This dumb password rule is from Intelink Passport.

Intelink is a group of "secure" intranets used by the United States Intelligence Community. Passport is
an identity and access management service for Intelink.

Rule #3 prohibits three or more consecutive uppercase, lowercase, or digit characters, even if those
characters are not the same. For ex...

https://dumbpasswordrules.com/sites/intelink-passport/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

New. This relates to CVE-2025-8110.

"A symlink bypass (CVE-2025-8110) of a previously patched RCE (CVE-2024-55947) allows authenticated users to overwrite files outside the repository, leading to Remote Code Execution (RCE)."

Wiz: Gogs 0-Day Exploited in the Wild https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit @wiz #infosec #vulnerability #threatresearch #zeroday

This dumb password rule is from CVent.

Password Rules
- 8 to 20 characters with at least 1 number and 1 letter.
- No symbols or spaces.

https://dumbpasswordrules.com/sites/cvent/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sunny Portal.

The password must consist of at least 10 and at most 50 characters. It must contain at least one special character, one number, one lower-case letter and one upper-case letter.
The following characters are permitted for the password:

- Lower-case letters (a-z)
- Upper-case letters (A-Z)
- Digits...

https://dumbpasswordrules.com/sites/sunny-portal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

We are reaching the end of 2025. Hand on heart – how many times have you swapped your main Linux distro this year? 🐧🔄

Drop a comment with your current daily driver. 👇 and 👉 Follow Us👈

#linux #debian #ubuntu #manjaro #fedora #askfedi #opensource #privacy #programming #security #infosec #bazzite #steam #steamDeck #proton #gaming #linuxgaming #gamedev #webdev #coding

Porsche in Russland: Autos lassen sich nicht starten https://www.heise.de/news/Porsche-in-Russland-Autos-lassen-sich-nicht-starten-11105814.html?wt_mc=rss.red.ho.top-news.atom.beitrag.beitrag #cybersecurity #infosec

This dumb password rule is from Southwest.

Password must be between 8 and 16 characters in length and include at least one uppercase letter
and one number. Certain special characters are also allowed, but the first character of the password must be alphanumeric.

https://dumbpasswordrules.com/sites/southwest/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from E-learning (Unipd).

Exactly 8 characters for password! There must be at least 1 lowercase
letter, at least 1 uppercase letter, at least 1 number and at least 1
*special* char ( \* , . $ # @ etc...).

https://dumbpasswordrules.com/sites/e-learning-unipd/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

It works! ​​

Ok so this helm chart is a total mess for the use case that I have, but, I got it working!

I can issue certs in-cluster via cert-manager, and hosts outside of the cluster can use certbot to obtain a locally signed cert via ACME!

Next up:
* Get traefik to trust the root CA
* Figure out how to get a client TLS cert through Traefik (for Crowdsec)
* Test TLS auth with rsyslog
* Clean up this config, either drop the helm chart, open an issue or just fix it and submit a PR
* Clean up my notes into a blog post
#Homelab #SelfHosted #Infosec #Kubernetes

This dumb password rule is from Walmart.

Your password must include the following:
- 8-100 characters
- Upper & lowercase letters
- At least one number or special character

https://dumbpasswordrules.com/sites/walmart/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

RE: https://mastodon.social/@quad9dns/115372609491714477

Just making sure everyone who needs to know and prepare knows and is preparing 🤞

Please keep sharing!

#DOH #DNS #infosec

This dumb password rule is from Blue Cross Blue Shield Massachusetts.

16 maximum and no special characters. Protecting your US healthcare
information.

https://dumbpasswordrules.com/sites/blue-cross-blue-shield-massachusetts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I am admiring the restraint of the reporting I'm seeing of Kohler's false security claims about their toilet-bowl camera. I can't understand how every headline isn't an END-to-end encryption joke. It's right there.
#infosec #Kohler

This dumb password rule is from University of Texas at Austin.

Because of the last two rules, which ban dictionary words and any
variants using symbol substitutions, *neither* of the passwords
presented in the [xkcd comic](https://xkcd.com/936/) are allowed.

https://dumbpasswordrules.com/sites/university-of-texas-at-austin/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Hey @simplex is this really your founder? 👀
https://xcancel.com/epoberezkin

#SimpleX #InfoSec

This dumb password rule is from Nelnet (student loan servicer).

8 to 15 characters and no spaces? Why no spaces? Also limited to only these 6 special characters. That could mean that there is some process somewhere that puts this as part of a command line invocation.

https://dumbpasswordrules.com/sites/nelnet-student-loan-servicer/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

PSA: If you use #Nextcloud, make sure to update to the latest server and app versions. They published a bunch of CVEs.

https://github.com/nextcloud/security-advisories/security

#infosec #selfhosting

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

It's been a few days since I posted about https://readily.news AKA "open.news", a service which:

1. asks for complete access to your Mastodon/fedi account

2. ingests whatever your account can see via your account and summarizes it using LLMs (seemingly from OpenAI?)

