Green Dam, the mandatory censorware that will be installed on all Chinese PCs as of July 1, is remarkably insecure. J Alex Halderman from Freedom to Tinker and his colleagues Scott Wolchok and Randy Yao have released a paper, based on a mere 12 hours testing, detailing attacks that can be used to "steal private data, send spam, or enlist the computer in a botnet" and " install malicious code during the update process." They've released sample code demonstrating their findings.
The Chinese government has mandated that all PCs sold in the country must soon include a censorship program called Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material. We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process. We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Analysis of the Green Dam Censorware System
Freedom to Tinker: China's New Mandatory Censorware Creates Big Security Flaws
(Thanks to everyone who suggested this!)
Hold on to your butts, America. Steve Bannon is, as an ally told one reporter, “unchained” after being relieved of his White House duties as Trump’s strategic advisorIn an interview this evening, Bannon tells the Weekly Standard he’s returning to run Breitbart.com, as he was before becoming Trump’s campaign manager exactly one year and one […]
Steve Bannon is out of the White House, a year and one day after he became then candidate Donald Trump’s presidential campaign manager.
Mitt Romney, Republican presidential candidate and rich guy, called Trump a fraud, then asked him for a job, and is now outraged by his racism. Testify that there is no conceivable comparison or moral equivalency between the Nazis–who brutally murdered millions of Jews and who hundreds of thousands of Americans gave their lives to defeat–and […]
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]