For those still wondering about why they were "not...

Codeberg.org's posts Post Back to profile

For those still wondering about why they were "not allowed" to scan the other QR code: I suspect this is related to potential abuse vectors via QR codes (yes, we know, requiring the hacker to spoof it via a fake app instead of an ebook is not the answer).

Watch https://www.youtube.com/watch?v=cIcbAMO6sxo or read https://www.revk.uk/2020/01/eicar-test-qr.html for some background.

Like 16 October at 19:44 | Open on social.anoxinon.de

2 comments

Mizah

@Codeberg Kinda odd that the QR-code doesn't contain just a digital signature or something similar, and that their ticket-checking app might be vulnerable to it containing something malicious, like opening a random malicious URL.

I suppose it was just "QR code bad" and the policy wasn't thought through much more than that?

16 October at 19:48 | Open on macrofurs.social

Andre_601 🇨🇭 :kt_bs:

@Codeberg In all honesty... If they fear some malicious actors causing issues, then they shouldn't offer a QR-code-based system to begin with, if they can't be bothered having a solid system that prevents issues like this to begin with...

16 October at 19:49 | Open on swiss.social

Go Up