Slashdot Mirror
Cambridge Breached the Great Firewall of China
Darren Rayes writes to mention a ZDNet article on Cambridge academics' claims that they have breached the great firewall of China. They also claim that by misusing the firewall they can launch DDoS attacks against IP addresses behind the wall. From the article: "The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. By forging the source address of a packet containing a 'sensitive' keyword, people could trigger the firewall to block access between source and destination addresses for up to an hour at a time."
With enough people working on it, we can temporarily block the entire country from the rest of the Internet. How's that for a fourth of July?
What about those inside China using those exploits for legitimate ends?
Is Cambridge indirectly helping the Chinese government to fix firewall issues?
Are Cambridge researchers after fame at the expense of the freedom of the Chinese people?
Better they do it from the outside then the Chinese government find the guys doing it from the inside.
Weird, I didn't know there were many mongolians at cambridge...
How exactly does a stateless IDS block connections for up to an hour? Are there other components to the firewall I'm not aware of, or does stateless mean something else these days?
and try to have the law breakers extradited?
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
An "active" spamfilter that automatically shoots down chinese spammers. The IP gets blocked off for an hour and can't spam anyone at all outside china.
Of course at the same time I can think of a million abusive applications for this...
I wonder what the chinese government would do if groups of individuals from around the world used techniques like this to DDoS the firewall. I highly doubt that they could get their population to accept them completely shutting off access to the outside world, and a stateful firewall would be considerably more expensive, assuming they wanted to keep their same (terrible) level of performance.
What does slashdot think about this?
If the firewall looks for keywords in individual packets, wouldn't ruthless packet fragmentation (i.e. breaking up the TCP stream into many, many minimum-size packets) work at getting around it? That way no one keyword would be left whole.
☠
...what would happen if I sent some packets from google.com to google.cn, containing words like 'democracy' and 'Falun Gong'.
As far as I understood it, the point is that the wall blocks out IPs outside of China that try to send "sensitive" data into China.
Not a big deal either. Just send the IP Address of any mailserver you want to protect with a packet containing something "sensitive".
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I can't imagine why anyone would choose a stateless firewall over one the preforms stateful inspection on all traffic. There are so many options available (pix, checkpoint, or just a well built iptables system), it would seem you'd have to work at finding something stateless.
Should china's firewall be slashdotted so that it can't work anymore and therefore allow the people of china a free internet? (free as in not censored).
-ed
So you see what had happened was....
Your signature fits so well with that comment.
So you mean it works as a spam filter as well, assuming that somebody sends spam with "Falun" in it?
(so many blocked words in this page... but I'm in Seattle.)
☠
DDoS is using multiple computers to "flood" a target off the Internet. This would be a plain DoS attack using a software weakness to deny service.
I highly doubt that they could get their population to accept them completely shutting off access to the outside world
Er, exactly which China are we talking about here. If the population don't accept things then they get run over by tanks.
init 11 - for when you need that edge.
Well done on writting a 'how-to' on pointers to make the firewall better. Im sure people out there new these things, and used them to their advantage. Now all holes will be plugged and even more censorship will rein in China. You have now had your 15mins of fame.
Insecurity by obscurity.
www.PeenieWallie.com
Chinese firewall is nothing - try getting through the Saudi firewall. As I understand it, the Chinese are at least a bit less modest about what is banned, so you should be able to at least get some legit porn sites through Chinese internet. However Saudi internet would block not just porn sites, but womens rights websites, womens magazines websites, even medical sites - anything that would display a photograph or illustration of a naked woman or man was stricly banned. Even it was just part of a human body, i.e. shoulders up.
That would mean that I could actually fight those ssh bruteforce zombies that apparently make up 95% of KorNET.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
Well, it would suffice if you sent from the mail server a reply to the spamming IP Address containing any 'sensitive' keywords, if I got that right. Of course, if it's less traffic than the flood of RSTs you get from the firewall is a different matter...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It's not something that is trivial to fix. Others can do a better job of explaining why, but for now, suffice it to say that it'd require a significant effort on the part of the Chinese Gov't.
Maybe it can be fixed in The Great Firewall of China v2.0
[Fuck Beta]
o0t!
I think there are some good points to the existence of the firewall. While the firewall itself is a bad thing, no doubt, the fact that the Chinese have access to the internet at all is a huge step forward for them. We're talking about a country that was totalitarian for centuries, with virtually no interest in or comprehension of indivdiual human freedoms.
It also speaks to the power of the internet's design. Here is a nation notorious for its control of information, and the techniques they use are easy to discover, and possible to circumvent. If China can't restrict the internet, then there's hope that other governments and maybe even multinational corporations won't be able to pull it off either.
With luck, the firewall will become an irony of the past, as the importance of human dignity becomes apparant to the Chinese government.
Clayton, speaking at the Sixth Workshop on Privacy Enhancing Technologies in Cambridge last week, said that the researchers had reported their findings to the Chinese Computer Emergency Response Team.
So the PRC dictatorship was directly told how to make their firewall better.
Way to go!
Now China will have to build a really, really big stateful firewall. Probably something like AOL's cacheing server.
...half a dozen of the other.
Certainly TFA suggests that the DoS attack could be used against chinese government computers, but this could also be used against chinese citizens. An exploit is, after all, an exploit. So I would suggest that in the case of the DoS attack, reporting it to the appropriate people - in this case the Chinese authorities - was the right thing to do.
Unfortunately, in this case, the very flaw that allows a DoS against machines within China also permits those inside the firewall to ignore the resets sent back, so by reporting the DoS, they've also reported how the censorship can be circumvented. (or, by discovering the censorship circumvention they've unfortunately stumbled upon a DoS attack).
In this case, I really don't think that there is a One True Answer.
The ways of gods are mysteriously indistinguishable from chance.
When a bunch of ninjas rough up the geeks in Cambridge, don't be surprised.
Their research is concerned with DRM ass hat tactics and such...pity!
The way things are going, AOL will probably have an equivalent firewall in a few years time. Then they can rent it out. Hooray for the free world.
Well done on writting a 'how-to' on pointers to make the firewall better. Im sure people out there new these things, and used them to their advantage. Now all holes will be plugged and even more censorship will rein in China. You have now had your 15mins of fame.
This is the same old tired argument we hear here on Slashdot over and over again. Expose the flaws and you either 1) alert the hackers on how to expose them or 2) Allow the admins to patch them. It's funny how depending on your political ideology, people will swing either way. How about a consistent opinion in favor of revealing flaws? Those who favor security by obscurity deserve neither.
So... If someone would send one of those keywords to a huge chinese chat channel that is hosted outside of china, all the chinese people will be disconnected from that server?
(chat server hosted outside of china, because else, i guess, just you will be disconnected from the server)
Kaetemi
How does anyone know what he looks like, so as to be offended at it? Can you draw a picture of anyone and just say it is Mohammed? Meanwhile, it sure seems like giant images of other muslims are popular (political posters depicting various imams, etc).
Go ahead, mod me down.
Couldn't the Chinese government view this as an act of terrorism? In the interest of national security the Chinese government will start an ambiguous "War on Terror" after the the US "War on Terror" and "War on Drugs" which are _also_ unwinnable and declared solely to keep the ruling party in power via fear.
It's entirely proper for these two arguments to be inconsistent, because they have completely opposite goals. Neither is favoring security by obscurity.
Those who want exposure of flaws want security, and know that security by obscurity never works.
Those who favor insecurity - and in the case of the Chinese firewall that's a completely understandable desire, know that insecurity by obscurity always works.
This space available.
Is it just me, or does it seem rather unkind to go about declaring, "Look at me! I just conducted a cyber-attack against China!" Hey, I'm no fan of China's government or censorship, and I am aware that China have tried to attack other countries' computers, but two wrongs don't make a right. Unless we're doing something defensive to ward off an attack from China, I see little point in taunting them and giving them reason to tighten security even further. It just doesn't seem right.
Interesting how people are still using MS DoS!
I know, I know...
This is not helping China. They know how their firewall works, they built it. They also know where Cambridge University is (unlike half the readers of Slashdot).
Slashdot is helping China by bringing the article to their attention.
This has been circulating in the security blogs for a week now. There are basically two schools of thought. One is that we might fix the IP stack to ignore/filter out RST packets. The second is that we might make it easier to turn on SSL.
Rather than monkey about with changing the protocols to ignore RST we would probably do better turning on SSL encryption on Wikipedia &ct with some cheap domain authentication certs.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
How about a consistent opinion in favor of revealing flaws?
So you want 100,000 unrelated people to come to a consensus? I can't get 10 people to agree where to go to lunch.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
remember when the chinese tanks crushed the students in tienanmen? well those of us in the free world should be doing all we can to help the chinese people resist the censorship and oppression of their government.
I'm in china and i need a program to exploit this, bad! is there any?
and somebody please DDoS the chinese government asap!
MikMik Baby Organics Mikkaworks
There's a reason people never agree on security through obscurity. Hell you've generalized that people believing in it don't like public disclosure. I personally feel it can deter script kiddies as their scripts occasionally look for banners, etc. There are cases it can help. Not everyone is smart enough to use a program to determine OS type, or other fingerprinting strategies.
I think these researchers just proved once again that nothing is uncrackable. The idea of security is similar to the titanic. Its unsinkable until everyone owns your box. Don't make fun of the security through obscurity camp.. even if it can be futile at least we try something. (i also patch like crazy, run firewalls, review logs, etc)
I don't mind public disclosure as long as the company gets time to patch the product (up to 30 days). Since we're talking about china, well zero day is fine.
MidnightBSD: The BSD for Everyone
obviously, you don't see how these two things are entirely different. whereas the saudi people are being blocked in their attempts to get out to talk to and see the human body (etc), the chinese govt would just be protecting their own citizens from content that is considered dangerous by members of the ruling party. it isn't blocked because the chinese govt just feels the people shouldn't be aware of these thoughts at all.. they just don't want their constituents (well, sort of) to be shocked and outraged by the freedom of the outside world :p
It appears the link to the source is missing - I first read about it last week on Schneiers blog, linking ot the original blog post found here:
o ring-the-great-firewall-of-china/
http://www.lightbluetouchpaper.org/2006/06/27/ign
And for all the details, the paper to be presented is here:
http://www.cl.cam.ac.uk/~rnc1/ignoring.pdf
I think the interesting thing is that by configuring our end to ignore the invalid resets from the Great Firewall of China we can aid the distribution of otherwise censored material.
DDoS attacks against the GFC seems not to be that easy, as the article mentions the GFC is not one giant router at the backbone, but rather smaller machines closer to the end stations - the firewall is distributed accross an unknown number of gateways.
The Terrorist Song
by Usurper_ii
(Sung to the tune of Python's The Lumber Jack Song)
I'm a terrorist and I'm OK
I read at night and I work all day.
The Government:
He's a terrorist and he's OK
He reads at night and he works all day.
I read a lot and I seek the truth
I go to the lavatory.
After OKC, I saw some things that didn't make sense to me.
The Government:
He doesn't believe our story about OKC,
We monitor when he goes to the lavatory.
On Wednesday night, he went to an unapproved web site.
Chorus:
He's a terrorist and he's OK
He reads at night and he works all day.
When, after 9-11 didn't all add up,
I met with others on the net, to talk it up.
The government:
He didn't believe our story about 9-11.
We followed him to unapproved web sites after hours.
In our report, well say he had bomb-making materials under his sink.
Chorus:
He's a terrorist and he's OK
He reads at night and he works all day.
I don't think a plane hit the Pentagon.
I think the World Trade Center buildings fell all wrong.
I wish I could convince my dear ol' mom!!
The government:
He's a terrorist and we're going to make him pay?!
We read his e-mail and didn't like what he had to say?!...
Just me:
I wish I'd been born, back when America was really free!!
The Government:
He's a terrorist and we're going to make him pay
He reads the Constitution and knows his rights.
He's just like McVeigh, Bin Laden, and al-Qaeda!!
Chorus:
He's a terrorist and he's OK
He reads at night and he works all day.
Ron Paul
It'll get fixed. The PRC government went to a lot of trouble & expense to put the firewall in place. No expense will be spared to surpress freedom. That's a Chinese tradition which predates the PRC by about a thousand years.
No one is arguing that security through obscurity is a good tactic for achieving security. The point is that people who support freedom of speech etc. don't want the "great firewall" to be secure. By pointing out flaws in the firewall to the Chinese government, you're merely helping them to suppress the flow of information within the country. It's very likely that people inside China are well aware of the weaknesses that currently exist in the firewall. It's also quite likely that they're using some of these weaknesses to gain access to information that the Chinese government would normally censor.
read about breaking of stateful packet filters
go to http://larytet.sourceforge.net/howto.shtml Scroll approx two pages down to the words "To Shaw Fiberlink users:"
Funny, I wrote that this morning, and ever since then, I can't help but envision ended up in some sort of scene right out of My Cousin Vinny, where I'm sitting in front of a judge saying "I wrote 'I'm a terrorist!' ... I wrote 'I'm a terrorist?!?!'"
Only the bad part is, unlike in My Cousin Vinny, there is no jury and my trial is in secret.
Usurper_ii
Ron Paul
I'm sure Cisco will be happy to help them out. Again.
Ya know, I didn't think of that.
It's worth exploring. Maybe someone else can answer that question.
[Fuck Beta]
o0t!
If a well-known Chinese university did anything like that to UK networks, the UK government would be screaming "cyberattack" and "cyberterrorism".
What TV cameras? We're lucky that photos managed to get out of there, the Chinese secret police were assaulting, detaining, and destroying the film of journalists. The film that did get out was smuggled out.
And the line of tanks stopped because the single person driving the lead tank didn't know what to do. It wasn't a policy decision handed down by the PLA to not hurt anyone because of cameras. They had just finished killing dozens, possibly hundreds of innocent people. They were shooting automatic rifles into crowds of people in the middle of the street.
I personally feel it can deter script kiddies as their scripts occasionally look for banners, etc.
WTF? The scripts look for banners? Why? So they can do click-fraud?
The idea of security is similar to the titanic. Its unsinkable until everyone owns your box.
WTF? Is that some sort of innuendo about the Kate Winslet, because I don't recall anyone "owning" the Titanic.
When information is power, privacy is freedom.
(chuckle)
"It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
I'm not sure that outsiders blocking their people from getting out of the great firewall would be much of a concern to them. They can always tell them the evil capitalists are just out to destroy their utopia. ;p
The banner can tell you program version information and sometimes the host OS, machine architecture and running modules. Apache's webserver banner is a good example. It can, if set up to, tell you the version of apache, the version of PHP, the host OS kernel revision, and what processor is hosting that OS. That's a lot of information that really isn't necessary. Usually it's displayed when a ErrorDocument handler returns a 404 itself.
Slashdot is proof that Sturgeon's Law applies to mankind.
How do you know that the AC you're replying to doesn't have a consistent opinion in these matters?
While I do from time to time argue that slashdot as a whole holds certain opinions, even I don't try to argue that any individual slashbot necessarily holds any of them.
It's official. Most of you are morons.
On the chinese side who receives multiple packets telling him he has been searching for contraliterature?
Some amused little craphead from whereever in the world floods this firewall and lets it log thousands of illicit requests for the info from an internal address leaving some poor chinese family to try and tell the police it wasn't them.
liqbase
Crud, an entire joke shot to crap because I forgot one apostrophe.
Usurper_ii
OWED TO THE SPELL CHECKER
I have a spelling checker --
It came with my PC.
It plane lee marks four my revue
Miss steaks aye can knot sea.
Eye ran this poem threw it,
Your sure reel glad two no.
Its vary polished in it's weigh,
My checker tolled me sew.
A checker is a bless sing,
It freeze yew lodes of thyme.
It helps me right awl stiles two reed,
And aides me when aye rime.
To rite with care is quite a feet
Of witch won should be proud.
