Security flaws galore: Researchers dissect China's Green Dam censorware

Security flaws galore: Researchers dissect China's Green Dam censorware

Summary: A team of researchers at the University of Michigan has found a bevy of exploitable vulnerabilities in Green Dam, censorship software that the Chinese government wants to bundle on every PC.This week, the Wall Street Journal reported that China wanted to require PC makers to bundle Green Dam with each unit sold.

SHARE:

A team of researchers at the University of Michigan has found a bevy of exploitable vulnerabilities in Green Dam, censorship software that the Chinese government wants to bundle on every PC.

This week, the Wall Street Journal reported that China wanted to require PC makers to bundle Green Dam with each unit sold. The reason: China wanted to protect its citizens from harmful content, also known as porn. However, Green Dam can filter out other things too such as political terms such as Falun Gong. You could call Green Dam Censorship.exe.

Now Scott Wolchok, Randy Yao, and J. Alex Halderman at the University of Michigan report:

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.

Shocking? Hardly.

The big question is whether these flaws enable the Chinese government to take control of PCs. If hackers can do it easily why can't a few government employees?

More reading:

Topics: Software, CXO, Government, Government US, Security, Software Development, China, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Somehow that figures

    Who would expect censorware makers to actually be competent at what they do?
    EssPee
  • BINGO!!!

    "The big question is whether these flaws enable the Chinese government to take control of PCs. If hackers can do it easily why can?t a few government employees?"

    Wouldn't that be a big surprise.
    IT_Guy_z
  • I don't think it's a question ...

    "enable the Chinese government to take control of PCs"

    ... I think it's a requirement.
    de-void-21165590650301806002836337787023
  • Shocker!

    nt
    Christian_<><
  • RE: Security flaws galore: Researchers dissect China's Green Dam censorware

    The Chinese government concerned about pornography? Give me a break! Look at the rampant and growing prostitution all across China cities and you will realize this is not about filtering out pornography.

    If you really understand the CCP, you will know this is another desperate attempt to block out Falun Gong content and messages.

    So what happened to the great China Fire wall, the "Golden shield", that CCP has spent billions of dollars over many years to filter and control internet content? The simply answer is, they no longer work. Using software developed by Falun Gong, Chinese netizens have been able to climb over the wall the read content like the "nine-commentaries of the CCP", the Divine Performing Arts, the Epoch Times and other contents provided by Falun Gong. The CCP has no answer to such content, and is absolutely terrified that more and more Chinese are reading them.

    The sense of insecurity exhibited by the CCP is so ridiculous, yet it is very real.

    So why does the CCP fear Falun Gong so much? That is too long to answer here, you have to do your own reading up and research.
    zuanlim@...
  • Coming soon to a Dear Leader...

    Maobama government "Protect the beloved people from porn" national Internet protection interception center!

    Notice the total similarities to our beloved dear leaders siren cries?
    RS9