The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse
from the gaping-security-holes dept
Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.
But in all of those cases, even if some shenanigans were had, there was no real damage done as a result of ignoring the security advice that those organizations subsequently attempted to silence. So, what is the consequence of ignoring that device? Well, as it turns out, the consequence is anus. Very, very, tragically, unfortunately infamous anus.
The affluent denizens of Atlanta’s Buckhead neighborhood received a fun treat this week when they looked up at the corner of Peachtree and East Paces Ferry: a famous internet man’s giant, ruddy, gaping spread asshole, displayed on an enormous digital billboard.
The billboard above [Techdirt editor: which I’m not posting, because obviously I’m not] is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.
Great, so because whoever is in charge of managing that electronic billboard couldn’t be bothered to take the advice any competent technology person who came across the setup, of which there must have been at least one, the great people of Atlanta were treated to one of the most disgusting images in human existence. I’m generally loathe to blame the victim, but the owner of a public-facing billboard must have some culpability when it comes to securing their display. And I say that there was at least one person who warned them about this, because at least one has come forward publicly.
Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he’d tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were “not interested.” Even after the billboard was defaced, Tentler said the company still hadn’t secured its software.
Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.
Filed Under: billboards, goatse, hacking, security, warnings
Comments on “The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse”
Pics or it didn’t happen 🙂
Re: Re:
How about ‘No’?
Re: Re:
If you want it, here it is WARNING, GRAPHIC IMAGE LINK AHEAD http://imgur.com/5dWOEfv
I picked up the link from the Gawker article linked above and the link matches the one in the Reddit thread that the Gawker article referenced (the same link was also posted in the Gawker comments by the author of the article to avoid putting an uncensored asshole in the article itself). I say all of that to point out that, while I haven’t actually followed the link myself and don’t plan on doing so, I’m reasonably certain that it links to a picture of the billboard in question. You’re welcome.
Re: Re: Re:
Your post offends me good internet denizen. Please have the courtesy to give a warning before mentioning something as offensive as the G-word.
“[…] one of the most disgusting images in human existence.”
I’m guessing you don’t use the internet all that much.
Re: Re:
“[…] one of the most infamous disgusting images in human existence.”
There, FTFY.
Re: Re: Re:
“[…] one of the most infamous disgusting images in human existence.” There, FTFY.
Infamous, that means more than famous, right?
Thank you Three Amigos!
From the article:
On what basis do you make this claim? Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?
Re: Re:
No because the content of the non-digital billboard cannot be changed, just transformed!
Whereas the owners of this one have knowingly and vicariously allowed there security to be lacking and then the actual CONTENT to be fully changed resulting in LULZ by all.
They are by definition negligent.
Re: Re:
It may not be negligence, but rather they have Listened to the NSA and think that the encryption needed for SSH or equivalent is evil.
/S
Re: Re:
Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?
If they had an unsecured elevator and all the supplies needed to change the non digital billboard left unsecured, then yes, they would share some culpability.
Nothing to fear?
The guy in the picture certainly has nothing to hide….
Some people just can’t help being asses…
I’ve not been “goatse’ed” in over 10 years, so I would have thought that gag was long forgotten about. I suspect that the hacker may have been a bit older than the typical 13 or 14 y.o. “script kiddie” who would have still been in diapers during the height of the goatse craze.
Without security I suspect the copycats will be having a field day soon. I am sure there are other disagreeable images to be found on the internet in spades.
Re: Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
Yes I was thinking the same. The floodgates have been opened and the internet is going to run with this. None of these billboards are safe.
Re: Re: Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
Maybe next time they’ll settle for Rick Astley….
That’s what they get for being so anal.
“So, what is the consequence of ignoring that device?” Shouldn’t that be ‘advice’?
Re: Re:
Well, they ignored the advice about the flaw in the device…
Atleast it wasn’t the squid soup video.
Bah, no subtlety!
Don’t replace the whole thing – replace a picture on a desk or the contents of a computer screen inside the billboard.
“Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.”
He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense
Re: Re:
He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense
That has been tried in the past. Didn’t work so well.
The biggest problem is that even if you manage to hack the system and set the security settings, the FBI shows up at your door for hacking the system and the company presses charges because they can no longer get into their system because you updated their security settings. Nobody has GPG set up on their email browser, so they can’t decrypt the email you sent them with their updated passwords and instructions on how to log in and change the passwords.
Hopefully they’ll take the high road and fix their stuff without involving poor Ms. Streisand in the mix.
Re: Re: Re:
“Hopefully they’ll take the high road and fix their stuff without involving poor Ms. Streisand in the mix.”
Not going to happen. There’s no money in taking the high road, and that’s the only thing that matters to companies. The Streisand Effect can change that economic computation by steering potential customers away.
For your amusement
A graphic representation of how significant your security hole is…
about internet security...
this is exactly what WILL happen if the FBI gets their backdoor.
Re: about internet security...
this is exactly what WILL happen if the FBI gets their backdoor.
heh heh, “backdoor” 🙂
Re: about internet security...
That IS their backdoor
Enhanced Punishment for insecurity
I assure you this was not my hack, but if it was, along with my disgusting image I would be prominently displaying the phone number and e-mail for the billboard’s owners, as far up the chain as I could dox. The message would get through very quickly.
Better digital vandalism than digital sabotage.
Stuxnet provided us a demonstration of the potential damage to which insecure net assets can lead. I’m glad that our first newsworthy attacks against critical internet security vulnerabilities resulted in public disgust rather than public casualties.
Still, I expect this is just the first of many shots. This one was across the bow.
Re: Better digital vandalism than digital sabotage.
This isn’t even remotely the first of this type. This sort of thing has been going on for as long as digital billboards have existed. And before that, it was (and still is) quite common with electronic reader boards — even before the internet was used for them. In the pre-internet days, many such signs could be called up and programmed using a modem.
The only reason this is getting widespread mainstream news attention is because it involved goatse.
Re: Re: Better digital vandalism than digital sabotage.
Well, Goatse is about as close as one can get to Langford’s BLIT, a universal visual brown note. Fortunately, we haven’t discovered any killer pokes on the human being that can be delivered by image or audio file.
My experience with hackers (which goes back into the 80s) is more that they’re curious or mischievous than malicious, but some are. And the Stuxnet incident demonstrates that nations and ideological organizations will exploit such vulnerabilities to do damage if it is feasible to do so.
Re: Re: Re: Better digital vandalism than digital sabotage.
“Fortunately, we haven’t discovered any killer pokes on the human being that can be delivered by image or audio file.”
Ewww. You should be careful about using terms like “killer pokes” in a conversation involving Goatse.
Re:
When you want to humiliate someone with poor security, you don’t go subtle. Would it have gotten on Techdirt with “The Price Of Ignoring Free Internet Security Advice: Some Guy Makes A Minor Alteration To Your Billboard”? Besides, it’s probably a CFAA violation either way, might as well be hung for a sheep as a lamb.
thanks be to Dan
+1 job well done
thanks Tentler
Re:
Anyone who is using Goatse is not someone who cares about subtlety.