🔐 **Hot take: Bitwarden + Aegis is the ultimate security combo** 🔐

✅ **True 2FA separation** - passwords & TOTP codes in different apps (actual security, not convenience security)

✅ **100% open source** - no black boxes, full transparency

✅ **Costs basically nothing** - Bitwarden free tier + free Aegis = enterprise-grade security on a student budget

✅ **Your data stays YOURS** - no Big Tech overlords changing policies overnight

✅ **Rock-solid backups** - cloud sync + local encrypted backups = sleep peacefully

Stop paying $60/year for password managers that want to do everything poorly. Get two tools that each do ONE thing perfectly.

Your future hacked self will thank you 🙏

#cybersecurity #privacy #opensource #bitwarden #aegis #infosec #digitalfreedom #2FA #passwordsecurity

*Boost if you've made the switch! 🚀*

AI-generated news channels spread election fraud and separatist narratives in Canada https://dfrlab.org/2025/07/17/ai-generated-news-channels-spread-election-fraud-and-separatist-narratives-in-canada/ #cybersecurity #infosec

Don't give in to these requests.

"TechCrunch found that when Perplexity requests access to a user’s Google Calendar, the browser asks for a broad swath of permissions to the user’s Google Account, including the ability to manage drafts and send emails, download your contacts, view and edit events on all of your calendars, and even the ability to take a copy of your company’s entire employee directory."

Tech Crunch: For privacy and security, think twice before granting AI access to your personal data https://techcrunch.com/2025/07/19/for-privacy-and-security-think-twice-before-granting-ai-access-to-your-personal-data/ @TechCrunch @zackwhittaker #AI #privacy #cybersecurity #infosec

This dumb password rule is from Seur.

Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.

https://dumbpasswordrules.com/sites/seur/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from SunTrust.

At least there are a variety of special characters to choose from.

https://dumbpasswordrules.com/sites/suntrust/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Alright so I just found out that OCI (Docker/Podman) is just absolute garbage if you want anything resembling supply-chain security, because registries and clients are basically allowed to willy-nilly change the image digests. So I just cannot really prove that an image I just mirrored on my local registry is the same I pulled from elsewhere. Is this what we are basing much of our software infrastructure on?

#oci #docker #podman #security #cybersecurity #supplychain

This dumb password rule is from Alipay.

- 8-20 characters (numbers or letters)
- no special characters allowed
- in the mobile app

https://dumbpasswordrules.com/sites/alipay/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The success story of the memory-safe sudo-rs, the Rust implementation of the sudo command, in an article from Prossimo, where it all began: https://www.memorysafety.org/blog/sudo-rs-headed-to-ubuntu/

We started work on sudo-rs in 2022, with @ferrous, for @ProssimoISRG. In 2024, sudo-rs moved to @trifectatech. We're still working on it: maintenance, improvements, and readying for various distributions, of which Ubuntu 25.10 is the biggest milestone so far! 🥳

#rustlang #memorysafety #cybersecurity

Can AI help you examine leaked data safely?
If you do it right, it can...

In this blog post, our Luke Davis looks at how internal chatbot systems, built on private large language models, can support forensic investigations.

He shows how AI can help find important information in big datasets and speed up analysis.

📌Read here: https://www.pentestpartners.com/security-blog/using-ai-chatbots-to-examine-leaked-data/

To make sure the AI output is correct, it should always be checked against the raw dataset.

#CyberSecurity #ArtificialIntelligence #DigitalForensics #ThreatIntelligence #DataSecurity #InformationSecurity

Make our voice heard at the Apple encryption hearing!

On the sly, the UK government tried to force a backdoor into the firewall that protects your privacy. We made the hearing public.

Now we need to win in court ✊

Donate now to fund legal representation ⬇️

https://action.openrightsgroup.org/make-our-voice-heard-apple%E2%80%99s-encryption-hearing

#e2ee #apple #encryption #privacy #cybersecurity #ukpolitics #ukpol #crowdfunder #surveillance #security

This dumb password rule is from AmeriHealth.

Their site says "*All information is kept safe and secure.*" Just not as
secure as you'd like.

User Password must be between 6 and 14 characters and contain 1
numerical value.

https://dumbpasswordrules.com/sites/amerihealth/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Head's up, the "you must confirm your profile" scam is proliferating on the Fediverse. I wonder if they are trying to gather driver's licenses and credit card numbers? It's a scam.

