RSS
The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse
from the gaping-security-holes dept
Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.
But in all of those cases, even if some shenanigans were had, there was no real damage done as a result of ignoring the security advice that those organizations subsequently attempted to silence. So, what is the consequence of ignoring that device? Well, as it turns out, the consequence is anus. Very, very, tragically, unfortunately infamous anus.
The affluent denizens of Atlanta’s Buckhead neighborhood received a fun treat this week when they looked up at the corner of Peachtree and East Paces Ferry: a famous internet man’s giant, ruddy, gaping spread asshole, displayed on an enormous digital billboard.Great, so because whoever is in charge of managing that electronic billboard couldn't be bothered to take the advice any competent technology person who came across the setup, of which there must have been at least one, the great people of Atlanta were treated to one of the most disgusting images in human existence. I'm generally loathe to blame the victim, but the owner of a public-facing billboard must have some culpability when it comes to securing their display. And I say that there was at least one person who warned them about this, because at least one has come forward publicly.
The billboard above [Techdirt editor: which I'm not posting, because obviously I'm not] is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.
Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he’d tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were “not interested.” Even after the billboard was defaced, Tentler said the company still hadn’t secured its software.Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.
Reader Comments (rss)
(Flattened / Threaded)
[ reply to this | link to this | view in thread ]
I'm guessing you don't use the internet all that much.
[ reply to this | link to this | view in thread ]
On what basis do you make this claim? Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?
[ reply to this | link to this | view in thread ]
Re:
There, FTFY.
[ reply to this | link to this | view in thread ]
Re:
Whereas the owners of this one have knowingly and vicariously allowed there security to be lacking and then the actual CONTENT to be fully changed resulting in LULZ by all.
They are by definition negligent.
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
Nothing to fear?
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
I picked up the link from the Gawker article linked above and the link matches the one in the Reddit thread that the Gawker article referenced (the same link was also posted in the Gawker comments by the author of the article to avoid putting an uncensored asshole in the article itself). I say all of that to point out that, while I haven't actually followed the link myself and don't plan on doing so, I'm reasonably certain that it links to a picture of the billboard in question. You're welcome.
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
/S
[ reply to this | link to this | view in thread ]
Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
[ reply to this | link to this | view in thread ]
Re: Re:
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.
[ reply to this | link to this | view in thread ]
Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
For your amusement
[ reply to this | link to this | view in thread ]
about internet security...
[ reply to this | link to this | view in thread ]
Re: about internet security...
heh heh, "backdoor" :)
[ reply to this | link to this | view in thread ]
Re: Re:
Infamous, that means more than famous, right?
Thank you Three Amigos!
[ reply to this | link to this | view in thread ]
Enhanced Punishment for insecurity
[ reply to this | link to this | view in thread ]
Re:
If they had an unsecured elevator and all the supplies needed to change the non digital billboard left unsecured, then yes, they would share some culpability.
[ reply to this | link to this | view in thread ]
Re:
That has been tried in the past. Didn't work so well.
The biggest problem is that even if you manage to hack the system and set the security settings, the FBI shows up at your door for hacking the system and the company presses charges because they can no longer get into their system because you updated their security settings. Nobody has GPG set up on their email browser, so they can't decrypt the email you sent them with their updated passwords and instructions on how to log in and change the passwords.
Hopefully they'll take the high road and fix their stuff without involving poor Ms. Streisand in the mix.
[ reply to this | link to this | view in thread ]
Re: Re:
Not going to happen. There's no money in taking the high road, and that's the only thing that matters to companies. The Streisand Effect can change that economic computation by steering potential customers away.
[ reply to this | link to this | view in thread ]
Better digital vandalism than digital sabotage.
Still, I expect this is just the first of many shots. This one was across the bow.
[ reply to this | link to this | view in thread ]
Re: Better digital vandalism than digital sabotage.
The only reason this is getting widespread mainstream news attention is because it involved goatse.
[ reply to this | link to this | view in thread ]
thanks be to Dan
thanks Tentler
[ reply to this | link to this | view in thread ]
Re: Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
[ reply to this | link to this | view in thread ]
Re: Re: Better digital vandalism than digital sabotage.
My experience with hackers (which goes back into the 80s) is more that they're curious or mischievous than malicious, but some are. And the Stuxnet incident demonstrates that nations and ideological organizations will exploit such vulnerabilities to do damage if it is feasible to do so.
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
Re: Re: Re: Better digital vandalism than digital sabotage.
Ewww. You should be careful about using terms like "killer pokes" in a conversation involving Goatse.
[ reply to this | link to this | view in thread ]
Re: about internet security...
[ reply to this | link to this | view in thread ]
Add Your Comment