Monday, 22 March 2021

A Strange Way To Advertise...

Apart from security, I also dabble in electronic music, and I write a blog on that topic... 

Today, I got an email from a company, asking me if I could 'collaborate' with them by posting something containing a link to an account on a well-known music software company's forum, asking if I was willing to 'work with them' to promote their client, and asking me to make them an 'offer' for this activity. 

So they were asking me to post something like:

"Hey, I know this has nothing to do with electronic music, but this web-site <URL> is wonderful!"

Needless to say, the client is nothing to do with music, and I simply don't do this type of thing, ever. This is SEO/Advertising gone wrong, in my opinion, and I will have nothing whatsoever to do with any company that does this type of promotional activity.

- - - 

Photo by <a href="https://unsplash.com/@jeremystraub?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Jeremy Straub</a> on <a href="/s/photos/launch-button?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>
Photo of a decommissioned nuclear missile launch control panel from Jeremy Straub on Unsplash

It have always been intrigued by one of the common 'security' themes that happens in blockbuster movies all the time - the evil bad-person is trying to destroy the planet, and the 'security' people who work for the bad-person are quite willing to assist in making this happen, often going above and beyond what could reasonably be expected, even though this will kill the bad-person, them, their families, the people they know, and absolutely everyone else. 

I have always wondered what possible reward could be motivating these people. It can't be money, because they will be dead. It can't be fame, because everyone will be dead. It can't be loyalty, because the bad-person is going to die as well. It can't be immortality, because they and everyone else will be dead. It can't be notoriety, because apart from some debris (and everyone being dead), there's no way that any visitor from outside the solar system will have any interest in the remains of a planet. 

When I say 'willing to help' the bad person, this usually involves defending them robustly, with weapons, technology, computers, etc. often this requires dedication, persistence, intelligence, determination, loyalty, and more... And these security people are only rewarded with their own deaths, often by their own hands... 

In some scenarios, the script-writers increase the seriousness by having the bad-person wanting to destroy the whole universe - that's everything! I find it even harder to envisage any possible way to motivate people to help with that. 

I'm obviously not meant to be a security person in a blockbuster movie...

- - - 

If you find my writing helpful, informative or entertaining, then please consider visiting the following links for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):


Synthesizerwriter's Store
 (New 'Modular thinking' designs now available!)

Monday, 15 March 2021

A Circular Reference:

A friend of a friend told me that they know someone who created a QR code that logged into the QR code generator web-site that they had an account on, so they could save time creating the specially formatted QR codes with the corporate logo, that they placed in all the company publicity and marketing material...  

QR Code for this page
QR Code for this page











(QR codes are just URLs. But as a general rule, anything that stores a 'login' (User ID, Password) is not a good idea, and is a Security Risk. If it gets into the wild (and QR codes are easy to send...) then it would become a Security Threat...

And it you ever wondered what happens if you invert the colours on a QR code... 

(Does this tell you something about how the QR code is encoded / decoded?)


A Poor Reference:

'A friend of a friend told me that they know someone...' is an example of an unreliable InterWeb 'reference' that is either intended as obfuscation (as in this case), humour (perhaps in this case), indirection (maybe the source doesn't want to be revealed), or even seriously (seriously?) as a reference. In almost all cases, this type of phrase contains so many levels of indirection that it isn't really a reference at all.  

But not all poor references are as easy to spot as this one. If you see a reference with a URL, do you check the URL? Would you even pause to check the URL itself before clicking on it? Is this a way of getting normally savvy people who never click on links in e-mails to break their own rules? Is indirection or obfuscation a potential problem because the actual link content is hidden. Surely a shortcut just makes things easier...  And of course, QR codes can sometimes be regarded as more than what they appear because they do have a hidden feature - they are innocuous-looking shortcuts that might bypass safeguards... Luckily, they won't ever be used by phishers, friends of phishers, and friends of friends of phishers*. Never. Ever.

In the wild, have you ever noticed how posters with QR codes often have stickers over the QR code - with another QR code on them. Presumably this is to fix an error in the printing, or an update, or can you think of another reason?

* This statement may not be true.

- - - 

If you find my writing helpful, informative or entertaining, then please consider visiting the following links for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):


Synthesizerwriter's Store
 (New 'Modular thinking' designs now available!)

NULLCON 12, Berlin, April 2022

Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).  The NULLCON 2022 b...