Slashdot Mirror

← Back to Stories (view on slashdot.org)

China's Green Dam, No Longer Compulsory, May Have Lifted Code

Posted by timothy on from the when-the-levee-breaks dept.

LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.

3 of 116 comments (clear)

  1. Given the situation by Anonymous Coward · · Score: 4, Insightful

    If china PCs had been hammering my servers for updates to their plagiarized software, I'd have called the CIA to see what to slip in next update. Much more fun but oh so less publicity :/

  2. Re:Sounds like Cybersitter contributed by afabbro · · Score: 4, Insightful

    We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.

    I think the most likely scenario is that someone walked out of Cybersitter, Inc. with a thumb drive full of code. I guess you could call that (2), but I think it's more likely that a contractor (or even offshore development team) pinched the code via copy than a team of black hats in Hunan broke into Cybersitter's servers.

    By the way, you might find google's toolbar, which spellchecks, helpful before you compromize and plagurize more posts ;-)

    --
    Advice: on VPS providers
  3. What a waste by theinvisibleguy · · Score: 5, Insightful

    A recent slashdot posting talked about how China had some of the best programmers in the world, you'd think they would be able to program something better than cybersitter let alone just copy some code.