The mainland government is soon to introduce a new local censorship software, called Green Dam, which is going to be required on all PCs sold in the country. The even lesser funny news here: Green Dam contains a serious security loophole, which can be exploited by any website the user visits -- issues that were discovered at the University of Michigan in less of 12 hours of examining Green Dam. As their report has it:
"Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities."
That reminds me a bit of the German online tax-declaration system Elster... ;)
Von oben verordnete Sicherheitslücke
Demnächst wird die Regierung der Volksrepublik eine neue Zensursoftware namens Green Dam einführen, die dann zwangsweise auf neu-verkauften PCs installiert sein muß. Das pikante Detail: Green Dam enthält diverse schwere Sicherheitsmängel, die praktisch von jeder Website ausgenutzt werden können, die ein User besucht. Die Lücken wurden von der University of Michigan nach weniger als 12 Stunden Analys entdeckt. Die entsprechende Studie beschreibt die Situation wie folgt:
"Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities."
Hm, das erinnert mich ein wenig an die Steuersoftware Elster... :)
:) <- Lutz
No comments:
Post a Comment