Linked: Why Threats from QR Codes are Flourishing

ByMike McBride October 22, 2020October 22, 2020 Reading Time: 2 minutes

I have noticed this, haven’t you? Suddenly, QR codes are everywhere:

“The COVID-19 pandemic has helped fuel the QR code renaissance. The glory of QR codes is you don’t need to touch anything apart from your own smartphone to use them. It is a quick and easy contactless system—and everybody is already carrying a suitable scanner. And that makes it the perfect mechanism to access—or collect—information in a pandemic.

That’s why the advent of COVID-19 has seen the QR code take a central position in many businesses that routinely deal with the public. Restaurants, for example, are using QR codes to display the menu on diners’ smartphones. No need to handle a printed menu that has been doing the rounds in the restaurant since who knows when.”

But is that a good thing? As Dave points out in the article below, when you scan a QR code, it can contain instructions for your smartphone to do any number of things, many of which you probably do not want it to do. Things like send an email, add some malicious code to your contacts/calendar, or connect you to a fake WiFi network to continue to grab information from your phone.

At a time when the technology sector is still working to get people to examine links before clicking on them, the widespread adoption of QR codes is sending out quite the opposite message. We are conditioning them to scan things they cannot possibly read and analyze before doing so.

That seems a little less than ideal. But it also seems that QR codes, and link shortening services, which do the same thing, take people to a website they cannot possibly know they are going to in advance, are here to stay.

How do we secure our devices from malicious QR codes? Because I don’t think users are going to be able to know which ones are safe and which aren’t.

With shortened links, it’s the browsers that are working hard to develop the tools to protect us, with warnings about insecure sites, etc. Who will be the first smartphone company to develop the QR warning system, that reads the QR code, but doesn’t do anything until it describes what the QR code will do and asks for permission?

We’re going to need that if users are expected to just scan away in order to interact with the world going forward.

https://www.cloudsavvyit.com/7457/why-threats-from-qr-codes-are-flourishing/

Follow these topics: Links, Security

Links

This Week’s Links (weekly)

ByMike McBride September 28, 2014October 13, 2015 Reading Time: 1 minute

Why Even the Most Cutthroat Lawyer Should Want to Cooperate tags: LitSupport MM Bring Your Own Disaster (Your IT Consultant) tags: Tech Security MM Will Apple Products Come to Rule Your Life? tags: Tech MM EDRM Publishes eDiscovery Maturity Self-Assessment Test tags: LitSupport MM Did Home Depot Invite Data Breach with “We Sell Hammers” Attitude?…

Career | Links | Microsoft | Tech

Linked: As workspace usage of Slack and Microsoft Teams soars, lawyers see an uptick in harassment claims

ByMike McBride August 25, 2020August 25, 2020 Reading Time: 2 minutes

I guess I could see this happening. Teams or Slack chats are real-time, people feeling angry might be tempted to voice their unfiltered opinions on them, much like we see on Twitter, etc. “If workers don’t feel they have a voice on serious issues, resentment can build, turning channels ugly. At the end of the…

Weekly Links

Shared Links (weekly) May 2, 2021

ByMike McBride May 2, 2021May 3, 2021 Reading Time: 1 minute

Only 8% of Those Who Paid the Ransom Got ALL Their Data Back
The Problem With Passwords is People
Just When You Thought You Understood ESI

– linked documents instead of attachments are becoming the norm, should the legal industry ignore that and consider them attachments?
With Burnout on the Rise, Here’s the 1 Thing Managers Need to Do to Ensure Their Employees Feel Supported

“Ultimately, a competent manager knows how to empathize. “
Data Retention Policies and Legal Hold Practices – Time to Revisit Because of Remote Work?
Five Great Reads on eDiscovery for April 2021
Security Vulnerabilities in Cellebrite

– the ethical arguments in this situation could go on for a long time.
When AIs Start Hacking

“When AIs start hacking, everything will change. They won’t be constrained in the same ways, or have the same limits, as people. They’ll change hacking’s speed, scale, and scope, at rates and magnitudes we’re not ready for.”
Remote Workers Expect Pay to Reflect Their Locations

It’s a weird dynamic, certainly you don’t want to be valued less than coworkers, but living in a less expensive location is actually a competitive hiring advantage too.

Career | Links | Tech

Linked – One in five employees would sell their work passwords, some for less than $1000

ByMike McBride March 23, 2016March 23, 2016 Reading Time: 2 minutes

“It turns out that all of the security in the world won’t stop a disgruntled — or adequately incentivized — employee. According to research done by Austin, Texas-based security company SailPoint, one in five employees would sell their work passwords for money.” First off, let me just say that I do not ever condone this….

Links | Mental Health | Training

Linked: Should employers provide mental health training for management?

ByMike McBride September 23, 2021September 23, 2021 Reading Time: 2 minutes

The one that gives me pause is the last bullet, but not because leaders shouldn’t have that knowledge, but more because human nature tells me that is the one most likely to be misused and create really uncomfortable situations. There’s a very fine line between being aware of signs of someone struggling and diagnosis. I absolutely do not want anyone in the workplace diagnosing people. Watch out for signs of stress and ways you can support the folks who work for you proactively? Sure. Decide for yourself that they have depression, or should be referred to an Employee Assistance Program? Not so much.

But, here’s the thing I will fully admit when saying this. Avoiding this type of behavior is absolutely something that solid mental health training should be a part of. I’ve heard far too many instances lately where organizations are reading a lot about mental health, and burnout, in the workplace and then dispatch their managers to have conversations with their teams about it, and zero training.

Those conversations are dangerous. You have to enable your leaders to go into those conversations with some education and expertise on the subject Just telling them to go and have the conversations without getting them up to speed on how to do so, creates a situation that is likely to end up with some very alienated employees.

Links | Training

Linked – Why Training Must Align with Organizational Goals

ByMike McBride May 31, 2016May 27, 2016 Reading Time: 2 minutes

“For one, we know learning is best accomplished by doing, where we apply knowledge to solve problems like we will use that knowledge after the learning experience. However, too much of our instruction is focused on content, and we tend to evaluate the learning experience with knowledge checks instead of application. While knowledge may be…

Linked: Why Threats from QR Codes are Flourishing

Like this:

This Week’s Links (weekly)

Like this:

Linked: As workspace usage of Slack and Microsoft Teams soars, lawyers see an uptick in harassment claims

Like this:

Shared Links (weekly) May 2, 2021

Like this:

Linked – One in five employees would sell their work passwords, some for less than $1000

Like this:

Linked: Should employers provide mental health training for management?

Like this:

Linked – Why Training Must Align with Organizational Goals

Like this:

Leave a Reply Cancel reply

Top Posts

Like this:

Similar Posts

Like this:

Like this:

Like this:

Like this:

Like this:

Like this:

Leave a Reply Cancel reply

Follow Me

Top Posts