[News] CSEC's acceptable proof of vaccination for Saddledome games

[Firebot]

Quote:

Originally Posted by flamesrule_kipper34

Response from my Ticket Rep after I reached out:

We are aware of a few issues related to PORTpass – the most significant being the security of the personal data that users provide to secure the certification. Based upon the due diligence that we completed prior to recommending the app, we were comfortable with the security of data. However, it would seem the security issue continues to be challenged in the media.

They are being taken for total fools by what appears to be more and more a scam, and this is the answer they are providing?

What type of due diligence did they do? They were told it was 'secured on the blockchain and artificial intelligence', it sounded technical, and they gave the thumbs up?

Did CSEC also bought into Bre-X as well recently?

[OldDutch]

Quote:

Originally Posted by cam_wmh

What audit did CSEC's IT team actually perform? And how competent are they now, having made their bed with PortPass?

This seems to all fall upon, Ziad Mehio's shoulders, really.

"Hey IT guy, I was on the phone with this super awesome dude who is writing his own app. He says its awesome and does whatever I want it to do. Literally said yes to everything! Not sure how it works with the gross techy stuff but I just bought it anyway. Can you install by tomorrow? Thanks pal."

[Buff]

Quote:

Originally Posted by OldDutch

"Hey IT guy, I was on the phone with this super awesome dude who is writing his own app. He says its awesome and does whatever I want it to do. Literally said yes to everything! Not sure how it works with the gross techy stuff but I just bought it anyway. Can you install by tomorrow? Thanks pal."

Let me finish this common discussion with the IT people

IT: Well, I'll want to take a look at this to see if I have any concerns

Boss: No, worries. They assured me it works like a dream

IT: That's fine, but I'd like to verify if it is a secure app

Boss: He showed me everything. No problems whatsover

IT: Okay, but

Boss: Get it implimented now, time is not on our side

IT (to self): I'm totally going to get blamed for something terrible someday


At least the current Sr.Mgmt listen to me and my staff, but the previous regime was much like the above conversation.

I have no idea if that's how things worked at CSEC for this.

[Inglewood Jack]

so in a few days Zak will announce that the two independent security audits have helped them fix all remaining flaws in their Blockchain and AI. how many people are going to give this thing a 2nd chance?

and I still haven't seen an explanation of how the validation process is supposed to work when they don't have access to AHS, Alberta Registry, Canadian Passport, Nexus etc data. are they just eyeballing each application as it comes in and guessing?

[Number 39]

My guess is that someone inside CSEC knew the app CEO and probably innocently opened some doors and here we are. Looks pretty bad and it’s surprising that CSEC didn’t work with a company with a long track record…….probably didn’t because of the cost.

[Muffins]

Quote:

Originally Posted by OldDutch

"Hey IT guy, I was on the phone with this super awesome dude who is writing his own app. He says its awesome and does whatever I want it to do. Literally said yes to everything! Not sure how it works with the gross techy stuff but I just bought it anyway. Can you install by tomorrow? Thanks pal."

The funniest part is you're not even exaggerating. I've been the IT guy in an eerily similar conversation.

[Madman]

[jtfrogger]

Based on what is known:

• Able to validate Duece Bigalow with absolute garbage uploads. Given that this was verified, I am assuming that it was automatically validating absolutely anything you upload. Because if that didn't fail, Pretty much nothing would.
• Personal information was exposed. Any legitimate IT company would not make this mistake easily. Do mistakes happen, sure, but not this easily.
• Claims of AI and blockchain used in the solution. I can see how AI might be used, but it is a bit of a stretch when basic coding would cover the basic cases of an Alberta user. Even for all of Canada, it isn't that many different types of validation. But I really don't see how blockchain would provide any use to this solution.

I don't think there is anything salvageable with Port Pass. It probably doesn't even come close to a functional solution given these glaring issues. I honestly don't see how it could possibly be anything other than a scam.

And this is why any type of passport should be from the government. This absolute failure from the Alberta government allows scammers to come in and take advantage of the situation.

[powderjunkie]

I don't have anything good to say about twitter, but I wonder how far and how bad this could have gone without someone like that user Yeung bringing it to light.

[Beatle17]

Just get your Alberta Health Passport and your drivers license and you will have no issue, or wait until the Government comes out with their electronic passport. Never trust a 3rd party for private information.

[Firebot]

I will certainly give credit to the CBC journalist Sarah Rieger who took on this story quickly and has been investigating it properly and responsibly, even giving the owner a chance to make amends and failing to do so before releasing more info.

