I'm a metalhead. Not American counter culture metal. I need quality story telling, melody and harmony, speed, and a strong beat. Bands like Iron Maiden, Helloween, Edguy, Dragonforce, etc.

Tonight, I discovered a completely different genre: hardstyle. I'm hooked.

I should test every non-alphabetic character one-by-one and find out which work, and which don't.

I already know "-" doesn't work, and "!" does. 2 down, 30 to go.

Meh. I've got other things to do.

Just so I'm not missing anything, this is the password requirements that are being communicated.

1. "Special characters" means only "!".
2. Change password error says 20 character max.
3. Requirement say 60 character max.
4. 80 characters works.
5. The CAPTCHA is a lie.

Show thread

Ah, there it is. It appears that the only special character that works, is "!".

$ tr -cd 'a-zA-Z0-9\!' < /dev/urandom | head -c 43; echo

Show thread

Trying this time in a vanilla Microsoft Edge in Windows 10. Let's see if a CAPTCHA exists.

Nope. Further,


Doesn't meet the password requirement policy of:

"password length should be 8-60,at least contain a lower case letters(a-z), and uppercase letters(a-z),numbers(0-9) and special characters."

(Grammar and punctuation errors theirs)

Show thread


Doesn't meet the password policy.

* lowercase
* uppercase
* digits
* special characters

C'mon EC-COUNCIL, get your shit together.

This is all sorts of broken. If I do a 20 character random ASCII base-94 password, it tells me I am not meeting password requirements.

E.G.: :@,/BkE)Z4xKc~_)M@6E

If I do a 60 character random ASCII base-94 password, it tells me I need to complete the non-existing CAPTCHA.

Show thread

When you get the confirmation that you passed your exam from EC-Council, you setup an account at their ASPEN service.

It won't let you paste in a password from your password manager. You either have to type it in manually, or let the browser auto-fill.


Curious if the NSA will ration their water use in Bluffdale, due to our extreme drought.

From 2014:

"Estimates have ballparked the water usage ... around 1.2 to 1.7 million gallons every day..."

If we're grass shaming, we can start here.


"Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings."


started becoming a thing on Twitter, as there were at least 5 other blog posts by different authors in the community that were found to be plagiarized.

So what did EC-Council do? Take down the entire blog of course!

Is it just me, or does that also tell you they're afraid of discovery?

Here's their statement regard the plagiarism. It's as hollow as you would imagine.

Don't get your certs from EC Council.

Not only are they not taken seriously in the security industry (they're garbage), it's clear the organization itself is incapable of following the ethics it teaches.

If you need security certs, get them from SANS.

Show thread

Let's talk about some recent actions EC Council.

They published a sexist survey about women in cybersecurity. They got called out on it, including Alyssa Miller, a cybersecurity expert.


She wrote a blog post in December 2020 about being a BISO.


EC Council plagiarized it in March 2021, with no attribution.


Called out again? Yup.


This org that offers 2 certs with "ethical" in their names.

Show older

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.