Andrew 🌻 Brandt 🐇Sep 11, 2025

1) Ban smartphones in schools, preventing the use of convenient MFA TOTP apps
2) attackers phish schoolkids' accounts
3) attackers set up MFA on the stolen accounts to make it harder for admins to recover
4) admins disable the ability to set up MFA on all accounts to prevent attackers from doing it first
5) ...
6) Profit?

Original source post: https://bsky.app/profile/did:plc:bya76aoajvy6ihmaviywjcil/post/3lyiunxfesc2c

#EdTech #EdPolicy #TechPolicy #InfosecFail

kurtshSep 10, 2025

JFC. The stupid... it burns.
Rly Portland School district?

#infosecfail #portland
From: @null
https://puddle.town/@null/115171765470756871

i am root (@[email protected])

Portland Public School district’s response to an increase in hacked student Google accounts is to force-disable MFA, with the provided rationale being that MFA is making it harder to recover accounts. WTF. You’re doing it very wrong. Now I gotta email the district… again. #pps #infosec #fail

puddle.town
Charlie McHenryAug 2, 2025
Oops‼️ Microsoft Used China-Based Engineers to Support Product Recently Hacked by China - And just how did this happen? Cause the whole thing sounds counterintuitive; or, I suppose, utterly incompetent. #Microsoft #hacking #hacked #infosec #InfosecFail #fail https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity
Microsoft Used China-Based Engineers to Support Product Recently Hacked by China

Microsoft announced that Chinese state-sponsored hackers had exploited vulnerabilities in its popular SharePoint software but didn’t mention that it has long used China-based engineers to maintain the product.

ProPublica
mytwobits01Jul 18, 2025

They changed their password requirements. So the password that I had *already set up* and *used* was no longer valid. I had to reset it.
😠

#infosec #InfosecFail #PasswordFail

Marko JahnkeDec 9, 2024

Der vermehrte Einsatz von #Passwort-Tresor-Anwendungen ist eine gute Sache, weil man damit
a) ausreichend lange und nicht vorhersagbare sowie
b) separate Passwörter für jeden Login
erzeugen und ablegen kann.

Aber wenn man nur ein schwaches Master-Passwort (oder sogar nur eine PIN) verwendet, serviert man alle seine Daten Angreifern frei Haus.

Also:
- starkes Master-Passwort (oder #2FA),
- nur die PW zugreifbar, die man wirklich braucht,
- am besten keine Online-Tresore.

#InfoSecFail

BibbleCoOct 12, 2023

File under "least smallest surprises of the year"

"US State Dept has no idea if its IT security actually works, say auditors
End-of-life systems still in use, poor inventory control, and China's hunting"
https://www.theregister.com/AMP/2023/10/02/us_state_security_gao

#infosec #infosecfail #enterpriseSecurity #milspec #NAO

US State Dept has no idea if its IT security actually works, say auditors

End-of-life systems still in use, poor inventory control, and China's hunting

The Register
grob (teeth era) 🇺🇦🏳️‍🌈🏳️‍⚧️Aug 8, 2023
I spent my day sending extremely sensitive information unencrypted via email. Because people whose job it is to receive this kind of information have absolutely no clue what they are doing. #infosecFail
LilMikeSFFeb 25, 2023
As of Feb 24th City of #Oakland #Cyber #InfoSecFail
#Ransomware attack persists weeks later, and continues to cripple citizen communications with city and between departments during cold spell. New Mayor Sheng Thao has issued no updates on restoration of services or city's 311 hotline as storm looms.
https://www.sfchronicle.com/eastbay/article/ransomware-cripples-oakland-s-311-system-winter-17803917.php
Ransomware cripples Oakland’s 311 system just as winter storm hits

Oakland’s main reporting system for downed trees, street signal outages and flooding is down due to ongoing effects from a ransomware attack.

San Francisco Chronicle
DougOfBorgJan 7, 2023
O.M.G (the men’s room of the restaurant we were at) #InfosecFail
/usr/sbin/deezyJan 6, 2023
ok... what numpty designed a system that requires a one time password sent to an email account, before you can log into said email account?
#InfosecFail #OTP #ITFail