3. sends you a daily, personalized newsletter

It's a particularly bad kind of scraper because it basically hijacks existing community infra to do the scraping for it.

Because accounts' host instances are the actors gathering up all the content there's no way for remote servers to detect which of their followers' accounts have been compromised, nor to block their posts from ending up in the hands of the upstream LLM providers.

We'll probably need admins of affected instances to run a database query to detect and revoke permissions granted to this service via OAuth to limit its access.

I asked the guy who
the guy who appears to be behind it (https://mastodon.social/@librenews
) if he could confirm his affiliation, but he doesn't actually seem to be very active on Mastodon (preferring Bluesky) and so he still hasn't responded.

I'm actually a little surprised at how little reaction there's been to this based on how quickly other scrapers were run off the network, but I get that people are busy.

If you want more details, the specifics of my investigation are in this post:

https://cryptography.dog/blog/what-little-i-know-about-readily-news/

...and I'd appreciate if others could corroborate my findings.

#infosec #fediscrapers #scrapers #LLMs #AI

This dumb password rule is from Williams-Sonoma.

25 maximum characters and disallowing some specials.

https://dumbpasswordrules.com/sites/williams-sonoma/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Your terminal text editor of choice?

Vote below and follow us for more!👍

#linux #linuxmint #fedora #debian #fedora43 #ubuntu #opensource #webdev #privacy #security #infosec #linuxgaming #bazzite #coding #vim #dev #nano #askfedi #kde #kernels #kernel #foss

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@rl_dane

There are many IoT devices with similar limitations.
You can literally only put alpha numeric characters excluding any symbols or signs, which are in the ASCII table

They also love playing with unencrypted 2G SMS transmissions

#InfoSec #passwords #ASCII #IoT

This dumb password rule is from Interactive Brokers.

Usual dumb password restrictions, but this one has incredibly dumb **username**
restrictions too:

**Username:**
- **Length of 8 or 9 letters and numbers**
- **Contain at least 3 letters and 3 numbers**
- Begin with a letter
- Lower case only, no spaces, no special characters

**Password:**
- Can...

https://dumbpasswordrules.com/sites/interactive-brokers/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@mathewi 4/
I’m going to delay elaborating my other concerns about the maturity of #SelfDriving #autonomous vehicles. For now, please consider the following:

1. #AI in general, self-driving cars in particular, are not people. These technology systems do not have our human-lived experiences, they do not think like us, even if you believe that thinking is computational. With a few exceptions, such systems have no common sense ability to reason about the world. They don’t understand human behavior the way we do.

2. They will not make the same mistakes that humans make while driving. That is not only a requirement, it follows from 1. Instead, they will make their own mistakes. We are already seeing plenty of these. Sure, engineers will grind out most of these, but not all.

3. The first two points mean that the behavior of self-driving cars will be difficult to predict in all but the most common vanilla driving situations. People complain about how rigid the current vehicles are at following the law. What? Now you want them to break the law when it is expedient?

4. There are a near infinite number of “edge cases” and those are when safe driving is the most difficult — exactly when we want self-driving vehicles to excel. There are too many to test. The complexity of the real-world, specifically edge cases, cannot be simulated in a laboratory. A decade or more experience on the road is required.

5. Cars are increasingly connected and computerized, and that makes them a new #security threat. Any modern car today can be hacked and remotely controlled. AI systems add multiple new attack vectors. Yes, companies are working on security, but so are the bad guys. #Infosec people will tell you their world is hand-to-hand combat. The more such cars are on the road, the greater the opportunity and attraction for mischief (or worse).

The big question is when will we, as a society, feel safe and convinced by the benefits of self-driving cars? That question is a trap, because most people don’t know the details. It is already happening.

Speaking as an expert and a grandfather, I will not be putting my grandchildren in the back seat of a self-driving car any time soon.

Ok current thinking for certs:

* Create root cert, keep key offline
* Create intermediate via cert-manager
* Configure step-ca to use that intermediate
* Also create a cert-manager issurer that uses that intermediate

In-cluster certs can be easily provisioned and a trust-manager deployment can distribute the root CA cert as needed. Out of cluster clients can use the step-ca ACME endpoints, and maybe eventually ssh endpoints.

I'm not sure if the helm chart really plans for this so I might need to drop out of helm or really use the extra volumes option heavily.

If I decide to go with vault later I can simply* re-do this using vault as a root CA, and maybe drop step-ca and change some ACME endpoints. #Homelab #SelfHosted #Infosec #Kubernetes

This dumb password rule is from UL Standards.

- Passwords must be between 8 and 12 characters
- Passwords cannot contain any blank spaces
- Passwords must contain at least one number, one uppercase letter, and one lowercase letter.
- Password Reset will randomly fail for no reason.

https://dumbpasswordrules.com/sites/ul-standards/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from LCL.

You have to enter your 6-digit password using this Frenchy keypad.

https://dumbpasswordrules.com/sites/lcl/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

We have reached the "ok fine maybe I should setup an internal CA" stage of the Homelab rebuild

Maybe Vault?
#Homelab #Infosec

This dumb password rule is from Polytechnique Montreal.

Passwords must have a minimum length of 8 characters

Passwords must have a maximum length of 30 characters

Passwords must contain a minimum of 2 digits

Passwords must contain a minimum of 2 letters

Password must be different than the last one used

Passwords may contain these special characte...

https://dumbpasswordrules.com/sites/polytechnique-montreal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dnevnik.ru.

Silently (sic!) trim password to 30 symbols.

That causes the stupid case when you could successfully registrate an account with password length of 52 and can't login with the password.

https://dumbpasswordrules.com/sites/dnevnik-ru/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Ouch! Badass vuln in Cloudflare's gokey: https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm

TLDR: A malicious entity could have recovered all passwords, generated from a particular seed, having only the seed file in possession without the knowledge of the seed master password

Update if you're using this! #appsec #infosec

So close on getting the unified Crowdsec working

I just need to figure out why the central parser isn't acting on ssh logs, but I think I figured out some of the syntax that I need to do that, then I need to make the remote units listen to the central lapi server (local API) and it should be good!
#Homelab #Infosec

This dumb password rule is from NetBank (Commonwealth Bank of Australia).

When resetting your NetBank password, the website only informs you that you can create an alphanumeric password, despite the fact that you can use special characters.
And also, it's password strength calculation is shit.
An 155 bits of entropy password is "weak."
Additionally, passwords are case-...

https://dumbpasswordrules.com/sites/netbank-commonwealth-bank-of-australia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Ohh I like this... Aikdo has presented a more detailed analysis of the early steps for the Shai Hulud 2.0 worm.

Attempting to map what steps the original threat actor took to gain a foothold. Useful stuff IMHO

https://www.aikido.dev/blog/shai-hulud-2-0-unknown-wonderer-supply-chain-attack

#Infosec #Cybersecurity #ThreatIntel

Life hack: it's really easy to avoid getting phished by e-mails pretending to be coming from GitHub if you don't use GitHub!

#ProTip #LifeHack #InfoSec #Developers

This dumb password rule is from ING Romania's Internet Banking Portal.

No more, no less than 5 digits. This is the password you use to log in and to confirm
online transactions. They used to have "normal" passwords and they forced everybody to
change to the 5 digits versions. They said they've made it "so it's easier for you" and it's
OK, because everybody has 2FA.

https://dumbpasswordrules.com/sites/ing-romanias-internet-banking-portal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Gigabyte RMA system.

Your password must contain:
Between 8-12 characters
An upper case letter (A, B, C, etc.)
a lower case letter (a, b, c, etc.)
A number (1, 2, 3, etc.)
A symbol (-, ~, !, #, $, %, &, (, ), +, =, .)

https://dumbpasswordrules.com/sites/gigabyte-rma-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Mes Services Étudiant.

At least 6 characters, one uppercase letter, one lowercase letter, one digit
and one "special character".

These do not count as "special characters": `` + - = | @ " ' # ( ) [ ] { } < > / \ ` ;``.

https://dumbpasswordrules.com/sites/mes-services-etudiant/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ING Romania's Internet Banking Portal.

No more, no less than 5 digits. This is the password you use to log in and to confirm
online transactions. They used to have "normal" passwords and they forced everybody to
change to the 5 digits versions. They said they've made it "so it's easier for you" and it's
OK, because everybody has 2FA.

https://dumbpasswordrules.com/sites/ing-romanias-internet-banking-portal/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Premera Blue Cross.

Password must contain 8-30 characters, including one letter and one number.
"Special characters allowed" seems to mean a very small handful of choices you can only find through trial and error `-_'.@`

https://dumbpasswordrules.com/sites/premera-blue-cross/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from USAA Bank.

Password cannot be longer than 12 characters but they don't tell you that until after you try a new password. To make up for this fact they've added dubious additional security features on top of this weak foundation.

https://dumbpasswordrules.com/sites/usaa-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Saturn.

Passwords need to be between 8 and 15 characters.

https://dumbpasswordrules.com/sites/saturn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Interactive Brokers.

Usual dumb password restrictions, but this one has incredibly dumb **username**
restrictions too:

**Username:**
- **Length of 8 or 9 letters and numbers**
- **Contain at least 3 letters and 3 numbers**
- Begin with a letter
- Lower case only, no spaces, no special characters

**Password:**
- Can...

https://dumbpasswordrules.com/sites/interactive-brokers/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Testprep Training.

The max password size is 20 characters

https://dumbpasswordrules.com/sites/testprep-training/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from FACE IT Ltd. (Faceit).

Your password must be 6 - 20 characters. No special characters or numbers required.

https://dumbpasswordrules.com/sites/face-it-ltd-faceit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules