Chinese Govt Spyware Puts Computers At Risk

← Back to Stories (view on slashdot.org)

Chinese Govt Spyware Puts Computers At Risk

Posted by CmdrTaco on Thursday June 11, 2009 @02:00AM from the big-brother-speaks-mandarin dept.

Ihmhi writes "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted." I'm sure it only gets better after that.

7 of 110 comments (clear)

Min score:

Reason:

Sort:

Security 101 by sakdoctor · 2009-06-11 02:06 · Score: 4, Insightful

Do not write any code that could intentionally be used to DDOS your ass.
But seriously, this is great. It's going to be one hell of a show when it gets cracked.
Re:Is the software available to download anywhere? by sakdoctor · 2009-06-11 02:12 · Score: 4, Insightful

Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Epic lulz would have to be redefined from then on.
What are you calling a "flaw"? by Bander · 2009-06-11 02:14 · Score: 3, Insightful

I hardly consider the lack of Mac or Linux versions a "flaw". In fact, I consider that one of the few positive aspects of the software.

--
What we need more of is science!
Re:So this is a good thing by tattood · 2009-06-11 03:02 · Score: 2, Insightful

First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in. If anything, they would modify the files themselves, and then have their firewall/cache systems return their modified versions instead of the real version. Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of ways that Chinese people can get a hold of "un-tainted" Linux distributions.

--
WTB [sig], PST!!!
Re:Is the software available to download anywhere? by drinkypoo · 2009-06-11 03:37 · Score: 4, Insightful

Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Wouldn't it be more fun to use the gaping flaws to build a botnet, DDoS various targets and blame it on China?

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Your friendly Chinese government official here. by Opportunist · 2009-06-11 05:44 · Score: 2, Insightful

it's only there for those who want to use it.
for now.
Salami technique and boiling the frog ain't new for governments. For now it's "only humanitary" or "only to catch terrorists/pedophiles/boogieman_of_the_month", but when it's in place and we have "wide acceptance for it", why not use it for more? Or, in this case, make it mandatory since "so many thought it's a great thing" (read: didn't know about it and/or don't care enough to stink up a storm).

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:Elephant by Opportunist · 2009-06-11 05:54 · Score: 2, Insightful

Being "secure" would not make the whole thing any better, it would still be a huge blow against freedom of speech (despite the lack thereof in China anyway) and the freedom of the net. But it raises another concern that our govermnemts might take into account before pulling a similar crapstunt (I'm fairly sure they have something like this planned already. Freedom of speech ain't just a threat to governments in China...).
Whenever you mandate some software to be installed, especially if this software is to offer connections to the outside world or is to communicate with a server, you open a security hole in a system. Worse, one that the user is not informed about and cannot plug because he is required to keep it open.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.