☆Obaby's H4cking W0rld☆

Hack-Crack==Backdoors - RATs - Trojans // Binders-Packers - Rootkits

破解-黑客-零日漏洞-灰鸽子/上兴/PCShare-木马免杀-网站入侵-信息安全

The "Green Dam" filtering software that the Chinese government is reportedly requiring for all PCs sold there contains pirated code, a U.S. software manufacturer claimed Friday.


Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.

Green Dam is a piece of filtering software that will reportedly be required for all PCs sold inside China. The software is already available in China, although the restrictions go into place on July 1, according to The New York Times.

According to a study by the University of Michigan, the Green Dam software works to identify images, text, and URLs and compares them to a filter, which blocks the offending work. The researchers took the publicly available software and reverse-engineered it, using standard methods. Inside, the study's author, assistant professor of electrical engineering J. Alex Halderman, found evidence that the software uses blacklists compiled by CyberSitter, dating back to 2006. An encrypted news bulletin, which dates back to 2004, was also accidentally included, Halderman wrote.

"We've been talking with them since the report came out yesterday," Halderman said in an interview.

To Halderman, the Green Dam software presents two fundamental problems: one, that the software contains vulnerabilities that would allow others to spy on the activities of those who use it; and second, that it might contain code stolen from another manufacturer. The Chinese developer of the Green Dam software appears to have accidentally created the vulnerabilities, Halderman said, rather than being a deliberate attempt to allow government agencies to monitor its citizens online.

"If we apply reasoning to this, we would conclude that the government wants a backdoor it could access, and others could not," Halderman said.

Version 3.17 of the Green Dam software appears to contain both the references to the blacklists as well as the allegedly stolen code. But the software is also being frequently updated, and the most recent patch, applied Thursday, appears to eliminate many of the blacklist references to Solid Oak, Halderman said.

"I think the bottom line is that the Chinese government is trying to roll out the software without doing their due diligence," Halderman said. "Clearly, there needs to be more time to evaluate the software both in terms of legality and in terms of security before it is rolled out on a widespread basis."

That was small consolation to Solid Oak's Milburn, who said that he had received an anonymous email sent to a broadcast address at the site Friday morning alerting the company that Green Dam was using Solid Oak code. He dismissed it, thinking it was a hoax. But another employee researched it and found that the allegation was indeed true, and that both URLs and other Solid Oak code, including DLL files, were part of Green Dam. After doing a bit of research he found the U. of Michigan paper and contacted Halderman.

"From the stuff they've posted, I'm 100 percent certain they're using our proprietary code," Milburn said, who said he wasn't certain how much of the code was reverse-engineered or simply stolen.

"We're still trying to do the detective work here," Milburn said.

At press time, Solid Oak had determined that the filtering engine or parts of it on lower level had been decompiled, using certain proprietary methods. Solid Oak doesn't ship a Chinese-language version of CyberSitter. But, Milburn said, "the words a user sees on the screen are almost identical to ours."

According to Milburn, the company spent Friday trying to determine what its options were, and what avenues it could pursue to try and prevent its code from being misused.

According to The New York Times, PC OEMs were blindsided by the Green Dam requirement, and have tried to figure out how they could add the software to their production lines just six weeks before the mandate was scheduled to take place. Dell, Hewlett-Packard, and other OEMs would be required to add the software to their PC distributions.

But would they if it contributed to software piracy? "To my mind, [shipping Green Dam] would make the PC manufacturers an accessory after the fact to software piracy," Milburn said. "I would think that the PC manufacturers wouldn't want to do that if I were in their position."

"We haven't had any opportunity to explore our options," Milburn said. "At the very minimum, I believe we would pursue some sort of injunction."

Theoretically, this could place PC OEMs wishing to do business in China with a nearly impossible choice: face the threat of an injunction or suits within the United States, risk angering the Chinese government by removing the Green Dam software, or halt PC sales into China altogether. Representatives at Hewlett-Packard and Dell were unable to be reached for comment by press time.

