China's New Censorware Software Has Serious Security Flaws
from the is-that-a-surprise? dept
This probably doesn’t come as much of a surprise to anyone, but China’s new mandated censorware that is required to be installed on all new PCs sold in the country has serious security flaws that put users’ computers (and their data) at risk. Of course, censorware/spyware type software almost always does that — and, it seems likely that the Chinese government isn’t all that concerned about the privacy of citizens and their computer usage. Still, the bigger fear is that the security flaws can (and will) be used to basically hijack all those computers and turn them into a botnet. That should certainly be a bigger concern, especially given the Chinese governments’ insistence that it wants to crackdown on the widespread use of Chinese servers for spamming operations anyway.
Filed Under: blocking, censorship, china, great firewall, security
Comments on “China's New Censorware Software Has Serious Security Flaws”
Or they want to use them as a botnet
I wouldn’t be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country.
People's "Liberation Army - Covert Cybernetic Division
Tens of millions of computers at their disposal… plausible deniability… Mandatory spyware…
Clever, very clever… Two birds from one shot… stifling freedom of speech/thought and getting a covert cyber-army.
Then again, there is that Hanlon’s razor which states that one should not ascribe to malice what can be adequately explained by incompetence…
Re: People's "Liberation Army - Covert Cybernetic Division
You forgot the end of the American version:
“…unless it’s commies!”
People's "Liberation Army - Covert Cybernetic Division
Millions and millions of computers at their disposal… plausible deniability… Mandatory spyware…
Clever, very clever. Two birds from one shot… stifling freedom of speech/thought and getting a covert cyber-army.
Then again, there is that Hanlon’s razor which states that one should not ascribe to malice what can be adequately explained by incompetence…
This isn't news
How is this any different than normal? Almost all DoD computers are mandated to have Windows installed, which has dozens of known vulnerabilities and untold more.
Not to mention Adobe reader or flash player which again are almost mandated everywhere.
Double Edged Sword
“I wouldn’t be surprised if they where not hoping to use this as there own personal botnet. There is a lot of power in being able to control every machine in your country”
Some Of The Problems I See….
Some external agent takes over the system and points it at China or some other country. If the software has an auto update function thats easy enough to hack and p2p a mod across the entire country. Talk about holding the world record for botnet size …. they have ~300 million internet users and ~150 million computers.
China using it to hack any country on the planet… There have been news reports of systems being hacked at power plants, US govt facilities, Air traffic, Telcom, etc, all coming from China. Now imagine that being done on an automated system using ~150 million PC’s. Really scary thought.
Wouldn’t it be funny if someone hacked the system/software to allow only access to China’s disallowed/banned sites….. and randomly sent the users to them… … yeah I know that wont work because of the great fire wall being the backup but it would be funny none the less.
An all chinese botnet wouldn’t be a real issue very easy to turn off (null route) the whole deal because China has very few access points into the country.
Because of widespread piracy of windows in asian countries including china, the vast majority of users over there already have various botnets and back doors on their systems already. Conficker is almost exclusively found in countries with high rates of OS piracy (asia, africa, etc). I remember seeing infection rates of 4 – 5% in the US, and 80% in asia at one point.
As for china itself, I think you guys need to stop trying to apply the US version of “freedom” to that country. It is arrogant as hell.
“As for china itself, I think you guys need to stop trying to apply the US version of “freedom” to that country. It is arrogant as hell.”
Uhh what? I didn’t know that the US had it’s own version of Freedom. I know it’s not as free as many people would like, but I didn’t know there was a seperate version.
As far as I know freedom is freedom, the US has a bunch and China has very little. I know most Chinese would like more, not sure how that makes me arrogant though.
Re: Re:
“Uhh what? I didn’t know that the US had it’s own version of Freedom.”
I know what you mean, but I’d disagree. For instance, American freedom is generally freedom from government, but we get bombarded by corporate influences and messages, which we aren’t free from. European freedom seems to be the opposite: freedom from malicious corporations (not saying all are, but Europe is more anti-business than us) while bombarded by government influences and messages. Arab freedom (what little non-dictatorial freedom there is in the Arab world) seems to be freedom from corporations AND government, except where government and religion cooincide (Sharia).
“I know most Chinese would like more, not sure how that makes me arrogant though”
You do? I’m not sure. I’m not saying you’re wrong, I’m just not sure. I certainly am not going to take the word of my American government, influenced by corporate leaders the would absolutely LOVE to have mainland China opened up by “democracy”, at face value. I don’t know any people that lived on the mainland of China and then moved here. What I DO know is that there are an assload of Chinese people, and I have a very difficult time believing that if the majority of them wanted a different government, they wouldn’t have.
Re: Re:
“I know most Chinese would like more, not sure how that makes me arrogant though.”
Actually, most Chinese have pretty much as much freedom as they want, they have very little to complain about in that way, especially in their day to day lives. I have spent a fair amount of time in China (and I will be back there again next month), and my experience with real people is that they lead pretty decent lives overall, and they have plenty of freedom.
As I said, it is arrogant to assume that “american style” freedom is the right freedom for everyone. China’s freedoms come with control and oversight, with both the occassional slap of the iron first as well as the helping hand of national socialistic ideals. For an American, some of it would be shocking, some of it would be amazing, and all of it would be different. But in the end, everyday chinese are hard working people who do the same as you, strive for a better life.
Save your pennies, apply for your Visa, and go spend some time. Broadened your horizons.
Didn't take long, did it?
Posted to Packetstorm
Green Dam version 3.17 remote buffer overflow exploit with shellcode for Microsoft Windows XP SP2.
Why is it that the government always fudges it up when they try to work with security software? I have never seen a smoothly implemented government rollout of…well, of anything, but software related things specifically seem to really trip them up.