digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Server stats:

814
active users

#password

12 posts10 participants3 posts today
Joachim 🍀<p>Das ist immer so eine Zitterparty mit Bitwarden und Vaultwarden Updates. <br>Diesmal gab es Probleme beim Update. <br>Habs wieder zum Laufen bekommen. Nur wenn Passwort Manager nicht mehr läuft, ist das Chaos pur. </p><p><a href="https://muenchen.social/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://muenchen.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://muenchen.social/tags/bitwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitwarden</span></a> <a href="https://muenchen.social/tags/vaultWarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vaultWarden</span></a> <a href="https://muenchen.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> <a href="https://muenchen.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://muenchen.social/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a></p>
Johnny Than<p>Ich glaube, viele Menschen mit Passwort-Managern haben eine Passwort-Länge von 42 Zeichen eingestellt.</p><p><a href="https://tuebingen.network/tags/adams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>adams</span></a> <a href="https://tuebingen.network/tags/douglas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>douglas</span></a> <a href="https://tuebingen.network/tags/paddg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>paddg</span></a> <a href="https://tuebingen.network/tags/theAnswer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>theAnswer</span></a> <a href="https://tuebingen.network/tags/theQuestion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>theQuestion</span></a> <a href="https://tuebingen.network/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://tuebingen.network/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://tuebingen.network/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSicherheit</span></a> <a href="https://tuebingen.network/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://tuebingen.network/tags/passwort" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwort</span></a></p><p><a href="https://tuebingen.network/tags/erwischt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>erwischt</span></a> ?</p>
Dumb Password Rules<p>This dumb password rule is from CAF (French Family Allowance Fund).</p><p>You have to enter your 8-digit password using this Frenchy keypad.</p><p><a href="https://dumbpasswordrules.com/sites/caf-french-family-allowance-fund/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ca</span><span class="invisible">f-french-family-allowance-fund/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from ING a dutch bank in almost 50 countries.</p><p>Max 20 characters, must have one number, one upper case character and one lower case character.<br>You can only use certain special characters.<br>When i asked about it they answer that it's really hard to change it.<br>When i asked if the password is saved as a hash or just plain they send the answer to ...</p><p><a href="https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/in</span><span class="invisible">g-a-dutch-bank-in-almost-50-countries/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>

В ИИ-боте Olivia от Mcdonald's обнаружили уязвимость, позволяющую получить доступ к 64 млн записей чата через админку с паролем «123456»

#red_team #password #API #mcdonalds

Olivia — это бот, который используется McDonald’s для найма сотрудников. Исследователи вошли в учётку одного из АДМИНИСТРАТОРОВ сервиса, используя пароль «123456». Далее ребята обратили внимание на эндпоинт API PUT /api/lead/cem-xhr, используемый для получения информации о кандидатах. Основным параметром запроса был lead_id — идентификатор заявки. При последовательном переборе значений lead_id получилось массово скачать 64 млн записей диалогов бота с кандидатами и личные данные (имена, email, телефоны) соискателей + токены аутентификации для доступа в пользовательский интерфейс.

»Weak password allowed hackers to sink a 158-year-old company:
One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.«

When do superiors in companies take care of implementing IT safely in real terms? This seems to be too expensive. Structured password managers are a hassle but worth it.

🔓 bbc.co.uk/news/articles/cx2gx2

A person wearing a hooded jacket and gloves is sitting at a laptop, typing. The screen of the laptop displays a password field filled with red asterisks. The background shows a digital map of Europe and various lines of code, suggesting themes of hacking or cybersecurity.
BBC NewsWeak password allowed hackers to sink a 158-year-old companyTransport company KNP forced to shut down after international hacker gangs target thousands of UK businesses.
Replied in thread

@fifonetworks And also, this sounds like one of those times when it is *not* prudent to wait for the 90 days forced password policy change.

Even NIST has rescinded that advice years ago; it's now: don't have arbitrary forced password changes, but *do* force password changes if you have indications of a compromise.

Such a warning sure as hell sounds like an indication of a compromise. So yes, Rotate All The Secrets!

If doing so is inconvenient, then Figure It Out.

