Chinese Govt Spyware Puts Computers At Risk 110
Ihmhi writes "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted."
I'm sure it only gets better after that.
Security 101 (Score:5, Insightful)
Do not write any code that could intentionally be used to DDOS your ass.
But seriously, this is great. It's going to be one hell of a show when it gets cracked.
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Epic lulz would have to be redefined from then on.
What are you calling a "flaw"? (Score:4, Insightful)
I hardly consider the lack of Mac or Linux versions a "flaw". In fact, I consider that one of the few positive aspects of the software.
Re:So this is a good thing (Score:3, Insightful)
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Wouldn't it be more fun to use the gaping flaws to build a botnet, DDoS various targets and blame it on China?
Re:Your friendly Chinese government official here. (Score:3, Insightful)
it's only there for those who want to use it.
for now.
Salami technique and boiling the frog ain't new for governments. For now it's "only humanitary" or "only to catch terrorists/pedophiles/boogieman_of_the_month", but when it's in place and we have "wide acceptance for it", why not use it for more? Or, in this case, make it mandatory since "so many thought it's a great thing" (read: didn't know about it and/or don't care enough to stink up a storm).
Re:Elephant (Score:3, Insightful)
Being "secure" would not make the whole thing any better, it would still be a huge blow against freedom of speech (despite the lack thereof in China anyway) and the freedom of the net. But it raises another concern that our govermnemts might take into account before pulling a similar crapstunt (I'm fairly sure they have something like this planned already. Freedom of speech ain't just a threat to governments in China...).
Whenever you mandate some software to be installed, especially if this software is to offer connections to the outside world or is to communicate with a server, you open a security hole in a system. Worse, one that the user is not informed about and cannot plug because he is required to keep it open.