#scam #MastoAdmin #cybersecurity

Alt...

Scam Profile confirmation required image

Exposing the Unseen: Mapping MCP Servers Across the Internet

"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."

this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, *and* how human behavior will interact with them.

#infosec #cybersecurity #genai

https://www.knostic.ai/blog/mapping-mcp-servers-study

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

In an email to staff announcing his sudden departure after thousands of university web pages had been down for weeks due to a security incident that the university will "likely never explain publicly", Indiana University's Vice President of IT Rob Lowden declared his department a "national — and indeed international — model of innovation, dedication, and excellence in higher education IT.”

https://www.ipm.org/news/2025-07-16/iu-vice-president-for-it-leaving-after-security-incident-crippled-website-for-weeks

#infosec #CyberSecurity #iu #IndianaUniversity #bloomingtonIN

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Most cybersecurity risk comes from just 10% of employees

A new report from Living Security and the Cyentia Institute sheds light on the real human element behind cybersecurity threats, and it’s not what most organizations expect.

💻 https://www.helpnetsecurity.com/2025/07/16/human-cybersecurity-risk-employees/

#itsecurity #cybersecurity #wrongsetup #human #emploi #work #just10

This dumb password rule is from ING Australia.

4 numeric digits.
"Added security" by randomising the positions on the keypad. Must be clicked.

https://dumbpasswordrules.com/sites/ing-australia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

https://dumbpasswordrules.com/sites/banca-intesa-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Just a quickie from one of our @DomainTools researchers today that I know @cR0w will enjoy.

Malware in DNS - specifically, malware seen being assembled from DNS TXT records.

Not a "zomg new thing!" so much as a neat example in the wild.

#infosec #cybersecurity #DNS

https://dti.domaintools.com/malware-in-dns/

Endlich erschienen: Meine Geschichte über mein Evil Bit und wie es dazu beigetragen hat, dass ich ein Atomkraftwerk gehackt (und Barack Obamas Sicherheitsberater eine Spearphishing-E-Mail geschickt) habe.
🎁 Geschenk-Link 🎁
#Cybersecurity
https://www.zeit.de/digital/datenschutz/2025-07/cybersecurity-konferenz-europa-cyberattacken-russland-chris-kubecka?freebie=8cae0fa7

This dumb password rule is from Estheticon.

- At least 8 characters but limited to 20 characters at max
- At least 1 digit
- At least one letter (just a letter in general, no specific casing required)
- No special characters at all

https://dumbpasswordrules.com/sites/estheticon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from IKEA.

Dumb restriction for consecutive similar characters. Wonder if someone got more that 2 identical characters in their name then
it won't allow you to even use name in password.

Password must contain:
- 8-20 characters
- **No more than 2 identical characters in a row**
- A lowercase letter (a-z)
-...

https://dumbpasswordrules.com/sites/ikea/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Cyberattacks could exploit home solar panels to disrupt power grids
https://www.newscientist.com/article/2487089-cyberattacks-could-exploit-home-solar-panels-to-disrupt-power-grids/
#cybersecurity #solarpanels #smartinverter #IoT #OT

This dumb password rule is from Gigabyte RMA system.

Your password must contain:
Between 8-12 characters
An upper case letter (A, B, C, etc.)
a lower case letter (a, b, c, etc.)
A number (1, 2, 3, etc.)
A symbol (-, ~, !, #, $, %, &, (, ), +, =, .)

https://dumbpasswordrules.com/sites/gigabyte-rma-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Thames Water.

Can only use the "special" characters on that very limited list, excluding symbols so exotic as an underscore, even. This is despite their own strength checker saying the password is strong.

https://dumbpasswordrules.com/sites/thames-water/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Blackrock.

They force you to enter a password that has 8, 9, or 10 characters, then
they lecture you on how to create a strong password.

https://dumbpasswordrules.com/sites/blackrock/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I received an email earlier this week from EA asking if I wanted to be added to a public acknowledgement page they were creating for individuals who responsibly disclosed vulnerabilities to them.

For all the shit people give EA, of the 100+ companies I contacted in the last two years, they were the only company I would say had a decent incident response.

They fixed the issue within 12 hours after validating it as critical, and proactively provided me multiple updates over time.

When the IR was done on their side, they reached out again with some more information about the potential impact if the issue hadn't been solved quickly, and also offered me a reward.

