Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Displays Security Graphics Privacy

One Billion Monitors Vulnerable to Hijacking and Spying (vice.com) 157

"We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." An anonymous Slashdot reader quotes Motherboard's article: if a hacker can get you to visit a malicious website or click on a phishing link, they can then target the monitor's embedded computer, specifically its firmware...the computer that controls the menu to change brightness and other simple settings on the monitor. The hacker can then put an implant there programmed to wait...for commands sent over by a blinking pixel, which could be included in any video or a website. Essentially, that pixel is uploading code to the monitor. At that point, the hacker can mess with your monitor...

[T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency. The researchers warn that this is an issue that could potentially affect one billion monitors, given that the most common brands all have processors that are vulnerable...

"We now live in a world where you can't trust your monitor," one researcher told Motherboard, which added "we shouldn't consider monitors as untouchable, unhackable things."
This discussion has been archived. No new comments can be posted.

One Billion Monitors Vulnerable to Hijacking and Spying

Comments Filter:
  • please consider (Score:2, Insightful)

    by Anonymous Coward

    please consider posting a link to the actual article.

    • Re:please consider (Score:5, Informative)

      by Wizy ( 38347 ) <greggatghc.gmail@com> on Sunday August 07, 2016 @12:44PM (#52660247) Journal

      The link to the article us where it always is, right next to the title in green text. This one says vice.com. It has been like this for awhile.

      • Re:please consider (Score:5, Informative)

        by JohnFen ( 1641097 ) on Sunday August 07, 2016 @01:00PM (#52660327)

        It took me about five minutes to find the link you're referring to. I had no idea that links were provided next to the title on /. -- probably because, at least on my browser, the link is almost entirely covered up by the "Displays" and "Security" icons.

      • It has been poor for a while. Especially considering the number of slashdot summaries these days which link to multiple articles. Inline hyperlinking still provides much needed context.

      • by Anonymous Coward

        You mean /. links to an actual real article?

        Here all this time I thought it was just some random conjecture summary, then everyone goes straight to the comments to bitch about the app app luddite guy, something Trump, how some #lives matter, how W10 just fucked them, Apple fanboys, Linux/Desktop, basically nothing about the subject, just like this dumb comment.

        Maybe I'll just read the actual articles from now on, and skip all this shit. Peace motha fuckahs, I'm out! Deleting my Anonymous Coward account n

  • Hacking so successful they took down the link's webserver!

  • by jeepies ( 3654153 ) on Sunday August 07, 2016 @12:43PM (#52660243)
    Here's a link to the story [vice.com]. Sadly it doesn't include any more detail than the summary.
    • by OzPeter ( 195038 ) on Sunday August 07, 2016 @12:48PM (#52660267)

      Here's a link to the story [vice.com]. Sadly it doesn't include any more detail than the summary.

      And if you squint really hard you'll see that this is the link to the right of the story's headline.

      So while the link was there all along, slashdot once again shows how clueless it is with regards to usability. (That plus the link in the TFS is a circular reference).

    • Re:Link to the story (Score:5, Informative)

      by NotInHere ( 3654617 ) on Sunday August 07, 2016 @12:49PM (#52660273)

      Two links that are ten times more informative:
      http://boingboing.net/2016/08/... [boingboing.net]
      https://www.defcon.org/html/de... [defcon.org]

      • Monitors, like many electronic devices today, have factory-use port that is usually not intended for use after the product ships. The "flaw" to fix is allowing unsigned firmware to be accepted on this port. Or at least cover it with foil tamper tape...

        networkworld [networkworld.com]
        tomsguide [tomsguide.com]

        • by Burz ( 138833 )

          That is a "fix" only if vendors maintain perfect security of their keys. The better solution would be to prevent any modification without a convoluted physical attack on the device innards... using ROMs for instance.

          Also, knowing that endpoint security cannot realistically have multiple TCBs acting in parallel (hence, a large attack surface), the best design decision is to make critical peripherals (like keyboards and displays) as dumb as possible.

