San Francisco (CA) – Security researchers at the University of Michigan have identified a number of security vulnerabilities in the Chinese anti-porn filter known as Green Dam-Youth Escort. According to J. Alex Halderman, hackers could theoretically exploit the software to gain control of computers, websites and network infrastructure.
The professor also noted that Green Dam blocked access to pornography as well as politically sensitive phrases, a concern that was echoed by a recent OpenNet report.
“The filtering options include blocking of political and religious content normally associated with the Great Firewall of China, China’s sophisticated national-level filtering system. If implemented as proposed, the effect would be to increase the reach of Internet censorship to the edges of the network, adding a new and powerful control mechanism to the existing filtering system,” stated the report. “As a policy decision, mandating the installation of a specific software product is both unprecedented and poorly conceived. In this specific instance, the mistake is compounded by requiring the use of a substandard software product that interferes with the performance of personal computers in an unpredictable way, killing browsers and applications without warning while opening up users to numerous serious security vulnerabilities.”
Meanwhile, Jinhui Computer System – the company responsible for developing Green Dam – has been accused of inserting code “stolen” from Solid Oak Software into the filter.
“We stopped writing about this and updates to our software and other things in 2004 and their code was dated May 5, [2009],” Solid Oak President Brian Milburn told ChannelWeb. “It looks like they decrypted the code, then recrypted it using their own mechanism and changed the file extension.”
However, general manager Zhang Chenmin denied that Jinhui had stolen Green Dam’s code.
“I cannot deny that the two filters’ databases of blacklisted URL addresses might share similarities. After all, they are all well known international pornographic websites that all porn-filters are meant to block,” Zhang told the Associated Press. “But we didn’t steal their programming code.”
The controversial porn-filter is slated to be installed on all computers sold in China beginning on July 1. The Beijing-mandated software has already been downloaded 7.17 million times and loaded onto 2.62 million computers in schools across the country.