trying a new thing, have 3D printed a QR code and put it on the front porch
-
@iagox86 @SecureOwl How do QR canaries work? Is it based on the DNS query? The GET when they click the link? Or do the QR scanners try and retrieve something like a preview even without clicking the link?
@cR0w @iagox86 @SecureOwl the birds in the phone are just snitches
-
@cR0w @iagox86 @SecureOwl the birds in the phone are just snitches
@darfplatypus @iagox86 @SecureOwl I fukkin knew it.
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl interesting idea! If I were to guess they probably are using the drop of pics to train AI. Question: how would the QR code canary get triggered during image training? Are you expecting the link in the WR code to be invoked during the training process? Would
Love to learn more. Cheers! -
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl my neighbor's whole doormat is a qr code
yes it's a rickroll obviously
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl I need to try that.
-
@SecureOwl my neighbor's whole doormat is a qr code
yes it's a rickroll obviously
-
@iagox86 @SecureOwl How do QR canaries work? Is it based on the DNS query? The GET when they click the link? Or do the QR scanners try and retrieve something like a preview even without clicking the link?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl I love the question that you’re asking but I really don’t know how this would prove it…
Are AI image scanners known to parse out QR codes?
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
-
@SecureOwl I love the question that you’re asking but I really don’t know how this would prove it…
Are AI image scanners known to parse out QR codes?
@amd thats what i want to find out
i found out that ai text summarizers happily summarize base64, so wanted to try to see if this is similar: https://mike-sheward.medium.com/recruiting-google-geminis-email-summarizer-as-a-phishing-aid-417055295ba7
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl you could have a lot of fun with this
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl Ha! I have a great idea, make a front mat which is all QR code tricks!
-
@SecureOwl Ha! I have a great idea, make a front mat which is all QR code tricks!
@ai6yr do it do it
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl thanks for introducing the concept of Canary tokens to me!
Just saw their website and there doesn't seem to be a Canary Token for SSH. Would love to receive a push update if any of my VPS servers are logged into!
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl Now try some blind XSS payloads...
-
Whelp, sample size of 1 so far, but about 50 minutes after an amazon delivery - where a picture was taken - got a hit on the canary
i just checked the delivery photo and the QR code was visible in it
User agent was not a phone and clearly some sort of crawler
IP address was a CDN
but we are 1/1, lets see how it goes with a few more
(i get a lot of random work deliveries)
@SecureOwl brilliant test. Can't wait to see more results.
-
@SecureOwl Now try some blind XSS payloads...
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
I am so curious to know the results of this, @SecureOwl. What a great injection vector!
-
trying a new thing, have 3D printed a QR code and put it on the front porch
QR code triggers a canary token
want to see if any of the delivery companies are using the drop off proof of delivery pics to train AI
@SecureOwl genius! replicating this ASAP…
-
@catsalad @AlesandroOrtiz @SecureOwl This is giving very "Cracking the Lens" vibes https://www.youtube.com/watch?v=zP4b3pw94s0
