QR Codes As Anti-Forgery On Currency Could Infect Banks

New submitter planetzuda writes "Invisible nano QR codes have been proposed as a way to stop forgery of U.S. currency by students of the South Dakota School of Mines and Technology. Unfortunately QR codes are easy to forge and can send you to a site that infects your system. Banks would most likely need to scan currency that have QR codes to ensure the authenticity of the bill. If the QR code was forged it could infect the bank with a virus."

Sigh.

[ledow]

Only if they're stupid enough to execute code formed from non-executable input.

Re:Sigh.

[postbigbang]

The poster is confused. QR Codes are data, not actionable unless you take action on them. Moronic? That's a little rough. In need of a lot of education? Oh.Yeah.

Re:Sigh.

No, they can be plain text. It's always been part of the standard.

Looks like the summary is just the usual flamebait, containing some stupid statement that commenters will feel compelled to correct.

Re:Sigh.

[jeffmeden]

* FIX

They're stupid enough to execute code formed from non-executable input.

* FIX OVER

Yes, let's go ahead and presume that the institutions that figuratively and in some cases literally built the first world nations we sit on our asses in have no idea how to sandbox and bound check a code read from a scanner in order to stop an "infection" from taking over... Why, there is no way every single bank, even the podunk credit unions that dot the land near and far, can figure out how to run a completely public banking portal without getting completely pwned on their first day and having their vaults emptied. Wait, no, I have that backwards. Good security IS possible, it's just hard for most slashpundits to imagine since it is completely beyond them.

Re:Sigh.

A QR code itself can NOT send you to a site. That is a 'feature' of certain apps running on smartphones etc.

The Michigan University proposal does not suggest that banks should run any such browser-linked software. They essentially propose banks to run software that reads a QR code and validates that code, using algorithms and data that would not require a browser.

This is the lamest conclusion I've seen yet on Slashdot - either flame bait or a submitter and editorial combined IQ of 50.

Come on slashdot editors, keep it mildly informed or have standards fallen so low that it's time to move away from slashdot?

Re:Sigh.

[tragedy]

I can't imagine a qr code being able to stack overflow anything, there aren't enough bits.

That doesn't seem to be what this article is proposing, however. This article seems to be proposing that the scanners at the bank will read the QR codes on the notes, interpret the code into a URL, then direct a web browser to that URL and, if the URL is for a compromised site, the bank's computer will become infected.

I've been reading Slashdot for 15 years. I'm not going to claim that all the articles in that time have been gems. This kind of thing almost makes me want to cry, however. It just seems to be happening more and more often.

Re:Sigh.

[dolmen.fr]

Who said that the QR code will encode an URL?
This is not written in the engadget article, and that's the main erroneous assumption of the Slasdot poster (planetzuda).

Er, wrong.

I guess that's why all the checkouts at our local grocery stores get viruses when we scan the wrong barcodes.

Use appropriate software. Fuck.

What?

What? QR codes can hold arbitrary strings, they don't have to be just URLs. This summary makes no sense. There isn't even an article here! Who is editing this shit?

Really?

[ajdlinux]

This story displays an incredibly low understanding about what a QR code even is, let alone how you would write a QR code reader for a secure environment. I'm surprised this even got accepted.

Re:Super high tech solution

Next problem: idiotic user submissions combined with lazy "editors" could infect Slashdot with terrible articles on the front page.