How the IATA travel pass can verify USA or other countries vaccine cards

Example of a CDC Vaccine Card

Verification of Vaccine Cards

Several countries around the world are wanting people to have a way to verify that people who are coming into their country has gotten the vaccine. There have been a number of news articles of people who have faked the vaccine card for one reason or another usually just because they don’t feel like they need to get the vaccine. Requiring vaccine cards have never been new or original in traveling around the world. There has always been countries that require vaccines like rubella or Hepatitis B vaccine to enter their countries. We’ve seen many countries who would like to proof of vaccine and proven ways to knows that it’s not forged.

Stopping the forgery

Each country is wondering how they can stop the forgeries of vaccine cards. No country wants to have take financial responsibility for someone who might get really sick due to the covid19. This is why countries are really wanting way to provide a way to know that someone has gotten the vaccine. The problem is that some people think they really don’t need the vaccine because of herd immunity, so why are they so worried about it. It’s one way to know that their immune system has been given enough protection from getting the severe version of covid19. I am sure there are other reasons and that is what I always hear.

The IATA Travel Pass Verification

When I say that IATA could verify that each vaccine cards in the USA or other countries to be authentic, is saying something that no other airline could do. If countries are looking to verify that the vaccine cards from countries that don’t want to share their vaccine data due to laws, such as the US. They can at least do some minor things while you register for a vaccine passport on their IATA travel pass app. I’m going to talk in length about this so please be patient and maybe someone will actually implement this in the IATA Travel Pass app.

There are several ways they can verify the picture of the vaccine passport to be authentic. They can have the Iata travel pass do image searches to see if there are images that are unique or close to the same exact type that is being submitted. There are several ways you can do that:

These are only two of several ways they can search the web and find out if it is not authentic or original, from the vaccine card that is being submitted.

Images not on the Internet

What if the criminals are being sneaking and keeping these cards off the internet. What options do the Iata Pass have to verify that it isn’t be used in other countries or accounts on the IATA travel pass? This is where it gets really interesting because there are several ways that can be used to verify that the vaccine card hasn’t been used in the past. They can get the Hash Value of the picture and store it in their servers for later on. Don’t worry, the hash value doesn’t save the picture on the server but keeps a copy of the hash value so they can search for that value and probably even keeps the account that it is associated with it for security reasons.

Imaging Hashing by pyimagesearch

As you can see it’s is really an easy process for phones around the world to hash a picture and send the hash to server to either use it to search for a copy or to record it so no other person can use it. I really suggest you go check out the pyimagesearch site and see all the ways that can be used to search for a duplicate hash. This would be a great resource for people to authenticate if they have a unique vaccine card or not.

Examine the Metadata

Metadata is according to Google “a set of data that describes and gives information about other data.” Basically when you take pictures with your phone, your phone records what type of phone was being used and many different things sometimes including the GPS location of the image being take. So they can examine the metadata and see a lot of stuff from the submitted picture of the vaccine card is coming from and also keep record of that information also in a database for reference for obvious reasons. They can also prevent photos being used if they have been edited before uploaded, for example there is a good little photo editor like Snapseed. It’s a great little app that can be used in Android devices to edit or change a photo.

Once it has been edited the metadata would show that it was edited by snapseed or any other photo editing software and thus should be thrown out for security reasons like that. So if someone is trying to get around the vaccine authentication they probably would have a very hard time in verifying there vaccine card.

This is what I would think should be implemented when making the IATA travel pass to help governments to know that the vaccine cards are as authentic as possible. I won’t say that people will not come up with ways to still submit forgeries, that will always be a problem. It however will make it more difficult for people to do that. It is my hope that we won’t have to use this for very long and this would just be a stop gap way to get travelers back to traveling around the world.

What do you think about this idea? Do you think they did this or do you think they will do this in the future? What’s your experience with the IATA travel pass?

Netspend sends out card that I didn’t order :

netspendsite

I arrived home today with Netspend card in my Mailbox. The letter states that I ordered the card and it has arrived. So I am concerned because of the possible [intlink id=”2644″ type=”post”]Identity theft[/intlink] that could be going on so I call them to find out what the heck is going on.   I call to find out it who signed me up for this and to get some kind of information as to the people who had this information about me.   I ask for the financial service that “recommended me for this Card” because I want to make a phone call to them about the security concerns  about sharing my personal information.   I say that because they had my Name, my mailing address.  This isn’t totally hard to find had I had a Land phone but with me just having a cell phone.

[ad]I ask for the IP of the person who signed me up and they said they don’t have that information and they have no information on who did it.  This sounds  like a poor way  to offer pre-paid card that has a VISA logo.   I think this is poor security and if someone signs me up and uses my identity what ever happened to logs?    This is what is most concerning to me, because I would have expected if someone signs up they would at least keep the IP in case of some criminal activity to know if it was one IP that is making so many creation of cards.   This is a fundamental principle in financial institutions that hold our money.

I did a Google search for others who had this happened and I see a bunch of people complaining about the same thing.  Some of the more important topics were, Netspend Is A Fraud! and Unethical Pirates! I found some really concerning complaints from people around the US.  All these are concerning, I told them to close out the account and I will be watching my credit for the next 6 months.   I think this was unethical by both Netspend and the Financial service, due to the fact that I didn’t give the financial services permission to give out my information.   I don’t know if Netspend had my SSN but I didn’t activate the card so I don’t know but I am very concerned by the way Netspend did not keep logs on who and when something like this was done.   If I find out what financial service did this I will be contacting the FTC and BBB over this.   I want to hear if anyone else has had this happened?  I will advise everyone who has this happened to call immediately to close out the account and complain to appropriate people.  

Rogue Fake Codecs on the Rise

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

[ad#ad2-right]As you can see this makes you have very little security with your system.  I talk about Identity theft, and why you should always worry about your identity.   This however will make your passwords less secure and maybe even compromise you system to the point of having a data breach.   You need to be careful when you come by this, some fake codecs have been know to be scareware.  In which, the fake codecs installs a Trojan to tell you have a virus and try to make you buy a fake program to get rid of the Virus.  In one of my recent posts about Codecs and Facebook, I talked about the K-Lite Mega Codec Pack and how that will prevent you from installing these sociable links from friends and family.  The nice thing about this pack is it install all the really good codecs that you might come across on the web.  If you have this installed and there’s a website that says you need a special codec, you’d know that it is either a fake codec or the author who made the video doesn’t standardize.   In which case you will be more willing to leave that site without installing that codec.

If you follow these steps and also consider installing an Anti-virus and Firewall, you will be in a much better shape then when you first started out. Remember only you can prevent from getting a virus. You should also consider doing the registry edit that will prevent Autorun. As you can tell these new variants also are spread through USB and other removable media. This is the other way these programs are using to infect other systems.

Hot, sexy bot sweet-talks personal data out of chatters

[ad#ad2-left]

Security software company PC Tools warns that the bot can easily be used for malicious purposes. The company said that the program’s ability to mimic human behavior to dupe chatters is worrisome, and could readily be used to collect all manner of information. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” said PC Tools senior malware analyst Sergei Shevchenko in a statement. “CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial.”
[Via Arstechnica]

This is really a security issue here. Never give out your personal information online. I just want to post this to remind people not everything online is safe.