Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Twitter)   Got top-tier anti malware for your computer? Not good enough. Your monitor can be haxx0r3d, too, to make you think that your browser is at your secure banking site when it isn't   (twitter.com) divider line
    More: Scary, shot  
•       •       •

1432 clicks; posted to STEM » on 11 Apr 2021 at 7:30 PM (3 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



69 Comments     (+0 »)
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2021-04-11 3:12:36 PM  
Original Tweet:

 
2021-04-11 3:28:27 PM  
Shiat like this is why we don't do our banking over the internet. All bills are paid by check.
 
2021-04-11 3:51:52 PM  
On one hand, this is a problem that must be addressed.  On the other I believe you need administrator access to do this particular exploit, which is already game over.
 
2021-04-11 4:04:55 PM  
That is an insanely impractical attack vector that would (for most monitors) require physical access to the JTAG connector to load new firmware and details about the TCON implementation.

Most monitors do not allow the firmware to update over the link and those that do usually have at least some basic crypto signing to prevent this sort of thing.  It's a neat trick but nobody is actually doing this.
 
2021-04-11 4:18:48 PM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


You're being overly paranoid
 
2021-04-11 4:22:03 PM  

cman: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

You're being overly paranoid


Worrying about this sort of attack is like being worried that someone will cut your brakes if you park on street.  It's theoretically possible but unless you have reason to believe you're a target nobody should let it impact their life.
 
2021-04-11 4:47:56 PM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


Me too! And I take them to the post office and MAIL them.

Mr. Burns - Auto Gyro
Youtube jHH9vWZ27Nc
 
2021-04-11 5:19:59 PM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


Something to ponder:

Back in 2006-07 had to escort a consultant to load software on a customer's server in our data center since there were other customer's servers in the same rack.  While waiting for it to load/update he informed me that he was a victim of identity theft and it took almost a year to resolve.  Turns out he dropped a bunch of mail/bills/checks/etc. into an outside blue post office mailbox but the mail never got delivered and the problems started.  Police mentioned that thieves were building sleeves to capture mail and pull it before the mailbox was emptied.

I switched to online payment / bill pay via my credit union after hearing his story and have had no issues plus I save a bundle in postage, checks and trips to the post office.  And when I do mail anything with a check or sensitive material I walk inside a post office and never use an outside blue postal box or even my street side mailbox.
 
TWX [TotalFark]
2021-04-11 5:47:14 PM  
Good luck hacking my displays over 15-pin VGA or Component ...
 
2021-04-11 5:59:43 PM  

FrostbiteFallsMN: never use an outside blue postal box


Many, if not all, have been retrofitted.  Now you feed your letters through ratcheting teeth which only go one way.
 
2021-04-11 6:04:52 PM  
To sail the digital sea requires taking risks. Now, if someone has hacked your monitor...you've probably got bigger things to worry about.
 
2021-04-11 6:10:18 PM  
That explains all that porn on my computer.
 
2021-04-11 6:22:13 PM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


To the 4 of you that laughed? Don't come here whining when you get hacked.
 
2021-04-11 6:29:07 PM  

WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.


Ooga booga
 
2021-04-11 6:36:15 PM  

WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.


Fun Fact:

All those numbers at the bottom of checks have meaning. One of the big strings of numbers is almost always the account that the funds is coming from. The rest are routing numbers. That's how banks transfer money.

You want to know who ELSE can use those numbers to transfer money or alter the check to make themselves the payee? Anyone who is sufficiently motivated.
 
2021-04-11 7:08:44 PM  

FrostbiteFallsMN: Police mentioned that thieves were building sleeves to capture mail and pull it before the mailbox was emptied.


Eeesh, for every criminal we see in the news getting caught for doing something painfully dumb, there's others raising the bar with tricks like this.
 
2021-04-11 7:22:59 PM  

iheartscotch: All those numbers at the bottom of checks have meaning. One of the big strings of numbers is almost always the account that the funds is coming from. The rest are routing numbers. That's how banks transfer money.


Don't forget that the check you mail someone also has your signature, and a recent check number.

It's actually a laughably, absurdly insecure way to send someone money.  It's funny how we've all been told how stupid it is to send cash in the mail, but it's okay to send your entire bank account to a stranger, with tips on how to use it.  And you don't even get the benefit of fraud protection that is commonplace with credit card transactions.

Online financial transactions are not very secure, but none of it comes close to writing a check.
 