And wee mussed dew the best wee can,
Sew flaws are knot aloud.
And now bee cause my spelling
Is checked with such grate flare,
Their are know faults with in my cite,
Of none eye am a wear.
Each frays come posed up on my screen
Eye trussed to bee a joule
The checker poured over every word
To cheque sum spelling rule.
That's why aye brake in two averse
By righting wants too pleas.
Sow now ewe sea why aye dew prays
Such soft wear for pea seas!
Ron Paul
Why does China always keep blocking the internet? Seriously, what's the big deal?
Last time I checked, slashdot was a community composed of many people without any sort of governing board or leaders. I'm sure the people posting these opinions are very consistent.
It's information.
They're academics.
Their whole raison d'etre is to learns and share their learning. The information itself is ethically neutral. It can be used for good or for bad.
Your post seems to indicate that political idealogy is trumped by network security ideology. That strikes me as patently false.
In this instance, the most important thing, IMHO, is allowing uncensored internet access to the 1 billion Chinese citizens of this planet. By obscurity, proxies, hacking, whatever - that is far more important than a consistent opinion on whether or not to expose security flaws.
Different situations call for different measures.
Please don't bitch people out for getting facts "wrong" just because they use terms with which you are unfamiliar. "Banners" are not always banner adds, and a metaphor doesn't always have to be extended indefinitely. I wouldn't complain, if you were just very confused, but you had to be a confused pain in the ass.
RIAA and the MPAA, putting the "F U" in "fair use".
When will governments learn? It doesn't matter if you're the USA or China -- it's impossible to filter the internet at the ISP side. It can only be filtered at the client side. Let the mums & dads who have children buy one of the innovative internet filtering programs out there (Net Nanny, etc.), and the rest of us can enjoy the raw & unfiltered internet the way we like it. If we just do it that way, it's a victory for free speech AND good parenting.
I don't understand why Cambridge is so interested in meddling in the affairs of another country. It's a different country, with different laws and culture, their values are not the same as yours, get over it. It's a society that has been around for a long time and I would have thought that it was quite obvious, given China's history, that they clearly do not want to be influenced by the rest of the world. The action undertaken by Cambridge does nothing to help the people of China, it just makes their leaders build a better wall. I can't help but think this is an intellectual jizz fest, if you really wanted to help the people of China wouldn't you be better off focusing on the issues raised by Amnesty International?
Defeating China's National Firewall[slashdot.org]
Wow! They must be genius!
I guess they could break it a million times here before firewall 2.0 is released.
Sometimes this GFC is a big problem for us ex-pats living in China. To us, many things are common things to be searching for (whether it be for schoolwork, jobs, what not), but in some cases, these things trigger off the GFC.
There are major causes for review of the GFC since one of two things will happen:
1) The site is blocked for the next hour or day.
2) Your entire internet connection is FUBARed.
This thing has been going on for quite a while (been here since 2002, probably gone on longer), so any review of the GFC is long due.
Holes they might be, but the performance will suffer if you did it much of any other way. There's
a reason why they did it the way they did- fastest way to accomplish the task without packet inspection
and state slowing down connectivity. Just skim the packet traffic, if you spot one of the forbidden
items in content, you issue disconnects to both endpoints in the middle and kill the link. Now you've
got to do a real firewall and proxy filter- which means they're going to spend a hell of a lot of cash
doing that, which they really, really don't want to do and honestly can't afford cash-wise.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
It's not an accident that many people attributed this to the institutions in Cambridge Mass, not Cambridge England. The fact is, the institutions in Cambridge Mass have had far more impact in technical fields in the last few years than tired old Cambridge University. And no, I'm not in the US, not from the US, and I'm not an American, so you can't call my attidude parochial either.
(Also, I am not saying Cambridge U is a bad place, but I think it's quaint how so many British voices are getting their nickers in a twist over these silly errors by slashdot posters.)
Nonononono - I was chuckling at the line; not the punctuation.
