Sign in with
Sign up | Sign in

China to Patch Flaws in Green Dam Censorware

By - Source: Tom's Hardware US | B 21 comments

The Chinese government has ordered designers of the Green Dam censoring software to patch vulnerabilities that could allow hackers to take control of users’ computers.

In a detailed analysis last week, Scott Wolchok, Randy Yao, and J. Alex Halderman from the Computer Science and Engineering Division at the University of Michigan claimed to have found two major security vulnerabilities after only one day of testing the Green Dam software.

According to the report, the first vulnerability is an error in the way the software processes web sites it monitors, which the second is a bug in the way the software installs blacklist updates. However, both allow remote parties to execute arbitrary code and take control of the computer.

Speaking to the English language publication, China Daily, Zhang Chemin, general manager of Jinhui Computer System Engineering admitted that there were flaws, "just like any other software of this type" but went on to say that the company specializes in “producing internet filtering software rather than security.”

Zhang told CD that the government had asked the company to rush release security patches to fix the problems. "The Ministry of Industry and Information Technology told us to make the software safer as soon as a series of security vulnerabilities were found." Adding that programmers were working non-stop to develop fixes.

China has ordered that starting July 1, all computers must ship with the Green Dam software pre-installed on their computers. According to the Chinese government, the software is supposed to filter out pornographic content, however, recent analysis shows it also filters out political phrases too.

Display 21 Comments.
This thread is closed for comments
Top Comments
  • 10 Hide
    mavroxur , June 15, 2009 6:53 PM
    "However, both allow remote parties to execute arbitrary code and take control of the computer."


    Ah, so the software is working exactly as the government designed it to I see....

Other Comments
  • 5 Hide
    starryman , June 15, 2009 6:12 PM
    And what do they plan on doing with SPAM? We can't even filter out male enlargement and nigerian scams.
  • 8 Hide
    tenor77 , June 15, 2009 6:19 PM
    Individual thoughts were still getting through!

    Resistance is futile
  • -5 Hide
    tayb , June 15, 2009 6:22 PM
    I went to public school. Internet filters don't work. It doesn't even require "hacking" or anything of the sort. They just don't catch everything. If I wanted to look at porn I could do it with just a little effort.
  • 4 Hide
    Pei-chen , June 15, 2009 6:24 PM
    Don't really know why this is still headline news but I see this vulnerability as no different than the vulnerability in EA download manager, Apple updates, Adobe update manager, etc.
  • 2 Hide
    jerther , June 15, 2009 6:41 PM
    Quote:
    China has ordered that starting July 1, all computers must ship with the Green Dam software pre-installed on their computers.


    I just thought about something... Will users be able to uninstall it? :) 
  • 6 Hide
    tenor77 , June 15, 2009 6:42 PM
    JertherI just thought about something... Will users be able to uninstall it?


    If they took a lesson from EA then the answer would be "No"
  • -2 Hide
    B-Unit , June 15, 2009 6:44 PM
    Pei-chenDon't really know why this is still headline news but I see this vulnerability as no different than the vulnerability in EA download manager, Apple updates, Adobe update manager, etc.

    Except that no government requires EA download manager, Apple updates, or Adobe updates to be installed on every PC sold.
  • 10 Hide
    mavroxur , June 15, 2009 6:53 PM
    "However, both allow remote parties to execute arbitrary code and take control of the computer."


    Ah, so the software is working exactly as the government designed it to I see....

  • 0 Hide
    grieve , June 15, 2009 7:14 PM
    FAIL
  • 1 Hide
    Hanin33 , June 15, 2009 7:22 PM
    so, what ever happened to the idea that people could do whatever they wished to in their part of the world? sure it doesn't meet up to the 'standards' of the moment elsewhere... but has anyone stopped to think that that's just fine with the people this directly concerns? maybe our way of life isn't how they wish to lead theirs? are we not just projecting wot we interpret the way 'it should be' with the way we want them to live? i don't agree that a government should be allowed that much control over their constituents lives... but i also do not live in china and would move if that were the case here in the USA. i'm just saying.. *shrugs*
  • 0 Hide
    hellwig , June 15, 2009 7:30 PM
    When will people learn that it's not good software practice to allow a URL, command, input, email, etc... to re-direct the Program Counter to an arbitrary address in memory? STOP executing random addresses in memory and we'll all be fine. And shouldn't the execute enable bit on just about all modern processors have resolved this issue by now?
  • 0 Hide
    IzzyCraft , June 15, 2009 7:36 PM
    grieveFAIL

    My guess is they knew about the security holes but when other people found out they didn't want hackers (besides their own) to take over people's computers, lol''
  • 0 Hide
    rubix_1011 , June 15, 2009 7:58 PM
    Ministry of Love (torture) and Ministry of Peace (war) (Orwell's 1984).

    China- Ministry of Industry and Information Technology. (oppressive overseeing via technology)

    Hmmm...I don't see how any of these could be remotely related.
  • 1 Hide
    Ciuy , June 15, 2009 8:25 PM
    useless software. If CHina cant see porn, the whole porn industry is in for a crysis. :) )
  • 0 Hide
    mavroxur , June 15, 2009 8:34 PM
    CiuyIf CHina cant see porn, the whole porn industry is in for a crysis. )



    The whole country is going to play a first-person shooter?
  • 1 Hide
    anamaniac , June 15, 2009 8:35 PM
    Damn, I have to find another way to get porn...
  • 0 Hide
    rubix_1011 , June 15, 2009 9:04 PM
    I think he actually means crisis vs crysis.
  • 0 Hide
    The Schnoz , June 15, 2009 9:57 PM
    Can't they just format the computer and do a fresh OS install?
  • 0 Hide
    igot1forya , June 16, 2009 5:13 AM
    OEM's should ship the system with Green Dam installed but when booting for the first time should put an option to remove the software, similar to the way OEM's seem to load 3 antivirus's on new PC's and let the end user remove the programs they don't need.

    "You are 2 step away from using your new PC!"
    Step 1: - Uninstall Green Dam
    Step 2: - Finish Setup

    :) 
  • 0 Hide
    eddieroolz , June 16, 2009 10:02 AM
    Huh, so it seems they do pay attention to Western reports...
Display more comments