          The complex bits should either be in the CPU or tightly boun

          • The practical solution, of course, is just to kill people who use terms like 'endpoint security' with claw hammers.

            Not to add any complexity to this discussion or anything.... but really....

            • by Burz ( 138833 )

              Oh, look! My first threatening message on /. from a member of the Trump hard-on club.

        • by sjames ( 1099 )

          Having a port that can be used specifically for software updates and diagnostiocs isn't such a big problem, even without signatures (the hackability can be a nice feature).

          The concern is the bit about them being able to use the HDMI port top push software. That is the sort of thing a bad guy could use to hack the monitor remotely.

      • The first thing that defcon page mentions is there being "multiple x86 processors" inside my monitor. This is what instantly made me close the page and pity anyone who takes any of their information seriously. There are EXACTLY ZERO x86 processors in any modern monitor you buy. There are some ASICs and a low power processor handling the OSD, but not a single x86 processor.
  • Who the actual fuck is this 'editordavid', and what's with these blatant troll 'stories' being posted? High likelihood in my opinion that Slashdot has been hacked.
  • Inexcusable (Score:5, Interesting)

    by ytene ( 4376651 ) on Sunday August 07, 2016 @12:46PM (#52660261)
    For years now (decades) we've seen cases where a bunch of software engineers thought it would be "cool" to add a new feature in a piece of software, only to implement something insecurely and as a result compromise an entire package or platform. Slowly, oh so slowly, our industry has woken up to the wisdom of starting a design with security and then only adding features when we must, and when they can be shown to be secure.

    Along comes the Internet of Things and suddenly it feels like the hardware industry thinks that it has been given a free pass to go and be utterly stupid all over again. I know it's only been a couple of years since the news broke, but if there is one thing that Edward Snowden taught the world, it's that we weren't being paranoid enough.

    Back when appliances were relatively dumb, countries around the world came up with quality testing schemes to enable consumers to verify that a product they bought had been tested to a minimum range of safety requirements (for example, in the UK there is the Kitemark). We have already passed the point where we need a cyber equivalent.

    Do readers think we'll ever get there? Or do you supposed that there is too much money being spent by lobbyists to ensure that it never happens?
    • Slowly, oh so slowly, our industry has woken up to the wisdom of starting a design with security and then only adding features when we must, and when they can be shown to be secure.

      Forget it. They will continue to add features, just require everything to be signed by the vendor. It won't affect the NSA, as it simply can send security letters to the vendors to give them the signing keys, they will live on happily, but it will make the security researchers shut up because it can't be used by the "smaller" criminals from russia or nigeria or wherever anymore.

    • by amigabill ( 146897 ) on Sunday August 07, 2016 @01:16PM (#52660389)

      I'm just finishing up an MS degree in Electrical and Computer Engineering, my BS degree was in Computer Engineering. While we're being taught coding, and I started in CE instead of EE to get a stronger focus on the computer science portion, I've never been taught about secure programming. The CS portion of the CE degree mostly used Module-2 at the time, to impress the importance of consistent typing and what not, but in terms of how to make your code secure from malware attacks, or what a security weakness looks like or how to correct it, I've never seen that in general programming or embedded programming courses. I have no idea... And I don't know where to go and get an idea. I understand it's important, and after I do my last presentation for my last course in MS degree this coming week, I do want to seek out some resources about how to do that. I have a book about TDD for Embedded C programming, but surely that's not enough for security coverage, it seems more about correct functionality. I suspect that one could pass functional testing yet still have security holes...

      So where do I go to learn effective "secure programming"? Do I go and take some MOOCs about white-hat hacking to learn how to break in, and then try not to leave those holes? Are those things applicable to embedded programming, or are they only about breaking into servers and websites?

      I look forward to good suggestions, so that more of us can become capable of doing better in this regard.

