trying a new thing, have 3D printed a QR code and put it on the front porch
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl brilliant test. Can't wait to see more results.
-
@SecureOwl Now try some blind XSS payloads...
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
I am so curious to know the results of this, @SecureOwl. What a great injection vector!
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl genius! replicating this ASAP…
-
@catsalad @AlesandroOrtiz @SecureOwl This is giving very "Cracking the Lens" vibes https://www.youtube.com/watch?v=zP4b3pw94s0
-
@SecureOwl you could have a lot of fun with this
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
-
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
@sarae @SecureOwl a YouTube link to a rickroll?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl Excellent.
The blood-stained door mat is also a nice touch.
🤌 -
@sarae @SecureOwl a YouTube link to a rickroll?
@douglasvb @SecureOwl I'm thinking something more, uh, outgoing
like, what would really mess with image processing?
-
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
@sarae @douglasvb @SecureOwl I think I saw a reference to someone making things that look "pixelated" when viewed from above on satellite imaging, which could be kind of funny on a normal home and not say a military base...
-
@douglasvb @SecureOwl I'm thinking something more, uh, outgoing
like, what would really mess with image processing?
@sarae @SecureOwl you could do an SQL injection attack.
Maybe little Bobby Drop Tables lives at your house
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl Why would you expect the AI to be able to follow links from a QR code encountered during training?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
pulls up a chair
-
@douglasvb @SecureOwl yeah now I kind of want to figure out a way to put prompt injection on my roof
I've got dark shingles so anything I do in white paint should show up real well
what would really mess with aerial imaging software?
-
@SecureOwl Why would you expect the AI to be able to follow links from a QR code encountered during training?
@geofurb @SecureOwl probably because a qr code isn't something he just invented?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl hey so what's a canary token. I'm not smart enough to know what that is.
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl oh I see that's clever.
-
@SecureOwl hey so what's a canary token. I'm not smart enough to know what that is.
@Axolotl1 @SecureOwl the QR code links to a URL that has never been seen before, but the owner can see when it’s loaded from the server logs. There’s no good reason for a picture of a QR code to ever be loaded this way, and yet…
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl Bloody brilliant.
Looking forward to a near future where randomly placed QR codes are the techno social equivalent of a “don’t photograph me motherfucker” badge.
-
J jwcph@helvede.net shared this topic