Replied in thread

@blindcoder@toot.berlin

site:
title: Daheim # display name for UI
meters:
grid: Goodwe_GW10K-ET_Wechselrichter_Netz
pv:
- Tasmota_bitShake_Smartreader_Air_PV_alt
- Goodwe_GW10K-ET_Wechselrichter_PV_neu
battery: Pylontech_Force-H3

# define your loadpoints according your needs
# see
https://docs.evcc.io/en/docs/reference/configuration/loadpoints
loadpoints:
- title: Wallbox Warp3 (Garage) # display name for UI
charger: Tinkerforge_Warp3 # charger
vehicle: Cupra_Born # default vehicle
mode: "pv" # default charge mode to apply when vehicle is disconnected; use "off" to disable by default if charger is publicly available
priority: 0 # relative priority for concurrent charging in PV mode with multiple loadpoints (higher values have higher priority)

meters:
- name: Goodwe_GW10K-ET_Wechselrichter_Netz
type: template
template: goodwe-hybrid
usage: grid
modbus: tcpip
id: 247
host: 192.168.178.xx
port: 502
battery: 1 # [1, 2] (optional)
- name: Goodwe_GW10K-ET_Wechselrichter_PV_neu
type: template
template: goodwe-hybrid
usage: pv
modbus: tcpip
id: 247
host: 192.168.178.xx
port: 502
battery: 1 # Batteriespeichernummer, [1, 2] (optional)
- name: Tasmota_bitShake_Smartreader_Air_PV_alt
type: custom
power:
source: mqtt
topic: tele/tasmota_33281C/SENSOR
jq: .M60.Power # bei Übertragung von mehreren Werten
scale: -1 # da bei Einspeisung die Leistung negativ ist
timeout: 60s
energy:
source: mqtt
topic: tele/tasmota_33281C/SENSOR
jq: .M60.E_Out
#bei Übertragung von mehreren Werten
timeout: 60s
- name: Pylontech_Force-H3
type: template
template: goodwe-hybrid
usage: battery
modbus: tcpip
id: 247
host: 192.168.178.xx
port: 502
battery: 1 # Batteriespeichernummer, [1, 2] (optional)

# replace with your real charger
# see
https://docs.evcc.io/docs/devices/chargers
chargers:
- name: Tinkerforge_Warp3
type: template
template: tinkerforge-warp3
host: 192.168.178.xx # IP-Adresse oder Hostname, IP Adresse oder der Hostname des MQTT Brokers
port: 1883 # MQTT Broker Port
topic: warp3/2bej # Topic (ohne / am Anfang)
timeout: 60s # Zeitüberschreitung, Akzeptiere keine Daten die älter sind als dieser Wert (optional)
user: mosquitto
password: <password>

mqtt:
broker: 192.168.178.xx:1883
topic: evcc # root topic for publishing, set empty to disable
user: mosquitto
password: <passsword>

# replace with your real vehicle (optional)
# see
https://docs.evcc.io/docs/devices/vehicles
vehicles:
- name: Cupra_Born
type: template
template: cupra
#user: # Benutzerkonto, bspw. E-Mail Adresse, User Id, etc.
#password: # Passwort, Bei führenden Nullen bitte in einfache Hochkommata setzen
# vin: W... # Fahrzeugidentifikationsnummer, Wenn mehrere Fahrzeuge eines Herstellers vorhanden sind (optional)
title: Cupra Born # Titel, Wird in der Benutzeroberfläche angezeigt (optional)
capacity: 58

docs.evcc.ioloadpoints | evcc - Sonne tanken ☀️🚘loadpoints (charging points) is a list of charging points that combines a charger, vehicles, and, if necessary, a meter with additional optional parameters for each charging point. A minimal configuration requires a charger.

'123456' password exposed chats for 64 million McDonald’s job chatbot applications

a vulnerability in McHire, McDonald's chatbot job application platform, that exposed the chats of more than 64 million job applications

ChatBot's admin panel was protected by weak credentials of a login name "123456" and a password of "123456".

#ParadoxAI #McHire #McDonalds #job #work #artificialintelligence #AI #password #passwords #security #cybersecurity #hackers #hacking

bleepingcomputer.com/news/secu