2021-04-11 7:44:41 PM  
Off topic. But is there any program that can scan your PC bios? I know they can hide stuff in there. The very first thing I do when I assemble a new PC is to put a password on the bios. Before installing anything. So I am being way over paranoid. What about something to scan the printer?
 
2021-04-11 7:48:43 PM  
Fark user imageView Full Size
 
2021-04-11 8:17:27 PM  

FarkingChas: Off topic. But is there any program that can scan your PC bios? I know they can hide stuff in there. The very first thing I do when I assemble a new PC is to put a password on the bios. Before installing anything. So I am being way over paranoid. What about something to scan the printer?


All modern PCs have another CPU that you can't scan and people who have managed to get the code out all say it is of very poor quality.  That CPU arranges the main CPU to boot and has access to all the RAM and everything else on the system.  Some network cards can do mostly the same thing too.
 
2021-04-11 8:22:47 PM  

OptionC: That is an insanely impractical attack vector that would (for most monitors) require physical access to the JTAG connector to load new firmware and details about the TCON implementation.

Most monitors do not allow the firmware to update over the link and those that do usually have at least some basic crypto signing to prevent this sort of thing.  It's a neat trick but nobody is actually doing this.


Came here for this, leaving happily.
 
2021-04-11 8:23:40 PM  
Jesus fark.

The average person cannot outfox these hacks. The average person cannot make their computer secure.

And the above average person is determined to stop us from owning our own work and life product, by uploading into their cloud, and making us use programs on subscription.
 
2021-04-11 8:26:38 PM  

DON.MAC: All modern PCs have another CPU that you can't scan and people who have managed to get the code out all say it is of very poor quality. That CPU arranges the main CPU to boot and has access to all the RAM and everything else on the system. Some network cards can do mostly the same thing too.


You think PCs are bad? Servers have BMCs, which are basically built-in remote power switches / KVMs, effectively allowing local access remotely. Their security is also terrible.
 
2021-04-11 8:33:11 PM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


Talk about insecure.  All someone needs is the numbers from the bottom to do an EFT, which is why you can pay by check over the phone.
 
2021-04-11 8:37:09 PM  

WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.


no one tell him what washing a check is
 
2021-04-11 8:43:24 PM  
Fark user imageView Full Size


Ah ha! Thought you'd get me but your little trick ran in to only 16KB or ram! Hahaha!
 
2021-04-11 8:45:07 PM  

TWX: Good luck hacking my displays over 15-pin VGA or Component ...


There was a trojan that made the video circuit run at an nonstandard  frequency, that made the power supply that shared circuits with the EGA monitor flyback, burn up
 
2021-04-11 8:54:16 PM  

BumpInTheNight: FrostbiteFallsMN: Police mentioned that thieves were building sleeves to capture mail and pull it before the mailbox was emptied.

Eeesh, for every criminal we see in the news getting caught for doing something painfully dumb, there's others raising the bar with tricks like this.


Not really.

If you're actually smart, motivated, etc then you'll almost certainly have career options open to you that aren't "criminal" and don't involve looking over your shoulder for the rest of your life.
 
2021-04-11 9:00:50 PM  

trialpha: DON.MAC: All modern PCs have another CPU that you can't scan and people who have managed to get the code out all say it is of very poor quality. That CPU arranges the main CPU to boot and has access to all the RAM and everything else on the system. Some network cards can do mostly the same thing too.

You think PCs are bad? Servers have BMCs, which are basically built-in remote power switches / KVMs, effectively allowing local access remotely. Their security is also terrible.


You two ARE NOT HELPING!
How am I ever gonna stop hiding under the bed with this kind of info?
 
2021-04-11 9:07:46 PM  

trialpha: DON.MAC: All modern PCs have another CPU that you can't scan and people who have managed to get the code out all say it is of very poor quality. That CPU arranges the main CPU to boot and has access to all the RAM and everything else on the system. Some network cards can do mostly the same thing too.

You think PCs are bad? Servers have BMCs, which are basically built-in remote power switches / KVMs, effectively allowing local access remotely. Their security is also terrible.


My favourite to date was the HP iLO exploit where one simply had to edit the URL's value from "Authenticated" to "Authenticated=True".  Bam you're in, as root.  LOL.
 
2021-04-11 9:19:54 PM  
OpenSuSE Linux and dumb monitors, no wifi, no camera, no mic, no sound.
 
2021-04-11 9:20:23 PM  

iheartscotch: WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.

Fun Fact:

All those numbers at the bottom of checks have meaning. One of the big strings of numbers is almost always the account that the funds is coming from. The rest are routing numbers. That's how banks transfer money.

