China's Green Dam-Youth Escort censorship initiative is facing hurdles as some schools and Internet cafes either don't have the software or have uninstalled it.
Initially required for all new PCs when it was introduced in June, the Chinese government revised its mandate in August and effectively lifted the burden on PC makers to package the so-called content-filtering software in computers. However, the highly controversial software is still required to be installed in PCs used in schools and public places, including Internet cafes.
Green Dam is one of many tools the government uses to control Internet content.
Read more of "Green Dam enforcement watered down" at ZDNet Asia.
China has indefinitely delayed enforcement of a requirement that PC makers preinstall Green Dam-Youth Escort software that experts believe would have screened not just Internet pornography but also some online political content.
Green Dam allows users to specify categories of sites to block.
(Credit: University of Michigan)The reprieve, announced by China's Ministry of Industry and Information Technology, according to reports in The New York Times and the Associated Press, came just one day before the preinstallation rule was to go into effect.
But thus far the reprieve appears temporary: the ministry said the delay will give computer makers more time to comply with the rule, and the government also will continue to equip school and cybercafe computers with the software, according to the New York Times report.
Experts have warned that the Green Dam software poses security risks, and last week, the U.S. Trade Representative protested that Green Dam violates World Trade Organization rules
PC makers had been cagey about their plans to comply with the rule to install the software. Technical and other objections must be weighed against business concerns, and China is a large and growing market. Companies that deal directly with Internet content have been in the hot seat for years, and Google has had to wrestle with new Chinese censorship requirements this month.
The content-filtering software the Chinese government wants installed on all PCs sold in that country beginning next week was poorly developed and puts users at risk of having their computers compromised, a security expert who examined the code said on Thursday.
The Chinese government is requiring that all PCs include the Green Dam-Youth Escort software to block pornography, but it also blocks access to content related to violent computer games, illegal drugs and political speech, said Ben Feinstein, director of research at SecureWorks, a managed security service provider.
Critics are worried that the Chinese government could use Green Dam, a free download, to block all kinds of content and monitor online activities of users, as well as worried that the software could allow for a massive botnet to be created, either by cybercriminals or the Chinese government itself.
Feinstein and colleagues at SecureWorks' Counter Threat Unit examined the Green Dam code earlier this month and found that it uses a variety of unsafe programming practices that have been banned at Microsoft and other U.S. companies, he said.
An example is the use of Strcpy, or string copy, a library function in the C programming language that copies memory from one buffer to another, according to Feinstein. If the copied string doesn't fit in the destination buffer, it will overwrite memory and can be used in a buffer overflow attack.
"This software appears to be of low quality and to have not been developed with a secure methodology," Feinstein said. "It likely suffers from a whole host of problems."
The way Green Dam is designed to inspect all Internet traffic coming into and going out of a PC means more parts of the code are exposed to potential attack compared with programs that are more limited in scope and process less data, he said.
In addition, having the software on all PCs in China, as mandated, would create a huge install base and be an attractive target for attackers who could attack millions of computers by targeting just this one program, Feinstein said.
China historically has censored the Internet using filters on the network, blocking access to pages that deal with politically sensitive subjects like Tiananman Square, Falun Gong, and Tibet. Installing filtering software on the end-user computers will make it easier to block content than doing it in the network, according to Feinstein.
"You get efficiencies of scale if you push the filtering down to the end point rather than inspect huge Trans-Pacific pipes entering and leaving your country," he said. Green Dam was published by Jinhui Computer Systems Engineering, which is run by a former officer of the Peoples' Liberation Army, he added.
Researchers at the University of Michigan issued a report two weeks ago that found two major security vulnerabilities in Green Dam that could allow someone to remotely take over a computer running the software. The software was later updated and patched, according to an update to the report issued a week ago, however the researchers said they had discovered an additional security hole that remained unfixed.
Separately, a security researcher said he had released on a public Web site an exploit for a buffer overflow that remained unpatched in the Green Dam update.
An exploit for a flaw in censorware mandated by the Chinese government has been made publicly available for download on the Internet.
The buffer overflow flaw exists in the latest, patched version of Green Dam, 3.17, according to security researcher "Trancer," who claims authorship of the attack code.
"I wrote a Metasploit exploit module for Internet Explorer, which exploits this stack-based, buffer overflow vulnerability in Green Dam 3.17," Trancer wrote in his Recognize-Security blog. "I've tested this exploit successfully on the following platforms: IE6, Windows XP SP2, IE7, Windows XP SP3, Windows Vista SP1."
The attack code, which has been posted to the Milw0rm Web site for proof-of-concept exploits, has been circulating in the wild for a week, according to security consultant and ZDNet blogger Dancho Danchev.
The Chinese government has ordered Green Dam censorware, billed as a pornography filter, to come preinstalled on all PCs sold in the country beginning July 1. Jinhui Computer System Engineering, which produces the software, patched Green Dam after a team from the University of Michigan exposed a buffer overflow flaw in it.
Last week, the researchers said in an addendum to their original paper that despite this patch, the software remains vulnerable to buffer overflow attacks, which indicates that Green Dam's security problems "run deep."
Green Dam intercepts Internet traffic using a library called SurfGd.dll. Even after the patch, SurfGd.dll still uses a fixed-length buffer to process Web site requests, the researchers explained. Malicious Web sites could overrun this buffer to take control of the execution of applications on a target computer.
"The program now checks the lengths of the URL and individual HTTP request headers, but the sum of the lengths is erroneously allowed to be greater than the size of the buffer," wrote the researchers. "An attacker can compromise the new version by using both a very long URL and a very long 'Host' HTTP header. The pre-update version, 3.17, which we examined in our original report, is also susceptible to this attack."
Green Dam is also vulnerable to a blacklisting flaw, identified by University of Michigan researchers Scott Wolchok, Randy Yao, and J. Alex Halderman, which could allow third parties to upload malware via an innocuous-seeming update.
Western security experts have greeted the censorware with criticism. Bruce Schneier, BT's chief security technologist, told ZDNet UK the software could allow the creation of a massive botnet, either by Web criminals or even by the Chinese government. "Suddenly you have an army of a couple of billion computers," said Schneier. "This should worry all of us."
Tom Espiner of ZDNet UK reported from London.
Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.
Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.
This message pops up on PCs when the Green Dam software spots banned phrases.
(Credit: University of Michigan)"Once Green Dam is installed, any website the user visits can exploit these problems to take control of the computer," wrote the university's researchers. "This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet." The warning came in a paper published Thursday by researchers Scott Wolchok, Randy Yao, and J. Alex Halderman.
The Green Dam software filters content by blocking URLs and Web site images and by monitoring text in other applications. The filtering blacklists include both political and adult content.
The researchers said that after only one day of testing Green Dam, they discovered programming errors in the code used to process Web site requests. These would result in buffer overrun conditions on all computers running the software, they said.
"The code processes URLs with a fixed-length buffer, and a specially crafted URL can overrun this buffer and corrupt the execution stack," said the researchers. "Any website the user visits can redirect the browser to a page with a malicious URL and take control of the computer."
The researchers built a proof-of-concept program to demonstrate the flaw and said it would crash any computer running Green Dam.
In addition, Green Dam can be used to install any other program on a computer, via a blacklist vulnerability. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer, after installing a filter update.
Chinese government news agency Xinhua reported that Jinhui Computer System Engineering, which developed Green Dam, had said the software was not spyware. "Our software is simply not capable of spying on Internet users, it is only a filter," Jinhui is quoted as saying.
The Xinhua article did not address whether the filter itself could be used to upload spyware.
The University of Michigan researchers recommended that anybody running Green Dam uninstall the software immediately. However, according to a translation of feedback on Jinhui's user forum, teachers and educational establishments have no choice but to use the software.
"Let me say something here," wrote one teacher. "We were forced to install the software. So I have to come to this website and curse. After we installed the software, many normal websites are banned."
Currently, Green Dam is only optimized for Microsoft's Internet Explorer browser, according to leaked technical specifications posted on the Wikileaks website.
Tom Espiner of ZDNet UK reported from London.
Updated 3:15 p.m. PDT April 14 with Amazon saying the problem has been fixed and 2:15 p.m. with insider saying it was manual error by Amazon worker in France and 9:45 a.m. with background on Weev and comment from sources who say he is most likely not involved in the Amazon incident.
Amazon got blasted by gay rights groups this weekend after gay and lesbian book titles were delisted from its site. Was it an internal glitch, as Amazon claims, or is an Internet troll with a vendetta responsible?
Amazon spokeswoman Patty Smith told CNET News on Monday that the "glitch" was being fixed, but declined to elaborate. (By Tuesday afternoon the problem was all fixed, she said.)
"This is an embarrassing and ham-fisted cataloging error for a company that prides itself on offering complete selection," she wrote in an e-mail statement.
"It has been misreported that the issue was limited to Gay and Lesbian themed titles--in fact, it impacted 57,310 books in a number of broad categories such as Health, Mind and Body, Reproductive and Sexual Medicine, and Erotica," the statement said. "This problem impacted books not just in the United States but globally. It affected not just sales rank but also had the effect of removing the books from Amazon's main product search."
However, a Live Journal blogger with the alias of "weev" claims he did it to cause an outrage among the gay community, which he alleges has repeatedly flagged his online ads on Craigslist as inappropriate.
"I guess my game is up! Here's a nice piece I like to call 'how to cause moral outrage from the entire Internet in ten lines of code,'" he writes on his blog.
Weev said he figured out that he could easily get the books removed from search rankings by reporting them as inappropriate through a link at the bottom of the book page. He also claims he wrote code to identify all the gay and lesbian metadata-tagged books on Amazon and grab their IDs. He then hired people outside the U.S. to register new accounts en masse to help push the books out of the system, he said.
"Now from here it was a matter of getting a lot of people to vote for the books," he wrote. "The thing about the adult reporting function of Amazon was that it was vulnerable to something called 'cross-site request forgery.' This means if I referred someone to the URL of the successful complaint, it would resister as a complaint if they were logged in. So now it is a numbers game."
Amazon's Smith dismissed the claim and insisted the error was internal. She is not alone. Several sources have questioned Weev's account, particularly given his notoriety as an Internet troll, someone who flames others in online discussions and is intentionally disruptive on the Web.
Blogger Mike Daisey, who worked in customer support and business development at Amazon from 1998 until 2001, wrote on his blog that: "Someone was editing the category systems inside of Amazon.fr, made an error, and that system is global, so it propagated everywhere. I have no insight as to anyone's nationality, or whether it was a language gap, or anything of that nature."
Smith declined to comment on Daisey's explanation.
A Seattle Post-Intelligencer article quotes an unnamed Amazon employee who confirmed the report of manual error. "Amazon managers found that an employee who happened to work in France had filled out a field incorrectly and more than 50,000 items got flipped over to be flagged as 'adult,'" the source told the newspaper.
Blogger Bryant Durrell said he tested out Weev's concept and doesn't believe it is legitimate, partly because of buggy code.
"Summation: nope, you didn't do that, you liar you. Nice meta-troll, though," Durrell wrote on his blog.
"The really interesting thing about the troll is that he's right even if he didn't do it. The vulnerability he describes exists anywhere you make automated decisions based on third-party input."
Among the more than 1,500 products on Amazon that have been tagged "amazonfail" are "Lady Chatterley's Lover" and "Brokeback Mountain."
(Credit: Amazon)Skype's president said that the company was largely unaware of a major security breach affecting Skype users in China.
In a blog published Thursday, Josh Silverman, Skype's president, explained he did not realize that TOM-Skype, Skype's partner in China, was logging and storing users' instant messages that were deemed offensive by the Chinese government.
He said the company knew that instant-messaging chats were monitored by the government, as all communications in China are. And he explained that Skype disclosed this to users in 2006, explaining that a text filter was being used to block certain words in chat messages. But he added that his understanding was that messages deemed unsuitable were "simply discarded and not displayed or transmitted anywhere."
"It was our understanding that it was not TOM's protocol to upload and store chat messages with certain keywords," he writes in the blog. "And we are now inquiring with TOM to find out why the protocol changed."
Earlier this week, Canadian researchers at the Citizen Lab at the University of Toronto published a report in which they said that "TOM-Skype was censoring and logging text chats that contain specific, sensitive keywords and may be engaged in more targeted surveillance."
The report also said the service was logging and capturing millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users. In addition, TOM was storing this information in a way that was inadequate in protecting the privacy of TOM-Skype users, the report said.
Silverman said that once Skype became aware of the problem it contacted executives at TOM, and the security issue regarding stored personal information has been resolved. But he also noted the company's concern that TOM has been storing this information.
"We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach," he said. "In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM."
Silverman pointed out in his blog that TOM, like all other ISPs in China, is required by the Chinese government to monitor all communication. And he said it is "common knowledge that censorship does exist in China." Keywords that triggered action included words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party.
But he tried to reassure Skype users that Skype's computer-to-computer voice calls are completely secure.
"(The security breach) does not affect communications where all parties are using standard Skype software," he said. "Skype-to-Skype communications are, and always have been, completely secure and private."
TOM-Skype, eBay's joint venture in China, is recording customer text chats and censoring them if they contain certain keywords related to topics the government deems objectionable, according to a report released on Wednesday (PDF) by researchers in Canada.
"TOM-Skype is censoring and logging text chat messages that contain specific, sensitive keywords and may be engaged in more targeted surveillance," the report concludes. "What is clear is that TOM-Skype is engaging in extensive surveillance with seemingly little regard for the security and privacy of Skype users. This is in direct contradiction of Skype's public statements regarding their policies in China."
The keywords that trigger action include words related to Taiwanese independence, the banned religious group Falun Gong, and political opposition to the Chinese Communist Party, says the report from the Citizen Lab at the University of Toronto.
The service also routinely logs and captures millions of records that include personal information and contact details for any text chat and voice calls placed to TOM-Skype users, including calls from Skype users, the researchers found.
Not only is the data collection suspect, but there are inadequate safeguards to protect the privacy of the TOM-Skype users, according to the report. The records and information needed to decrypt the log files are kept on servers that are accessible by the public.
"This is the worst nightmares of the conspiracy theorists around surveillance coming true," Ronald J. Deibert, an associate professor of political science at the University of Toronto, told The New York Times. "It's X-Files without the aliens."
Representatives from eBay did not immediately respond to e-mails seeking comment on the report.
- prev
- 1
- next
