I took this photo of the moon on March 18 (the night when the occupation resumed its genocidal aggression) at 1am while watching the news…I saw the light casting into the house and it felt like a hand among the horror.

I wrote this poem a few days later, when the clocks changed. Oh, to be a hand…to stop the world turning, for you.

We will never become accustomed to this. We will never give up on Palestine.

#SilentSunday

#LunaMoth #Moth #Nature #Wildlife

Down by the lake I noticed a mite that seemed small for a trombidiid and large for an erythraeid…only on looking more closely did I notice that its dark red body had a gorgeous iridescent blue-green sheen! I think this may be a _Balaustium_ species, but not one of the ones I usually see. I've only seen this kind once before!

#DailyMitePic #Mitestodon #arachnids #mites #ArthroBeauty #Acari #Acariformes #Erythraeidae

"Repeated data leak offender" - Looking for contacts in Malaysia

This #leak is a really weird story and I am looking for help in #Malaysia.

If I were in the medical business, I would be very careful about what pictures of my customers I store longterm. And there would be tons of safeguards before I would allow them to be stored in a bucket (#Microsoft #Azure #Blob in this case). At the very least I would make sure that the Blob IS NOT world readable and world indexable. Should this ever happen to me, I would be so deeply ashamed that this shame would eternally prevent me from doing the same mistake again. Doing this over and over again takes the approach to IT security and privacy protection to a new low.

This brings us to BP Healthcare, a Malaysian healthcare giant that runs a multitude of businesses in that country. This includes online health services, laboratories, pharmacies, dental clinics, eye centers and much, much more. According to their own publications, they serve 35 million customers. Furthermore they seem to rely heavily on cloud services.

While other data leaks (at least four we know of) inside the sprawling empire of BP Healtcare since April 2019 were mostly fixed in a timely fashion (but without ever acknowledging the problem or answering at all), we currently see no less than three Azure blobs with a gigantic amount of data on which (even though the security researcher inquired multiple times) no action is forthcoming.

The data includes

• One Blob with 1.5 million prescriptions, receipts and invoices
• One Blob with 1.7 milltion invoices for healthcare services
• One Blob with 1.8 million assorted documents

The last blob is the most critical as it seems tied to a medical service provided via chat. The blob contains (among other) things images customers uploaded to show their medical problems. Naturally this includes their customers being in varying state of undress. Surprisingly, a lot of the telemedicine chats involved named patients seeking diagnosis or treatment for sexually transmitted diseases.

We are looking for a government agency (or contact in the technical press) that would take a long hard look at all the ITZ operations of BP healthcare. The fact that we see the same problem occurring again and again worries us deeply. Sometimes it is even the same subsidary that is having the same problem. Furthermore they are exposing the most intimate information about the customers. There are several warning signs, that the trouble may run deeper than just these leaks.

Closing remark: I usually do a PostMortem of the data leak including the URL of the leak that was closed. This will not happen in this case. Even a first glance at the cloud infrastructure paints a worrying picture and we are not confident that they will not reopen (assumed they close it in the first place) the leak at some point in the future. Thererefore I will abstain from naming it in the report.