You want to know who ELSE can use those numbers to transfer money or alter the check to make themselves the payee? Anyone who is sufficiently motivated.


I was the victim of check fraud about 20 years ago when someone stole some of my outgoing mail. All they had to do was print checks using the account info on the bottom of one in a bill payment that they stole. Programs that could do that were commonplace. Quicken started out as a program that had check printing as one of its main features. You would enter the routing number and account number and a starting check number and you could then enter your outgoing bill payments into Quicken and have it print the checks and keep accounting info on your expenditures at the same time.

Luckily for me I was using a custom check with a picture in the background and my bank at the time sent us reduced images of the processed checks in a monthly statement.  So it was obvious which ones were forged since they were very plain.  The person forging checks only spent about $200 total on groceries and other small purchases and the bank refunded all the money in the end anyway.
 
2021-04-11 9:21:46 PM  
erik-k:

Smart criminals get into white collar crime
 
2021-04-11 9:25:15 PM  

iheartscotch: WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.

Fun Fact:

All those numbers at the bottom of checks have meaning. One of the big strings of numbers is almost always the account that the funds is coming from. The rest are routing numbers. That's how banks transfer money.

You want to know who ELSE can use those numbers to transfer money or alter the check to make themselves the payee? Anyone who is sufficiently motivated.


Double Fun Fact:

If you print your own checks but mistakenly use the routing number from one of your deposit slips because you don't have checks anymore, every check you write gets cashed by the recipient AND also deposited back into your account too. Instant Millionaire. The more you spend the more you make. Took months for the bank to get it straightened out.
 
2021-04-11 9:44:03 PM  
Shiat like this is why I lock the doors and close the blinds every time a helicopter flys over my house.
 
2021-04-11 9:55:40 PM  

steve_wmn: iheartscotch: WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.

Fun Fact:

All those numbers at the bottom of checks have meaning. One of the big strings of numbers is almost always the account that the funds is coming from. The rest are routing numbers. That's how banks transfer money.

You want to know who ELSE can use those numbers to transfer money or alter the check to make themselves the payee? Anyone who is sufficiently motivated.

I was the victim of check fraud about 20 years ago when someone stole some of my outgoing mail. All they had to do was print checks using the account info on the bottom of one in a bill payment that they stole. Programs that could do that were commonplace. Quicken started out as a program that had check printing as one of its main features. You would enter the routing number and account number and a starting check number and you could then enter your outgoing bill payments into Quicken and have it print the checks and keep accounting info on your expenditures at the same time.

Luckily for me I was using a custom check with a picture in the background and my bank at the time sent us reduced images of the processed checks in a monthly statement.  So it was obvious which ones were forged since they were very plain.  The person forging checks only spent about $200 total on groceries and other small purchases and the bank refunded all the money in the end anyway.


CSB: My dad was selling his grill on craigslist and started to fall for one of those "we'll send you extra money and you give the extra in cash to the shipping company when they pick up item X".  The "check" they sent him was one of those printable checks with a laughably low res pic of some random bank logo.
 
2021-04-11 10:26:39 PM  
"TweetSee new TweetsThis is not available to you"


WTF, Twitter?
 
2021-04-11 10:30:37 PM  

cman: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

You're being overly paranoid


Not paranoid enough.

"Paid by check" = your name, your address, and your account # and bank routing # are available to anyone who sees your check. Also (if you're an idiot) your DL#. And I've even heard of idiots who put their SS# on their check (you know, to save time when the nice clerk asks you for ID so they can add the numbers to the check, in case it bounces).
 
2021-04-11 10:37:59 PM  

leeksfromchichis: erik-k:

Smart criminals get into white collar crime

politics

ftfy
 
2021-04-11 10:38:02 PM  

WTFDYW: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

To the 4 of you that laughed? Don't come here whining when you get hacked.


This complaint is legitimate, I just tried hacking him using a tracer-t. We even had two people typing on the keyboard to speed it up, but we couldn't get anything useful. Just links to the Old Morning Tribune, some chain emails from his Sent Mail about cancer cures the government doesn't want you to know about and scans of a printed TV guide with Matlock and I Love Lucy highlighted.
 
2021-04-11 10:38:16 PM  

ababyatemydingo: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

Me too! And I take them to the post office and MAIL them.

[YouTube video: Mr. Burns - Auto Gyro]


Then I start my 2nd job as a USPS worker, collect the bills I just sent, and hand deliver each one to the recipient.
 