      • by Anonymous Coward

        Maybe start with this: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228

        There are a lot of free and paid resources out there. The difference I feel like is the paid ones hold your hand and walk you through, while the free ones require a little more knowledge on the topic. This is an exception, not a rule.

      • I guess it depends on your school. I used to teach security aspects (with programming and others such as embedded systems) both at Bachelor and Master levels....
      • Perhaps read some of Bruce Schneier's books. Applied Cryptography was an early one, but there are more recent books out now. I'd start listening to the Security Now podcast as well, as it provides some great examples of "how to do things wrong", and teaches a lot of fundamentals. Steve Gibson has written some real life crypto products, and does his homework on topics of the day.

        Essentially, I've learned just enough to know that, even as a 20-year veteran programmer, I'm not sure I'd be able to write a se

        • by Cederic ( 9623 )

          Hmm. Writing a secure system is relatively easy. Unless you want it to receive arbitrary inputs.

          Then it's a matter of trusting nothing.

          If you do have to trust something (e.g. a firmware update) then that's where life gets interesting. Very few programmers ever need to get that complicated though.

          Defensive programming techniques are straightforward and generally just require the programmer to be a cynical untrusting bastard.

          Any programming course should tell you to validate your inputs. Beyond that, just put

          • "Validate your inputs" is a good start, but doesn't really cover all cases, because you may not simply be parsing data coming from untrusted sources. Say, for example, that you need your IoT hardware device to talk to a user's smartphone. That probably involves a round-trip though the user's router, to a remote server, and then back to the user's phone, and there are many, many mistakes you can make here - probably in the name of "simplicity" or "economy". I'm not sure building potentially vulnerable int

            • by Cederic ( 9623 )

              True, but by the time you need to be building that level of security into the system you're going to need to be a domain expert anyway.

              Most programmers write websites and business systems. Let the libraries deal with the difficult bits and code 'properly' to cover the rest. Even stuff like cross-site scripting or SQL injection is mostly covered by 'code properly' and 'trust no inputs'; too many people sadly fail even at that level.

              • True, but by the time you need to be building that level of security into the system you're going to need to be a domain expert anyway.

                God, I only wish that were true. All the evidence seems to show otherwise, because so many of these IoT companies are making *unbelievable* ham-handed security mistakes. These companies are going through the exact same long, painful security learning curve that OS-makers and library writers went through a decade ago (and not that they're finished either).

                • by Cederic ( 9623 )

                  This is where it gets silly though. The evidence suggests that the issue isn't that developers don't have easy access to resources that help them to secure 'things', it's that they don't even bother to try.

                  That's a far harder issue to resolve.

        • Schneier is a cryptology journalist, not a cryptographer. And cryptography relates to security in the same way as Trigonometry relates to the Calculus.

          He's done a good job leveraging the fact that he wrote 'Applied Cryptography' when nobody else dared. And he probably has gathered up a lot of good info for his books and publications since then.

    • Re:Inexcusable (Score:5, Informative)

      by AmiMoJo ( 196126 ) <mojo@wo[ ]3.net ['rld' in gap]> on Sunday August 07, 2016 @03:01PM (#52660853) Homepage Journal

      Calm down. TFA is bullshit.

      I'm a firmware engineer. Let me tell you a bit about how monitors work internally. The data rate for video is way, way too high for any kind of inexpensive CPU to handle. It's all done by ASICs, which are fixed function. They have a few programmable parameters, but the most you will be able to so is configure things like gamma/contrast/brightness and change scaling options, stuff like that.

      There is a CPU in there (more accurately an MCU), to do menus and talk to the PC, but it can't see what's on screen. The data rate is too high, it doesn't even connect to that bus. It doesn't need to, it just sends commands to the ASIC to to the overlay graphics. So this idea that a hacker could infect the firmware and then communicate via a flashing pixel is bollocks, the CPU can't even see the pixels.

