Monday 15 March 2021

A Circular Reference:

A friend of a friend told me that they know someone who created a QR code that logged into the QR code generator web-site that they had an account on, so they could save time creating the specially formatted QR codes with the corporate logo, that they placed in all the company publicity and marketing material...  

QR Code for this page
QR Code for this page











(QR codes are just URLs. But as a general rule, anything that stores a 'login' (User ID, Password) is not a good idea, and is a Security Risk. If it gets into the wild (and QR codes are easy to send...) then it would become a Security Threat...

And it you ever wondered what happens if you invert the colours on a QR code... 

(Does this tell you something about how the QR code is encoded / decoded?)


A Poor Reference:

'A friend of a friend told me that they know someone...' is an example of an unreliable InterWeb 'reference' that is either intended as obfuscation (as in this case), humour (perhaps in this case), indirection (maybe the source doesn't want to be revealed), or even seriously (seriously?) as a reference. In almost all cases, this type of phrase contains so many levels of indirection that it isn't really a reference at all.  

But not all poor references are as easy to spot as this one. If you see a reference with a URL, do you check the URL? Would you even pause to check the URL itself before clicking on it? Is this a way of getting normally savvy people who never click on links in e-mails to break their own rules? Is indirection or obfuscation a potential problem because the actual link content is hidden. Surely a shortcut just makes things easier...  And of course, QR codes can sometimes be regarded as more than what they appear because they do have a hidden feature - they are innocuous-looking shortcuts that might bypass safeguards... Luckily, they won't ever be used by phishers, friends of phishers, and friends of friends of phishers*. Never. Ever.

In the wild, have you ever noticed how posters with QR codes often have stickers over the QR code - with another QR code on them. Presumably this is to fix an error in the printing, or an update, or can you think of another reason?

* This statement may not be true.

- - - 

If you find my writing helpful, informative or entertaining, then please consider visiting the following links for my Synthesizerwriter alias (I write several blogs, but it makes sense to only have one 'Coffee' donation link!):


Synthesizerwriter's Store
 (New 'Modular thinking' designs now available!)

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

NULLCON 12, Berlin, April 2022

Here's the badge that I designed for the NULLCON 2022 Berlin security conference (and highly recommended training!).  The NULLCON 2022 b...