Green dam censoring software threatens Internet users
June 12, 2009 – 5:26 pmIn China’s never ending quest to control the Internet, they spend a whooping 40 million yuan on a software called Green dam: 绿坝-花季护航. to check the content of websites and block anything that might do harm to a user. Namely pornography and violence. The software seems to be a failure already. Within days of its release severe security problems have been detected in Green dam. Here is my summary of an paper of the University of Michigan called Analysis of the Green Dam Censorware System by Scott Wolchok, Randy Yao, and J. Alex Halderman.
First: The software checks the Internet traffic and compares it with a blacklist. If the internet address is crafted in a specific way, an buffer overflow can occur and the execution stack can be manipulated. Great!
Second: The Green Dam Internet filter software uses a blacklist file. If the file is replaced by a manipulated file the creator of the manipulated file can inject code into the program, which will then be executed.
Third: The masterpassword of Green Dam can easily replaced by anyone. The file C:\Windows\System32\kwpwf.dll contains the md5 of the password (it’s not a dll really). Simply think of a new password, put the corresponding md5 into this file and You are ready to log in as You please.
Using Green Dam Internet filter software severely threatens Your Computer. You should uninstall it immediately!
绿坝-花季护航 keeps Your computer safe… not. Ah, and a special filter for all those pesky homosexuals out there (I hope they won’t censor that juicy lesbian porn)
But the list still goes on. According to the wikipedia article of Green Dam it seems like they stole parts of the software from the popular Internet filter software CyberSitter, which is a product of an US company. What is left to say? BIG FAILURE! They should have given those 40 million yuan to me, I could have used them in a much better way, instead of spending it on the Chinese censorship.
Related Articles:
