cross-posted from: https://lemmy.world/post/44422759
You must log in or register to comment.
- 3 months
Cybersecurity experts can block malware, what you need is a picture of a goat’s butthole or something technical like that.
3 monthsI remember when aimbots in Counter-Strike worked by searching for a specific color pattern that it would lock onto, so it became somewhat common to put those colors at the center of an image to use as a spray and force any cheaters to stare at a wall. Goatse was a common image used for this.
Glad to see old tricks get new purpose.
I use to work at some major tech companies. Was let go for working with pro Palestine movements within the company that wanted to divest. Anyway, that’s the context of who I am to the below point.
Corporate code is dog shit. There are massive security holes in every piece of software. However, most of its security is maintained by “security through obscurity”. It’s just not viable to brute force these vulnerabilities.
Which is why you constantly get “security updates” to patch in a fix that was found by either (1) someone at the company (2) a white hat hacker that finds the issue and reports it for a fee (3) and actual black hat attack that attempts to exploit the vulnerability for profit of political activism.
Why am I talking about this? Well, when their is working class solidarity, when the people working for the company or outside of that company realize that their interest are NOT in a wage or a bounty. But when their interest are aligned with defeating an exploitative system, that works for the benefits of capital owning billionaires, (1) and (2) will disappear. And (1) becomes a very important point of activism essentially turning into (3). The entire technology sectors security is built on the idea that individual workers will protect the security of the software systems that exploit and invade our privacy. That their wage is more valuable to them than the decline in society they experience.
And the ruling class are not at all concerned or even aware of this massive vulnerability to their entire software and hardware infrastructure.
I’m not saying some revolution will happen this way. Or that the QR code part of the meme is viable. I just know that the systems of surveillance that the state is relying on for control. The “AI” systems they think are the future. They are the hubris that will be a part of their fall. They have no fucking idea how they operate but are placing every bet on them to control an angry working class movement that hasn’t even begun to fight back.
TLDR: Radicalize the Linux nerds
Edit: Wrote this not realizing the sub. Would have wrote it with a more tech focused audience in mind if I had. So, forgive the simplifications.
- Tyrq@lemmy.dbzer0.comEnglish3 months
Yeah I’m starting to see the cracks, and the lack of will or people to fix them will cause them to fail in the end. Just a matter of time at this rate unless they all come to their senses about how this ends, even if they get their way, it won’t be for much longer
That sort of exists:
https://en.wikipedia.org/wiki/EICAR_test_file
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*- prettybunnys@piefed.socialEnglish3 months
That’s just a test file tho. Its whole purpose is to prove heuristic based scans work.
It’s not actually a virus.
- 3 months
No it’s not but the whole point of it is that antivirus packages detect it, and they will kill and quarantine the process handling the data. Its purpose is to trigger an antivirus response for testing purposes.
So it can indeed be used as a DoS kinda thing in many cases.
Nice, if android even cares though. Dunno, what’s the state of android AV these days?
And iOS I suppose, the glasses aren’t attached to a laptop most likely. And does the app auto-open QR codes? Enquiring minds want to know, because this is a solid idea if it can be made to work.
- 3 months
There’s some AV packages like Lookout that are pretty common in corporate environments.
And really any big data collection through apps will make itself to servers eventually if course. You don’t need to open a URL for this to trigger, the eicar code being in memory of a process is enough.
Of course you do need to decode the QR. But I’m sure many environments focused on video data collection would device QR codes.
Yeah, turns out a lot of companies don’t really think about security, here’s a DEF CON talk where they find stuff that chokes on it:
- 3 months
Alternatively, send them straight to a site that absolutely gets them put on some watchlist. Not as much instant karma as malware, but situationally more useful in the grand scheme of things. (Some kind of government honeypot perhaps, or just phish n’ dox them.)
- 3 months
I was shopping for glasses late last year and these were frame options on every site I browsed. They’re out there. Whether or not people are buying is another thing.
- 3 months
I’ve seen these in the wild exactly once so far, a tour group was shaming one of its members into taking them off. Warmed my heart
- 3 months
If it wasn’t meta, and they were less obvious, they’d make great ICE watchers.
- 3 months
But it is meta, and the tech requires a corruptible centralization of power like that, so they’re great for ICE watching in the exact opposite of the way you’re hoping for
- 3 months
So as someone who works exactly on this, the best way is still exploiting the user. The “QR code scanned” notification needs to look like something useful or enticing so the download or link is opened. The glasses would never automatically download and even execute a binary without the user.
Easiest is probably some PDF reader exploit. There I can see a path of auto download and auto execute with only minimal user intervention. If the PDF has a good title you’ll take the user approval hurdle easy.
Or payment apps. Some users have payments almost automated. Accidentally confirming a payment popup in the wrong moment seems like a viable exploit.
- 3 months
Those things genuinely creep me out and make me want to start wearing a mask in public again.
- harmbugler@piefed.socialEnglish3 months
I wore a mask to the hardware store today. My kid wore a mask too and I pointed out the sign on the door that notified us that the store uses cameras and facial recognition. We were the only ones and we felt a bit self conscious, but if that’s what we have to do to retain anonymity/privacy then that’s sadly the world we live in now.
- 3 months
It’ll never work. There are more cameras then you realize and more then you can hide from. Even driving down the freeway you can be photographed and identified from your car.
And there are algorithms that can ID individuals from their gait
- harmbugler@piefed.socialEnglish3 months
It’ll sometimes work. We’re just trying to make it harder for them.
- ulterno@programming.devEnglish3 months
It is very possible that all store camera apps get an update from Google/Apple etc that bricks the phone or temporarily suspends functionality (also preventing phone locking) on glancing a specific QR code that will be given to all ICE operatives to wear somewhere on their uniform.
- 3 months
Hidden? Oh really? The circles where the temples are attached to the frame of the glasses don’t look like ordinary metal fittings… i see this shit pointed at me – i carefully remove them off owner’s face and… politely explain why i did it? Nevermind
- 3 months
I get the sentiment, but please don’t. You’re just going to get yourself an assault charge, and the wearer will only be more emboldened.
