Green Dam, the mandatory censorware that will be installed on all Chinese PCs as of July 1, is remarkably insecure. J Alex Halderman from Freedom to Tinker and his colleagues Scott Wolchok and Randy Yao have released a paper, based on a mere 12 hours testing, detailing attacks that can be used to "steal private data, send spam, or enlist the computer in a botnet" and " install malicious code during the update process." They've released sample code demonstrating their findings.
The Chinese government has mandated that all PCs sold in the country must soon include a censorship program called Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material. We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process. We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Analysis of the Green Dam Censorware System
Freedom to Tinker: China's New Mandatory Censorware Creates Big Security Flaws
(Thanks to everyone who suggested this!)
On August 8, 1974, President Richard Nixon delivered his resignation speech to the American public. Moments before this historical event, he was calmly joking around with the TV crew as if this was just any other presser. And then…. “…I have felt it was my duty to persevere, to make every possible effort to complete […]
President Donald Trump thinks this photo, of House Leader Nancy Pelosi berating him over his abandonment of America’s Kurdish allies, will make her look bad. The BBC quotes Republican “leaders” as saying Pelosi—apparently one of two women at the table and five in the room—was behaving in an “unbecoming” manner. Pelosi set the photograph as […]
After greenlighting Turkey’s invasion of Kurdish-held Syria by evacuating U.S. troops, Trump realized Turkish President Recep Tayyip Erdoğan was making a fool of him and sent a bizarre letter his way. The letter promised to destroy the Turkish economy, saying “Don’t be a tough guy. Don’t be a fool!” and “Lets work out a great […]
We can’t all go through life with just a pair of sneakers and flip-flops. Sometimes, you have to invest in a pair of high-quality dress shoes. However, you’ve probably discovered that high-end footwear almost always comes with eye-popping price tags. You’ve got to compromise on second-hand or just suck it up and take out a […]
We have a theory about those throw blankets that are barely big enough to cover your legs. The only people who seem to make them or use them are grandmothers, and the blankets are only that small because Nana got bored halfway through the sewing job. Look, we’re sure she means well. But if you […]
Remember when the default state of your online presence was anonymity? That’s not so clear-cut anymore, and the worst part is you may not even know who is using your data or what they’re using it for. Small wonder that so many people are choosing to surf through virtual private networks. VPNs filter web access […]