China Mandates Spying Software – Green Dam
China now mandates all PCs sold on July 1st 2009 to have a content-control software called Green Dam (緣壩) installed.
Not sure how wildly reported outside of China, but here I should bring to your attention.
The protests, of course, are present. Chinese people are not stupid, but…
On 10 June, amidst massive criticism circling within the internet about the software and the MIIT’s directive, the Publicity Department of the Communist Party of China Central Committee, the agency responsible for censorship, issued an instruction attributed to “central leaders” requiring the Chinese media to stop publishing questioning or critical opinions. Reports in defense of the official stand appeared subsequently, with a commentary by the state-run Xinhua news agency saying “support largely stems from end users, opposing opinions primarily come from a minority of media outlets and businesses”.[20][21] The instruction also required online forums to block and remove “offensive speech evolved from the topic” promptly.[22] Zhang attacked the Wolchok et al report as irresponsible action and breach of his company’s copyright, and said that Jinhui had been ordered to patch the weaknesses.[23]
So, there goes the end of newspaper. What is left? I heard a term called propaganda. =)
I will not discuss the political implications since it is so painfully obvious. If you do not, go do a search and study, then you will see how ridiculous is to believe in the benevolence.
On the other hand, this software is buggy. Despite the development company JinHui claims “all software has a bug”, it seems he means it is OK to have bugs that can root the whole China. I guess that is good news to the cybercriminals. I could hear them giggling ready to pwn n00bies!
Anyway, here is an interesting security analysis from The University of Michigan.
Summary We have discovered remotely-exploitable vulnerabilities in Green Dam, the censorship software reportedly mandated by the Chinese government. Any web site a Green Dam user visits can take control of the PC.
According to press reports, China will soon require all PCs sold in the country to include Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material.
We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
You see, the problems will just continue to arise. Workarounds will be distributed. Well. What’s next? Hardware rootkits? Let’s look forward to 1984.
English
Recent Comments