[Cryptography] distributing fingerprints etc. via QR codes etc.
Judson Lester
nyarly at gmail.com
Sat Sep 13 19:54:31 EDT 2014
On Sat, Sep 13, 2014 at 4:09 PM, Jerry Leichter <leichter at lrw.com> wrote:
> On Sep 13, 2014, at 2:46 PM, Dave Horsfall <dave at horsfall.org> wrote:
> > Should I be worried? And I don't mean by seeing myself in the morning...
> A QR image can contain a URL. Common software scanning such a QR image
> will pass the URL to the default browser, which will typically open it. I
> don't know - never had any reason to experiment - whether non-HTTP URL's
> also get passed to their registered handlers, though I suspect at least
> some QR-reading software will do that.
>
No QR scanner I've ever used, even the most janky overseas mobile app, has
ever automatically opened URLs for me. They always present the URL and
offer to open them - sometimes to my slight dismay, although the "oh right,
not taking me to an unknown website automatically is a *good thing*" gets
me past. :) I agree though, a scanner that opens a helper application
without user input should be considered broken-to-malware.
Judson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140913/ff0ab1d2/attachment.html>
More information about the cryptography
mailing list