      Apart from bricking or irritating the user, I can't see any practical use for this. If the hacker can get to the point where they can talk to the monitor's firmware anyway, they already p0wned your system remotely or are standing next to it. I can't really see much opportunity for an evil maid attack.

      • by Anonymous Coward

        As a display technology engineer, I find it plausible that a hacker could use the overlay to display a simple image in place of the usual content or flash a 1x1 pixel region at full frame rate.

      • Not Entirely Benign (Score:4, Interesting)

        by ytene ( 4376651 ) on Sunday August 07, 2016 @06:18PM (#52661791)
        Really appreciate your post - there's some useful information in there.

        However, with what you've explained [and, perhaps, in a way that is not remotely connected to the original article, there's another interesting possibility here.

        Back when I was a kid in the 70s [maybe early 80s], the UK ran a television commercial from "Habitat", a UK company which offers home furnishings, kitchenware, linens, that sort of thing. All very stylish, modern and chic.

        The commercial was accompanied by an audio soundtrack that included some very fast-tempo clapping, so that the images on the screen could change incredibly rapidly. This commercial ran for a little while - and Habitat seemed to do very well out of that particular campaign. Then along came a neuro-psychologist from one of the UK universities and pointed out that what Habitat had actually been doing was actually creating subliminal impression. Brainwashing, pure and simple. Apparently, it's possible to "flash up" an image very quickly, so quickly that your conscious mind won't even register it, but in such a way that your subconscious mind can actually read and store it. Later, when you go into light sleep and your brain transfers short-term memories to long-term storage, these images and their messages get imprinted...

        So whilst this little detour may not have a huge amount to do with the OP, there are maybe some threats to the user of a computer in which the video system has been compromised. And interestingly, those threats might not be directed at the computer at all, but at the user.

        Very difficult to spot, too, I'd reckon...
        • Complete Bollocks (Score:3, Informative)

          by StueyNZ ( 2657297 )
          Subliminal advertising is complete bollox http://www.snopes.com/business... [snopes.com]
        • The commercial was accompanied by an audio soundtrack that included some very fast-tempo clapping, so that the images on the screen could change incredibly rapidly. This commercial ran for a little while - and Habitat seemed to do very well out of that particular campaign. Then along came a neuro-psychologist from one of the UK universities and pointed out that what Habitat had actually been doing was actually creating subliminal impression. Brainwashing, pure and simple. Apparently, it's possible to "flash up" an image very quickly, so quickly that your conscious mind won't even register it, but in such a way that your subconscious mind can actually read and store it. Later, when you go into light sleep and your brain transfers short-term memories to long-term storage, these images and their messages get imprinted...

          This is a lot of shit. It's been shown time and again that subliminal advertising doesn't work at all. You can put messages to the subconscious into advertising but the results are completely unpredictable because everyone's subconscious is different.

      • by tohasu ( 971923 )
        thanks for this. I thought there was something improbable about the "billions of monitors" headline but I don't have the tech expertise to know what.
    • Its' not the engineers that think that. It's their managers and the marketing department: new cool features can be charged for and gives a competitive edge, because that's what your average consumer wants. In contrast, security is seen as a cost. You need dedicated people for security, code review, etc. and all of that costs money. It can delay a product. It can make the product more expensive. This is counter to what the consumer wants: cools stuff as cheap as possible. This is why security sucks.

      Incide
      • by Yvan256 ( 722131 )

        It's their managers and the marketing department: new cool features can be charged for and gives a competitive edge, because that's what your average consumer wants.

        Wrong.

        It's their managers and the marketing department: new cool features can be charged for and gives a competitive edge, because that's what the managers and the marketing department think the average consumer wants.

