China's New Censorware Software Has Serious Security Flaws

from the is-that-a-surprise? dept

This probably doesn't come as much of a surprise to anyone, but China's new mandated censorware that is required to be installed on all new PCs sold in the country has serious security flaws that put users' computers (and their data) at risk. Of course, censorware/spyware type software almost always does that -- and, it seems likely that the Chinese government isn't all that concerned about the privacy of citizens and their computer usage. Still, the bigger fear is that the security flaws can (and will) be used to basically hijack all those computers and turn them into a botnet. That should certainly be a bigger concern, especially given the Chinese governments' insistence that it wants to crackdown on the widespread use of Chinese servers for spamming operations anyway.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blocking, censorship, china, great firewall, security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    The Cenobyte, 12 Jun 2009 @ 6:28am

    Or they want to use them as a botnet

    I wouldn't be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country.

    link to this | view in chronology ]

  • icon
    Headbhang (profile), 12 Jun 2009 @ 6:50am

    People's "Liberation Army - Covert Cybernetic Division

    Tens of millions of computers at their disposal... plausible deniability... Mandatory spyware...

    Clever, very clever... Two birds from one shot... stifling freedom of speech/thought and getting a covert cyber-army.

    Then again, there is that Hanlon's razor which states that one should not ascribe to malice what can be adequately explained by incompetence...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2009 @ 7:01am

      Re: People's "Liberation Army - Covert Cybernetic Division

      You forgot the end of the American version:

      "...unless it's commies!"

      link to this | view in chronology ]

  • icon
    Headbhang (profile), 12 Jun 2009 @ 6:51am

    People's "Liberation Army - Covert Cybernetic Division

    Millions and millions of computers at their disposal... plausible deniability... Mandatory spyware...

    Clever, very clever. Two birds from one shot... stifling freedom of speech/thought and getting a covert cyber-army.

    Then again, there is that Hanlon's razor which states that one should not ascribe to malice what can be adequately explained by incompetence...

    link to this | view in chronology ]

  • icon
    Brian Weeden (profile), 12 Jun 2009 @ 7:15am

    This isn't news

    How is this any different than normal? Almost all DoD computers are mandated to have Windows installed, which has dozens of known vulnerabilities and untold more.

    Not to mention Adobe reader or flash player which again are almost mandated everywhere.

    link to this | view in chronology ]

  • icon
    Hephaestus (profile), 12 Jun 2009 @ 8:13am

    Double Edged Sword

    "I wouldn't be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country"

    Some Of The Problems I See....

    Some external agent takes over the system and points it at China or some other country. If the software has an auto update function thats easy enough to hack and p2p a mod across the entire country. Talk about holding the world record for botnet size .... they have ~300 million internet users and ~150 million computers.

    China using it to hack any country on the planet... There have been news reports of systems being hacked at power plants, US govt facilities, Air traffic, Telcom, etc, all coming from China. Now imagine that being done on an automated system using ~150 million PC's. Really scary thought.

    Wouldn't it be funny if someone hacked the system/software to allow only access to China's disallowed/banned sites..... and randomly sent the users to them... ... yeah I know that wont work because of the great fire wall being the backup but it would be funny none the less.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2009 @ 8:26am

    An all chinese botnet wouldn't be a real issue very easy to turn off (null route) the whole deal because China has very few access points into the country.

    Because of widespread piracy of windows in asian countries including china, the vast majority of users over there already have various botnets and back doors on their systems already. Conficker is almost exclusively found in countries with high rates of OS piracy (asia, africa, etc). I remember seeing infection rates of 4 - 5% in the US, and 80% in asia at one point.

    As for china itself, I think you guys need to stop trying to apply the US version of "freedom" to that country. It is arrogant as hell.

    link to this | view in chronology ]

  • identicon
    The Cenobyte, 12 Jun 2009 @ 10:23am

    "As for china itself, I think you guys need to stop trying to apply the US version of "freedom" to that country. It is arrogant as hell."

    Uhh what? I didn't know that the US had it's own version of Freedom. I know it's not as free as many people would like, but I didn't know there was a seperate version.

    As far as I know freedom is freedom, the US has a bunch and China has very little. I know most Chinese would like more, not sure how that makes me arrogant though.

    link to this | view in chronology ]

    • icon
      Dark Helmet (profile), 12 Jun 2009 @ 10:50am

      Re:

      "Uhh what? I didn't know that the US had it's own version of Freedom."

      I know what you mean, but I'd disagree. For instance, American freedom is generally freedom from government, but we get bombarded by corporate influences and messages, which we aren't free from. European freedom seems to be the opposite: freedom from malicious corporations (not saying all are, but Europe is more anti-business than us) while bombarded by government influences and messages. Arab freedom (what little non-dictatorial freedom there is in the Arab world) seems to be freedom from corporations AND government, except where government and religion cooincide (Sharia).

      "I know most Chinese would like more, not sure how that makes me arrogant though"

      You do? I'm not sure. I'm not saying you're wrong, I'm just not sure. I certainly am not going to take the word of my American government, influenced by corporate leaders the would absolutely LOVE to have mainland China opened up by "democracy", at face value. I don't know any people that lived on the mainland of China and then moved here. What I DO know is that there are an assload of Chinese people, and I have a very difficult time believing that if the majority of them wanted a different government, they wouldn't have.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Jun 2009 @ 5:48am

      Re:

      "I know most Chinese would like more, not sure how that makes me arrogant though."

      Actually, most Chinese have pretty much as much freedom as they want, they have very little to complain about in that way, especially in their day to day lives. I have spent a fair amount of time in China (and I will be back there again next month), and my experience with real people is that they lead pretty decent lives overall, and they have plenty of freedom.

      As I said, it is arrogant to assume that "american style" freedom is the right freedom for everyone. China's freedoms come with control and oversight, with both the occassional slap of the iron first as well as the helping hand of national socialistic ideals. For an American, some of it would be shocking, some of it would be amazing, and all of it would be different. But in the end, everyday chinese are hard working people who do the same as you, strive for a better life.

      Save your pennies, apply for your Visa, and go spend some time. Broadened your horizons.

      link to this | view in chronology ]

  • identicon
    Anonymous of Course, 14 Jun 2009 @ 8:30pm

    Didn't take long, did it?

    Posted to Packetstorm

    Green Dam version 3.17 remote buffer overflow exploit with shellcode for Microsoft Windows XP SP2.

    link to this | view in chronology ]

  • identicon
    Krill, 20 Jan 2010 @ 8:56am

    Why is it that the government always fudges it up when they try to work with security software? I have never seen a smoothly implemented government rollout of...well, of anything, but software related things specifically seem to really trip them up.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.