Chinese Govt Spyware Puts Computers At Risk 110
Ihmhi writes "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted."
I'm sure it only gets better after that.
Linux people always complaining (Score:5, Funny)
FFS, just run it in Wine!
Re:Linux people always complaining (Score:5, Funny)
In this case, not running in Linux or Mac is a feature, not a bug!
Linux is not ready for the desktop (Score:5, Funny)
Re: (Score:1, Offtopic)
Someone mod parent Funny. Insightful - maybe it is that too.
We are all waiting for the major disaster of Windows that makes everyone abolish it. One cause may be that Mount St. Helens [google.com] is one vent of a Supervolcano [newscientist.com].
Mount St. Helens seems to be sharing the magma pocket with Mount Rainier [google.com].
It don't have to come down to a volcano erupting to take out Redmond, it's enough with a considerable quake.
But on the other hand - it's more likely that Microsoft does something utterly stupid which makes them drop dead. Jus
Looks like the Dam's cracked (Score:1)
Security 101 (Score:5, Insightful)
Do not write any code that could intentionally be used to DDOS your ass.
But seriously, this is great. It's going to be one hell of a show when it gets cracked.
Re: (Score:2)
When? As soon as, please.
Besides, this doesn't look like you could only intentionally DDoS them, it can even happen that you may unintentionally do it. Maybe with the "help" of a trojan that just happens to infect your computer... you know those sneaky malware writers and their schemes, and sorry that I got infected, it must've been that I went to the wrong sites, but good comrades, you know where I've been and thus you know where I got it from. Strangely, I only visited good Chinese sites...
This software is legally mandated. (Score:5, Interesting)
So does that mean that selling computers with Linux or OSX installed is illegal? Or will they get away with "installing" the software on those computers even though it can not function?
Re: (Score:3, Interesting)
Re: (Score:2)
Re:This software is legally mandated. (Score:5, Informative)
Think of it as an AOL Free Trial CD. You remember, the free coaster they shipped.
Re: (Score:2)
I miss the days of the AOL floppy. Those were at least useful as more than coasters.
Re: (Score:2)
Then, Chinese could buy a compliant windows machine, hack it to MacOS, and the DamWare wouldn't know. Or will they require that all machines stay on all the time, such that silence is a violation?
Re: (Score:2, Interesting)
They want the tool to be available for people that want to use it. Before everyone says OMG the Chinese are at it again, remember that the US Government (via the Childrens Internet Protection Act) mandates schools and libraries in the public K12 system install filters, and it will be really interesting how that applies to school-furnished laptops. It is the exact same lame
Re: (Score:1)
Is the software available to download anywhere? (Score:4, Interesting)
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Epic lulz would have to be redefined from then on.
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Wouldn't it be more fun to use the gaping flaws to build a botnet, DDoS various targets and blame it on China?
Re: (Score:1)
No, as that would make you no better than the hackers over there who do that same sort of thing to American software which is "merely" forced on us by the vagaries of market and culture.
Also, which targets would you knock down? If you attack their commercial or financial infrastructure, you're hurting American companies and citizens as nearly all our electronics and value (aka cheap) goods are made over there. The only useful target would be to attack government sites and somehow blame it on their native h
Re: (Score:1)
Re: (Score:2)
You don't need that software. You already got Windows.
Re: (Score:3, Informative)
Re: (Score:2)
That's true, but, it should give at least a taste of the experience a typical Chinese person encounters when he or she tries to browse the web. For that reason alone, it might be useful to try out (in a virtual machine, of course).
Re: (Score:1)
Re: (Score:1)
Maybe this plugin for Firefox is what you want ? I didn't try it though ...
http://chinachannel.hk/ [chinachannel.hk]
Re: (Score:1)
...see how much it would affect the surfing of a typical westoner
Really?! Is that all we're known for?!
So this is a good thing (Score:2)
Re:So this is a good thing (Score:4, Interesting)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in
Well, not Red Hat but what about Red Flag which is widely used in China and is mandated in some places for internet cafes. If they can convince the OEMs, convincing Chinese OS makers would be the next logical step, Linux is open and Red Flag already has a large userbase in China.
Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of ways that Chinese people can get a hold of "un-tainted" Linux distributions.