2021-04-11 11:20:57 PM  

BumpInTheNight: trialpha: DON.MAC: All modern PCs have another CPU that you can't scan and people who have managed to get the code out all say it is of very poor quality. That CPU arranges the main CPU to boot and has access to all the RAM and everything else on the system. Some network cards can do mostly the same thing too.

You think PCs are bad? Servers have BMCs, which are basically built-in remote power switches / KVMs, effectively allowing local access remotely. Their security is also terrible.

My favourite to date was the HP iLO exploit where one simply had to edit the URL's value from "Authenticated" to "Authenticated=True".  Bam you're in, as root.  LOL.


I remember doing stuff like this out of curiosity  when I was a teen. When websites had all their stuff in viewable JavaScript. i thought I was clever. I was really just confronted with poor security. I also had fun.
 
2021-04-11 11:24:59 PM  
Hello Your Computer has virus 4K (Indian Version)
Youtube srAzlF4VcCA
 
2021-04-11 11:33:23 PM  
WHY DO YOU THINK I KEEP THIS TELETYPE AROUND?

/NO, THE 3,000 POUNDS OF FARK PRINTOUTS ARE JUST A BONUS
 
2021-04-11 11:41:22 PM  

Harlee: cman: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

You're being overly paranoid

Not paranoid enough.

"Paid by check" = your name, your address, and your account # and bank routing # are available to anyone who sees your check. Also (if you're an idiot) your DL#. And I've even heard of idiots who put their SS# on their check (you know, to save time when the nice clerk asks you for ID so they can add the numbers to the check, in case it bounces).


Well just use bank starter checks! No preprinted info like names, addresses, phone numbers. Just a blank check with an account number, and a low check number.

/sarcasm, btw
 
2021-04-11 11:45:43 PM  

Harlee: leeksfromchichis: erik-k:

Smart criminals get into white collar crime politics

ftfy


*looks at past four years*

Demonstrably not.
 
2021-04-12 12:00:48 AM  

erik-k: If you're actually smart, motivated, etc then you'll almost certainly have career options open to you that aren't "criminal" and don't involve looking over your shoulder for the rest of your life.


These guys want a word.

Criminal hacking pays far better than working defense. In countries where governments either support, or won't prosecute such attacks when waged against foreigners, it's not even defacto criminal under domestic law.

For highly skilled Russians, working for e.g. APT-28 almost certainly pays better than working for what passes for Russia's legitimate IT industry, especially as these people are allegedly allowed to personally keep anything of value that they can take while they're busy causing havoc on behalf of the Russian government.

I also suspect that the contractors who make tools for the NSA's merry band of terrorists earn considerably more than they'd earn at the likes of Cisco.
 
2021-04-12 12:18:14 AM  

WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.


This. All of my bills are direct debit. All of them were set up in person at the bank. Even my credit card is direct, set up in person. As far as I'm aware, I've never banked online in any way, shape, or form.

Someone once stole my identity and used it to set up a bunch of credit. Their start was breaking into my mailbox and trying to use my info from my pay stubs.

The massive divide in setup made it extremely easy to say "those aren't me". A pain in my ass, yes, but relatively easy to solve.

Always remember that convenience probably isn't convenient. Ever wondered why everyone wants to give you loyalty points? It's not for your benefit.

Stop handing your info out to everyone who asks. No really, STOP IT. The internet is NOT YOUR FRIEND.
 
2021-04-12 12:20:27 AM  
Seems it would be easier to hack the browser.
 
2021-04-12 12:26:58 AM  

GrendelMk1: WTFDYW: Shiat like this is why we don't do our banking over the internet. All bills are paid by check.

This. All of my bills are direct debit. All of them were set up in person at the bank. Even my credit card is direct, set up in person. As far as I'm aware, I've never banked online in any way, shape, or form.

Someone once stole my identity and used it to set up a bunch of credit. Their start was breaking into my mailbox and trying to use my info from my pay stubs.

The massive divide in setup made it extremely easy to say "those aren't me". A pain in my ass, yes, but relatively easy to solve.

Always remember that convenience probably isn't convenient. Ever wondered why everyone wants to give you loyalty points? It's not for your benefit.

Stop handing your info out to everyone who asks. No really, STOP IT. The internet is NOT YOUR FRIEND.


Let me counter with two simple questions.

What is the name of your favourite pet?

What was your mother's maiden name?
 
Displayed 50 of 69 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter



  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.