In our ongoing effort to secure the privacy of your personal information, Pearson VUE now requires all users to supply a strong password. Choose your new password carefully to make it hard for anyone to guess. Strong passwords must adhere to the following rules:
It must be a minimum of 7 characters and contain 3 out of the 4 following attributes:
Uppercase Latin letters (A, B, C, … Z)
Lowercase Latin letters (a, b, c, … z)
Westernized Arabic numerals (0, 1, 2, … 9)
Special characters (&, *, %, etc.)
Passwords cannot contain your username
These are policies good to have but there’s too much words to go through to understand the policy.
But wait, there’s more:
This is a huge challenge for the ever-changing self. I don’t remember much of my childhood and now the form is making me sad.
Out of all the questions I can only answer the first company I worked for. This is too hard!
First it tells me I need at least one uppercase, then this:
There really shouldn’t be restrictions on special characters or even spacings if that is what the customer thinks is a better password. It just doesn’t compromise on security. I hope Citibank realizes this.
Phil: Your password is baloney1?
Chow: Well used to be just baloney, but now they make you add number.
Forcing alphabets and numbers into password is just annoying for me. I have a, what I will deem to be, a sufficiently secure password and I had to uglify it with a number. The number actually makes my password harder to remember. Will my passwords be just random hashes one day?
And you think the computer guys know better what a good password would be. Apparently not, as the hacker of Twitter reveals:
Weak Password Brings ‘Happiness’ to Twitter Hacker
An 18-year-old hacker with a history of celebrity pranks has admitted to Monday’s hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama’s, and the official feed for Fox News.
The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at a popular user’s account. The user turned out to be a member of Twitter’s support staff, who’d chosen the weak password “happiness.”
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
“I feel it’s another case of administrators not putting forth effort toward one of the most obvious and overused security flaws,” he wrote in an IM interview. “I’m sure they find it difficult to admit it.” (Source: Wired)
It’s fun while it lasts. Here’s a video to prove he has the admin account:
Critical Internet Explorer vulnerability found, browser switch is recommended.
Serious security flaw found in IE
The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world’s computer users.
Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”
But Microsoft counselled against taking such action.
“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.
He added: “We’re trying to get this resolved as soon as possible.
“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. (Source: BBC)
Browsing vigilantly is not something a normal user can do unless only use your web mail. The internet is filled with links all around. Even once in a while I ended up on phishing sites I try hard to avoid. It could be just an innocent advertisement.
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.
Successful exploitation allows execution of arbitrary code.
NOTE: Reportedly, the vulnerability is currently being actively exploited.
The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected. (Source: Secunia)
I do not really know what’s going on much. Something bad happened. Anyway, I was more curious on how, a WordPress password protected post, get indexed by Google.
And so she spoke:
1. apologies to all the folks who requested for the password for my password protected posts today.. i’m afraid i had to remove them because there is an error with my wordpress theme that only allows the password to be used once. strange thing, that is. oh well. i guess i’m just not meant to rant under cover : (Source: Quaintly)
Seems like WordPress password protection can be foiled by a lousy theme.
Nothing wrong with WordPress itself I guess. On a side note regarding password protected posts, no one should ever trust a piece of software too much. Security flaws get reported now and then and software is something that has the right to be released with flaws. Software is a faith-based product, consumers use software knowing that there are bugs and have faith that the developers would fix it as quick as they can.