"It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
Uhh. This is something new at Cambridge? The so called "Great Firewall" has been breachable for it's entire existence. It took people all of a few hours to figure out how it works (hint: it's the only solution that can keep up with the traffic => it's not very good). Once you know how it works, you can easily DDoS anyone on the inside of it. I mean, geeze, isn't "new" part of news?
...they'll be more likely to rent it from Google. :(
I'll take a -1 Flamebait moderation now...
(T>t && O(n)--) == sqrt(666)
Better they do it from the outside then the Chinese government find the guys doing it from the inside.
So first they do it from the outside, then the Chinese government finds them doing it from the inside?
a metaphor doesn't always have to be extended indefinitely
It ought to at least last to the end of the sentence in which it is first used - or where you trying to give an example through demonstration?
"Banners" are not always banner adds
Yeah, sometimes they are banner subtracts, occasionally a banner divide by zero too.
When information is power, privacy is freedom.
...who's surprised that the filters allow content with words like "DDoS" through.
IMHO, shoving our values down the throats of other nations is not the way to free the 1 billion Chinese citizens of this planet. My point is stated clearly by your words: "Different situations call for different measures." ...which is another way of saying its ok to be hypocritical. As an analogy, consider some foreign effort to "help" the citizens of the US get around their NSA wiretapped phone calls, or, in a different way of looking at it, some foreign effort to expose a flaw in our phone systems that would allow unauthorized bypassing of such wiretapping capability. Gee golly gosh! That would just wrong! Basically, just about every response to my post points out that revealing the flaw in the Chinese firewall publically has basically made it impossible to exploit it, and since we're not supposed to like the Chinese government, that is a bad thing. My point is that, if for some reason, we were supposed to like the Chinese government, then it would be a good thing. So many people's views here are skewed based on if they like or dislike M$, Linux, China, Bush. I'd rather just leave that bias crap out of it. This topic is about network security -- was the research group supposed to just keep their findings to themselves or let hackers exploit the flaw? If it was a flaw that could be exploited to allow hackers access to YOUR computer, I think you'd be singing a different tune. In summary, your "holier than thou because I care about the Chinese people" rhetoric doesn't hold water. I'm not exactly pro-totalitarianism either, but I've thought my beliefs through enough that atleast I'm consistent in what I believe.
I for one happen to like my cheap textiles. The rest of the free world has to help them rebuild this thing and make it impervious to assault by the malicious forces freedom. It's a direct assault upon sweatshops mass producing the cheap tech toys and fashion acessories we all know and love. Let them know escape it futile!
I've seen moving pictures of that event on Swedish National TV, so there where video cameras shooting that event.
tit for tat. so what else is new?
Ok, so putting some words like "Falun" in the SMTP server welcome message is going to stop all the spam via bulletproof Chinese hosting, right?
I am going to try that!
The firewall, which uses routers supplied by Cisco So there is a security flaw in a top of the line Cisco firewall that can be used for a denial-of-service attack of computers behind it. And no one seems to care.
Somebody hasn't yet dropped all access from China because exhaustive amount of spam and viruses? I think it's time to black-hole (DNSBL, RBL) whole China from rest of the Internet. Let's cut them out and see what the freaking commies think after that.
I'm going to take a very strong position here in my first-ever Slashdot post -- China absolutely should be hacked, on a systematic and worldwide-basis. Their desire to censor a whole country should be opposed on both moral and enlightened-self-interest grounds. But it will be tough at best to beat.
Ironically, the situation is a kind of reverse spam-antispammer set up, in which the folks trying to get through the defenses are the good guys. Amnesty International's Irrepressible.info, while terribly primitive, is at least a start, and I think everybody with a web site should play along and see what happens. A more advanced idea may be found at http://www.monashreport.com/2006/04/17/how-to-beat -chinese-censorship-operation-peking-duck/.
And if the censoring can be used for some kind of DOS, so much the better. Make it as expensive and difficult for the oppressors as ever possible.
To err is human. To forgive is good system design.
