Charges of political censorship appear to have undermined the plan of Chinese authorities to require packaging of web filtering software called Green Dam Youth Escort on all PCs sold in the country.
Meanwhile, in the U.S., a lawsuit forced Tennessee school districts to stop filtering educational sites about gays.
Last week, China's minister of industry and technology, Li Yizhong, announced that use of the software would "depend on consumers," the Wall Street Journal reported.
China had earlier postponed its requirement that all PCs would be required to come with the web filtering software by July 1, after American security researchers at the University of Michigan discovered flaws in Green Dam that made it vulnerable to exploits by hackers.
In the U.S., the American Civil Liberties Union won a settlement from two school districts in Tennessee that had set web filters to block access to websites that "presented positive information about lesbian, gay, bisexual and transgender people," although students could access sites urging individuals to attempt to change their sexual orientation from gay to straight.
ACLU said about 80 percent of school districts in Tennessee were using the same filtering software, but agreed to change the filter settings so as not to exclude the LGBT-supportive websites.
Tag Archives: China
Web filtering censorware takes a hit in China, Tennessee
Filed under Security News
Tagged as censorship, censorware, China, filtering, Green Dam, Tennessee, web
Tagged as censorship, censorware, China, filtering, Green Dam, Tennessee, web
Spam researcher shows China not as ’spammy’ as you think
China gets a bad rap as the major source of source of spam, according to statistics analyzed by Microsoft email security researcher Terry Zink, who points out on his anti-spam blog that the U.S. is the "spammiest" country, pushing out nearly one-third of all junk emails.
But measuring the total amount of spam coming from different countries may not be the best way to determine how "spammy" a country is, Zink observed. So Zink ranked countries instead by spam per internet user.
"This normalizes the data," Zink explained. "Now a country with a very large population does not necessarily outrank one with a smaller population."
By this ranking, China does not even make the top 20 spammiest countries, while the Czech Republic ranks number one, with a spam per user rate of 4.38, followed by South Korea, Romania and the Netherlands, while the U.S. ranks fifth, with a spam rate of 2.01.
"China may send a lot of spam but Eastern Europe sure seems a lot more spammy than the Chinese," Zink wrote.
However, another way of looking at it suggests China is till the worst of the spammers. According to Project Honey Pot, China is the largest host of spam servers.
But measuring the total amount of spam coming from different countries may not be the best way to determine how "spammy" a country is, Zink observed. So Zink ranked countries instead by spam per internet user.
"This normalizes the data," Zink explained. "Now a country with a very large population does not necessarily outrank one with a smaller population."
By this ranking, China does not even make the top 20 spammiest countries, while the Czech Republic ranks number one, with a spam per user rate of 4.38, followed by South Korea, Romania and the Netherlands, while the U.S. ranks fifth, with a spam rate of 2.01.
"China may send a lot of spam but Eastern Europe sure seems a lot more spammy than the Chinese," Zink wrote.
However, another way of looking at it suggests China is till the worst of the spammers. According to Project Honey Pot, China is the largest host of spam servers.
Green Dam web filter still vulnerable to exploits
Filed under Security News
Tagged as botnet, China, exploits, Green Dam, malware, security flaws, vulnerable, web filter
Tagged as botnet, China, exploits, Green Dam, malware, security flaws, vulnerable, web filter
Green Dam Youth Escort, the web filtering software China is requiring PC-makers to preinstall on all new machines sold in the country starting July 1, is still vulnerable to exploits that web security experts warn could lead to the creation of a botnet for spreading malware.
China's government insists that the software is necessary for blocking access to pornographic content, but researchers using the software said it also blocks political content and tracks online activity.
Earlier this month, security researchers from the University of Michigan identified two security flaws that could have allowed remote parties to execute arbitrary code and take control of the computer, which the software maker has since patched.
But the researchers said last week they had discovered another security hole on the latest version which a maliciously-crafted website could exploit to take control of the computer. It took them only an hour to find the bug, they said.
The researchers wrote that making Green Dam safe from exploits will require substantial changes and careful retesting.
"It is unlikely that the required changes can be completed … before China's July 1 deadline for mandatory distribution of Green Dam with new PCs," they wrote.
Another security researcher has posted attack code to the Milw0rm website, which has been circulating in the wild for a week, according to CNET News.
China's government insists that the software is necessary for blocking access to pornographic content, but researchers using the software said it also blocks political content and tracks online activity.
Earlier this month, security researchers from the University of Michigan identified two security flaws that could have allowed remote parties to execute arbitrary code and take control of the computer, which the software maker has since patched.
But the researchers said last week they had discovered another security hole on the latest version which a maliciously-crafted website could exploit to take control of the computer. It took them only an hour to find the bug, they said.
The researchers wrote that making Green Dam safe from exploits will require substantial changes and careful retesting.
"It is unlikely that the required changes can be completed … before China's July 1 deadline for mandatory distribution of Green Dam with new PCs," they wrote.
Another security researcher has posted attack code to the Milw0rm website, which has been circulating in the wild for a week, according to CNET News.
