Green Dam, the mandatory censorware that will be installed on all Chinese PCs as of July 1, is remarkably insecure. J Alex Halderman from Freedom to Tinker and his colleagues Scott Wolchok and Randy Yao have released a paper, based on a mere 12 hours testing, detailing attacks that can be used to "steal private data, send spam, or enlist the computer in a botnet" and " install malicious code during the update process." They've released sample code demonstrating their findings.
The Chinese government has mandated that all PCs sold in the country must soon include a censorship program called Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material. We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process. We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Analysis of the Green Dam Censorware System
Freedom to Tinker: China's New Mandatory Censorware Creates Big Security Flaws
(Thanks to everyone who suggested this!)
Greg Gianforte, the Republican candidate in Montana’s congressional election, attacked a reporter from UK newspaper The Guardian, body-slamming him and breaking his glasses. In audio recorded by Ben Jacobs, who covers the U.S. political beat, you can hear Gianforte getting shirty, then, when pressed, the muffled sounds of what Jacobs said was “the strangest thing […]
The best way to fight gerrymandering is to prove to courts that electoral districts have been unfairly formed, a tactic that’s been used successfully in places like North Carolina; but for this to work, you need good demographic data to show that the district is unfair, and for that, you need an accurate census.
James B. Comey may once have tried to hide behind curtains to avoid Donald J. Trump, but the former FBI director’s investigation could mean curtains for the Trump presidency.
The Ticwatch 2 Active Smartwatch is a simpler take on an active wearable that raised over $2m dollars on Kickstarter and is currently offered in the Boing Boing Store.Somewhere in between the single-day battery life and platform-specificity of the Apple Watch and Android Wear devices, there exists the Ticwatch. Instead of trying to shoehorn another […]
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]
Yes, yes there is. The ultraportable Twisty Glass Mini boasts all of the simplicity of its forebear, while fitting just a little bit better in your pocket.The Mini is perfect for casual smokers, and anyone who doesn’t have the patience or fine motor skill for rolling papers. This piece keeps the convenient design of its older […]