Now I understand why they get no Chinese tourists.
nuff said
though need text to beat the lameness filter.
daisy daisy
give me your answer dooooooo
iiiimmm hallffff craaaazyyyyyy overrr myyyy lovvveeeeee ffooooooooooorrrrrrrrr yoooooooouuuuuuuuuuuuuuuuuu
Everyone gets worked up for no reason. This doesn't change a thing. People who wanted to get around the firewall's been doing it for ages using VPN or SSL enabled proxy webpages.
Further more the way the great firewall works makes a lot of sense. Can you imagin the amount of hardware they need to do stateful inspection? You are talking about a country with a lot of internet users.
The whole point of this wall isn't to provide 100% control. It's there to provide some control and to maintain the facade to dumb country fokes. The middle class and others with money don't really care that the country's ran by communists (in name only) nor do they care too much about poor people suffering. So the government don't really care about the middle class finding out stuff. Rather it's the poor people in the country side they are worried about, some of whom still think Mao's alive.
Now with all this BS about the chinese firewall where's the nose and farts about countries who's only export in petrolium? Saudia Arabia is a lot worse then China. You can't even use most IM clients and the connection you do get is dead slow. All being said you don't get your personal stuff searched at customs when entering China. Where as in Saudia Arabia (that if you get a visa) they'll search everthing. Including turning on your laptop to see if you have porn on it and taking your Maxim mag and using a large black marker to color out the skimply dressed women.
How do you know?
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
"Clayton, speaking at the Sixth Workshop on Privacy Enhancing Technologies in Cambridge last week, said that the researchers had reported their findings to the Chinese Computer Emergency Response Team." Does anyone else think that it was moraly wrong to report the test results directly to the Chineese goverment? I'm sure that they would have found out about anyway but why bother with the formality of saying hey there's a problem in technique your using to censor your people?
Okay, you apply the required fix, which means stateful monitoring of packet traffic. Now, instead of a light duty machine monitoring the traffic and issuing connection resets to both sides when it sees a problem item in the content, you now need a massive cluster of machines with load balancing, etc. that will slow down connectivity because it now has to at least keep track of state within itself, more probably act as an intermediary.
They'll spend hundreds of millions of dollars to get there and still miss the target. What they did was clever and cheap comparatively speaking, but it's highly vulnerable to attack once someone figured out how they did it- and it really wasn't a firewall in any normal sense of the word. Doing it the "right" way for a company's one thing- doing it for a country with many OC256's worth of bandwidth is another altogether.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Faggot.
You keep using that word. I do not think it means what you think it means.
Well people from China read Slashdot, right? Or at least I do...
Our fireworks are made in the US, jackass. China may have invented fireworks, but much like everything else on the planet, the US made them better. Just look at www.fireworks.com and see for yourself. And please, next time, think before you speak.
"Patience is not a virtue, it's a waste of time."
good for you for declaring that. you most certainly are. and a bit of a loser as well. learn some english you fucking fucktard. a faggot is a pile of sticks. now get me some salsa, bitch.
You suck. Kill yourself to help progress the species.
Hmmm... so theoretically...
1. send "sensitive" packet from server.mmorpg.com to foo.bar.cn
2. wait...
3. watch all gold/gil/currency farmers timeout?
You're absolutely right that Saudia Arabia and a few other countries are as bad or worse than China.
But China is the most technically sophisticated of the lot. Right now that's because they have lots of engineers; in the future they may roll some of their own technology as well.
Beat the Chinese censors and you probably can beat all the rest that matter too.
What's more, I suspect you'll find that the fraction of people in any given educational/economic class who Really Believe in China is higher than it is in Saudia Arabia. They can train perfectly good engineers in China without exposing them to "harmful ideas" from abroad. But in Saudia Arabia, say, everybody competent pretty much as to go to school in the West, there are few decent natively-written textbooks, etc., etc.
Plus there's the whole military-rival thing ...
To err is human. To forgive is good system design.
naah. I make too much and fuck too much to kill myself. I also bench over 3x my weight. I am the result of the species progression. now, where the fuck is my salsa you lazy fuck?
Where do you live? I'll bring some right over.
375 Oak trails rd., Des Plaines, IL
come on over loser. too bad for you I bench about 450lbs. come on over.