China's New Censorware Software Has Serious Security Flaws

from the is-that-a-surprise? dept

This probably doesn't come as much of a surprise to anyone, but China's new mandated censorware that is required to be installed on all new PCs sold in the country has serious security flaws that put users' computers (and their data) at risk. Of course, censorware/spyware type software almost always does that -- and, it seems likely that the Chinese government isn't all that concerned about the privacy of citizens and their computer usage. Still, the bigger fear is that the security flaws can (and will) be used to basically hijack all those computers and turn them into a botnet. That should certainly be a bigger concern, especially given the Chinese governments' insistence that it wants to crackdown on the widespread use of Chinese servers for spamming operations anyway.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    The Cenobyte, Jun 12th, 2009 @ 6:28am

    Or they want to use them as a botnet

    I wouldn't be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Headbhang (profile), Jun 12th, 2009 @ 6:50am

    People's "Liberation Army - Covert Cybernetic Division

    Tens of millions of computers at their disposal... plausible deniability... Mandatory spyware...

    Clever, very clever... Two birds from one shot... stifling freedom of speech/thought and getting a covert cyber-army.

    Then again, there is that Hanlon's razor which states that one should not ascribe to malice what can be adequately explained by incompetence...

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Headbhang (profile), Jun 12th, 2009 @ 6:51am

    People's "Liberation Army - Covert Cybernetic Division

    Millions and millions of computers at their disposal... plausible deniability... Mandatory spyware...

    Clever, very clever. Two birds from one shot... stifling freedom of speech/thought and getting a covert cyber-army.

    Then again, there is that Hanlon's razor which states that one should not ascribe to malice what can be adequately explained by incompetence...

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jun 12th, 2009 @ 7:01am

    Re: People's "Liberation Army - Covert Cybernetic Division

    You forgot the end of the American version:

    "...unless it's commies!"

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Brian Weeden (profile), Jun 12th, 2009 @ 7:15am

    This isn't news

    How is this any different than normal? Almost all DoD computers are mandated to have Windows installed, which has dozens of known vulnerabilities and untold more.

    Not to mention Adobe reader or flash player which again are almost mandated everywhere.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Hephaestus (profile), Jun 12th, 2009 @ 8:13am

    Double Edged Sword

    "I wouldn't be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country"

    Some Of The Problems I See....

    Some external agent takes over the system and points it at China or some other country. If the software has an auto update function thats easy enough to hack and p2p a mod across the entire country. Talk about holding the world record for botnet size .... they have ~300 million internet users and ~150 million computers.

    China using it to hack any country on the planet... There have been news reports of systems being hacked at power plants, US govt facilities, Air traffic, Telcom, etc, all coming from China. Now imagine that being done on an automated system using ~150 million PC's. Really scary thought.

    Wouldn't it be funny if someone hacked the system/software to allow only access to China's disallowed/banned sites..... and randomly sent the users to them... ... yeah I know that wont work because of the great fire wall being the backup but it would be funny none the less.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jun 12th, 2009 @ 8:26am

    An all chinese botnet wouldn't be a real issue very easy to turn off (null route) the whole deal because China has very few access points into the country.

    Because of widespread piracy of windows in asian countries including china, the vast majority of users over there already have various botnets and back doors on their systems already. Conficker is almost exclusively found in countries with high rates of OS piracy (asia, africa, etc). I remember seeing infection rates of 4 - 5% in the US, and 80% in asia at one point.

    As for china itself, I think you guys need to stop trying to apply the US version of "freedom" to that country. It is arrogant as hell.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    The Cenobyte, Jun 12th, 2009 @ 10:23am

    "As for china itself, I think you guys need to stop trying to apply the US version of "freedom" to that country. It is arrogant as hell."

    Uhh what? I didn't know that the US had it's own version of Freedom. I know it's not as free as many people would like, but I didn't know there was a seperate version.

    As far as I know freedom is freedom, the US has a bunch and China has very little. I know most Chinese would like more, not sure how that makes me arrogant though.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Dark Helmet (profile), Jun 12th, 2009 @ 10:50am

    Re:

    "Uhh what? I didn't know that the US had it's own version of Freedom."

    I know what you mean, but I'd disagree. For instance, American freedom is generally freedom from government, but we get bombarded by corporate influences and messages, which we aren't free from. European freedom seems to be the opposite: freedom from malicious corporations (not saying all are, but Europe is more anti-business than us) while bombarded by government influences and messages. Arab freedom (what little non-dictatorial freedom there is in the Arab world) seems to be freedom from corporations AND government, except where government and religion cooincide (Sharia).

    "I know most Chinese would like more, not sure how that makes me arrogant though"

    You do? I'm not sure. I'm not saying you're wrong, I'm just not sure. I certainly am not going to take the word of my American government, influenced by corporate leaders the would absolutely LOVE to have mainland China opened up by "democracy", at face value. I don't know any people that lived on the mainland of China and then moved here. What I DO know is that there are an assload of Chinese people, and I have a very difficult time believing that if the majority of them wanted a different government, they wouldn't have.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Jun 13th, 2009 @ 5:48am

    Re:

    "I know most Chinese would like more, not sure how that makes me arrogant though."

    Actually, most Chinese have pretty much as much freedom as they want, they have very little to complain about in that way, especially in their day to day lives. I have spent a fair amount of time in China (and I will be back there again next month), and my experience with real people is that they lead pretty decent lives overall, and they have plenty of freedom.

    As I said, it is arrogant to assume that "american style" freedom is the right freedom for everyone. China's freedoms come with control and oversight, with both the occassional slap of the iron first as well as the helping hand of national socialistic ideals. For an American, some of it would be shocking, some of it would be amazing, and all of it would be different. But in the end, everyday chinese are hard working people who do the same as you, strive for a better life.

    Save your pennies, apply for your Visa, and go spend some time. Broadened your horizons.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous of Course, Jun 14th, 2009 @ 8:30pm

    Didn't take long, did it?

    Posted to Packetstorm

    Green Dam version 3.17 remote buffer overflow exploit with shellcode for Microsoft Windows XP SP2.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Krill, Jan 20th, 2010 @ 8:56am

    Why is it that the government always fudges it up when they try to work with security software? I have never seen a smoothly implemented government rollout of...well, of anything, but software related things specifically seem to really trip them up.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This