cross-posted from: https://lemmy.world/post/44422759
Cybersecurity experts can block malware, what you need is a picture of a goat’s butthole or something technical like that.
this post was submitted on 19 Mar 2026
513 points (99.0% liked)
Programmer Humor
31938 readers
31 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 3 years ago
MODERATORS
Fuck it, just walk around with goatse on your shirt
I remember when aimbots in Counter-Strike worked by searching for a specific color pattern that it would lock onto, so it became somewhat common to put those colors at the center of an image to use as a spray and force any cheaters to stare at a wall. Goatse was a common image used for this.
Glad to see old tricks get new purpose.
That sort of exists:
https://en.wikipedia.org/wiki/EICAR_test_file
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
That’s just a test file tho. Its whole purpose is to prove heuristic based scans work.
It’s not actually a virus.
No it's not but the whole point of it is that antivirus packages detect it, and they will kill and quarantine the process handling the data. Its purpose is to trigger an antivirus response for testing purposes.
So it can indeed be used as a DoS kinda thing in many cases.
Nice, if android even cares though. Dunno, what's the state of android AV these days?
And iOS I suppose, the glasses aren't attached to a laptop most likely. And does the app auto-open QR codes? Enquiring minds want to know, because this is a solid idea if it can be made to work.
There's some AV packages like Lookout that are pretty common in corporate environments.
And really any big data collection through apps will make itself to servers eventually if course. You don't need to open a URL for this to trigger, the eicar code being in memory of a process is enough.
Of course you do need to decode the QR. But I'm sure many environments focused on video data collection would device QR codes.
Yeah, turns out a lot of companies don't really think about security, here's a DEF CON talk where they find stuff that chokes on it:
Alternatively, send them straight to a site that absolutely gets them put on some watchlist. Not as much instant karma as malware, but situationally more useful in the grand scheme of things. (Some kind of government honeypot perhaps, or just phish n' dox them.)
I was shopping for glasses late last year and these were frame options on every site I browsed. They’re out there. Whether or not people are buying is another thing.
I've seen these in the wild exactly once so far, a tour group was shaming one of its members into taking them off. Warmed my heart
If it wasn’t meta, and they were less obvious, they’d make great ICE watchers.
But it is meta, and the tech requires a corruptible centralization of power like that, so they're great for ICE watching in the exact opposite of the way you're hoping for
Begun, the cyberglasses war has.
Snowcrash that shit.
So as someone who works exactly on this, the best way is still exploiting the user. The "QR code scanned" notification needs to look like something useful or enticing so the download or link is opened. The glasses would never automatically download and even execute a binary without the user.
Easiest is probably some PDF reader exploit. There I can see a path of auto download and auto execute with only minimal user intervention. If the PDF has a good title you'll take the user approval hurdle easy.
Or payment apps. Some users have payments almost automated. Accidentally confirming a payment popup in the wrong moment seems like a viable exploit.
Those things genuinely creep me out and make me want to start wearing a mask in public again.
I wore a mask to the hardware store today. My kid wore a mask too and I pointed out the sign on the door that notified us that the store uses cameras and facial recognition. We were the only ones and we felt a bit self conscious, but if that’s what we have to do to retain anonymity/privacy then that’s sadly the world we live in now.
It'll never work. There are more cameras then you realize and more then you can hide from. Even driving down the freeway you can be photographed and identified from your car.
And there are algorithms that can ID individuals from their gait
It’ll sometimes work. We’re just trying to make it harder for them.
It is very possible that all store camera apps get an update from Google/Apple etc that bricks the phone or temporarily suspends functionality (also preventing phone locking) on glancing a specific QR code that will be given to all ICE operatives to wear somewhere on their uniform.
Hidden? Oh really? The circles where the temples are attached to the frame of the glasses don't look like ordinary metal fittings... i see this shit pointed at me – i carefully remove them off owner's face and... politely explain why i did it? Nevermind
I get the sentiment, but please don’t. You’re just going to get yourself an assault charge, and the wearer will only be more emboldened.