Redirect Ransom

QR codes are not inherently dangerous. They’re effectively links we can click in the real world using the camera app on our phone. Like hyperlinks on a web page, QR code “links” can take you to good websites or bad websites. They can also disguise their ultimate destination by using URL shortening services like bitly or owly. But now “free” QR code generator websites – that is, sites that will let you create one of these QR codes by entering the HTTP link you want it to take people to – are using these redirects to basically hold your QR code for ransom. The QR codes they give you use the redirect links to insert themselves into the middle – and after some time, they will stop working until you subscribe and pay them money. If you’ve already printed these codes on hundreds of business cards or dozens of plaques for your restaurant, they they’ve really got you over a barrel. I’ll help you avoid these scams.

In other news: Microsort warns that attackers are quickly leveraging newly reported zero-days; some Chrome extensions are making money by inserting affiliate links for thousands of websites; Microsoft appears to be readying a useful PC cleanup tool for release; Apple clarifies its policy on security updates for older OS releases; a report details how hidden AI algorithms are affecting the lives of DC residents; facial recognition systems are being installed in many soccer stadiums; Uber is planning to bombard their users with ads; Clearview AI has been fined 30M euros by France; Apple is ramping up its own ads on its various apps and devices; and I answer another Dear Carey question, this one on the case that is bringing Section 230 in front of the Supreme Court.

Article Links

  1. [Hacker News] Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities
  2. [BleepingComputer] Chrome extensions with 1 million installs hijack targets’ browsers
  3. [PCWorld] Microsoft’s surprise PC Manager system optimizer takes aim at CCleaner rticle/1360140/microsoft-releases-beta-of-a-ccleaner-style-pc-manager-tool.html
  4. [Ars Technica] Apple clarifies security update policy: Only the latest OSes are fully patched
  5. [WIRED] Algorithms Quietly Run the City of DC—and Maybe Your Hometown
  6. [WIRED] Soccer Fans, You’re Being Watched
  7. [Gizmodo] Uber Plans to Advertise to You At Every Stage of Your Ride, Using Your Own Data
  8. [Naked Security] Clearview AI image-scraping face recognition service hit with €20m fine in France
  9. [Lifehacker] How to Block Apple’s Own Ads on Your iPhone
  10. Tip of the Week:

Further Info

Table of Contents

Use these timestamps to jump to a particular section of the show.

  • 0:00:42: Countdown to 300
  • 0:00:57: Twitter dumpster fire
  • 0:01:25: 5th edition update
  • 0:02:47: News preview
  • 0:04:38: Attackers rapidly exploiting 0-day bugs
  • 0:08:43: Chrome extensions committed click fraud
  • 0:14:50: New Microsoft PC Cleaner tool coming
  • 0:17:23: Apple doesn’t fix all bugs on older OS releases
  • 0:21:11: Secret algorithms that affect our lives
  • 0:27:23: Facial recognition spreading to many sports stadiums
  • 0:33:12: Uber plans to show you ads everywhere
  • 0:37:33: Clearview AI fined 20M Euros by France
  • 0:41:49: Apple to do more advertising in their apps
  • 0:44:18: Tip of the Week: QR codes hold links for ransom
  • 0:51:31: Dear Carey
  • 0:57:42: Upcoming stuff