        One dumbass manager thinks of a stupid idea and pushes it into a released product and then all the other dumbass managers of all

        • There is a large group of consumers that actually do want a lot of those silly things. Just look at some of the Kickstarter projects that are out there, or some of the IoT stuff that people want for example (Internet connected light bulb anyone?), or people who buy new phones as soon as a new model comes out jut because it's the new model with cool new features. Of course, I agree that there is also disconnect between what consumers want and what a company thinks they want as well. It's both.
          • by swb ( 14022 )

            I don't spend any time on kickstarter, but my perception based on the kickstarter projects I do end up hearing about tend to be either totally unique products for which there is no market equivalent or products with features or functionality which no market equivalent has or does well.

            This would seem to dovetail with the sheer volume of product "hacks" out there and the web sites which focus on them, from lifehacker to instructables to a lot of YouTube videos showing you how to mod something or use common p

            • Fair enough. My experience with the former comes from even e.g. businesses we write software or make hardware for which often want completely useless features because they look cool. I'm sure the latter dwarfs the first in absolute numbers.
  • And an anti-virus running on the monitor firmware ..

    or we just need openfirmwares, when a product runs out of commercial interest everything needs to be opened up.

    No more arguments because the product is not sold anymore .. .. except its just rebranded faceliftet and sold as the new year edt.

  • by Anonymous Coward on Sunday August 07, 2016 @12:55PM (#52660299)

    The link is relative instead of absolute so it's easy to find where it should go.

    But the article just says "omg! Be scared! You must be more scared! They could destroy the world!" but says absolutely nothing about what the attack actually is or what is required to exploit it.

    Having magic images that take over all monitors strains credibility to the breaking point. But monitors have I2C connections to the video source, for reporting their resolution and for other non video data. It's not at all implausible that this could be used to attack the monitor, which could then be triggered by video data later. Of course the attacker would have to have physical access first, or remotely hack the video driver, in order to send the I2C commands.

    And of course some monitors have USB connections (say for speakers) that might be an attack surface, but that is a much narrower target than the article claims.

    Basically this is just junk reporting. 204 no content.

  • by KiloByte ( 825081 ) on Sunday August 07, 2016 @01:07PM (#52660347)

    While this was not my original reason, this article makes me smug for using a pair of old 1280x1024 monitors. I run one over DVI, one over VGA. Especially VGA ones are a dime a dozen, if you shop around you can get a high quality used one under $20. With old monitors it's random whether you get one that flickers, has a high blue/etc loss or similar flaws -- but even if you can't return, it's $20 for another try. VGA ones also require adjustment, but if you press auto-adjust over a proper test screen [angband.pl] rather than your desktop, analog-to-digital artifacts can be almost completely eliminated.

    VGA provides no way for smuggling malware, and DVI ones are way too old to be vulnerable for such tricks. As an extra bonus, you get a sane aspect ratio rather than a modern narrow strip.

    • Those old CRT monitors are not as inexpensive as you might think. A modern LED/LCD monitor draws basically 0 watts relative to the 200-400W a high end CRT one draws. If you run that 8 hours/day figure 70-130 dollars a year in electricity use. And in areas like Hawaii, you can triple that. Also I noticed massively more desk space when I finally moved off my 21" CRT's to panels.
      • Eh, why would anyone use CRT? There's been a decade of fine LCD ones before the aspect ratio went apeshit.

      • by Yvan256 ( 722131 )

        KiloByte didn't mention CRT in his comment.

        I'm still using my old ViewSonic VP171s, for example.

      • by Alioth ( 221270 )

        That's not quite right - old monitors aren't nearly as thirsty as you state and new ones not nearly as thrifty. My modern LED backlit HP monitor consumes 35 watts (which is a far cry from 0 watts!). My old Sun 21inch Trinitron-tubed monitor used 135 watts (quite a bit less than the 200W-400W you supposed).

    • Sorry to burst your smug bubble, but...

      http://hackaday.com/2014/06/18... [hackaday.com]

      No, that doesn't make you safe.

    • by Desler ( 1608317 )

      Tell us also about how you wear onions on your belt and shake your fists at clouds.

