Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/23/2009
05:57 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Green Dam Deadline Remains Unchanged Despite U.S. Objections

Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."

The Green Dam mandate has drawn broad criticism both inside and outside of China since it was first made public earlier this month. Chinese authorities claim that Green Dam is necessary to limit young people's exposure to "harmful information," but University of Michigan computer scientists have identified significant vulnerabilities in the software that could lead to the installation of harmful information in the form of malware.

Although the makers of Green Dam, Jinhui Computer System Engineering and Dazheng Human Language Technology, updated the software in response to these findings, the three computer scientists who analyzed the software, Scott Wolchok, Randy Yao, and J. Alex Halderman, maintain that vulnerabilities remain. "[E]ven after the recent fix, it is still possible for any Web site a Green Dam user visits to exploit other security problems to take control of the computer," they state in their analysis.

And such concern isn't merely academic: Proof-of-concept exploit code for hacking computers that run Green Dam has been available online for more than a week on Milw0rm.com and, as of Monday, on Wikileaks.

Further fueling the controversy, Solid Oak Software in the United States has said that Green Dam includes copyrighted code from its Web-filtering program, CyberSitter, and has warned computer makers of potential legal liability if they ship computers with the allegedly infringing software. The Green Dam update appears to have removed some, if not all, of the disputed files.

Chinese Internet users, led by noted artist Ai Weiwei, are planning an Internet boycott on July 1 to protest the government's plan.


InformationWeek Analytics has published an analysis of the current state of identity management. Download the report here (registration required).

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25694
PUBLISHED: 2021-05-13
Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere.
CVE-2020-12967
PUBLISHED: 2021-05-13
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
CVE-2021-26311
PUBLISHED: 2021-05-13
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise...
CVE-2021-22152
PUBLISHED: 2021-05-13
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
CVE-2021-22153
PUBLISHED: 2021-05-13
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with t...