Skype Scrambles After Breach And Censorship Revelations
Filed under Security News
Tagged as Censorship Revelations American, China, eBay, Internet communications, President, Skype Scrambles After Breach
Tagged as Censorship Revelations American, China, eBay, Internet communications, President, Skype Scrambles After Breach
American companies operating in China have what might be considered a tradition of getting in trouble over privacy and censorship, and Skype, the Internet communications company, is the latest to encounter hot water. Its president has done his best to explain the situation.
As Josh Silverman wrote, “In China, TOM is the majority local partner in our joint venture that brings Skype functionality to Chinese citizens.” Skype – and anyone who bothered to listen to an old announcement – has known for some time that TOM obeyed Chinese laws requiring them to block messages containing certain terms.
The problems began when it turned out that TOM stored the messages; there’s a real concern about what government authorities might have seen them. And what’s more, a security breach may have exposed the messages to all other sorts of people.
Silverman wrote, “We were very concerned to learn about both issues and after we urgently addressed this situation with TOM, they fixed the security breach. In addition, we are currently addressing the wider issue of the uploading and storage of certain messages with TOM.”
Still, Skype’s reputation has taken a big hit due to these developments, and we may see the security and censorship issues have a similar effect on the eBay property’s growth.
China appears to pull back on Green Dam web filter
Filed under Security News
Tagged as anonymous official, China, China Daily, filtering, Green Dam, Information Technology, web filter, web filtering software
Tagged as anonymous official, China, China Daily, filtering, Green Dam, Information Technology, web filter, web filtering software
Chinese authorities may be pulling back on compulsory use of a web filtering software, called Green Dam Youth Escort in English, that web security researchers say can be used to block access to not just pornographic but also political content.
The English-language China Daily reported Tuesday that an official with the Chinese Ministry of Industry and Information Technology (MIIT) said computer users in the country will not be required to use the filtering software, although all PCs sold in China must come pre-packaged with Green Dam beginning July 1st.
"PC makers are only required to save the setup files of the program in the hard drives of the computers, or provide CD-ROMs containing the program with their PC packages," the anonymous official from MIIT told China Daily. "The government's role is limited to having the software developed and providing it free."
Researchers at the University of Michigan reported last week that the software blocks access to websites featuring political content such as news about the dissident group Falun Gong.
The researchers also found security holes in the software that could allow remote attackers to hijack PCs; and evidence that the Chinese company that made Green Dam pilfered code from a U.S. software company.
Chinese officials said this week the software will be patched as soon as possible, while the Chinese company denied pirating code and threatened legal action against the U.S. security researchers.
The English-language China Daily reported Tuesday that an official with the Chinese Ministry of Industry and Information Technology (MIIT) said computer users in the country will not be required to use the filtering software, although all PCs sold in China must come pre-packaged with Green Dam beginning July 1st.
"PC makers are only required to save the setup files of the program in the hard drives of the computers, or provide CD-ROMs containing the program with their PC packages," the anonymous official from MIIT told China Daily. "The government's role is limited to having the software developed and providing it free."
Researchers at the University of Michigan reported last week that the software blocks access to websites featuring political content such as news about the dissident group Falun Gong.
The researchers also found security holes in the software that could allow remote attackers to hijack PCs; and evidence that the Chinese company that made Green Dam pilfered code from a U.S. software company.
Chinese officials said this week the software will be patched as soon as possible, while the Chinese company denied pirating code and threatened legal action against the U.S. security researchers.
China’s Green Dam web filter has security flaws
Filed under Security News
Tagged as China, China's Green Dam, Cybersitter, Cybersitter software, Information Technology, web filter, web filtering, web filtering software, Web security researchers
Tagged as China, China's Green Dam, Cybersitter, Cybersitter software, Information Technology, web filter, web filtering, web filtering software, Web security researchers
Green Dam, a Chinese web filtering software that can censor pornography and political content, has security holes that could be exploited by hackers to take control of PCs, a Chinese ministry has admitted.
Zhang Chenmin, general manager of the company that produced the software, told China Daily yesterday that the company was ordered by the Ministry of Industry and Information Technology to patch the security holes as soon as possible.
Web security researchers from the University of Michigan identified two security flaws last week - one in how the software processes websites it monitors; and a bug in the way the software installs updates of blacklisted sites.
"Both allow remote parties to execute arbitrary code and take control of the computer," the researchers said in a report published on the university's website.
One of the researchers, J. Alex Halderman, told China Daily - the country's largest English-language publication - that installing the filter in its current form "will be a disaster for computer security in China."
A U.S. web filtering company, Solid Oak Software, has accused the Chinese maker of Green Dam of stealing code form its Cybersitter software.
Zhang, the head of the Chinese company, said the code was not stolen and he would sue the U.S. researchers for publishing "negative comments and attacks," China Daily reported.
Zhang Chenmin, general manager of the company that produced the software, told China Daily yesterday that the company was ordered by the Ministry of Industry and Information Technology to patch the security holes as soon as possible.
