Feb. 7th, 2010

terriko: (Default)
This post is so short that I figured I might as well copy the whole thing from Web Insecurity. Sorry about the full duplicate!


Barcodes for breaches



qrcode

Barcode: <script>alert("test")</script>

I'm highly amused by the XSS, SQL Injection and Fuzzing Barcode Cheat Sheet. Who knew security attacks could look almost... pretty? It's just standard XSS and SQL injection test code translated to bar codes, so they could be used as injection vectors. I know I've scanned codes to grab an app I want faster on my phone, and I'm seeing codes popping up in the free daily papers, which I find somewhat interesting given that early attempts to get people to use barcodes have met with commercial failure and ridicule. Oh well, it's all ok now that we have smartphones, right?

Anyhow. This is still an entertaining attack vector. Maybe governments (such as my own!) will ban bar codes as hacking tools next?

Profile

terriko: (Default)
terriko

September 2017

S M T W T F S
     12
3456 78 9
1011 121314 1516
17181920212223
24252627282930

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 23rd, 2017 09:55 pm
Powered by Dreamwidth Studios