The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse
from the gaping-security-holes dept
Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.
But in all of those cases, even if some shenanigans were had, there was no real damage done as a result of ignoring the security advice that those organizations subsequently attempted to silence. So, what is the consequence of ignoring that device? Well, as it turns out, the consequence is anus. Very, very, tragically, unfortunately infamous anus.
The affluent denizens of Atlanta’s Buckhead neighborhood received a fun treat this week when they looked up at the corner of Peachtree and East Paces Ferry: a famous internet man’s giant, ruddy, gaping spread asshole, displayed on an enormous digital billboard.Great, so because whoever is in charge of managing that electronic billboard couldn't be bothered to take the advice any competent technology person who came across the setup, of which there must have been at least one, the great people of Atlanta were treated to one of the most disgusting images in human existence. I'm generally loathe to blame the victim, but the owner of a public-facing billboard must have some culpability when it comes to securing their display. And I say that there was at least one person who warned them about this, because at least one has come forward publicly.
The billboard above [Techdirt editor: which I'm not posting, because obviously I'm not] is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.
Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he’d tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were “not interested.” Even after the billboard was defaced, Tentler said the company still hadn’t secured its software.Probably best to just sick the lawyers on Dan. After all, this all must be his fault, somehow.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: billboards, goatse, hacking, security, warnings
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I picked up the link from the Gawker article linked above and the link matches the one in the Reddit thread that the Gawker article referenced (the same link was also posted in the Gawker comments by the author of the article to avoid putting an uncensored asshole in the article itself). I say all of that to point out that, while I haven't actually followed the link myself and don't plan on doing so, I'm reasonably certain that it links to a picture of the billboard in question. You're welcome.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
I'm guessing you don't use the internet all that much.
[ link to this | view in chronology ]
Re:
There, FTFY.
[ link to this | view in chronology ]
Re: Re:
Infamous, that means more than famous, right?
Thank you Three Amigos!
[ link to this | view in chronology ]
On what basis do you make this claim? Would the owner of a non-digital billboard have the same culpability when it comes to graffiti or other forms of defacement?
[ link to this | view in chronology ]
Re:
Whereas the owners of this one have knowingly and vicariously allowed there security to be lacking and then the actual CONTENT to be fully changed resulting in LULZ by all.
They are by definition negligent.
[ link to this | view in chronology ]
Re:
/S
[ link to this | view in chronology ]
Re:
If they had an unsecured elevator and all the supplies needed to change the non digital billboard left unsecured, then yes, they would share some culpability.
[ link to this | view in chronology ]
Nothing to fear?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on May 26th, 2015 @ 10:53pm
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Don't replace the whole thing - replace a picture on a desk or the contents of a computer screen inside the billboard.
[ link to this | view in chronology ]
He obviously should have hacked them and updated their security settings. Being a concerned bystander is no defense
[ link to this | view in chronology ]
Re:
That has been tried in the past. Didn't work so well.
The biggest problem is that even if you manage to hack the system and set the security settings, the FBI shows up at your door for hacking the system and the company presses charges because they can no longer get into their system because you updated their security settings. Nobody has GPG set up on their email browser, so they can't decrypt the email you sent them with their updated passwords and instructions on how to log in and change the passwords.
Hopefully they'll take the high road and fix their stuff without involving poor Ms. Streisand in the mix.
[ link to this | view in chronology ]
Re: Re:
Not going to happen. There's no money in taking the high road, and that's the only thing that matters to companies. The Streisand Effect can change that economic computation by steering potential customers away.
[ link to this | view in chronology ]
For your amusement
[ link to this | view in chronology ]
about internet security...
[ link to this | view in chronology ]
Re: about internet security...
heh heh, "backdoor" :)
[ link to this | view in chronology ]
Re: about internet security...
[ link to this | view in chronology ]
Enhanced Punishment for insecurity
[ link to this | view in chronology ]
Better digital vandalism than digital sabotage.
Still, I expect this is just the first of many shots. This one was across the bow.
[ link to this | view in chronology ]
Re: Better digital vandalism than digital sabotage.
The only reason this is getting widespread mainstream news attention is because it involved goatse.
[ link to this | view in chronology ]
Re: Re: Better digital vandalism than digital sabotage.
My experience with hackers (which goes back into the 80s) is more that they're curious or mischievous than malicious, but some are. And the Stuxnet incident demonstrates that nations and ideological organizations will exploit such vulnerabilities to do damage if it is feasible to do so.
[ link to this | view in chronology ]
Re: Re: Re: Better digital vandalism than digital sabotage.
Ewww. You should be careful about using terms like "killer pokes" in a conversation involving Goatse.
[ link to this | view in chronology ]
thanks be to Dan
thanks Tentler
[ link to this | view in chronology ]