#qrcode
Attenzione! #Quishing: rilevata campagna di #Phishing perpetrata tramite #QRcode con finalità di account #hijacking #Telegram
https://www.acn.gov.it/portale/w/quishing-con-finalita-di-account-hijacking
verificare i mittenti delle comunicazioni ricevute
non inserire le proprie credenziali su portali di dubbia legittimità
QR codes should be considered as suspect as many forms of AI, but are societally ubiquitous.
I remember when a QR code for a financial company (maybe crypto?) was shown during a sporting event on TV. Apparently there were a lot of people that whipped out their phones and scanned & navigated to the destination.
These QR codes can hide links to anything without prior review, which goes against cybersecurity best practices of reviewing URLs prior to navigating to them.
And if you use `python3-png` (pypng.readthedocs.io) you're even more in control:
<code>
qr = qrcode.QRCode(image_factory=PyPNGImage)
qr.add_data("Some data")
normal_img = qr.make_image(fill_color="black", back_color="white")
</code>
Now they're only 372 bytes, and you get to see the PNG generation in `/usr/lib/python3/dist-packages/png.py`.
Also why doesn't @signalapp / #Signal just accept a #screenshot of said #QRcode as a means to authenticate?
- Seriously, there's no valid reason they can't do it like #Telegram and just send a message in-app to ask:
"Do you want to add/authenticate [instert device name here] at [IP Address]? Here's a unique pairing code to enshure that's correct!"
Like the #UX is worse than early versions of #OTR on #Pidgin back in those days...
"I built a #QRcode with my bare hands to see how it works" https://youtu.be/w5ebcowAJD8
– about the development and functioning of #QRcodes, but also about the history of #barcodes.
What is quishing?
https://www.cbc.ca/news/canada/qr-code-scams-quishing-1.7587253
- - -
Qu’est-ce l’hameçonnage par code 2D?
// Article en anglais //
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack – Source:hackread.com https://ciso2ciso.com/fake-telegram-apps-spread-via-607-domains-in-new-android-malware-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #ScamsandFraud #Vulnerability #Hackread #Phishing #security #Telegram #android #malware #QRCode #Fraud #Scam
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack https://hackread.com/fake-telegram-apps-domains-android-malware-attack/ #ScamsandFraud #Vulnerability #Security #Phishing #Telegram #Android #Malware #QRCode #Fraud #Scam
Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):
- These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!
Add to that the regression in flexibility:
Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.
- And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.
"[…] [Technologies] must always be evaluated for their ability to oppress. […]
- Dan Olson
And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.
- And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.
Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.
- I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!
And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...
The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.
#DB #DeutscheBahn - "damit es leichter ist" fette Tabelle auf der Rechnung für die #BahnCard - noch nie was von #QRCode für Überweisungen gehört? #fail
Kyiv Broadcasting Напевно їм відмінять імена і прізвища. Нащо вони рабам. Їм більше підходять номери, але #laptyekanda вважає себе сучасною країною, тому замість номерів, кожному з рабів нададуть код. Можливо у вигляді #tattoo або тавра. #qrcode #slave
Interessante Prioritäten. Ein vorrangiges Digitalisierungsziel ist hier anscheinend die "digitale Erfassung der Abfuhr von Mülltonnen". Echt jetzt? Und dafür müssen wir jetzt #RFID-#QRcode-Aufkleber auf die Mülltonnen pappen und die Abfuhrfahrzeuge Lesegeräte mitführen. Welches Problem genau soll damit gelöst werden?
Gibt es eine Müllmafia, bei der als harmlose Anwohner getarnte Verbrecher Tausende von Fake-Mülltonnen aufstellen, damit sie dann von den städtischen Betrieben geleert werden?
Hi @lproven,
nice! I'm using several #CGIs #RFC3875 for personal (scaled to n=1) web applications - be it (ephemeral) #QRCode https://qr.mro.name, #GeoHash https://mro.name/g/u28br conversion, a #nodb guestbook https://codeberg.org/jugendhacktlab.qdrei.info/gaestebuch, a personal #ActivityPub server @aSeppoToTry or the hacky video-office-hours reservation system https://mro.name/sprechstunde. Once there even was a #HaveIBeenPwnd proof of concept https://blog.mro.name/2022/08/pwned-diy.
They're #rootless deployments running on #shared #hosting (except qrcodes and HaveIBeenPwnd).
Weil sich immer wieder Menschen darüber ärgern (zu recht, finde ich), dass #Wero erst bei wenigen Banken verfügbar ist: gestern den Eintritt zum #killesbergturm in #Stuttgart mit meiner #banking App bezahlt. Easy via #qrcode die Überweisungsfelder ausfüllen lassen, Betrag anpassen, fertig. Kein #paypal nötig, keine Gebühren. Einfacher und #Datensparsam|er geht's nicht. Nun werde ich mir also meinen "Bankkontakt" ebenfalls als QRCode vorbereiten für den nächsten #familyandfriends Austausch...
@seindal @sicurezza @devol Sì, è vero che LibreOffice consente di generare QR code senza passare da servizi online, ma va detto che si tratta di uno strumento molto basilare:
non permette l’uso di colori personalizzati (solo bianco e nero) e non offre un’anteprima. Inoltre, non consente di regolare facilmente dimensioni, margini ecc.
Shrink That Link: Craft a Java URL Shortener with Quarkus.
Build a lean, cache-powered service that trims URLs, serves a Qute UI, and spits out QR codes in 10 easy steps.
https://myfear.substack.com/p/java-quarkus-url-shortener-tutorial
#Java #quarkus #qrcode #urlshortener