ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

China confirms security flaws in Green Dam, rushes to release a patch

By | June 15, 2009, 2:09am PDT

Summary: China’s Ministry of Industry and Information Technology has instructed the developers of the Green Dam censorware, to briefly release a patch in regard to last week’s published analysis detailing the possibility of remotely exploitable vulnerabilities within the software. Jinhui Computer System Engineering Co, developer of Green Dam, insisted that the software is just a vulnerable as [...]

China’s Ministry of Industry and Information Technology has instructed the developers of the Green Dam censorware, to briefly release a patch in regard to last week’s published analysis detailing the possibility of remotely exploitable vulnerabilities within the software.

Jinhui Computer System Engineering Co, developer of Green Dam, insisted that the software is just a vulnerable as any other, and that their expertise is in coding Internet filtering software, and not necessarily one with security in mind — pretty interesting comment taking into consideration the fact that the developer earned millions in the process of coding it.

Moreover, despite the fact that Green Dam made the headlines in 2009, and quickly received the necessary reverse-engineering attention which exposed the security flaws within, the vulnerable version of censorware has been shipped to Chinese users as of early 2008.

According to Green Dam’s web site, as of April, 2009 there have been over 3.5 million downloads of the software. In less than a month, following an advertising campaign that featured download link at 160 of China’s most popular web sites, the number of downloads peaked at 7,172,500 with the majority of Chinese provinces, schools and universities having already installed it on their networks.

This massive adoption can in fact quickly mature into the security disaster, researchers Scott Wolchok, Randy Yao, and J. Alex Halderman talked about in their analysis, and exploitation of the software may have already been taking place without any public reports of it.

With China’s recent announcement that it make the censorware an inseperable part of each and every Windows running PC purchased after the 1sth of July, through an agreement with China’s Lenovo, it may well be contributing to the creation of the “Great Botnet” of China.

The vendor of Green Dam is also planning a legal action against the reverse engineering of its product according to a quote published in People’s Daily Online. Zhang Chenmin, manager at Zhengzhou-based Jinhui Computer System Engineering Co. :

“expressed anger at Halderman’s report. “It is not responsible to crack somebody’s software and publish the details, which are commercial secrets, on the Internet. They (the professors) have infringed the copyright of our product. “I think the negative comments and attacks on Green Dam are intentional,” Zhang said, adding his company plans to take legal action against the professors.”

I wonder whether they’d still be having the same attitude if malicious attackers used Green Dam’s trivial remotely exploitable vulnerabilities, for creating a botnet whose size would have made Conficker look like an operation run by amateurs.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Software, China, Tools & Techniques, Security, Management, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
21
Comments
Add Your Opinion

Join the conversation!

Just In

RE: China confirms security flaws in Green Dam, rushes to release a patch
birumut Updated - 2nd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat
View in thread
0 Votes
+ -
The problem with backdoor software
zmud Updated - 15th Jun 2009
is the danger somebody else will discover your back door and use it.
0 Votes
+ -
What was that about copyright infringement, again?
Zogg 15th Jun 2009
"?It is not responsible to crack somebody?s software and publish the details, which are commercial secrets, on the Internet. They (the professors) have infringed the copyright of our product.?

Doesn't he mean the copyright of Solid Oak's product?

http://government.zdnet.com/?p=4933
0 Votes
+ -
HA! Good one, Zogg!...
JCitizen 15th Jun 2009
That one should have been linked in this article.
0 Votes
+ -
ZDNet - please respect proxy settings! (sorry - not on topic)
s_southern 15th Jun 2009
Sorry if this belongs elsewhere... but Zero Day seemed the appropriate forum for it...

Can anyone explain why the flash ads on this site are using Adobe's RTMTP protocol and NOT to respect proxy settings in the browsers?

As this is a security blog (hence why I'm asking this here) perhaps you can explain why ZDNet chooses to configure their flash content in this way? As I'm sure you're aware, no computer should talk directly to the Internet other than a content/security gateway system. As a result, every time I visit ZDNet, I get a number of alerts from my firewall as it rarely gets hit by invalid traffic on the inside interface, so when it does, I count it as suspicious... and that includes port 80, 443 & 1935 (Adobe's RTMTP) traffic from anything OTHER than our content gateway...

This is just a huge peeve of mine about this site.
0 Votes
+ -
My defenses simply block the ads...
JCitizen 15th Jun 2009
end of problem. I feel ZDNet has been working on the quality of their web-pages and done a lot in the last few months!

But I'm glad you are bringing it up, as it would be ironic if ZDNet and its sister sights became one of the 20,000 thousand, some odd sights that is hopelessly infected with imbedded malware vectors.

And getting into IT's shorts is just what a crime cracker would like to do! ZDNet! The honeypot for crime crackers! Film at eleven!
0 Votes
+ -
Same here
Greenknight_z 17th Jun 2009
NoScript blocks the Flash and iFrame ads for me, so I don't have to worry about that. Also, with my slow internet connection, these pages would take forever to load if I didn't block that stuff.
0 Votes
+ -
For sure...(nt)
JCitizen 17th Jun 2009
.
0 Votes
+ -
RE: China confirms security flaws in Green Dam, rushes to release a patch
phatkat 15th Jun 2009
Ha! Ha! Ha! So the dam has flaws that it won't hold water.
The Great Wall of China didn't totally stop all of the "barbarians" so this censorware and firewall won't the people from going to "illicit" sites like Tiananmen Square protests of 1989 or Human Rights.
Chinese people are resourceful as proven with all of the spam I'm getting from Chinese IP addresses and the interesting links in that spam that links to China IP addresses. Chinese government is kidding themselves if they will stop this as much they are stopping prostitution and other millennia old vices.
0 Votes
+ -
Excellent article!..
JCitizen 15th Jun 2009
Great journalism guys!
0 Votes
+ -
RE: China confirms security flaws in Green Dam, rushes to release a patch
minardi 15th Jun 2009
LOL.

