Today we face popularity of QR-codes. Most tech-savvy people already actively use them to transfer encoded digital information into their devices, to follow links and to  input data into their devices with no manual typing.

Some inventive “hackers” already started using this technique by sticking false QR-codes over real ones. So in case you use code-recognition client, which is automatically following links, and your Android phone does not ask you before installing apps other than those from Android market, you are in trouble. Such QR-codes might drive you to the download of a false operating system update, being a virus.

So beware of too much automation in your QR-reading software.

Saw cheap IPhone 5 today at the electronics market. Fashion rules, no doubt, and everyone wants the toy. Even though the 5-th even doesn’t exist yet. Strange feeling to witness the ghost.

I expanded my network of InfoSec specialists, analysts and geeks on Twitter. And got hinted to look at owasp.org project. I usually have numerous tabs open in Firefox, never timely reading them - so they grow. Now I have a couple more, promising myself to read them asap. We talked about ghosts, right? They say companies are divided into those which do know their web applications code is insecure and those which don’t.

This ghost chasing is rated well in OWASP’s top 10 rating of threats your company (and probably you) face during web information exchange.

Here is the link to the 2010 document. It appears, not much changes over time, so they don’t update the rating annually. Still it is very current, being reviewed by some top companies from the industry recently. 

http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf

There’s much to think about.