  • by BenJeremy ( 181303 ) on Sunday August 07, 2016 @01:10PM (#52660359)

    Wow, some idiot discovered there is a data channel to monitors... that has no practical "hacking" application. Said channel is frequently only used to transfer information about the monitor to the hosting device.

    This isn't Hollywood, but expect some moron screenwriter to now use this in their plot.

    • Exactly!

    • Yeah, but if you hack the video cable... you can change the video! z0MG!!!!!!

    • ...a CSI:Cyber episode soon.
    • This isn't Hollywood, but expect some moron screenwriter to now use this in their plot.

      Thank you, Sir, for your comment made my day.

      In general, interesting question is what kind of firmware update mechanisms are in place during normal operation and whether they could be compromised. And I have the feeling that monitors are least interesting ones in this pool. Watch the JTAG lines on PCI bus! However, if attacker can access these mechanisms we can safely assume she could do anything she wants by conventional means, eg by asking the graphics card nicely to display desired image, no need to both

  • by gweihir ( 88907 ) on Sunday August 07, 2016 @01:20PM (#52660411)

    First, the attack surface of a monitor is pretty bad. In VGA, all you get is an I2C line. It will be hard to even mount attacks. Second, there are a lot of different firmware versions out there. And third, no, the "computer" in a monitor cannot usually read individual pixels (or any screen-content at all), it is by far not fast enough for that and it will usually not even have access to that data-stream. This "Computer" is a small MCU, not anything general-purpose or fast.

    Seems to me somebody wants to improve their fame by posting horror-stories with little or no connection to actual reality.

    • They don't seem to claim it can read the screen, just that it can write to the screen...

      The attack scenario seems to involve having people physically in the same room with the monitor controlling the gag, but only having to hack the monitor in advance. The only tiny thing this gives them is that they don't have to have a dongle plugged into the monitor cable at one end in order to fake what is on the screen.

      • They appear to be claiming you could be hacked by a malicious video stream, for that to occur the MCU would have to be reading the video stream, which for most monitors it can't and doesn't.
    • by c ( 8461 )

      First, the attack surface of a monitor is pretty bad. In VGA, all you get is an I2C line.

      Yeah, I don't see VGA being vulnerable.

      However, I wouldn't be even slightly surprised if there's some lovely vulnerabilities in HDCP implementations.

  • by wbr1 ( 2538558 ) on Sunday August 07, 2016 @01:23PM (#52660431)
    ...I only used punched cards. Including that box of random cards I found in the parking lot.
    • I am modern and use an ASR-33 Teletype.

      You get used to the faint oily smell and the UPPER CASE ONLY after awhile. The punch tape reader/writer is handy for data and program storage, but it's only 110 baud just like the rest of the teletype.

  • by Anonymous Coward

    The presentation summary (https://www.defcon.org/html/defcon-24/dc-24-speakers.html#Cui) starts with the following statement "There are multiple x86 processors in your monitor".

    In my experience this is incorrect. x86 processors are far too expansive for this task. Most monitor LCD controllers I have seen contain an 8051 CPU of some sort. Also there are quite a few differences in the controlled OSD implementation between different manufacturers for someone to mount an effective attack that would affect "bill

  • by drolli ( 522659 ) on Sunday August 07, 2016 @01:37PM (#52660489) Journal

    which run in an special protected mode of the computer and abstracts the attached HW interfaces so that a program can not control the HS directly but a well defined subset of functions on this HW by calling another program.

    Lets call the first program "os kernel" and the second one "device driver", and let's call the mode of the processor "ring 0".

    To be clear on it: i would hope that the monitor firmware is somehow signed. OTOH, hacking my monitor still would require to pass the device driver on the computer, so i am not terribly worried, since the 1 Billion monitors do not have a coherent interface to firmware manipulations, and the picture that a pixel "uploads code" is accurate only an very abstract level, since in most monitors these pixels probably are not processed in the memory which can execute code. Those institutions with enough programming capacities to hack these already would have had access (swapping packets at the post) before delivery to circumvent it all.

