The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse

from the gaping-security-holes dept

Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.

But in all of those cases, even if some shenanigans were had, there was no real damage done as a result of ignoring the security advice that those organizations subsequently attempted to silence. So, what is the consequence of ignoring that device? Well, as it turns out, the consequence is anus. Very, very, tragically, unfortunately infamous anus.

The affluent denizens of Atlanta’s Buckhead neighborhood received a fun treat this week when they looked up at the corner of Peachtree and East Paces Ferry: a famous internet man’s giant, ruddy, gaping spread asshole, displayed on an enormous digital billboard.

The billboard above [Techdirt editor: which I'm not posting, because obviously I'm not] is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.
Great, so because whoever is in charge of managing that electronic billboard couldn't be bothered to take the advice any competent technology person who came across the setup, of which there must have been at least one, the great people of Atlanta were treated to one of the most disgusting images in human existence. I'm generally loathe to blame the victim, but the owner of a public-facing billboard must have some culpability when it comes to securing their display. And I say that there was at least one person who warned them about this, because at least one has come forward publicly.
Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he’d tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were “not interested.” Even after the billboard was defaced, Tentler said the company still hadn’t secured its software.
Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.

Filed Under: billboards, goatse, hacking, security, warnings


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    G Thompson (profile), 26 May 2015 @ 9:41pm

    Pics or it didn't happen :)

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 26 May 2015 @ 10:07pm

      Re:

      How about 'No'?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 May 2015 @ 11:22pm

      Re:

      If you want it, here it is *WARNING, GRAPHIC IMAGE LINK AHEAD* http://imgur.com/5dWOEfv

      I picked up the link from the Gawker article linked above and the link matches the one in the Reddit thread that the Gawker article referenced (the same link was also posted in the Gawker comments by the author of the article to avoid putting an uncensored asshole in the article itself). I say all of that to point out that, while I haven't actually followed the link myself and don't plan on doing so, I'm reasonably certain that it links to a picture of the billboard in question. You're welcome.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 27 May 2015 @ 3:52am

        Re: Re:

        Your post offends me good internet denizen. Please have the courtesy to give a warning before mentioning something as offensive as the G-word.

        reply to this | link to this | view in chronology ]

  • icon
    DocGerbil100 (profile), 26 May 2015 @ 9:44pm

    "[...] one of the most disgusting images in human existence."

    I'm guessing you don't use the internet all that much.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 May 2015 @ 9:52pm

    From the article:
    the owner of a public-facing billboard must have some culpability when it comes to securing their display

    On what basis do you make this claim? Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?

    reply to this | link to this | view in chronology ]

    • icon
      G Thompson (profile), 26 May 2015 @ 10:03pm

      Re:

      No because the content of the non-digital billboard cannot be changed, just transformed!

      Whereas the owners of this one have knowingly and vicariously allowed there security to be lacking and then the actual CONTENT to be fully changed resulting in LULZ by all.

      They are by definition negligent.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 May 2015 @ 12:40am

      Re:

      It may not be negligence, but rather they have Listened to the NSA and think that the encryption needed for SSH or equivalent is evil.
      /S

      reply to this | link to this | view in chronology ]

    • icon
      Nastybutler77 (profile), 27 May 2015 @ 9:54am

      Re:

      Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?

      If they had an unsecured elevator and all the supplies needed to change the non digital billboard left unsecured, then yes, they would share some culpability.

      reply to this | link to this | view in chronology ]

  • icon
    Blaine (profile), 26 May 2015 @ 10:07pm

    Nothing to fear?

    The guy in the picture certainly has nothing to hide....

    reply to this | link to this | view in chronology ]

  • identicon
    avideogameplayer, 26 May 2015 @ 10:18pm

    Some people just can't help being asses...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 May 2015 @ 10:21pm

    I've not been "goatse'ed" in over 10 years, so I would have thought that gag was long forgotten about. I suspect that the hacker may have been a bit older than the typical 13 or 14 y.o. "script kiddie" who would have still been in diapers during the height of the goatse craze.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 May 2015 @ 10:53pm

    Without security I suspect the copycats will be having a field day soon. I am sure there are other disagreeable images to be found on the internet in spades.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 May 2015 @ 3:49am

      Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm

      Yes I was thinking the same. The floodgates have been opened and the internet is going to run with this. None of these billboards are safe.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 May 2015 @ 11:29pm

    That's what they get for being so anal.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 May 2015 @ 11:55pm

    "So, what is the consequence of ignoring that device?" Shouldn't that be 'advice'?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 May 2015 @ 4:20am

    Atleast it wasn't the squid soup video.

    reply to this | link to this | view in chronology ]

  • identicon
    Sunhawk, 27 May 2015 @ 4:25am

    Bah, no subtlety!

    Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.

    reply to this | link to this | view in chronology ]

    • identicon
      Just Another Anonymous Troll, 27 May 2015 @ 5:41am

      Re:

      When you want to humiliate someone with poor security, you don't go subtle. Would it have gotten on Techdirt with "The Price Of Ignoring Free Internet Security Advice: Some Guy Makes A Minor Alteration To Your Billboard"? Besides, it's probably a CFAA violation either way, might as well be hung for a sheep as a lamb.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 27 May 2015 @ 7:42am

      Re:

      Anyone who is using Goatse is not someone who cares about subtlety.

      reply to this | link to this | view in chronology ]

  • identicon
    Sunhawk, 27 May 2015 @ 4:25am

    Bah, no subtlety!

    Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 May 2015 @ 6:34am

    "Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow."

    He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense

    reply to this | link to this | view in chronology ]

    • icon
      ltlw0lf (profile), 27 May 2015 @ 10:02am

      Re:

      He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense

      That has been tried in the past. Didn't work so well.

      The biggest problem is that even if you manage to hack the system and set the security settings, the FBI shows up at your door for hacking the system and the company presses charges because they can no longer get into their system because you updated their security settings. Nobody has GPG set up on their email browser, so they can't decrypt the email you sent them with their updated passwords and instructions on how to log in and change the passwords.

      Hopefully they'll take the high road and fix their stuff without involving poor Ms. Streisand in the mix.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 27 May 2015 @ 10:13am

        Re: Re:

        "Hopefully they'll take the high road and fix their stuff without involving poor Ms. Streisand in the mix."

        Not going to happen. There's no money in taking the high road, and that's the only thing that matters to companies. The Streisand Effect can change that economic computation by steering potential customers away.

        reply to this | link to this | view in chronology ]

  • identicon
    David, 27 May 2015 @ 8:00am

    For your amusement

    A graphic representation of how significant your security hole is...

    reply to this | link to this | view in chronology ]

  • icon
    Ryunosuke (profile), 27 May 2015 @ 8:23am

    about internet security...

    this is exactly what WILL happen if the FBI gets their backdoor.

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 27 May 2015 @ 9:53am

    Enhanced Punishment for insecurity

    I assure you this was not my hack, but if it was, along with my disgusting image I would be prominently displaying the phone number and e-mail for the billboard's owners, as far up the chain as I could dox. The message would get through very quickly.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 27 May 2015 @ 10:36am

    Better digital vandalism than digital sabotage.

    Stuxnet provided us a demonstration of the potential damage to which insecure net assets can lead. I'm glad that our first newsworthy attacks against critical internet security vulnerabilities resulted in public disgust rather than public casualties.

    Still, I expect this is just the first of many shots. This one was across the bow.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 27 May 2015 @ 12:23pm

      Re: Better digital vandalism than digital sabotage.

      This isn't even remotely the first of this type. This sort of thing has been going on for as long as digital billboards have existed. And before that, it was (and still is) quite common with electronic reader boards -- even before the internet was used for them. In the pre-internet days, many such signs could be called up and programmed using a modem.

      The only reason this is getting widespread mainstream news attention is because it involved goatse.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 27 May 2015 @ 4:07pm

        Re: Re: Better digital vandalism than digital sabotage.

        Well, Goatse is about as close as one can get to Langford's BLIT, a universal visual brown note. Fortunately, we haven't discovered any killer pokes on the human being that can be delivered by image or audio file.

        My experience with hackers (which goes back into the 80s) is more that they're curious or mischievous than malicious, but some are. And the Stuxnet incident demonstrates that nations and ideological organizations will exploit such vulnerabilities to do damage if it is feasible to do so.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 28 May 2015 @ 1:06pm

          Re: Re: Re: Better digital vandalism than digital sabotage.

          "Fortunately, we haven't discovered any killer pokes on the human being that can be delivered by image or audio file."

          Ewww. You should be careful about using terms like "killer pokes" in a conversation involving Goatse.

          reply to this | link to this | view in chronology ]

  • identicon
    coward, 27 May 2015 @ 12:45pm

    thanks be to Dan

    +1 job well done

    thanks Tentler

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.