Web Insecurity: Barcodes for breaches

Feb. 7th, 2010 01:19 pm
terriko: (Default)
[personal profile] terriko
This post is so short that I figured I might as well copy the whole thing from Web Insecurity. Sorry about the full duplicate!


Barcodes for breaches



qrcode

Barcode: <script>alert("test")</script>
I'm highly amused by the XSS, SQL Injection and Fuzzing Barcode Cheat Sheet. Who knew security attacks could look almost... pretty? It's just standard XSS and SQL injection test code translated to bar codes, so they could be used as injection vectors. I know I've scanned codes to grab an app I want faster on my phone, and I'm seeing codes popping up in the free daily papers, which I find somewhat interesting given that early attempts to get people to use barcodes have met with commercial failure and ridicule. Oh well, it's all ok now that we have smartphones, right?

Anyhow. This is still an entertaining attack vector. Maybe governments (such as my own!) will ban bar codes as hacking tools next?

Tags:
Threaded | Top-Level Comments Only

Date: February 8th, 2010 01:17 pm (UTC)
ivy: Two strands of ivy against a red wall (Ivy)
From: [personal profile] ivy
That's hilarious! I'm totally going to have to link that; I'm discussing QR barcodes on my post about ShmooCon. Thanks!
Threaded | Top-Level Comments Only

Profile

terriko: (Default)
terriko

March 2026

S M T W T F S
12 34567
891011 121314
151617 18192021
22232425262728
293031    

Links

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 31st, 2026 05:34 pm
Powered by Dreamwidth Studios