'123456' password exposed McDonald's AI chatbot data, giving hackers full access to sensitive information. #McDonalds #AIChatbot #DataBreach #CyberSecurity #HackingNews #TechAlert #123456 #DataLeak #PasswordFail #CyberAttack
https://meyka.com/blog/123456-password-allowed-hackers-full-access-to-mcdonalds-ai-chatbot-data/
Bonus #Joke:
Questionfor: What’s the difference between a good password and a bad joke?
Answer: A good password is hard to crack.
(It's #HootinTootinTuesday again! Post some jokes or funny memes under this hashtag today, and bring lots of smiles to #Mastodon.)
#Humor #Humour #FunnyMeme #Tech #2FA #Password #ITSecurity #PasswordFail #Anniversary #Marriage #MarriedLife
Was kann da schon schiefgehen?
Ach wie schön dass niemand weiß, dass ich Passwörter in meine Passwort.txt schmeiß :thisIsFine: #passwordfail
@hexaheximal 72 is a number I haven't seen... 32, 20, 40, 60, 50 have all been there - with 20 being PayPal, see https://social.tchncs.de/@jesterchen/112712925969922353
I've had a huge collection of these sites at Twitter while I changed my 800+ passwords after LastPass.......
For more password fails search for #passwordfail or have a look at @dumbpasswordrules
#passwordfail at #paypal: 8-20 chars
Another #PasswordFail with some nice layers from Arrow Electronics. Right off the bat, we've got a max password length (boo!) and a "acceptable special characters" list (boo!!!), but the thing that spurred me to actually contact support was that the special character list wasn't taken into account in the individual validation bullets, so my password passed all the "checks" but still "didn't meet the requirements" 🙄
Bonus absurdity: take a close look at that acceptable "special" character list. What the heck is going on there?? We've got:
- 0 and l (that's zero and lower-case L, which are...not special characters??)
- TWO zeroes and TWO periods
- Several spaces (do they count?)
- Absence of the most basic number-key special symbols, including !, &, and ()
But wait! There's more! In testing, it actually accepted a password with ! in it (but not spaces), so I dug in and present you the _actual_ list, which is totally different from the acceptable list:
a = /[~!@#$%^&*()\-_=+[\]{}|;:,.<>\/?]/g.test(this.$password) ? 'valid' : 'invalid'
A small mercy: there are no characters listed that aren't actually accepted.
But please, STOP CREATING ARBITRARY ACCEPTABLE SYMBOL LISTS!! There is zero technical reason for it, you should be hashing your passwords as soon as you get them anyway! Stop it!!! #PasswordFailHallOfFame
Why, #Sophos, just why?
(Again: this is a serious question. Why is the length limited on the upper end?)
(Ok, and why only at 8 chars at the lower end?)
Nein, #Decathlon. Einfach nur nein.
Oder nennt mir einen validen technischen Grund dafuer.
@tinker One of the last major incidents that I worked on happened because, when a user in the org called helpdesk for a password reset, the helpdesk set the password to season+year (Spring2023, Summer2023, etc) and did not tick "User must change password on next logon". The attackers (we attributed it to an Iranian group) were able to get to >100 users who had never changed their password after a reset.
#PasswordFail #IncidentResponse #NationalCyberSecurityAwarenessMonth
Et encore un #PasswordFail
"Vous pouvez choisir le mot de passe qui vous est suggéré ou en saisir un de votre choix. Il doit compter entre 8 et 20 caractères dont au moins une majuscule, une minuscule et un caractère spécial parmi : @ $ € ! * ? _ , . . ; § / - +."
One of my tools just greeted me with:
"Your password has expired or no longer complies with the security policies. Please enter a new password!"
How the **** do they know, my password might no longer comply with security policies? Do they store meta information about my password or - which is even worse - the plaintext password?
Or do you have any other idea, how a test like this might be accomplished?
#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...
In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.
Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.
#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions
!["Alphanumeric characters and the following symbols can be used for your password:
!"(#$%&')=~\`{+*}<>?_-^@[;:],./
Please enter a password within 6 to 32 alphanumeric characters.
You cannot use the following as passwords:
- Any password made up of only letters,only numbers or only symbols.
- The same text as your Square Enix ID.
- The same text as the characters before your e-mail address's @ sign.
- Any text string with the same character repeated 3 times."](https://files.mastodon.social/cache/media_attachments/files/109/682/222/663/379/613/original/14c400b23cc1c3d4.png)
Oh, web.de..... warum nur? Nicht einmal die Zeichensetzung ist korrekt...
#tfw you leave the machine on for so long that you forget part of the disk encryption password
that exponential backoff was starting to look hella scary >___< #passwordfail
