trying a new thing, have 3D printed a QR code and put it on the front porch
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl my neighbor's whole doormat is a qr code
yes it's a rickroll obviously
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl I need to try that.
-
@SecureOwl my neighbor's whole doormat is a qr code
yes it's a rickroll obviously
-
@iagox86 @SecureOwl How do QR canaries work? Is it based on the DNS query? The GET when they click the link? Or do the QR scanners try and retrieve something like a preview even without clicking the link?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl I love the question that you’re asking but I really don’t know how this would prove it…
Are AI image scanners known to parse out QR codes?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
-
@SecureOwl I love the question that you’re asking but I really don’t know how this would prove it…
Are AI image scanners known to parse out QR codes?
@amd thats what i want to find out
i found out that ai text summarizers happily summarize base64, so wanted to try to see if this is similar: https://mike-sheward.medium.com/recruiting-google-geminis-email-summarizer-as-a-phishing-aid-417055295ba7
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl you could have a lot of fun with this
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl Ha! I have a great idea, make a front mat which is all QR code tricks!
-
@SecureOwl Ha! I have a great idea, make a front mat which is all QR code tricks!
@ai6yr do it do it
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl thanks for introducing the concept of Canary tokens to me!
Just saw their website and there doesn't seem to be a Canary Token for SSH. Would love to receive a push update if any of my VPS servers are logged into!
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl Now try some blind XSS payloads...
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl brilliant test. Can't wait to see more results.
-
@SecureOwl Now try some blind XSS payloads...
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
I am so curious to know the results of this, @SecureOwl. What a great injection vector!
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl genius! replicating this ASAP…
-
@catsalad @AlesandroOrtiz @SecureOwl This is giving very "Cracking the Lens" vibes https://www.youtube.com/watch?v=zP4b3pw94s0
-
@SecureOwl you could have a lot of fun with this
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
-
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
@sarae @SecureOwl a YouTube link to a rickroll?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl Excellent.
The blood-stained door mat is also a nice touch.
🤌
