The botnet threat in China's censorship software
Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.
Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.
This message pops up on PCs when the Green Dam software spots banned phrases.
(Credit: University of Michigan)"Once Green Dam is installed, any website the user visits can exploit these problems to take control of the computer," wrote the university's researchers. "This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet." The warning came in a paper published Thursday by researchers Scott Wolchok, Randy Yao, and J. Alex Halderman.
The Green Dam software filters content by blocking URLs and Web site images and by monitoring text in other applications. The filtering blacklists include both political and adult content.
The researchers said that after only one day of testing Green Dam, they discovered programming errors in the code used to process Web site requests. These would result in buffer overrun conditions on all computers running the software, they said.
"The code processes URLs with a fixed-length buffer, and a specially crafted URL can overrun this buffer and corrupt the execution stack," said the researchers. "Any website the user visits can redirect the browser to a page with a malicious URL and take control of the computer."
The researchers built a proof-of-concept program to demonstrate the flaw and said it would crash any computer running Green Dam.
In addition, Green Dam can be used to install any other program on a computer, via a blacklist vulnerability. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer, after installing a filter update.
Chinese government news agency Xinhua reported that Jinhui Computer System Engineering, which developed Green Dam, had said the software was not spyware. "Our software is simply not capable of spying on Internet users, it is only a filter," Jinhui is quoted as saying.
The Xinhua article did not address whether the filter itself could be used to upload spyware.
The University of Michigan researchers recommended that anybody running Green Dam uninstall the software immediately. However, according to a translation of feedback on Jinhui's user forum, teachers and educational establishments have no choice but to use the software.
"Let me say something here," wrote one teacher. "We were forced to install the software. So I have to come to this website and curse. After we installed the software, many normal websites are banned."
Currently, Green Dam is only optimized for Microsoft's Internet Explorer browser, according to leaked technical specifications posted on the Wikileaks website.
Tom Espiner of ZDNet UK reported from London.
Come on, 80% of Chinese systems are pirated, trojan/botnet infected slag-heaps. Almost every skiddie that knocks on our network is using a machine so out of date I don't even need to /try/ to take them down. Hell, nine times out of ten the username is "Neo" and the password is "Teh0n3"
I say we need to have smart gateway routing at the major intersections of the 'net - keep generic traffic cordoned unmonitored and freely within a country/ip region, however there should be IDS/IPS monitoring of traffic targetting another country - especially from such a prolific ******** as China.
"Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws,"
Is this software only available on one OS platform? Or is it available for all the current popular flavors?
If it's just one, then the government will not only dictate what sites you visit, but also what OS you are running?
Wow.
I would think this censorshipware would be available on all major platforms Dan, unless they're not only blocking all *nix related websites but also preventing Apple from doing business within it's borders (not to mention the clones of course). It would simply be far easier to hack this junkware onto other platforms and force it down everyone's throats.
It's likely going to be a sort of proxy firewall client that requires you to connect through an approved server that can monitor/filter what you have access to. Attempt to connect without this server and you don't get any routing of traffic at all.
It's the same idea as many company network setups, just on a bigger scale. And when all the ISP's are controlled by the government, you can't really easily bypass them. Not without going through something like a satellite uplink or such.
I'm glad I live in democracy.
Do they block downloading Opera, Chrome, Firefox, etc.?
And, let me guess... Windows only?
- by mraandthebigbrother June 15, 2009 10:23 PM PDT
- That Green Wall Filter Dam is a Sttt! It cannot browse International websites.
- Reply to this comment
-
(13 Comments)That will be it's BIGGEST BLOOPER on this software and is developer.