Posted on 09/18/2021 7:55:41 AM PDT by DoodleBob
New York state has fixed an issue with the Excelsior Pass Wallet that allows users to acquire and store COVID-19 vaccine credentials.
The issue -- discovered by researchers at the NCC Group -- allows someone "to create and store fake vaccine credentials in their NYS Excelsior Pass Wallet that might allow them to gain access to physical spaces (such as businesses and event venues)...
The researchers found that the application did not validate vaccine credentials added to it, allowing forged credentials to be stored by users.
New York State was notified of the issue on April 30 but spent months ignoring messages from the NCC Group. It was only until the researchers contacted the NYS ITS Cyber command center in July that they got a response from the state about the problem.
...
...the application allows users to scan a QR code to add a credential to the wallet or add one through the device's photo gallery.
"The issue we found allowed fake credentials to be stored in the wallet. Both vectors allowed even non-technical users to scan a fake credential (created by themselves or via a website) and store it as a digital vaccine credential in the NYS Excelsior Wallet application," Adukia added.
"Users could then present the credential through the official app to venues and attempt to gain physical access. A lot of venues don't use the scanner app or ignore the verification results and trust the seemingly legitimate data on a user's device, allowing bypass of credential checking."
...
In a technical advisory from NCC Group, researchers included screenshots of forged credentials that can be scanned by the Wallet app and added as a legitimate pass.
(Excerpt) Read more at zdnet.com ...
Because a vaccine card was supposed to be nothing more than a reminder of when you got vaxxed, not a tool for the implementation of authoritarianism.
The card is irrelevant—it’s the database entry that counts. Both the drugstore where I received the shots, and the where I received them, have their own databases with QR codes. The State-level one is shared with other jurisdictions.
Citizen,the computer shows you’ve voted already..go home..
Citizen, the computer shows you’re due for some more snake oil..come here..
Silly humans.
Internal passports are a sign of a totalitarian state.
A lot of venues like many restaurants know they have no choice—they must ignore the vaxx ID mandates or go out of business.
The vaxx pushers getting what they want. BTW,f-you put your mask on anyway.
We just flew from Spain to Belgium for a week then back to Spain. Within 48 hours of your flight both countries make you fill out passenger locator forms that tell them where you will be staying, what seat you are in on the plane, whether or not you have been in contact with anyone who has Covid and whether or not you are vaccinated. That form has a QR code and if you don't have it they won't let you board. If you are flying from one part of Spain to another (not sure if this applies to Belgium also) you don't have to show any of that information.
As of now (who knows when or if it will change) you don't have to be vaccinated to travel but you do have to show proof of a negative Covid test given within 48 hours of your trip.
“black and white vaccine card on white card stock with handwritten information that could be so easily forged?”
They’re giving us a chance to forge it. Anything on paper can be forged at face value.
” ignore the vaxx ID mandates or go out of business.”
you’re already out of “business” because someone else is controlling your operation.
You’re now just a Tax Donkey, Bee-Yotch
Have some dignity and MOVE.
Then . . . Let it all burn
In big cities (and especially in NYC) there is a gigantic black market for everything—and tax evasion is an art form.
You can opt out of most State vaccine information databases. A couple of States are opt in.
There is no federal database.
At a gathering of Facebook’s leadership in and around Menlo Park early this month, some officials discussed whether Facebook has gotten too big, with too much data flowing to manage all of its content, said people familiar with the gathering. The tone from some participants was, “We created the machine and we can’t control the machine,” one of the people said.(emphasis added)
I'm not necessarily anti vaxx - many FReepers have gotten these shots, for a variety of reasons. Everyone is different and healthcare is a personal matter. If you're not killing anyone or defrauding them go ahead.
But people frequently whine that we're doomed, look at the election and big tech and resistance is futile we all gotta get the jab just let's get it over with blah blah blah. This article shows what a small, smart group of people can do. It's just like the "weaponized autists" who screwed with that twit Shia who put his resistance flag on a webcam.
“You’re now just a Tax Donkey, Bee-Yotch”
That IS Good.
I may print that out and preface it with......”You require a ‘vax card?’” And send/hand out to local businesses... only I think I’ll change “Bee-Yotch” to COWARD.
Any word on the fraudulent politicians posing as Americans?
Whatever happened to Shiat LaBoob? Haven’t heard a peep out of him in a long time. Not that I want to.
All types of forgery will be addressed when they implement an identifyer mark in the right hand or forehead.
The fact that its made to be forged simply furthers their agenda, and the “need” for a system which cannot be forged.
The researchers found that the application did not validate vaccine credentials added to it, allowing forged credentials to be stored by users.
—
I’m guessing this is planted fake story. The vaccine credential is a paper form and typically filled out by hand by whoever administers the shot. Its original intent was as a reminder card to space out the dosage. There is no central database tracking these paper credentials, so how would one “validate” them?
Bkmrk
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.