Daily Archives: November 10, 2022

Medibank: Hackers release abortion data after stealing Australian medical records

Posted on by

Hackers who stole customer data from Australia’s largest health insurer Medibank have released a file of pregnancy terminations.

It follows Medibank’s refusal to pay a ransom for the data, supported by the Australian government.

Medibank urged the public to not seek out the files, which contain the names of policy holders rather than patients.

CEO David Koczkaro warned that the data release could stop people from seeking medical attention.

Terminations can occur for a range of reasons including non-viable pregnancy, miscarriages and complications.

“These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care,” he said.

The data of 9.7 million Medibank customers was stolen last month – the latest in a string of major data breaches in Australian companies in recent months.

The hackers this week published their first tranche of information after Medibank refused to pay a $10m (£8.7m; A$15.6m) ransom – about $1 for every customer.

Some Australians say they have been targeted by scammers after their medical details were posted online.

Former tennis champion Todd Woodbridge – who is recovering from a heart attack – said he had been pestered by calls from scammers who had known which hospital he had been in.

[…]

The files included people’s health claims data – including medical procedure history – as well as names, addresses, birthdates and government ID numbers.

[…]

Source: Medibank: Hackers release abortion data after stealing Australian medical records – BBC News

Doxxing abortion patients – that’s pretty damn low. Go take out big evil businesses.

Antitrust Lawsuit Says Apple and Amazon Colluded to Raise iPhone, iPad Prices

Posted on by

A new antitrust class-action lawsuit accuses Apple Inc. and Amazon.com of colluding to raise the price of iPhones and iPads,

[…]

The lawsuit, filed in the U.S. District Court for the Western District of Washington accuses Apple and Amazon of seeking to eliminate third-party Apple resellers on Amazon Marketplace in a scheme to stifle competition, and maintain premium pricing for Apple products.

[…]

The lawsuit says the parties’ illegal agreement brought the number of third-party sellers of Apple products on Amazon Marketplace from roughly 600 to just seven sellers – a loss of 98%, and by doing so, Amazon, which was formerly a marginal seller of Apple products, became the dominant seller of Apple products on Amazon Marketplace.

[…]

The lawsuit centers around an agreement made between Apple and Amazon that took effect at the beginning of 2019, the existence of which neither defendant denies. The agreement permitted Apple to limit the number of resellers operating on Amazon’s marketplace, and it offered Amazon in return a discounted wholesale price for a steady stream of iPhones and iPads, allowing it to reap the benefits of limited competition on its own reseller arena.

“From the outset of these discussions, the parties discussed ‘gating’ third-party resellers,” the lawsuit states. “Ultimately Apple proposed, and Amazon agreed, to limit the number of resellers in each country to no more than 20. This arbitrary and purely quantitative threshold excluded even Authorized Resellers of Apple products.”

[…]

According to the lawsuit, available data indicate that there were at least 100 unique resellers offering iPhones and at least 500 resellers of iPads on Amazon’s platform before the agreement, and after, no more than seven remained, a decrease of 98% of third-party Apple product resellers. The lawsuit references that Amazon admitted to Congress that it entered an agreement with Apple that permits only “seven resellers of new Apple products” on its platform.

[…]

 

Source: Antitrust Lawsuit Says Apple and Amazon Colluded to Raise iPhone, iPad Prices | Hagens Berman

Egypt’s COP27 summit app can read your emails and encrypted messages, scan your device, send your location

Posted on by

Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.

[…]

The potential vulnerability from the Android app, which has been downloaded thousands of times and provides a gateway for participants at COP27, was confirmed separately by four cybersecurity experts who reviewed the digital application for POLITICO.

The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users’ emails and messages. Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

The app also provides Egypt’s Ministry of Communications and Information Technology, which created it, with other so-called backdoor privileges, or the ability to scan people’s devices.

On smartphones running Google’s Android software, it has permission to potentially listen into users’ conversations via the app, even when the device is in sleep mode, according to the three experts and POLITICO’s separate analysis. It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.

The app is nothing short of “a surveillance tool that could be weaponized by the Egyptian authorities to track activists, government delegates and anyone attending COP27,” said Marwa Fatafta, digital rights lead for the Middle East and North Africa for Access Now, a nonprofit digital rights organization.

[…]

Both Google and Apple approved the app to appear in their separate app stores. All of the analysts only reviewed the Android version of the app, and not the separate app created for Apple’s devices. Apple declined to comment on the separate app created for its App Store.

[…]

As part of the smartphone app’s privacy notice, the Egyptian government says it has the right to use information provided by those who have downloaded the app, including GPS locations, camera access, photos and Wi-Fi details.

“Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons,” the privacy statement said.

Yet the technical review, both by POLITICO and the outside experts of the COP27 smartphone application discovered further permissions that people had granted, unwittingly, to the Egyptian government that were not made public via its public statements.

These included the application having the right to track what attendees did on other apps on their phone; connecting users’ smartphones via Bluetooth to other hardware in ways that could lead to data being offloaded onto government-owned devices; and independently linking individuals’ phones to Wi-Fi networks, or making calls on their behalf without them knowing.

[…]

Source: Egypt’s COP27 summit app is a cyber weapon, experts warn – POLITICO

Dashboard Design Patterns

Posted on by

Dashboard Design Patterns

This page lists design patterns for dashboard design collected to support the design and creative exploration of dashboard design. We run a dedicated workshop in March 2022 to help you applying and discussing design patterns in your work.

What are Dashboards?

Dashboards offer a curated lens through which people view large and complex data sets at a glance. They combine visual representations and other graphical embellishments to provide layers of abstraction and simplification for numerous related data points, so that dashboard viewers get an overview of the most important or relevant information, in a time efficient way. Their ability to provide insight at a glance has led to dashboards being widely used across many application domains, such as business, nursing and hospitals, public health, learning analytics, urban analytics, personal analytics, energy and more.

Why Design Patterns?

» Download Pattern Cheatsheet (compact version)

» Download Pattern Cheatsheet (slim version)

There are many high-level guidelines on dashboard design, including advice about visual perception, reducing information load, the use of interaction, and visualization literacy. Despite this, we know little about effective and applicable dashboard design, and about how to support rapid dashboard design.

Dashboard design is admittedly not straightforward: designers have access to numerous data streams which they can process, abstract or simplify as they see fit; they have a wide range of visual representations at their disposal; and they can structure and present these visualizations in numerous ways, to take advantage of the large screens on which they are viewed (vs. individual plots that make more economic use of space).

Such a number of choice can be overwhelming, so there is a timely need for guidance about effective dashboard design—especially as dashboards are increasingly being designed for a wider non-expert audience by a wide group of designers who may not have a background in visualization or interface design.

Our design patterns for dashboard design on this website aims to support creativity and to streamline the dashboard design.

Source: Dashboard Design Patterns