This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

And you Thought your Password Requirements Were Bad...

Apparently everything is bigger in Texas, including ridiculousness of password requirements...

From http://portal.cs.oag.state.tx.us/OAGStaticContent/portal/login/help/ChangePassword.htm

Remember that the new password must fulfill these requirements:
  1. The password must be exactly 8 characters long.
  2. It must contain at least one letter, one number, and one special character.
  3. The only special characters allowed are: @ # $
  4. A special character must not be located in the first or last position.
  5. Two of the same characters sitting next to each other are considered to be a “set.” No “sets” are allowed.
  6. Avoid using names, such as your name, user ID, or the name of your company or employer.
  7. Other words that cannot be used are Texas, child, and the months of the year.
  8. A new password cannot be too similar to the previous password.
    1. Example: previous password - abc#1234, acceptable new password - acb$1243
    2. Characters in the first, second, and third positions cannot be identical. (abc*****)
    3. Characters in the second, third, and fourth positions cannot be identical. (*bc#****)
    4. Characters in the sixth, seventh, and eighth positions cannot be identical. (*****234)
  9. A password can be changed voluntarily (no Help Desk assistance needed) once in a 15-day period. If needed, the Help Desk can reset the password at any time.
  10. The previous 8 passwords cannot be reused.

Stuxnet not the first Nation-Sponsored Cyber Attack

Very recently it was revealed that the famous malware Stuxnet was created as a joint operation by the U.S. and Israel.  It's important to point out that this isn't really new, as nations have been waging so-called "cyber warfare" for years now.

Make no mistake, there are plenty of other pieces of malware in existence which have been designed for espionage or sabotage.  One such piece of malware may be the Hutizu malware, which was found on the Caffeine Security honeypot earlier this year.  And this definitely isn't the first time a nation has attacked another through "cyber warfare"...just ask the country Georgia.

While many will condemn "cyber warfare" actions, I personally applaud them.  After all, if a "cyber weapon" such as Stuxnet can be used instead of real weapons, resulting in no loss of human life, then isn't that better than sending in planes and tanks?

What will be interesting is, now that the U.S. and Israel have openly entered the "cyber warfare" arena, how many nations will begin open cyber warfare against them?

There is a Chinese curse "May you live in interesting times."  For those of us in the cyber security field, I have a feeling that curse is now upon us.