- Joined
- Jun 15, 2011
- Posts
- 2,745
- Qantas
- Platinum 1
I don't agree with this. Blackboxing some or most of your security components can make for a highly effective strategy.
I don't agree with this. Blackboxing some or most of your security components can make for a highly effective strategy.
banana boy
Intern
- Joined
- Mar 15, 2019
- Posts
- 79
I haven't misunderstood anything. When systems are exposed to hostile environments then having many eyes review code and many actors attempt compromises has resulted in much better security. How many more patch cycles for full remote compromise zero day exploits that have been in code for years will we go through? How many more backdoor passwords in supposedly secure Cisco code are yet to be discovered? How many times will companies hide their bugs until 3rd party researchers threaten to or do release details of exploits?
Sure open systems are not a panacea. Many eyes didn't prevent cryptography standards like DUAL_EC_DRBG from being distributed by RSA et al and used widely in supposedly secure environments. But if Juniper had open sourced NetScreen like they have with JunOS maybe the complete compromise of Juniper VPN traffic would have been avoided.
Unless your digital secrets (code) can withstand the withering gaze of open scrutiny then time has proven again and again that trust in closed systems doesn't create great security.
The contact tracking app is definitely going to be exposed to the public and people will definitely try to co-opt it. It is not like a closed banking system.
Sure open systems are not a panacea. Many eyes didn't prevent cryptography standards like DUAL_EC_DRBG from being distributed by RSA et al and used widely in supposedly secure environments. But if Juniper had open sourced NetScreen like they have with JunOS maybe the complete compromise of Juniper VPN traffic would have been avoided.
Unless your digital secrets (code) can withstand the withering gaze of open scrutiny then time has proven again and again that trust in closed systems doesn't create great security.
The contact tracking app is definitely going to be exposed to the public and people will definitely try to co-opt it. It is not like a closed banking system.
Sorry but the core of your argument seems to be that security can only be achieved through the opening of codebases. What's wrong with this theory is that no commercial security vendor outside of those that strictly began as open source projects (pfSense, ClearOS, OPNsense etc) does this today - and you will not find the open source solutions featuring in Gartner's MQ for products because enterprises aren't buying them and the market doesn't believe them to be considerably more secure than proprietary solutions. You've tried to claim that Juniper does so with JunOS, but JunOS is not open source, it just built on top of an Open Source OS (FreeBSD in the case of JunOS, Linux for JunOS evolved). I think you'll find most of the platforms are in the same situation, that certainly does not make them open source solutions.
I wouldn't even bother going back and forward on this topic but when you put it in such an authoritarian tone it makes it difficult not to point out the clear reality of the market, and that is that the vast majority of enterprise products today do not expose their source code as a matter of course, and doing so is no easy feat, and it is not a panacea for problems of trust.
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
And here it is!
www.covidsafe.gov.au
End of the COVIDSafe data period
The Minister for Health has determined the end of the COVIDSafe data period effective from 16 August 2022. All COVIDSafe app data has now been deleted from the National COVIDSafe Data Store.
p--and--t
Established Member
- Joined
- Sep 28, 2008
- Posts
- 3,849
- Qantas
- Bronze
- Virgin
- Red
Downloaded and activated.
Worked in IT for >20 years.
No qualms at all at downloading it (yet I refuse to use FakeBook because I do not trust it).
The eventual usefulness? - Jury is out at the moment.
Worked in IT for >20 years.
No qualms at all at downloading it (yet I refuse to use FakeBook because I do not trust it).
The eventual usefulness? - Jury is out at the moment.
Last edited:
Sponsored Post
Struggling to use your Frequent Flyer Points?
Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.
Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Germany gives in to Apple:
www.itnews.com.au
Hong Kong is using electronic tracking bracelets for those entering through the airport:
onezero.medium.com
That article also gives some interesting stats on what many other countries are doing too.
Australia will be writing into law that only health officials can make use of the data: Australian PM says will be illegal for non-health officials to get data from COVID-19 app
Germany flips to Apple-Google approach on smartphone contact tracing
Backs 'gapple' approach along with a growing number of other European countries.
www.itnews.com.au
Hong Kong is using electronic tracking bracelets for those entering through the airport:
We Mapped How the Coronavirus Is Driving New Surveillance Programs Around the World
At least 30 countries are ramping up surveillance to combat the coronavirus
onezero.medium.com
That article also gives some interesting stats on what many other countries are doing too.