Web security researchers from the University of Michigan identified two security flaws last week - one in how the software processes websites it monitors; and a bug in the way the software installs updates of blacklisted sites.
"Both allow remote parties to execute arbitrary code and take control of the computer," the researchers said in a report published on the university's website.
One of the researchers, J. Alex Halderman, told China Daily - the country's largest English-language publication - that installing the filter in its current form "will be a disaster for computer security in China."
A U.S. web filtering company, Solid Oak Software, has accused the Chinese maker of Green Dam of stealing code form its Cybersitter software.
Zhang, the head of the Chinese company, said the code was not stolen and he would sue the U.S. researchers for publishing "negative comments and attacks," China Daily reported.
Google identifies top 10 malware domains, Beladen ranked 124th
Filed under Security News
Tagged as attacker, Beladen.net, China, Google, United Kingdom, Web security researchers
Tagged as attacker, Beladen.net, China, Google, United Kingdom, Web security researchers
A recent report from web security researchers identifying the domain Beladen.net as having infected 40,000 websites appears to have been overblown. According to the Google security blog, Google has identified only 3,500 sites infected by Beladen.
Google said its scans of the web have uncovered more than 4,000 sites that appear to have been set up for distributing malware - 1,400 of which are located in China.
The top 10 domains included Gumblar.cn, which infected 60,000 websites before the domain was moved to a UK site called Martuz, which has infected another 35,000.
All of the domains on Google's top 10 list have compromised more than 10,000 websites. The domain googleanalytics.net, which like several other malware sites spoofs a legitimate Google site, had infected around 20,000 sites.
Researchers said Beladen also uses a domain name similar to the legitimate Google Analytics domain to record the users' browsing statistics for the attacker. Beladen's 3,500 infected sites ranked it only 124 on the list, Google said.
Security researchers last week likened these mass infection sites to botnets of infected websites.
Google said its scans of the web have uncovered more than 4,000 sites that appear to have been set up for distributing malware - 1,400 of which are located in China.
The top 10 domains included Gumblar.cn, which infected 60,000 websites before the domain was moved to a UK site called Martuz, which has infected another 35,000.
All of the domains on Google's top 10 list have compromised more than 10,000 websites. The domain googleanalytics.net, which like several other malware sites spoofs a legitimate Google site, had infected around 20,000 sites.
Researchers said Beladen also uses a domain name similar to the legitimate Google Analytics domain to record the users' browsing statistics for the attacker. Beladen's 3,500 infected sites ranked it only 124 on the list, Google said.
Security researchers last week likened these mass infection sites to botnets of infected websites.
Defense companies ramp up IT security recruiting
Filed under Security News
Tagged as China, cybersecurity coordinator, department manager, Falls Church, federal government, General Dynamics, Lockheed Martin, manager for the company, Northrop Grumman, Obama, Pentagon, President, Raytheon, recruitment site, Russia, The New York Times, the Times, Virginia, web-based attacks
Tagged as China, cybersecurity coordinator, department manager, Falls Church, federal government, General Dynamics, Lockheed Martin, manager for the company, Northrop Grumman, Obama, Pentagon, President, Raytheon, recruitment site, Russia, The New York Times, the Times, Virginia, web-based attacks
Defense companies have been accelerating recruitment of IT security experts in order to gain lucrative Pentagon contracts as the federal government attempts to tighten the security of strategic networks.
The New York Times, which has previously reported that the Pentagon is considering implementing a cybercommand to coordinate cyberwarfare and network defense, reported Sunday that the Pentagon now employs thousands of "hacker soliders."
Large military contractors including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon have major contracts with the military and intelligence agencies, the Times reported.
In light of President Obama's announced plans to name a cybersecurity coordinator to oversee the nation's defense against web-based attacks and new efforts to combat hackers from foreign powers including Russia and China, defense companies are vying for top talent in the field.
"[The companies] have been buying smaller firms, financing academic research and running advertisements for 'cyberninjas' at a time when other industries are shedding workers," the Times reported.
Raytheon, for example, has posted an ad at the IT recruitment site Dice.com seeking a department manager for the company's Falls Church, Virginia-based Cyber Security Engineering organization.
The New York Times, which has previously reported that the Pentagon is considering implementing a cybercommand to coordinate cyberwarfare and network defense, reported Sunday that the Pentagon now employs thousands of "hacker soliders."
Large military contractors including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon have major contracts with the military and intelligence agencies, the Times reported.
In light of President Obama's announced plans to name a cybersecurity coordinator to oversee the nation's defense against web-based attacks and new efforts to combat hackers from foreign powers including Russia and China, defense companies are vying for top talent in the field.
"[The companies] have been buying smaller firms, financing academic research and running advertisements for 'cyberninjas' at a time when other industries are shedding workers," the Times reported.
Raytheon, for example, has posted an ad at the IT recruitment site Dice.com seeking a department manager for the company's Falls Church, Virginia-based Cyber Security Engineering organization.