Censorship can never convince 100% of the population, but if you can get 95% and the 5% either are ordinary people who are scared to protest, high-ranking people who if they tell they loose their money, or unaccepted "radicals"
Re: (Score:2)
Use a source based distro (Gentoo, e.g.), keep up to date with reports of tampering and un-tamper your version.
When you have the source, you are in control of your software. Whether you execute that control is up to you, though.
Re: (Score:2)
The first result will be that more people will use Linux.
Does the Chinese parent [who can turn the filter off] object to limiting his kid's access to porn?
If the answer is "No," then the take-up of Linux is likely to be less, not more.
The geek has a remarkably parochial mind.
Nothing outside the values of his own culture ever seems quite real.
It's chinese stuff (Score:5, Funny)
Re: (Score:2)
If everything fails, just add some MSG and it'll at least seem great.
Of course (Score:1)
Perhaps I am cynical, but do you think the Chinese government would require this software to be distributed with every new computer if there wasn't a backdoor to monitor citizens?
Re: (Score:2)
Do you think any government would require some kind of software to be distributed with every new computer if there wasn't a backdoor to monitor citizens?
Ya know, snooping on your citizens ain't just for Commies anymore.
What are you calling a "flaw"? (Score:4, Insightful)
I hardly consider the lack of Mac or Linux versions a "flaw". In fact, I consider that one of the few positive aspects of the software.
Your friendly Chinese government official here. (Score:5, Informative)
Re: (Score:2)
Re: (Score:2, Informative)
Re:Your friendly Chinese government official here. (Score:5, Interesting)
not as an excuse to defame a government for trying to give parents more tools to protect their children.
"protect" them from what? From the evils of porn? This isn't 1995 here people, and its pretty hard to not know your going to a porn site today especially if you use a search engine to find sites. If your kid is searching for porn then obviously they aren't as "innocent" as you think they are. And whenever their censorship is under the guise of "protecting" the people from such evil ideas as human rights and alternate ideologies, it gets quite suspicious whenever they try to mandate more controls.
Again, if you do not wish to use this software, please feel free to uninstall it -- it's only there for those who want to use it.
Thats nice, but why install it in the first place? There are loads of internet "protection" filters out there, mandating the installation of one, especially from a government that constantly abuses its citizens should be cause of concern or alarm. Don't you think?
Re: (Score:1)
"protect" them from what? From the evils of porn? This isn't 1995 here people, and its pretty hard to not know your going to a porn site today especially if you use a search engine to find sites. If your kid is searching for porn then obviously they aren't as "innocent" as you think they are. And whenever their censorship is under the guise of "protecting" the people from such evil ideas as human rights and alternate ideologies, it gets quite suspicious whenever they try to mandate more controls.
If you do not mind your children looking at pornographic material, then feel free to uninstall the software; you, however, are not the sole arbitor of parental guidance; different people and different cultures have their own views and ideologies on what children should and should not view. They are not telling you how to raise your children, they are helping others raise their children as they see fit. Again, this is not mandated for the parents, it is madated for the computer manufacturer.
Thats nice, but why install it in the first place? There are loads of internet "protection" filters out there, mandating the installation of one, especially from a government that constantly abuses its citizens should be cause of concern or alarm. Don't you think?
It's not cause fo
Re: (Score:3, Insightful)
it's only there for those who want to use it.
for now.
Salami technique and boiling the frog ain't new for governments. For now it's "only humanitary" or "only to catch terrorists/pedophiles/boogieman_of_the_month", but when it's in place and we have "wide acceptance for it", why not use it for more? Or, in this case, make it mandatory since "so many thought it's a great thing" (read: didn't know about it and/or don't care enough to stink up a storm).
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Bad move ... (Score:5, Funny)
"We found a series of software flaws," explained Isaac Mao, a blogger and social entrepreneur in China
... when contacted later for further comment, it was discovered that Mao had been assigned to 18 years of reeducation through labour in the coal-mining provinces.
Re:Bad move ... (Score:5, Funny)
Re: (Score:2)
i first read that as "Green Day Youth Escort" (Score:2)
and i thought yeah i know they have a new album but this is ridiculous
International competition for stupidest government (Score:2)
Lately it's like all the countries of the world are engaged in an Olympic competition to see who can screw themselves up the most through acts of extreme stupidity and greed. What the fuck is wrong with people?
Re:International competition for stupidest governm (Score:5, Funny)
I don't know what you just said except "Olympics", and we all know what we do at the Olympics, right? Support your country to be number one, no matter WHAT the event!
U-S-A! U-S-A!~
When you buttume ... (Score:5, Funny)
Re: (Score:2)
Well played, but I think you may have swiped the idea from here [thedailywtf.com].
Re: (Score:2)
Yes, acknowledged at the link in my comment :-)
("The Clbuttic Mistake [thedailywtf.com]" on thedailywtf.com.)
Only Windows, only IE (Score:5, Interesting)
Latest news: Firefox to be renamed in China (Score:1, Funny)
FireFucks.
Re: (Score:2)
That could essentially be a good thing. If you're using IE on Windows to browse the web, you need all the protection you could possibly get. After all, you explicitly showed that you have no idea about security or any concern about it...
Re: (Score:1)
Re: (Score:2)
It's a big country (Score:1)
Re: (Score:1)
China: home to the largest population and now also the largest botnet.
The Chinese concentrate activity by areas. Geographically speaking then, where is the Village of the Spammed?
Re: (Score:1)
That assumes they weren't the largest botnet before now.
Re: (Score:2)
A huge step forwards. So far, they only controlled the largest botnets.
Elephant (Score:1, Informative)
Excuse me, and no offense to the submitter of this story; But since when did the question begin to revolve around the security issues with the actual program the government uses to control your webhabits and not the actual attempt to control free speech?
I know, we are geeks and we like to talk about this stuff, but let's not forget the elephant in the room here.
Re: (Score:3, Insightful)
Being "secure" would not make the whole thing any better, it would still be a huge blow against freedom of speech (despite the lack thereof in China anyway) and the freedom of the net. But it raises another concern that our govermnemts might take into account before pulling a similar crapstunt (I'm fairly sure they have something like this planned already. Freedom of speech ain't just a threat to governments in China...).
Whenever you mandate some software to be installed, especially if this software is to o
are US computers built in China safe? (Score:2, Interesting)
U.N. Declaration of Rights (Score:3, Interesting)
"As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
Pravin Lal, Alpha Centauri
It's not supposed to work (Score:5, Informative)
After spending a number of years living/working in China, I've come to the conclusion that the government just doesn't care if this new "feature" works or not. The goal isn't to really censor here, but to let people know that "the man" is watching. In China, that is enough to keep the vast majority of people in line. There are still tens (perhaps hundreds) of millions of people that have vivid memories of the Cultural Revolution. They know all too well what happens to the squeaky wheel and tailor their activities accordingly. Sad, but that's the way it is.
Re: (Score:2)
And going by all the hagiographies of Reagan floating around, the events of 20 years ago are unknown by most Americans.
Re: (Score:2)
Is it much different in the so called 'free world'?
How many people remember the Commie craze in the 50s (and the years after, to a lesser degree)? How many dare to speak their mind on "touchy" subjects when they know that mob justice isn't as much a thing of the past as we wish it to be? That's not the government? Well, technically right, but how often do you see religious fanatics (I'm not talking about the Muslim kind here, ok?) being charged for the damage they do to various places and people that they d
Green Dam lays ground for the worlds biggest (Score:1)
Spyware Puts Computers At Risk (Score:3, Funny)
Spyware Puts Computers At Risk
I nominate this for the most awesome headline ever.
Probably easier ways to do it... (Score:2)
...but is the Chinese government just creating their own personal, huge botnet to use in DDOS attacks in the CYBERWARS OF THE FUTURE?
Re: (Score:1)
I have no problem with Big Brother... (Score:3, Funny)
...it's the lack of encryption that really bothers me. After all, that could let some unknown party watch what I'm doing online!
Calling Super China Coders (Score:2)
No Linux? (Score:2)
Great moments in brand equity (Score:2)
Easy to Beat (Score:3, Informative)
Step 1: Install Virtual PC, or other VM Software
Step 2: Install the Mandatory Software INSIDE the VM
Step 3: Leave the VM running in the background and never touch it