Australia will be writing into law that only health officials can make use of the data: Australian PM says will be illegal for non-health officials to get data from COVID-19 app
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
2 million downloads clocked already (~8% of Australians).
www.crn.com.au
More than two million Australians download COVID-19 app, testing expands
More than two million Australians have downloaded the app.
www.crn.com.au
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.
banana boy
Intern
- Joined
- Mar 15, 2019
- Posts
- 79
My argument is simply that more eyes makes for better security and if code is promoted as being secure it should be able to pass open scrutiny without fear.
The commercial decisions and contractual obligations which prevent most companies from open sourcing code is not a security decision.
Of course there is no panacea for security and simply opening a codebase won't somehow magically make it secure. In the case of the Covid tracking app I can see no good reason for the government not to release the code base. Unless of course they have purchased a closed system and are prevented from releasing (or maybe even seeing) the source code.
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Proposed changes to the law to set a 5 year prison term for anyone that tries to use the app for anything other than contract tracing, currently ~5 million downloads/registrations using the app has been completed:
www.itnews.com.au
Apple and Google play to the market by disabling location tracking in their apps:
www.itnews.com.au
Britain goes back to the 1960's to test it's contact tracing app, with tests starting today:
www.itnews.com.au
Govt unveils COVIDSafe contact tracing app bill
Unlawful access punishable by five years jail.
www.itnews.com.au
Apple and Google play to the market by disabling location tracking in their apps:
Apple and Google to ban use of location tracking in contact tracing apps
That are built on their forthcoming capability.
www.itnews.com.au
Britain goes back to the 1960's to test it's contact tracing app, with tests starting today:
UK to test COVID-19 tracing app on the Isle of Wight this week
Opts for centralised tracing model.
www.itnews.com.au
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Another one throwing their hat into the ring........
www.itnews.com.au
Was surprised last night (or maybe, I wasn't surprised; which says it all to the UK's handling of the situation) that last night's announcement from BoJo (the clown) had no mention of a contact tracing app being ready for use and that we should install/start using it.
WHO readies coronavirus app for checking symptoms, possibly contact tracing
To enable people in under-resourced countries to assess.
www.itnews.com.au
Was surprised last night (or maybe, I wasn't surprised; which says it all to the UK's handling of the situation) that last night's announcement from BoJo (the clown) had no mention of a contact tracing app being ready for use and that we should install/start using it.
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Still no sign of an app in the wild for the UK, or if there has been it's not been well publicised.
More countries moving forward with Google and Apple's version, who have been firm around no location history etc. It's holding some countries back from using it through as they want the extra level of tracking.
www.itnews.com.au
Estonia is taking a slightly different tact to dealing with the get back to work process.
www.itnews.com.au
More countries moving forward with Google and Apple's version, who have been firm around no location history etc. It's holding some countries back from using it through as they want the extra level of tracking.
Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets
Initial version of system released.
www.itnews.com.au
Estonia is taking a slightly different tact to dealing with the get back to work process.
Estonia starts testing digital immunity passport for workplaces
Created by a team including founders of global tech startups Transferwise and Bolt.
www.itnews.com.au
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Oops. At least the gap was plugged pretty quickly.
Flashback
Enthusiast
- Joined
- Oct 29, 2006
- Posts
- 12,561
Some interesting stats/feedback from the AU COVID-19 tracing application.
www.itnews.com.au
DTA swamped with COVIDSafe app feedback in first month
Receives over 20,000 pieces of feedback from users and tech community.
www.itnews.com.au
tomlee1986
Established Member
- Joined
- Feb 27, 2014
- Posts
- 1,548
- Qantas
- Bronze
- Virgin
- Red
I agree there.. as it is not compulsory, there is always a risk of not able to find all contacts if it is a large gathering in the public, where the people are not known to each other
jb747
Enthusiast
- Joined
- Mar 9, 2010
- Posts
- 12,493
Some interesting stats/feedback from the AU COVID-19 tracing application.
DTA swamped with COVIDSafe app feedback in first month
Receives over 20,000 pieces of feedback from users and tech community.
It's rather a "pat yourself on the back" article. Other articles over the past week have basically been talking down the app, with its usefulness being questioned.
I like this quote "Given that just under half of the Australia.gov.au traffic relates to return users, people are seeing value - so we mustn’t be too far off the mark". That possibly means people couldn't get the site to work on the first go, and had to come back for a second attempt. It doesn't seem to be a worthwhile marker.
The usefullness of the app is, that by adopting it the govt has bought forward the relaxation of restrictions. the actual benefits of the app are a long way off being measurable do to the relative success of containing the outbreak compared to other countries.
Enhance your AFF viewing experience!!
From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.And you'll be supporting us so that we can continue to provide this valuable resource :)
Sample AFF with no advertisements? More..
Sample AFF with no advertisements? More..
