Feeds

Security holes poked in Chinese compulsory PC filter plan

Green Dam it all

Protecting against web application threats using SSL

Plans to mandate the use of a particular brand of censorware software in China pose a grave security risk, security watchers and net privacy activists warn.

All PCs shipped to China from July 1 2009 onwards will be required to bundle a locally brewed application called Green Dam Youth Escort in order to prevent access to "harmful content". The parental control/censorship software, developed by Jinhui Computer System Engineering, will be used to block access to porn as well as politically sensitive content, in conjunction with server-side and ISP-level filters (the so-called Great Firewall of China) already in place.

By creating a software monoculture the Chinese authorities are creating a risk that a vulnerability in the software, providing it was serious enough to allow remote code injection, could be used to create a huge botnet. More subtle flaws might also be used to create targeted attacks on government computers - a factor that is unlikely to pass unnoticed down at the NSA.

And the whole exercise might be of limited use anyway, because early versions of the software work only IE or Google Chrome on Windows. According to collaborative tests, carried out in China and summarised by Global Voices here, the software fails to work with Firefox. The software - already widely deployed in China - is incompatible with Mac or Linux machines.

Other reported problems include suggestions that the Green Dam Youth Escort is a resource hog, might be high maintenance when it comes to applying upgrades, and has been found to inadvertently block course-related material in schools.

Questions are also being asked about the costs of the software, estimated as costing 41m Yuan in the first year.

Isaac Mao, a research fellow at Harvard University's Berkman Center for Internet and Society, has uncovered other problems with the software. Communications between the systems at Jinhui and client PC running its Green Dam Youth Escort are unencrypted, leaving the door open for man in the middle attacks and clickstream snooping. It could be the system is designed this way to allow the Chinese government to monitor its citizens.

However, Green Dam maintains that its software is "only a filter", the BBC (citing reports in the official Chinese media last year) reports. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.