I did not have to keep chasing anyone for updates, I wasn't asked for non-disclosure, or offered money in exchange for it, and people replied instead of ignoring me.

I wasn't blamed for their mistake, either, or reported to the authorities.

Unfortunately, at least one or multiple of the things mentioned above are present in most of my other incidents reported; it's a real shit show out there.

#cybersecurity #infosec #responsibledisclosure #vulnerability #ea #electronicarts

Alt...

Screenshot from: www.ea.com/security/hall-of-fame Shows the Hall of Fame page for responsible vulnerability disclosure to EA. Transcript of entries shown: + Ramin Tépfer Social links: https;//wwwlinkedin.com/in/ramintopfer/ Q1 (January - March) - JayeLTee Social links: https;/infosec.exchange/@JayeLTee + Preetham Kumar Social links: https;//wwwlinkedin.com/in/preetham--kumar/

This dumb password rule is from IBM TSO/E Logon terminal.

It might not be a web site, but that does not make it less dumb.
Since many don't know about IBM mainframes, it seems they don't think you need to up the policies.

Default old password policy is: 6-8 characters long, A-Z, 0-9

Over the last few years they have updated their policies a bit, but d...

https://dumbpasswordrules.com/sites/ibm-tso-e-logon-terminal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Turkish Airlines.

- Your password must consist of 6 digits
- Make sure that your password does not contain your date of birth or three consecutive digits...
- but two is OK, for sure.
- ... and that the same number is not repeated three or more times.
- but two times is probs OK

https://dumbpasswordrules.com/sites/turkish-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Vélib’ Métropole.

Your password must be at least 10 characters, with at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character (only from this list: @, $, €, #, %, *, ., ;, !, ?).

You're not allowed to paste passwords.

https://dumbpasswordrules.com/sites/velib-metropole/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MKB NetBankár.

It only accepts lowercase letters, uppercase letters and numbers (any
other character counts as forbidden character).
Also, if your password contains any invalid character, it will get
marked as "Identical to the former 10 passwords".

To make it more fun, during the registration, it allows to se...

https://dumbpasswordrules.com/sites/mkb-netbankar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Easybank (Austrian direct bank).

- At least 8 and at most 16 (!) characters
- **Must start with 5 digits (do we really want to know what's going on there?)**
- At least one uppercase and one lowercase letter
- (Some) special characters are permitted, most are not
- "Simple" patterns are prohibited
- PINs are case sensitive (at l...

https://dumbpasswordrules.com/sites/easybank-austrian-direct-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

How's that AI coding going for you? Ah... I see.

Wired: McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’

"... Carroll and Curry, hackers with a long track record of independent security testing, discovered that simple web-based vulnerabilities—including guessing one laughably weak password—allowed them to access a Paradox.ai account and query the company's databases that held every McHire user's chats with Olivia. The data appears to include as many as 64 million records, including applicants' names, email addresses, and phone numbers...."

https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

#ai #cybersecurity #llm

wait there's ANOTHER @jerry defensive security podcast episode!?

#BlueTeam #CyberSecurity

https://www.youtube.com/watch?v=BRzMJbBZ490

Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel https://go.theregister.com/feed/www.theregister.com/2025/07/09/iranian_ransomware_crew_reemerges/ #cybersecurity #infosec

This dumb password rule is from URSSAF (French employers tax collection service).

When setting a new password:
Password must be exactly 8 characters, at least 1 letter, at least 1 number, but no special characters.

https://dumbpasswordrules.com/sites/urssaf-french-employers-tax-collection-service/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I signed up to volunteer for Greenpeace. I got an email that they received my request. I attended an orientation, but have not heard from them since. I don't know if they already had enough volunteers for their activities or if it's because I have no Facebook account. (They use Messenger for the group chat for volunteers.) And oh, they use Zoom for meetings? Don't they care about privacy?

#GreenPeace #FaceBook #Volunteer #CyberSecurity

This dumb password rule is from LepidaID.

Password must:
- be 8 to 16 characters in length
- contain at least 1 upper-case character
- contain at least 1 lower-case character
- contain at least 1 number
- contain at least 1 non-alphanumeric character
- not contain more than 2 of the same consecutive characters
- not contain any public da...

https://dumbpasswordrules.com/sites/lepidaid/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Copart.

Copart: "The security of our members is extremely important to us."
Also Copart: "We're gonna need you to keep your password between 5-10 characters."

https://dumbpasswordrules.com/sites/copart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules