Yesterday, a CS professor at the University of Michigan published a report that details a lot of flaws with the software.
Our brief testing proves that Green Dam contains very serious security vulnerabilities. Unfortunately, these problems seem to reflect systemic flaws in the code. The software makes extensive use of programming techniques that are known to be unsafe, such as deprecated C string processing functions including sprintf and fscanf. These problems are compounded by the design of the program, which creates a large attack surface: since Green Dam filters and processes all Internet traffic, large parts of its code are exposed to attack.
If Green Dam is deployed in its current form, it will significantly weaken China's computer security. While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing. This will be difficult to achieve before China's July 1 deadline for deploying Green Dam nationwide.
In addition to being a piece-of-crap software, which the Chinese government is paying $millions (can you say guanxi), it appears that portions of the code is either open source or stolen from other commercial Internet blocking software. Epic fail.
Nobody is buying the lie that the goal of the program is to block pornography from children. Obviously it's another way to control information flow within China. In the version UM tested, there is already a complex filter to block all references to Falun Gong.
The new rules say all PCs sold in China after June 30 must include special software — designed by a company with links to China’s military and security agencies — to filter out pornography and other “vulgar” material. Beijing claims that it is trying to protect children. Don’t believe it.
In any country, such vague terms would be a frightening license for government intrusion. China’s government, which fears the free flow of ideas, already vigorously restricts Internet content, including blocking access to Web sites on Tibet, human rights and other politically sensitive subjects.
Chinese bloggers, dissidents and even some state news media outlets are right to worry that the new software could be used even more nefariously: to collect personal data and spy on consumer Web habits.
The contract for the software, meanwhile, was awarded without industry input. There are serious questions about whether the product will even work.
Sigh... you'd think they would be better liars with so much practice. Maybe this is satire?
What is controversial about the filter software controversy?
by Yan Bingguang / Xinhua
The Ministry of Industry and Information Technology's requirement that all computers come pre-loaded with the Green Dam-Youth Escort Internet filtering software has garnered quite a bit of attention of late, and one interesting thing about it is that while support largely stems from end users, opposing opinions primarily come from a minority of media outlets and businesses.
...
You may notice that the MIIT's measures are first met with skepticism, but after ministry spokespersons explain in detail, the skeptical voices gradually fade away. This says that public apprehension is largely due to a lack of understanding and trust. It reminds us that the when the government brings forth measures that concern the public interest, it must fully respect the public's democratic rights and act within the scope permitted by the law, while at the same time making a public explanation of the situation as soon as is possible, to answer any doubts the public may have. This is how to win the public's support.
Oops, he said "public's democratic rights"... maybe he needs some 劳动教养 (re-education through labor).
No comments:
Post a Comment