Quote: ?It is not responsible to crack somebody?s software
and publish the details, which are commercial secrets, on
the Internet. They (the professors) have infringed the
copyright of our product. "

Okay, let's see. Cartier, *****, Illegal copy of US movies,
cheap replica of watches, electronics, furniture (design) to
name a few.

Yes, sure, as if China doesn't make infringing others
copyrights an industrial sports.
0 Votes
+ -
China's Green Dam "software"
728rwp 15th Jun 2009
I have heard China's government has requested Dell and Hewlett-Packard to install their Green Dam censorship software on all computers exported to China starting in July. China Aid and other organizations seeking freedom in China should organize a mass boycott of all HP and Dell computers having this software installed. Freedom for millions of people is more important than profits for a couple of corporations.
0 Votes
+ -
Green Dam probably works less well than...
JCitizen 16th Jun 2009
the Dell & HP crapware! Let 'em try it!

Ssshhhh! *We won't tell them it will fail!* wink
0 Votes
+ -
RE: China confirms security flaws in Green Dam, rushes to release a patch
junk@... 15th Jun 2009
"In less then a month" should be "In less than a month".
0 Votes
+ -
China? OMG
zuozuo1013 15th Jun 2009
I'm from China;

The one thing is important,I won't use it even they are patch with new sell computer
0 Votes
+ -
Taiwan? Good to hear from folks...
JCitizen 16th Jun 2009
in the Asian rim; don't hesitate to comment here; we need all the input we can get! It would also be good to hear from PRC dwellers as well, of course!

Thanks!
0 Votes
+ -
RE: China confirms security flaws in Green Dam, rushes to release a patch
HideHoh 16th Jun 2009
Though the thought of punishing the 17 non-hackers on the web in China pains me, it may be time to cut mainland China loose from the WWW. Let them mess with their own data and systems as much as they want, but sever their ability to mess with the rest of the world!
0 Votes
+ -
China falls prey to the oldest problem in IT
Cayble 16th Jun 2009
It sometimes makes me wonder what media companies are thinking when they rely on DRM based strictly on software. It doesn't take much of an IT brain to consider that software can always be backward engineered and the fix is just as digital as the software itself and hence can be made available and distributed across the internet, so in short order most any one who has the desire often has several methods of circumventing the software based DRM at their disposal. The end result is that these software based DRM solutions often simply just become more and more onerous on the user in an ill conceived attempt to foil the crackers and while it never appears to foil the crackers for long it often provides for numerous problems and unfair restrictions on the honest users. In other words its always a case of the producer feeling their interests so outweigh the interests of their customers that they feel free to indulge in all sorts of DRM experimentation no matter what the negative impact is on the average user.

Now we have the Chinese government looking toward a software based internet censorship protocol. And just as the media companies have found with the software based DRM the Chinese government is going to find no better luck in successfully censoring any real or meaningful portion of the net or the Chinese people. Already we see one of the first concerns in installing any particular software on virtually "all" systems. If there is a security flaw in the software everyone gets it, and with wide spread adaptation of a security flaw it inevitably draws attention from a multitude of hackers desiring to exploit a lot of computers. Despite the ludicrous counter arguments of many, one of the well known reasons for Windows suffering so many exploits is that its common knowledge that Windows is on the vast majority of computers so its a "gimme" that hackers will hunt down vulnerabilities in Windows because they know if they find one its going to exist in the vast majority of computers, and hence, it's a vulnerability with value. Likewise with any program that is known to exist on multiple millions of computers, in the case of this Green Dam eventually hundreds of millions of computers.

And in the end, how likely is it that there is nobody in China itself, never mind the rest of the world, who will not figure out quick work around to effectively thwart the censoring abilities of Green Dam? I suggest that its likely already been thwarted and in the end, it is just another layer of junk a self interested entity has arbitrarily decided to foist upon a segment of the public in a reckless desire to promote their own interests at any cost to the end user.

It's interesting to see that the trait of self interest over any concern of others is so ingrained in some entities that it not only involves corporate greed but even draws the interest of entire governments. Ludicrous, and pointless.
0 Votes
+ -
China and Copyright!?! lol
Tommy S. 16th Jun 2009
Do I even need to point out the Chinese culture of respect for copyrighted material... Poor poor Chinese, the evil western civilisation is reverse engineering their own botched crapware.
0 Votes
+ -
Filtering software
Greenknight_z 17th Jun 2009
Hasn't anyone told them, that stuff doesn't work? Especially in a country with as many hackers as China, ways to defeat the filters will be universal knowledge in no time.
0 Votes
+ -
That what I'm wondering..
JCitizen Updated - 17th Jun 2009
they try to break into my gateway, the IP is identified as a military industrial site(doubt if any hackers get away with anything that the goverment doesn't know about there!), they attack government sites, and then blame individual "hackers"!

Makes me wonder how many of them are on the government payroll and how many are actually free lancing?!
0 Votes
+ -
RE: China confirms security flaws in Green Dam, rushes to release a patch
birumut Updated - 2nd May 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix