[WG-IDAssurance] For those of you who enjoy a little infosec farce ...

0 views
Skip to first unread message

Richard G. WILSHER (@Zygma)

unread,
Sep 2, 2021, 5:27:45 PM9/2/21
to IA WG

We all know how well-regulated the healthcare sector is, right?  All those controls and checks …

Today I went for a Rapid COVID test, prior to international travel.
20 mins after getting back home a PDF document arrived in my email inbox certifying me as having a negative result.  Nice.

The document had NO protections at all.  So far I have certified Che Guevara, Zorba the Greek and Donald Duck as being POSITIVE.
How does one stop fraudsters or have any confidence in any such certification when it is made this easy?  Hope the Brits don’t work this out before I get landside!

 

Richard G. WILSHER
Founder & CEO,  Zygma Inc.
               https://kantarainitiative.org/wp-content/uploads/brizy/11604/assets/images/iW=341&iH=341&oX=0&oY=43&cW=341&cH=255/Kantara-Award-Badge-02.png     
Operating independently since 1993

M: +1 714 797 99 42
E:   R...@Zygma.biz
W:  www.Zygma.biz

 

image002.jpg
image004.png
image006.jpg

mhae...@freeuk.com

unread,
Sep 3, 2021, 9:14:31 AM9/3/21
to Richard G. WILSHER (@Zygma), IA WG


Richard,

 there is only a real problem if you have covid and provide a false document and pass the virus on, so the purpose may be more to assist prosecution. However, just because you can't see the security features doesn't mean they are not there. In soft copy there will be stuff in the file, such as creation date and author, and even in the paper version it is not that hard to make steganographic changes to the character positions to check that whatever name was there originally it wasn't Donald Duck. 

OK, reality says no, but don't expect the security theatre here to be any better than the security theater in the US... 

Mark

Reply all
Reply to author
Forward
0 new messages