Login

Recent searches

No recent searches

Search options

Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.

Administered by:

Server stats:

482
active users

social.coop: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#passwords

20 posts13 participants2 posts today
Public
Dumb Password Rules

This dumb password rule is from CENLAR.

Your password can meet all the requirements in the list and still be invalid due to
an unspecified rule: any "special characters" that are not listed in the help text
are not allowed. Worse, it provides no useful feedback other than the "New Password"
field is red.

dumbpasswordrules.com/sites/ce

dumbpasswordrules.comCENLAR - Dumb Password RulesYour password can meet all the requirements in the list and still be invalid due to an unspecified rule: any "special characters" that are not listed in the help text are not allowed. Worse, it provides no useful feedback other than the "New Password" field is red.
#password#passwords#infosec
Public
Dumb Password Rules

This dumb password rule is from CENLAR.

Your password can meet all the requirements in the list and still be invalid due to
an unspecified rule: any "special characters" that are not listed in the help text
are not allowed. Worse, it provides no useful feedback other than the "New Password"
field is red.

dumbpasswordrules.com/sites/ce

dumbpasswordrules.comCENLAR - Dumb Password RulesYour password can meet all the requirements in the list and still be invalid due to an unspecified rule: any "special characters" that are not listed in the help text are not allowed. Worse, it provides no useful feedback other than the "New Password" field is red.
#password#passwords#infosec
Public
Dumb Password Rules

This dumb password rule is from Banque de Tahiti.

You have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e.g. `µ`).

No accessible version available.

dumbpasswordrules.com/sites/ba

dumbpasswordrules.comBanque de Tahiti - Dumb Password RulesYou have to enter your password using this *very* Frenchy keypad. You don't have lowercase letters, the blanks are not spaces but just non-clickable gaps, but as a compensation you have some weird symbols that your keyboard does not have a key for (e.g. `µ`). No accessible version available.
#password#passwords#infosec
Public *
Matthew Brown

I made little animated badges for Password Game and Pasword Game 2 (both games by me)

The banners are for my Pixel Wall project.

Password Game is the original (web-only) evil password validator game. More polished versions came later, but this is the OG original sin against security.

The scoring system works with cookies. You can disable cookies and still enjoy the games, but you don’t get a score. Nothing is saved or recorded.

#evilGame #MattMadeApasswordGameAgesAgo #passwords #webDevelopmentMetaHumour #GameDev #MattSStuff

GIF
GIF
Public
Dumb Password Rules

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

dumbpasswordrules.com/sites/ba

dumbpasswordrules.comBanca Intesa Serbia - Dumb Password RulesOnline banking portal of Banca Intesa Serbia has some password restrictions. This is the translation of the requirements: No special characters, minimum number of characters is 8, maximum number of characters is 22, minimum number of upper case letters is 1, lower case also 1, numeric characters is 2, first character must be a upper or lower case letter and maximum number of character repeats is 2.
#password#passwords#infosec
Replied in thread
Public *
Brad Rubenstein “:verified: 
Mothers maiden name: 5472615884
First car owned: 3656654851
Favorite color: 2580548933

They get generated and stored in the password manager, for each account as needed.

The advantage of ten digit numbers is that they are easy to communicate to a customer service agent over the phone.

IME, no agent has ever batted an eye. It's not even lying. It's just being clear on the purpose.

@marasawr

#Passwords#SecretQuestions#Authentication
Public
Felix Palmen :freebsd: :c64:

Next #swad improvement: Make sure to #wipe #passwords from RAM directly after used. That's more of a #security precaution, because there *should* be no way how an attacker can access a running process' memory, but you never know which bugs surface 🙈.

Unexpectedly, that posed #portability issues. #C11 has #memset_s ... a pretty weird function, but suitable for wiping. It's there on #FreeBSD and on #OpenBSD. Not on #NetBSD though. But NetBSD offers the much saner #C23 function #memset_explicit. Looking at #Linux, there's neither. But there is the (non-standard!) #explicit_bzero 🤯 .. and with glibc, it requires _DEFAULT_SOURCE to be defined as soon as you compile with a C standard version given to the compiler. This function exists on some other systems as well, but there's confusion whether it should be declared in string.h or strings.h. 🤪

Here's the full set of compile-tests I'm now doing, only to find the best way to really erase memory:
github.com/Zirias/swad/blob/ma

And if none of these functions is found, swad uses the "hacky" way that most likely works as well: Access the normal memset function via a volatile pointer.

Public
OTX Bot

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.

Pulse ID: 680034fc84efc0751b3bc07d
Pulse Link: otx.alienvault.com/pulse/68003
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Dropbox#Government
ExploreLive feeds
About