

This dumb password rule is from Bank Millennium.

Passwords limited to 8 digits.

https://dumbpasswordrules.com/sites/bank-millennium/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

attention anybody with substantial experience with Rust and networking: my team is hiring!!

one of few rust jobs I'm aware of that is not web 3.0 horseplop.

fully remote (US timezones), good culture, good trans-inclusive healthcare, good work/life balance, and a nice defensive cybersecurity mission i can get behind.

feel free to reach out for more details and the job posting.

#fedihired #rust #infosec #cybersecurity #ot #ics

hey so this is probably completely pointless but: looking for a job (NZ or fully remote willing to hire a kiwi) in SRE, security, or linux/Unix system administration. 15 years expereince administering Linux and Unix boxes, intermediate level of experience working with docker compose and containerisation and container security. No prior job experience unfortunately, all those 15 years were mostly personal projects and small-scale stuff for friends. Currently running an entire multi-machine personal cloud infrastructure with a demonstration of all the services I have running at https://status.highenergymagic.net. Entirely willing to accept entry-level job placements, no expectation of being paid a lot or anything, just want to be doing something and move the needle a little on my current "being broke" status. #fedihired #infosec #cybersecurity #linux #unix #docker #sre #DevOps

Please boost for reach, any job offers please DM me.

The #VeraCrypt and #WireGuard maintainer accounts have been locked out by Microsoft. They are now unable to deliver Windows updates.

https://cybernews.com/security/microsoft-suspends-veracrypt-wireguard-accounts-maintainers/

#security #cybersecurity

This dumb password rule is from Inria.

This is the account for those who work at [Inria](https://www.inria.fr/)
"the French national research institute for
the digital sciences".

You have to wonder what's wrong with these special characters but not
the other ones.
- Password expiration once a year
- Your password must contain at leas...

https://dumbpasswordrules.com/sites/inria/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

New, dull, blogpost:

"Thoughts on increasing ssh security using a hardware security key"

No luck with a FOSS solution for Android yet :(

https://neilzone.co.uk/2026/04/thoughts-on-increasing-ssh-security-using-a-hardware-security-key/

#Linux #Android #ssh #cybersecurity #blob

Critical File Upload Vulnerability Reported in Ninja Forms Plugin for WordPress

A critical unauthenticated arbitrary file upload vulnerability in the Ninja Forms – File Upload plugin (CVE-2026-0740) allows attackers to achieve remote code execution.

**If you are using the Ninja Forms File Upload plugin, this is urgent! Immediately update to version 3.3.27. You can't hide WordPress from the internet, it's made to be visible online. Since this flaw is being actively scanned for, any delay in patching leaves your site exposed to automated attacks. After the update, review server logs for suspicious requests targeting the handle_upload action.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-file-upload-vulnerability-in-ninja-forms-plugin-exposes-50000-wordpress-sites-j-m-6-0-i/gD2P6Ple2L

This dumb password rule is from Deutsche Kreditbank AG (DKB).

Passwords for the online banking web frontend do not have a max length constraint, but using the same password to
log in to the official iOS DKB app requires the password to be no longer than 38 characters.

https://dumbpasswordrules.com/sites/deutsche-kreditbank-ag-dkb/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec

This dumb password rule is from Air France.

- Between 8 to 12 characters
- Should contain capital, lowercase letters and numbers

https://dumbpasswordrules.com/sites/air-france/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Can anyone recommend a good "introduction to 2fa" article/video for dummies that I can forward to some non-technical folks? Also not slop-generated. #cybersecurity #2fa

This dumb password rule is from MySwissLife.

User ID *has to* be 8 characters exactly, password *has to be* 8 characters and numbers only.

https://dumbpasswordrules.com/sites/myswisslife/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bank of America.

20 character max and lots of special character restrictions.
Bank of America - keeping your money safe.

Also: If you paste a password greater than 20 characters,
the form truncates it without telling you or giving an
error.

https://dumbpasswordrules.com/sites/bank-of-america/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

RE: https://mastodon.thenewoil.org/@thenewoil/116357294049745826

The accusation is much scarier as it taps into corporate espionage and mass surveillance.

Microsoft is accused of illegally searching browser extension whenever a user sign in into LinkedIn. It scans for any signs of use of religious belief, political orientation, as well as disabilities of individuals. There is also the accusation of the data being handed over to Israeli spyware firm.

"This is illegal and potentially a criminal offense in every jurisdiction we have examined."

https://browsergate.eu/

#microsoft #tech #cybersecurity #privacy

This dumb password rule is from Trenord.

- Password must consist of 8-16 characters
- Must contain 3 out of 4 of the following: lowercase characters, uppercase character, digits (0-9), and one or more of the following symbols: @#$%^&*-_+=[]{}|\:',?/`~“();.

https://dumbpasswordrules.com/sites/trenord/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Air Miles.

- Exactly 4 numbers.

https://dumbpasswordrules.com/sites/air-miles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Safeway.

Passwords limited to 8-12 characters.

https://dumbpasswordrules.com/sites/safeway/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Wow, fake slack and fake Teams update in the npm hack...

https://www.bleepingcomputer.com/news/security/axios-npm-hack-used-fake-teams-error-fix-to-hijack-maintainer-account/

#slack #teams #supplychain #npm #cybersecurity

This dumb password rule is from Green Flag.

- 8 to 10 characters
- No special characters

https://dumbpasswordrules.com/sites/green-flag/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@nielsa no, that's not what I'm telling you.

I prefer to believe that most people will be thoughtful.

＂… a huge number of bugs. I have so many bugs in the Linux kernel that I can't report because I haven't validated them yet. I'm not going to make some open source developer validate bugs that I haven't checked yet. I'm not going to send them potential slop … I now have … several hundred crashes that they haven't seen because I haven't had time to check them. We need to find a way to fix this …＂

– Nicholas Carlini

#Linux #FreeBSD #security #cybersecurity #infosec #AI #LLMs

Alt...

Screenshot: a frame from https://www.youtube.com/watch?v=1sd26pWhfmg

This dumb password rule is from State Bank of India (Foreign Travel Card).

State Bank of India is the largest government operated bank in India.
They offer "travel" prepaid cards for foreign currencies, this is for
their portal for the prepaid card users to manage their account.

Your password must:
- Be between 8 and 9 characters long
- Contain at least 1 lowercase c...

https://dumbpasswordrules.com/sites/state-bank-of-india-foreign-travel-card/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Paytm.

Password must be between 5 and 15 characters. Also, spaces don't count
as characters.

https://dumbpasswordrules.com/sites/paytm/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from LINE.

Password must:
- be between 8 to 20 characters
- not contain characters that repeat in a row
Password must contain three of the following:
- an upper-case letter
- a lower-case letter
- a number
- a symbol

https://dumbpasswordrules.com/sites/line/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Telekom.

At first glance, their policy looks good - sure, the upper limit was chosen without necessity
and they enforce characters from all four groups, but your password manager will most likely come up with something suitable.

The website even tells you how 'wunderbar' your new password is - only to t...

https://dumbpasswordrules.com/sites/telekom/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Alipay.

- 8-20 characters (numbers or letters)
- no special characters allowed
- in the mobile app

https://dumbpasswordrules.com/sites/alipay/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Watching the livestream of the Artemis II launch, I just witnessed one of the astronauts type in the password on their tablet while sitting in the capsule on camera.

#ArtemisII #Artemis #Artemis2 #NASA #InfoSec #cybersecurity #OpSec #Privacy #SpaceExploration

We can quit #cybersecurity and just go farm potatoes or something. After 25 years of #appsec one of the most talked-about tech companies invents a daemon process that

makes use of a file-based “memory system” designed to allow for persistent operation across user sessions.

Sure. Just store your system instructions in a random text file.

Why are we installing endpoint protection on this system?

Why do we verify cryptographic signatures on software updates to this system?

Why are we building a zero trust security environment?

Why do we do scan email to avoid social engineering emails?

Our AI-assisted users are gonna YOLO right past all that. And if they can’t get past our #security controls, this agentic Frankenstein will write itself some markdown and work quietly in the background figuring out how to bypass something the user couldn’t bypass on their own.

This is #infosec in 2026