  • by MindPrison ( 864299 ) on Sunday August 07, 2016 @01:38PM (#52660495) Journal
    I don't know what's wrong with Slashdot these days, but 50% of all my posts "magically vanish" these days.

    I'll try again, shorter story but you'll get the geist of it:

    This isn't new. Your camera, your keyboard and virtually any gadget has an embedded system in it, they have an entire computer in it if you like, they can easily fit a whole server gateway in there. But it's not as easy to do this as it might seem, so most of you have very little to worry about. Example. Say your monitor now has been successfully infiltrated with malicious code now, it still has to "hack" your windows installation and place a relay daemon there that'll have to avoid being detected by your anti-virus software or windows defender. Furthermore, if the malware is neatly compressing and transporting the image from your monitor on a separate protocol layer, you still have to have some kind of hidden client that can relay these packets to the network card or windows socket for the network card...or use the drivers, or inject into a stream of packets...all these things opens up an entirely new can of worms. Not even Windows knows all the networks in the world, I have a relatively modern computer...one of the most high end, and yet Windows 10 that came on a USB memory didn't even know what network chip my computer had, imagine a small embedded system entirely on its own...trying to figure out how to operate your computers network card, yay...good luck with that.

    It's not as dangerous as it seems, I'd worry more about that little independent computer that reside inside your INTEL processor.
    • Re: (Score:3, Funny)

      by Anonymous Coward

      Your messages aren't "vanishing". Hackers have hacked your monitor to make it look that way.

      Dump-a-Drumpf 2016/Forever

    • They changed the JS; if you block most of it, but whitelisted some, you have to add one of the new JS domains in to have it keep working. It seems to change which code it is actually using depending on if you clicked on nested stories already, or something. It looks like a bug that just only bites some people, and they don't mind the sloppy code so it stays.

      • This makes sense to me. That could be it.

        What I guess might have fooled me could be that after I preview and click submit, it "pretends" to be there, it was even there in my profile, but after I came back it was gone. Happened twice to me lately.

        I've tried to accept all things from this site with Adblocker, but every time I accept, there's always new ones to accept...accept...and then when I am in edit mode there's more to accept, even in preview mode.
        • Noscript has the angry red mark down in it's spot on the bottom right corner when I am using Slashdot on Seamonkey, because there are many, many things the Slashdot page would apparently like me to unblock, but Noscript says I am only allowing 4/17 and it works pretty good. (Hmmm, I should block off a few more of those... what is rpxnow.com and rubiconproject.com....)

          (better post this before blocking them)

  • by fahrbot-bot ( 874524 ) on Sunday August 07, 2016 @02:17PM (#52660675)

    Who monitors the monitors?

  • The Internet of Hackable Things...

  • Stop accepting unsigned firmware updates over insecure channels. This isn't 1980 any more.
  • Yes, it may be possible to hack some monitors but generally this is bullshit. I have worked on the development of monitors so know that most simply can not be hacked in the way they suggest. The first criteria of most monitors is they are cheap. The second criteria is they work. Once you understand that then you realise the only to hack most monitors is with a special programming card (some can be updated via an USB port). The fact is you typically have a low spec 8 bit micro controlling a high speed s
  • [T]his could be used to both spy on you, but also show you stuff that's actually not there. A scenario where that could dangerous is if hackers mess with the monitor displaying controls for a power plant, perhaps faking an emergency.

    This can't be serious.

    The idea is my monitor, and millions more, are designed to take firmware updates over a video connection (VGA, HDMI, DisplayPort), and that there is enough available space in the storage of the controller to either cause my monitor to suddenly sprout a w

  • The background is true. Some group found out a type of monitor can install firmware. That means both good stuff and bad stuff can be installed. (which can be dangerous depend on the extent)

    but the article is FUD. Not all monitors have the connection to update firmware from the computer. Also, this should not be mixed up with monitors without a cpu. (aka with only the screen)

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Working...