This isn't the first time Solid Oak's code has been stolen, Milburn said. In the late 1990s, hackers reverse-engineered CyberSitter, which prevents underage children from accessing pornography or other adult content, to allow users to access such content.

The hackers, as well as other detractors, have previously accused Solid Oak and CyberSitter of censoring the Internet. "That's why we don't want to be associated with it," Milburn said of Green Dam.

Moreover, potentially millions of Chinese PC users could hit Solid Oak's servers for updates, causing them huge fees for the additional bandwidth costs the company would be charged for.

One obvious solution to the problem would be to block access to China, a move that would also cut off a number of American schools in China, including missionary schools, that use the software as a legitimate means of preventing children from accessing the adult content. Some organizations with satellite offices in Singapore, Korea, or other South Asian countries might also be affected.

"They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.


http://www.pcmag.com/article2/0,2817,2348705,00.asp


版权声明:
转载请注明原作者:☆obaby☆
网站名称:☆Obaby's H4cking W0rld☆



1 评论:

蔡翠紫 说...

制服誘惑-天天色綜合網電影-熟女性愛自拍論壇
極品美腿-天天色影視綜合網-老徐娘社區
天天色綜合影院-性都花花世界健康網-色成人之美視頻
聊天交友-美腿頭像-色成人之美動漫-性生活健康網
玄幻小說視頻-做愛姿勢中國性健康網-有聲小說在線收聽網
全國最大成人色情圖片-1069久久另類交友網
sm聊天室-穿越火線美女美腿圖-人性本色玫瑰情人論壇
美腿美女-日本最大成人色情網站-色烏鴉社區
90後性感美腿美女圖片-全國最大成人色情網站
ut 網際空間聊天-性感美腿美女搔首弄姿
正在播放美腿美女-亞洲最大成人色情網站
美腿美女桌面壁紙大全-成人色系視頻-色系電影
交友聊天網-美腿美女電腦桌面壁紙-韓國輕色系電影
美國輕色系電影-成人玩具使用方法電影-美腿美女
ut聊天室-美腿美女換衣服過程圖-亞洲成人之美圖電影
大街上的美腿美女-成人玩具電影快播-免費視頻網站
同志聊天室-美腿美女幹b-免費視頻網站有哪些
視訊聊天交友-線上免費視頻網站-性感短裙美腿美女
18日本性感美女美足c-城市獵緣交友網-星空女性健康頻道
三寸金蓮美女美足圖片-動漫同人小說-派派小說論壇
ut聊天-俄羅斯美女美足小說-諸神動漫論壇
美女美足影視快播-SOSG動漫網-貓撲網-草裙社區主論壇小說
日本美女美足-非凡小說論壇-漫客網-天使輕小說論壇
美女美足責罰-漫漫看動漫論壇-日本情色小說漫畫
成人聊天室-美女美足精美圖片-樓蘭小說論壇
uthome視訊聊天-美女美足相冊-碧婷小說-星辰漫畫網
視訊聊天室-網易美女美足相冊-星辰漫畫網
聊天網-美女美足涼高視頻-第一動漫網-魔爪社區
超短裙美女鬼步舞-貓撲兩性健康網-穿職業裝的白領美女
超短裙美女電腦壁紙-職業裝美女白領-色酷情色
齊b超短裙美女圖-熟女人妻網-寂寞白領交友網
超短裙美女跳街舞-無錫富婆網找情人-上海春麗富婆網
超短裙美女快播-白領美女-女白領性愛故事
穿齊b超短裙美女圖片-白領美女的婚外情-男人天堂
ut聊天-公交車頂超短裙美女-新疆夫妻俱樂部
第一女人網-幼香幼色女孩-你色嗎成人網-短裙美女
超短裙美女網盤-美女淫圖網-成都白領人妻
超短裙美女熱舞慢搖-499影視-淫民網-美少婦電影網
性感長腿-2014成人電影-人妻亂倫小說-色人間-額去擼
性感長腿美女電腦桌面-好擼網-抱抱美女網-擼擼看影院
聊天交友網-弦子性感長腿圖片-七七色YY
七七色77sYY-偷吃禁果視頻-偷吃禁果圖片

发表评论