Security → The Price Of Ignoring Free Internet Security Advice: Billboards Of Goatse

quote:

---

Normally, when we talk about companies and institutions looking to silence security researchers and their ilk who have tried to expose potential threats, the story ends without tragedy. United Airlines, for instance, went on the attack on Chris Roberts, who may well be an idiot, for exposing in-flight WiFi security concerns. CyberLock decides to go legal on a researcher who had been trying desperately to contact them about a security flaw in a number of its electronic locks. Johns Hopkins, meanwhile, ordered the disappearing of a blog post detailing how its own servers might be compromised by the NSA (or used with permission) to defeat encryption schemes.

quote:

---

The billboard above is one of the thousands of YESCO digital billboards installed across the country. Naturally, it comes with an internet connection. The setup is exactly as insecure as you’d imagine: many of these electronic billboards are completely unprotected, dangling on the public internet without a password or any kind of firewall. This means it’s pretty simple to change the image displayed from a new AT&T offer to, say, Goatse.

---

---

»www.techdirt.com/article ··· se.shtml
--
Tom
Tom's Tech Blog

Oh boy. Dummies.

There must be a joke about "penetration testing" in here somewhere.

It does raise the interesting question of whether ANY of the electronic billboards out there (and there are many, with numbers fast-growing) possess even a modicum of hacking protection. From what I can tell, there are several sign programming options in use: Internet(cable/DSL/T1), cellular, and walk-up (manual/private-wire/USB). Only the latter mode would be free from remote attack by hackers, requiring physical access to the sign or wiring. Given the mundane nature of the outdoor sign business and the fast-rising trend of using such signs, it's hard to imagine much thought has ever been given to securing the remote-controlled ones against hacking attacks. Moreover, the convenience appeal of using the Internet/cell and your computer and a maker-supplied program to remote-in to control your sign's messages, the use of that control technique has to be quite high. In which case, one should prepare for a growing wave of "surprising" sign messages... it makes for a "fun" evening activity for the script-kiddies.
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville

 
Another excerpt from the quoted article:

---

...Not only was this a case of incompetence, but gross negligence: security researcher Dan Tentler tweeted yesterday that he'd tried to warn this very same sign company that their software is easily penetrable by anyone with a computer and net connection and was told they were "not interested." Even after the billboard was defaced, Tentler said the company still hadn't secured its software....

---

[emphasis mine]

Waiting for the Zombie Attack Alerts which should be coming shortly. When they start loosing advertisers because the ad they paid for isn't being shown they will take an interest. Funny how money always gets attention.

 
Many of those electronic billboards are on the sides of major arteries in cities.

When the traffic accidents start to occur because of the images placed upon those billboards, lawsuits will ensue.

Losing advertisers is not nearly as bad as being descended upon by a swarm of accident-compensation lawyers.

video boards should be banned

I mean you can't watch video in your car(i.e dvd player) the outside should be held to the same standard
since it broadcast directly into the car..
»www.leginfo.ca.gov/cgi-b ··· 00-27607

I laughed so hard at this article. Holy cow.

If I saw this on the side of a road and someone asked me what it was I'd be like...
Oh, that's just Goatse... Wait. What?!?

Goatse, the original Internet shock image. Been on the Internet more than ten years and have seen that image a few times along with being Rick Rolled more times than I can count.
--
Tom
Tom's Tech Blog

While the group that did this is in the wrong, I hope not much in the way of taxes are being wasted to look into this as it was a prank. And hey at least they are posting assholes on video boards and not SWATing people.
--
Filan - Aurin Spellslinger - Pago - Team Legacy

Not the image I would have chosen ....