Can't say the same from Calgary Sun and Global TV in the past 24 hours with their coverage of the story, what the hell is going on?

https://twitter.com/user/status/1443016075675766789

https://twitter.com/user/status/1442666137724981252

The reporting on this incident has been rather unbalanced to say the least, considering the potential implications and repercussions involved. And why is CSEC so adamant on sticking with this?

[Firebot]

Quote:

Originally Posted by Inglewood Jack

so in a few days Zak will announce that the two independent security audits have helped them fix all remaining flaws in their Blockchain and AI. how many people are going to give this thing a 2nd chance?

and I still haven't seen an explanation of how the validation process is supposed to work when they don't have access to AHS, Alberta Registry, Canadian Passport, Nexus etc data. are they just eyeballing each application as it comes in and guessing?

This is really what it comes down to. There is no valid direct master data link to authenticate a validation process for this app to use or any that has been confirmed.

Glaring security issues aside, there are far juicier and incredibly more suspect sections that Conrad Yeung caught and called out, that seem to be outright lies considering the CDHN doesn't exist and this was claimed that the information was being verified by trained medical professionals.

I think these statements are far more damning then the obvious security issues.

https://twitter.com/user/status/1442198898525671427

https://twitter.com/user/status/1442198901579124747

The question which seems to be glossed over, as it's mentioned both AI and 'trained medical professionals' not just one, who is looking at this data to validate?

[powderjunkie]

Interesting tidbit from the Sun article was that this app was piloted at Nashville North during Stampede?

[tvp2003]

I don’t see how anyone will trust the app going forward, especially if it’s just as easy to provide a paper copy/photo ID instead.

And maybe I’m being naive but I’m not convinced the original intent was to scam people and/or steal their identities. While it’s appears quite apparent that there were flaws and/or lies in whatever claims they were making, and that some of the “news” reports were being exaggerated if not fabricated (one article suggested 200k people were “pre-registered”, with that number increasing to 500k a few weeks later… why?!?), this guys name is all over this, and there’s nobody else to blame if the dominos start to fall. So either he’s a really bad white collar criminal, or he’s a dishonest, greasy businessman who either didn’t know the app wasn’t legit (he should have), or perhaps didn’t think anyone else would find out (he was wrong).

[Weitz]

Quote:

Originally Posted by powderjunkie

Interesting tidbit from the Sun article was that this app was piloted at Nashville North during Stampede?

Didn’t see it or hear of it when I went there.

[Wormius]

It probably wasn’t intended to scam people, but it was pretty much one step beyond vaporware. He would have been so much better off if he sold the concept of it and then contracted out building it to a reputable iOS, Android, or mobile app developer.

[Dome_YYC]

Well, looks like it won't be used for the Kraken game!
https://globalnews.ca/video/8229408/...0GlobalCalgary

[Fuzz]

Last night I think the guy said they had over 600 000 users. That doesn't make any sense. It's just Alberta, right? Who are these 600 000 people? I suspect the number is made up.


Jtfrogger is right, there is nothing remotely redeemable here. All they have is an idea, not an app. The fact that CSEC is hanging around giving them a chance to actually build what doesn't exist? That's ridiculous. This isn't going to happen in a week or 2. Jump ship, and say you are waiting for an official government QR code, then put massive pressure on the government to deliver.


Oh, and sue this guy into the ground for misrepresentation.

[old-fart]

Quote:

Originally Posted by Fuzz

Last night I think the guy said they had over 600 000 users. That doesn't make any sense. It's just Alberta, right? Who are these 600 000 people? I suspect the number is made up.


Jtfrogger is right, there is nothing remotely redeemable here. All they have is an idea, not an app. The fact that CSEC is hanging around giving them a chance to actually build what doesn't exist? That's ridiculous. This isn't going to happen in a week or 2. Jump ship, and say you are waiting for an official government QR code, then put massive pressure on the government to deliver.


Oh, and sue this guy into the ground for misrepresentation.

Lawsuits from the CSEC is probably the least of his concerns. The exposure of personal data is grounds for a massive law suit that, if one of the other posts is accurate and this is actually not a fully properly registered company and their is exposure of personal assets, will surely ruin him. Loss of reputation is already a foregone conclusion.

[Hockeyguy15]

Quote:

Originally Posted by Beatle17

Just get your Alberta Health Passport and your drivers license and you will have no issue, or wait until the Government comes out with their electronic passport. Never trust a 3rd party for private information.

Let's not be so hasty here and assume the government's app is any better.