Chinese Govt Spyware Puts Computers At Risk 110
Ihmhi writes "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted."
I'm sure it only gets better after that.
This software is legally mandated. (Score:5, Interesting)
So does that mean that selling computers with Linux or OSX installed is illegal? Or will they get away with "installing" the software on those computers even though it can not function?
Is the software available to download anywhere? (Score:4, Interesting)
Re:This software is legally mandated. (Score:3, Interesting)
Re:So this is a good thing (Score:4, Interesting)
Only Windows, only IE (Score:5, Interesting)
are US computers built in China safe? (Score:2, Interesting)
U.N. Declaration of Rights (Score:3, Interesting)
"As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
Pravin Lal, Alpha Centauri
Re:So this is a good thing (Score:3, Interesting)
First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in
Well, not Red Hat but what about Red Flag which is widely used in China and is mandated in some places for internet cafes. If they can convince the OEMs, convincing Chinese OS makers would be the next logical step, Linux is open and Red Flag already has a large userbase in China.
Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of ways that Chinese people can get a hold of "un-tainted" Linux distributions.
Censorship can never convince 100% of the population, but if you can get 95% and the 5% either are ordinary people who are scared to protest, high-ranking people who if they tell they loose their money, or unaccepted "radicals" who even though they have no fear of the government, the government or media makes it seem like their ideas are unworkable or destructive.
Re:Your friendly Chinese government official here. (Score:5, Interesting)
not as an excuse to defame a government for trying to give parents more tools to protect their children.
"protect" them from what? From the evils of porn? This isn't 1995 here people, and its pretty hard to not know your going to a porn site today especially if you use a search engine to find sites. If your kid is searching for porn then obviously they aren't as "innocent" as you think they are. And whenever their censorship is under the guise of "protecting" the people from such evil ideas as human rights and alternate ideologies, it gets quite suspicious whenever they try to mandate more controls.
Again, if you do not wish to use this software, please feel free to uninstall it -- it's only there for those who want to use it.
Thats nice, but why install it in the first place? There are loads of internet "protection" filters out there, mandating the installation of one, especially from a government that constantly abuses its citizens should be cause of concern or alarm. Don't you think?
Re:This software is legally mandated. (Score:2, Interesting)
They want the tool to be available for people that want to use it. Before everyone says OMG the Chinese are at it again, remember that the US Government (via the Childrens Internet Protection Act) mandates schools and libraries in the public K12 system install filters, and it will be really interesting how that applies to school-furnished laptops. It is the exact same lame "protect the childrens!" mandate only the Chinese expand the scope but make it optional for the equipment owner to implement.
While I abhor censorship, from an implementation perspective it seems like an ISP as an opt-in/opt-out filter that is easy to immediately enable/disable would be far more effective, and easier to implement and has no additional vectors for attack/expoitation than normal HTTP traffic does.